| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. |
| cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). |
| In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). |
| cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). |
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). |
| cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). |
| cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). |
| cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). |
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). |
| cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). |
| cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). |
| cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). |
| cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). |
| cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). |
| cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). |
| cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). |
| cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). |
| cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). |
