EUVD-2021-9127

Malicious code in bioql PyPI...

CLSA-2025-1751552694 Update of shim

Use both AlmaLinux and CloudLinux certs for checking images - Debrand to TuxCare - No SB support for aarch64 on TuxCare yet...

CLSA-2025-1751551161 Update of grub2

Improve Xen detection so we don't set GRUBENABLEBLSCFG=false for HVM domU guests - Debrand for Cloudlinux...

CLSA-2025-1751285777 grub2: Fix of 5 CVEs

CVE-2024-45781: fs/ufs: OOB write in the heap - CVE-2024-45782: fs/hfs: strcpy using the volume name - CVE-2024-56737: fs/hfs: Fix stack OOB write with grubstrcpy - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-1125: fs/hfs:...

CLSA-2025-1742374400 grub2: Fix of 2 CVEs

Sign by Cloudlinux - CVE-2023-4692: ntfs: checks to ensure that NTFS drive's sector numbers are never written beyond the boundary - CVE-2023-4693: ntfs: fix an out-of-bounds read flaw on NTFS filesystem driver...

CLSA-2024-1724271309 shim: Fix of 4 CVEs

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

CLSA-2024-1724266264 grub2: Fix of 12 CVEs

Fix package version number - Use CloudLinux vendor cert - Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Add patches from centos-8.5 ELS: - CVE-2021-3695: out-of-bounds write in the heap area by a crafted 16-bit grayscale PNG image -...

CLSA-2024-1721204645 shim-signed: Fix of 4 CVEs

Make this package installable on a system having a either Centos or Cloudlinux signed kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves: CVE-2023-40551...

CLSA-2024-1711036571 Update of grub2

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel...

CLSA-2024-1711036383 shim: Fix of 4 CVEs

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

CLSA-2024-1711036211 Update of grub2

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel...

CLSA-2024-1711036007 shim: Fix of 4 CVEs

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command Vulnerability

CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. CloudLinux CageFS Insufficiently Restricted Proxy Command Link:...

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...

CloudLinux CageFS 7.1.1-1 Token Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

Command injection

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way...

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

Authentication flaw

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user...