Ubuntu: 2096-1: Linux kernel vulnerability
Feb01
on February 1, 2014
at 3:46 pm
Posted In: Uncategorized
(Jan 31) The system could be made to crash or run programs as an administrator.
Comment
Posts Tagged vulnerability
163 results.
Ubuntu: 2084-1: devscripts vulnerability
Jan23
on January 23, 2014
at 2:34 pm
Posted In: Uncategorized
(Jan 21) devscripts could be made to run programs if it opened a specially craftedfile.
Debian: 2841-1: movabletype-opensource: cross-site scripting
Jan14
on January 14, 2014
at 1:53 pm
Posted In: Uncategorized
(Jan 11) A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. For the oldstable distribution (squeeze), this problem has been fixed in [More…]
Debian: 2831-1: puppet: insecure temporary files
Jan04
on January 4, 2014
at 12:41 pm
Posted In: Uncategorized
(Dec 31) An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. [More…]
Debian: 2830-1: ruby-i18n: cross-site scripting
Jan01
on January 1, 2014
at 12:43 pm
Posted In: Uncategorized
(Dec 30) Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by [More…]
(Dec 18) Fraudulent security certificates could allow sensitive information to beexposed when accessing the Internet.
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …
Debian: 2814-1: varnish: denial of service
Dec11
on December 11, 2013
at 9:56 am
Posted In: Uncategorized
(Dec 9) A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing [More…]
In order to show its appreciation for security researchers who follow responsible disclosure principles, cPanel, Inc. is offering a monetary reward program for researchers who provide assistance with identifying and correcting certain Qualifying Vulnerabilities within the scope of this program. Software Covered by this Program – ——————————– * The cPanel …
(Dec 5) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
(Dec 3) pixman could be made to crash if it opened a specially crafted file.
Debian: 2796-1: torque: arbitrary code execution
Nov15
on November 15, 2013
at 7:35 am
Posted In: Uncategorized
(Nov 13) Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is [More…]
Ubuntu: 2026-1: libvirt vulnerability
Nov13
on November 13, 2013
at 7:26 am
Posted In: Uncategorized
(Nov 11) libvirt would allow unintended access privileges.
Debian: 2787-1: roundcube: design error
Oct29
on October 29, 2013
at 5:20 am
Posted In: Uncategorized
(Oct 27) It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and [More…]
Case 69513 Summary World writable Logaholic directories allowed arbitrary code execution in varied contexts. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Multiple directories within /usr/local/cpanel/base/3rdparty/Logaholic were set world writable by default with permissions of 777. These directories contained, among other items, the global …
Debian: 2781-1: python-crypto: PRNG not correctly reseeded
Oct24
on October 24, 2013
at 5:26 am
Posted In: Uncategorized
(Oct 18) A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the [More…]
Ubuntu: 1992-1: Linux kernel vulnerability
Oct24
on October 24, 2013
at 5:25 am
Posted In: Uncategorized
(Oct 22) The system could be made to expose sensitive information to a local user.
Ubuntu: 1996-1: Linux kernel vulnerability
Oct24
on October 24, 2013
at 5:25 am
Posted In: Uncategorized
(Oct 22) The system could be made to expose sensitive information to a local user.
Debian: 2770-1: torque: authentication bypass
Oct13
on October 13, 2013
at 3:32 am
Posted In: Uncategorized
(Oct 9) John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged [More…]
Debian: 2768-1: icedtea-web: heap-based buffer overflow
Oct08
on October 8, 2013
at 3:36 am
Posted In: Uncategorized
(Oct 4) A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary [More…]
(Sep 30) txt2man could be made to overwrite files.
Ubuntu: 1953-1: polkit vulnerability
Sep23
on September 23, 2013
at 2:45 am
Posted In: Uncategorized
(Sep 18) polkit could be tricked into giving out improper authorization.
Debian: 2758-1: python-django: denial of service
Sep20
on September 20, 2013
at 1:50 am
Posted In: Uncategorized
(Sep 17) It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. [More…]
Ubuntu: 1961-1: systemd vulnerability
Sep19
on September 19, 2013
at 2:26 am
Posted In: Uncategorized
(Sep 18) systemd could be tricked into bypassing polkit authorizations.
Debian: 2755-1: python-django: directory traversal
Sep12
on September 12, 2013
at 2:16 am
Posted In: Uncategorized
(Sep 11) Rainer Koirikivi discovered a directory traversal vulnerability with ‘ssi’ template tags in python-django, a high-level Python web development framework. [More…]
Ubuntu: 1948-1: httplib2 vulnerability
Sep11
on September 11, 2013
at 1:55 am
Posted In: Uncategorized
(Sep 9) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
TSR-2013-0009 Detailed Disclosure The following disclosure covers Targeted Security Release TSR-2013-0009, that was published on August 27th, 2013. Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 73377 Summary An account’s cpmove archives were …
Debian: 2740-1: python-django: cross-site scripting vulner
Aug27
on August 27, 2013
at 12:44 am
Posted In: Uncategorized
(Aug 23) Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on [More…]
Ubuntu: 1929-1: Linux kernel vulnerability
Aug20
on August 20, 2013
at 11:58 pm
Posted In: Uncategorized
(Aug 20) The system could be made to expose sensitive information.
Ubuntu: 1927-1: libimobiledevice vulnerability
Aug15
on August 15, 2013
at 11:22 pm
Posted In: Uncategorized
(Aug 14) libimobiledevice could be made to overwrite files as the administrator, oraccess device keys.