cPanel TSR-2016-0005 Full Disclosure

cPanel TSR-2016-0005 Full Disclosure SEC-141 Summary Code execution as other accounts via mailman list archives. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Description The sticky-group bit applied to mailman’s list archive directories allowed list owners to modify the contents of these directories. This could […]

cPanel TSR-2016-0005 Announcement

cPanel TSR-2016-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0004 Full Disclosure

cPanel TSR-2016-0004 Full Disclosure SEC-130 Summary Apache logfiles start with loose permissions. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:L/AC:L/Au:S/C:P/I:N/A:N) Description The Apache domlogs were originally populated with loose permissions during creation. Credits This issue was discovered by the cPanel Security Team. Solution This issue […]

cPanel TSR-2016-0004 Announcement

cPanel TSR-2016-0004 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0003 Full Disclosure

cPanel TSR-2016-0003 Full Disclosure SEC-58 Summary SQLite journal allowed for arbitrary file overwrite during Horde Restore. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.6 (AV:N/AC:H/Au:S/C:C/I:C/A:N) Description During a Horde restore using the old-style CSV data files, the SQLite database is opened as the user. However, actual […]

cPanel TSR-2016-0003 Announcement

cPanel TSR-2016-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0002 Full Disclosure

cPanel TSR-2016-0002 Full Disclosure SEC-31 Summary Daemons can access their controlling TTY. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Description Daemonized code is not fully detached from from its parent process. This allows an attacker to control a TTY they do not own. Credits […]

cPanel TSR-2016-0002 Announcement

cPanel TSR-2016-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

CVE-2014-6184 (aix, hp-ux, linux_kernel, mac_os_x, solaris, tivoli_storage_manager)

National Cyber Awareness System Vulnerability Summary for CVE-2014-6184 Original release date: 02/21/2015 Last revised: 02/23/2015 Source: US-CERT/NIST Overview Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, […]

CVE-2015-1349 (bind)

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key […]