CloudLinux CageFS Security Vulnerability

CloudLinux CageFS is a virtualized file system and set of tools from CloudLinux. A security vulnerability exists in CloudLinux CageFS version 7.1.1-1 and prior versions. An attacker can exploit the vulnerability to view a list of processes and execute code as another user...

CLSA-2022-1655822366 Update of grub2

Use CloudLinux vendor cert...

CLSA-2022-1655821067 Update of grub2

Use CloudLinux vendor cert...

MAL-2022-1941 Malicious code in cloudlinux-ui-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 509013c1d0043e9aca6d292f48a3f9bd4626cfd18271235b6986289ef18f2285 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vuepress-theme-cloudlinux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a27d6dfe866884bf17b8085fcd03f0438e4c45bc7bfcde4eddf6ae5b6edf8b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cloudlinux-ui-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 509013c1d0043e9aca6d292f48a3f9bd4626cfd18271235b6986289ef18f2285 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cloudlinux-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c80202b60f4dbef749163e1064f0c141c9433f59a1b169f9d8c70987938bfb1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7001 Malicious code in vuepress-theme-cloudlinux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a27d6dfe866884bf17b8085fcd03f0438e4c45bc7bfcde4eddf6ae5b6edf8b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1940 Malicious code in cloudlinux-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c80202b60f4dbef749163e1064f0c141c9433f59a1b169f9d8c70987938bfb1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

Design/Logic Flaw

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21956

CVE-2021-21956 is a PHP deserialization vulnerability in CloudLinux Imunify360’s Ai-Bolit scanner (Imunify360 5.10.2). The issue arises in the Deobfuscator/decodedFileGetContentsWithFunc path where unsafely unserialized input can lead to arbitrary code execution. If Imunify360 is running with rea...

CloudLinux Imunify360 代码问题漏洞

CloudLinux Imunify360 is a comprehensive security platform for web hosting servers from CloudLinux USA. CloudLinux Imunify360 version 5.10.2 A security vulnerability exists in the Ai-Bolit feature that stems from a php deserialization vulnerability in the Ai-Bolit feature. A specially crafted fil...

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for...

Vulnerability Spotlight: PHP deserialize vulnerability in CloudLinux Imunity360 could lead to arbitrary code execution

Marcin “Icewall” Noga of Cisco Talos. Blog by Jon Munshaw. Cisco Talos recently discovered a vulnerability in the Ai-Bolit functionality of CloudLinux Inc Imunify360 that could lead to arbitrary code execution. Imunify360 is a security platform for web-hosting servers that allows users... This is...

CloudLinux Inc Imunify360 Ai-Bolit php unserialize vulnerability

Summary A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.8 and 5.9. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...