Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2015 Update 3: September 10, 2019

Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2015 Update 3: September 10, 2019 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Notice In November 2020, the content of this article was updated to clarify the...

August 13, 2019—KB4512518 (Monthly Rollup)

August 13, 2019—KB4512518 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4507447 released July 16, 2019 and addresses the following issues: Security updates to Windows App Platform and Frameworks, Windows Wireless Networking...

Design/Logic Flaw

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing SEC-165...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

Cross site scripting

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

CVE-2017-18418

CVE-2017-18418 affects cPanel before 66.0.2, enabling stored XSS during WHM cPAddons file operations (SEC-265). The vulnerability is tied to versions prior to 66.0.2; remediation involves upgrading to 66.0.2 or later (per changelogs/references in the connected documents). Exploitation details are...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

CVE-2017-18388

cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask SEC-315...

Code injection

cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask SEC-315...

CVE-2017-18388

The CVE-2017-18388 entry concerns cPanel before 68.0.15 where unsafe file operations occur because Jailshell does not set the umask (SEC-315). Affected component: cPanel’s Jailshell. Root cause: missing umask handling in Jailshell leads to insecure file permissions during file operations. Impact ...

CVE-2017-18388

cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask SEC-315...

CVE-2018-20945

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations SEC-354...

CVE-2018-20945

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations SEC-354...

Design/Logic Flaw

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations SEC-354...

CVE-2016-10847

cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath SEC-80...

CVE-2018-20924

cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads SEC-378...

CVE-2018-20945

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations SEC-354...

CVE-2018-20945

The CVE-2018-20945 issue affects cPanel prior to 68.0.27 (bin/csvprocess) and enables insecure file operations due to SEC-354. Affected product: cPanel / web hosting control panel. Root cause details are consistently described across connected records as insecure file handling in bin/csvprocess b...

CVE-2016-10847

CVE-2016-10847 affects cPanel prior to 11.54.0.4. The vulnerability allows arbitrary file-read and file-write operations via the scripts/fixmailboxpath entry point (SEC-80). This could enable an attacker to read or write sensitive files on affected systems. Evidence from multiple sources confirms...