18th Nov 2020

URL parameter injection vulnerabilities in multiple interfaces.

cPanel TSR-2020-0007 Full Disclosure SEC-567 Summary URL parameter injection vulnerabilities in multiple interfaces. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N Description Many cPanel & WHM interfaces create URIs to other interfaces by incorporating ...

16th Nov 2020

PostgreSQL: CVE-2020-25695: Multiple features escape "security restricted operation" sandbox

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data ...

12th Nov 2020

Cpanel now supports Centos 8

Although in Beta mode, cPanel/Whm now supports Centos8  As part of the Version 92 release, cPanel is offering an open beta testing period for CentOS 8. While we do not anticipate any issues, we cannot make any guarantee of performance nor would we recommend utilizing CentOS 8 and cPanel in a production environment. How Does the Open ...

3rd Nov 2020

Google Discloses Windows Zero-Day Vulnerability Being Exploited in the Wild

Google Project Zero has disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that is being currently exploited in the wild. Earlier Google had released a patch addressing a zero-day vulnerability (CVE-2020-15999) found in Chrome web browsers. The vulnerability allowed a remote attacker to exploit ...