Ubuntu: 2096-1: Linux kernel vulnerability
(Jan 31) The system could be made to crash or run programs as an administrator.
(Jan 31) The system could be made to crash or run programs as an administrator.
(Jan 21) devscripts could be made to run programs if it opened a specially craftedfile.
(Jan 11) A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. For the oldstable distribution (squeeze), this problem has been fixed in [More…]
(Dec 31) An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. [More…]
(Dec 30) Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by [More…]
(Dec 18) Fraudulent security certificates could allow sensitive information to beexposed when accessing the Internet.
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …
(Dec 9) A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing [More…]
In order to show its appreciation for security researchers who follow responsible disclosure principles, cPanel, Inc. is offering a monetary reward program for researchers who provide assistance with identifying and correcting certain Qualifying Vulnerabilities within the scope of this program. Software Covered by this Program – ——————————– * The cPanel …
(Dec 5) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
(Dec 3) pixman could be made to crash if it opened a specially crafted file.
(Nov 13) Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is [More…]
(Nov 11) libvirt would allow unintended access privileges.
(Oct 27) It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and [More…]
Case 69513 Summary World writable Logaholic directories allowed arbitrary code execution in varied contexts. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Multiple directories within /usr/local/cpanel/base/3rdparty/Logaholic were set world writable by default with permissions of 777. These directories contained, among other items, the global …
(Oct 18) A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the [More…]
(Oct 22) The system could be made to expose sensitive information to a local user.
(Oct 22) The system could be made to expose sensitive information to a local user.
(Oct 9) John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged [More…]
(Oct 4) A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary [More…]
(Sep 30) txt2man could be made to overwrite files.
(Sep 18) polkit could be tricked into giving out improper authorization.
(Sep 17) It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. [More…]
(Sep 18) systemd could be tricked into bypassing polkit authorizations.
(Sep 11) Rainer Koirikivi discovered a directory traversal vulnerability with ‘ssi’ template tags in python-django, a high-level Python web development framework. [More…]
(Sep 9) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
TSR-2013-0009 Detailed Disclosure The following disclosure covers Targeted Security Release TSR-2013-0009, that was published on August 27th, 2013. Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 73377 Summary An account’s cpmove archives were …
(Aug 23) Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on [More…]
(Aug 20) The system could be made to expose sensitive information.
(Aug 14) libimobiledevice could be made to overwrite files as the administrator, oraccess device keys.
60 queries. 8.75 mb Memory usage. 0.871 seconds.