cPanel TSR-2018-0003 Full Disclosure

[ad_1] cPanel TSR-2018-0003 Full Disclosure SEC-393 Summary API tokens retain ACLs that are removed from accounts. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Description Starting with cPanel & WHM version 68, it became possible to limit the authorizations of a WHM API token to a subset of the ACLs[…]

cPanel TSR-2018-0003 Announcement

[ad_1] cPanel TSR-2018-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to[…]

cPanel TSR-2018-0002 Full Disclosure

[ad_1] cPanel TSR-2018-0002 Full Disclosure SEC-338 Summary Arbitrary file chmod during legacy incremental backups. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Description It was possible for a user to prepare their home directory in a way that after a series of incremental backups they could chmod arbitrary files on[…]

cPanel TSR-2018-0002 Announcement

[ad_1] cPanel TSR-2018-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.8 to[…]

cPanel TSR-2018-0001 Full Disclosure

[ad_1] cPanel TSR-2018-0001 Full Disclosure SEC-308 Summary SRS secret revealed in exim.conf. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Description When the experimental SRS option for Exim was enabled, the secret key used to sign SRS email was visible inside the exim.conf file. This setting is now stored in[…]

cPanel TSR-2018-0001 Announcement

[ad_1] cPanel TSR-2018-0001 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to[…]

cPanel TSR-2018-0001 Publication Delay

[ad_1] cPanel TSR-2018-0001, originally scheduled for Monday January 15 2018, has been delayed one week and is now scheduled for release on Monday January 22 2018. The full disclosure for this TSR is now scheduled for Tuesday January 23 2018. [ad_2] source_link news.cpanel.com

cPanel TSR-2017-0006 Announcement

[ad_1] cPanel TSR-2017-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.0 to[…]

cPanel TSR-2017-0005 Full Disclosure

[ad_1] cPanel TSR-2017-0005 Full Disclosure SEC-276 Summary SQL injection in eximstats processing. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Description When processing eximstats updates in buffered mode, errors in the SQL operations cause the updates to be reprocessed one statement at a time. The logic used to split multiple[…]

cPanel TSR-2017-0005 Announcement

[ad_1] cPanel TSR-2017-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to[…]