CLSA-2024-1711036383 shim: Fix of 4 CVEs

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

CLSA-2024-1711036211 Update of grub2

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel...

CLSA-2024-1711036007 shim: Fix of 4 CVEs

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command Vulnerability

CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. CloudLinux CageFS Insufficiently Restricted Proxy Command Link:...

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...

CloudLinux CageFS 7.1.1-1 Token Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

Command injection

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way...

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

Authentication flaw

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user...

CVE-2020-36772

CloudLinux CageFS CVE-2020-36772 affects CageFS 7.0.8-2 and earlier, where file paths given to the sendmail proxy command are not sufficiently restricted. This enables local users to read/write arbitrary files outside the CageFS environment. The vulnerability is triggered by insufficient path val...

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

CVE-2020-36771

CloudLinux CageFS vulnerability CVE-2020-36771 affects CageFS 7.1.1-1 and earlier: the authentication token is passed as a command line argument, which can allow a local user to view the token via the process list and gain code execution as another user. Affected versions: 7.1.1-1 and below. Root...

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

CloudLinux CageFS Security Vulnerability

CloudLinux CageFS is a virtualized file system and set of tools from CloudLinux. A security vulnerability exists in CloudLinux CageFS version 7.0.8-2 and prior versions. An attacker could exploit the vulnerability to read and write arbitrary files outside of the CageFS environment in a limited wa...

PT-2024-10823 · Cloudlinux · Cloudlinux Cagefs

Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.1.1-1 and below Description: The issue allows local users to view the authentication token via the process list and gain code execution as another user, because the authentication token is passed as a command line...

PT-2024-10824 · Cloudlinux · Cloudlinux Cagefs

Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.0.8-2 and below Description: The issue allows local users to read and write arbitrary files of certain file formats outside the CageFS environment due to insufficient restrictions on file paths supplied to the...