cPanel TSR-2019-0003 Full Disclosure

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update. Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels. If your deployed cPanel & WHM servers […]

cPanel TSR-2019-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 […]

cPanel TSR-2019-0003 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 […]

CVE-2014-6184 (aix, hp-ux, linux_kernel, mac_os_x, solaris, tivoli_storage_manager)

National Cyber Awareness System Vulnerability Summary for CVE-2014-6184 Original release date: 02/21/2015 Last revised: 02/23/2015 Source: US-CERT/NIST Overview Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, […]

CVE-2015-1349 (bind)

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key […]

CVE-2015-0268 (xen)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0268 Original release date: 02/16/2015 Last revised: 02/17/2015 Source: US-CERT/NIST Overview The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) […]

CVE-2015-1546 (openldap)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1546 Original release date: 02/12/2015 Last revised: 02/13/2015 Source: US-CERT/NIST Overview Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched […]

CVE-2015-1545 (openldap)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1545 Original release date: 02/12/2015 Last revised: 02/13/2015 Source: US-CERT/NIST Overview The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref […]

CVE-2015-1582 (spider_facebook)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1582 Original release date: 02/11/2015 Last revised: 02/12/2015 Source: US-CERT/NIST Overview Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration […]

CVE-2015-1581 (mobile_domain)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1581 Original release date: 02/11/2015 Last revised: 02/12/2015 Source: US-CERT/NIST Overview Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct […]