Xen security updates issued

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores ranging from…

An update for Xen was just released to address a vulnerability where a buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself. source:hostingseclist

This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of…

An update for LiteSpeed 4 & 5 was just released to address a security vulnerability within OpenSSL (CVE-2015-1793) and it is recommended that you update as soon as possible.

An update for Xen was just released to address two major security vulnerabilities and it is recommended that you update as soon as possible.

We have been made aware of a serious security vulnerability in Bash that affects multiple operating systems and applications.

Joomla! 3.7.1 is now available. This is a security release for the 3.x series of Joomla! which addresses one critical security vulnerability and several bug fixes. The security issue was found to be the result of inadequate filtering of requested data that lead to a SQL Injection vulnerability. We…

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.

A vulnerability in Intel’s Active Management Technology (AMT) feature of Intel processors appears relatively easy to abusive. A remote control authentication screen can be bypassed using a blank string through a proxy server. AMT lets sysadmins perform powerful tasks over a remote connection.

Attackers are hijacking vulnerable home routers to launch attacks against WordPress sites. The attacks exploit two flaws in the TR-069 router management protocol to send malicious requests to port 7547. Experts have been advising home users to limit access to port 7547. Internet service providers (ISPs) could take steps…

Newsletter, a free WordPress plugin with more than 300,000 installations, was found to contain multiple vulnerabilities that could eventually lead to the takeover of an affected website. The bugs were discovered by the Wordfence team who notified the developer of the plugin.

An update for Plesk 12 (Windows) was just released to address various security vulnerabilities and it is recommended that you update as soon as possible. Official Link: http://download1.parallels.com/Plesk/PP12/12.0/release-notes/parallels-plesk-12.0-for-windows-change-log.html#12018-mu52

A serious vulnerability has been discovered in older versions of the popular Code Snippets plugin for WordPress. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution…

Over the past two years, processors, in particular processors made by Intel, have been targeted by an unending series of attacks that have made it possible for skilled attackers to intercept passwords, encryption keys, and other secrets out of data stored in resident memory.

VMware has fixed a critical flaw in its vCenter Server that could be exploited to execute code remotely. The vulnerability affects vCenter versions 6.5 and 6.0. Users are urged to upgrade to versions 6.5c or 6.0U3b. US-CERT warned about the vulnerability, stressing exploitation could result in an attacker taking…