Difference between revisions of "SVG:Advisories"
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
|- | |- | ||
| | | 2018-01-19 || CPU speculative execution vulnerabilities (Meltdown and Spectre) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical || Ongoing || | ||
|- | |- | ||
Revision as of 09:18, 2 February 2018
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories
All advisories which are disclosed publicly by SVG are placed on this wiki.
A guide to the risk categories is available at Notes On Risk
Date | Title | Contents/Link | Risk | Status | |
---|---|---|---|---|---|
2018-01-19 | CPU speculative execution vulnerabilities (Meltdown and Spectre) | Advisory-SVG-CVE-2017-5753 | Critical | Ongoing | |
2017-12-07 | Various Intel Vulnerabilities | Advisory-SVG-CVE-2017-5712 | (Alert) | Fixed | |
2017-11-02 | SLURM privilege escalation vulnerability | Advisory-SVG-CVE-2017-15566 | Critical | Fixed | |
2017-11-02 | Tomcat remote execution vulnerability in non-standard configurations | Advisory-SVG-CVE-2017-12615 | (Alert) | Fixed | |
2017-10-27 | Kernel exploit affecting small number of configurations | Advisory-SVG-CVE-2017-7184 | Up to critical | Fixed | |
2017-10-10 | dnsmasq multiple vulnerabilities | Advisory-SVG-CVE-2017-14491 | Up to High | Fixed | |
2017-10-10 | Apache Struts vulnerabilities | Advisory-SVG-CVE-2017-12611 | (Information) | Fixed | |
2017-10-10 | VMware Out-of-bounds write vulnerability in SVGA | Advisory-SVG-CVE-2017-4924 | (Alert) | Fixed | |
2017-09-28 | Linux kernel local root vulnerability | Advisory-SVG-CVE-2017-1000253 | High | Fixed | |
2017-09-22 | Various Xen CVEs | Advisory-SVG-CVE-2017-8903 | (Alert) | Fixed | |
2017-08-22 | XROOTD potential for remote code execution | Advisory-SVG-2017-12728 | Low | Fixed | |
2015-08-24 updated 2015-09-10, 2017-08-22 | Old dCache "gridftp door" re-introduced | Advisory-SVG-2015-9323 | Moderate | Fixed | |
2017-08-07 | VOMS Admin allows VO membership requests from users without a certificate | Advisory-SVG-2016-11839 | Low | Fixed | |
2017-08-07 | ARC 5.2.1 World Writeable log directory | Advisory-SVG-2017-12319 | Moderate | Fixed | |
2017-03-20 updated 2017-03-27, 2017-07-04 | Vulnerability concerning VOMS Admin | Advisory-SVG-2017-12543 | Critical | Fixed | |
2017-06-21 updated 2017-07-11 | Stack clash memory allocation vulnerability | Advisory-SVG-CVE-2017-1000364 | High | Fixed | |
2017-06-06 | NSS out of bounds write flaw | Advisory-SVG-CVE-2017-5461 | High | Fixed | |
2017-06-06 | sudo local root vulnerability | Advisory-SVG-CVE-2017-1000367 | Moderate | Fixed | |
2017-03-24 updated 2017-06-01 | canl-c impersonation vulnerability | Advisory-SVG-2017-12276 | High | Fixed | |
2017-04-07 updated 2017-06-01 | OpenStack Vulnerable Configuration problem | Advisory-SVG-2017-12680 | (Check) | ||
2017-06-01 | Qemu and Xen guest escape issues CVE-2016-9603 and others | Advisory-SVG-CVE-2016-9603 | Up to High | Fixed | |
2017-05-17 | Intel AMT Vulnerability | Advisory-SVG-CVE-2017-5689 | (Check) | ||
2017-03-09 updated 2017-04-27 | Linux Kernel (n_hdlc module) privilege escalation vulnerability | Advisory-SVG-CVE-2017-2636 | High | Fixed | |
2017-02-28 | Linux Kernel (DCCP module) privilege escalation vulnerability | Advisory-SVG-CVE-2017-6074 | High | Fixed | |
2017-02-17 | Singularity container escape vulnerability | Advisory-SVG-2017-12381 | Up to High | Fixed | |
2017-02-13 | Attacks on Hadoop installations - check configuration | Advisory-SVG-2017-12931 | (Check) | ||
2017-02-01 | Ansible input validation vulnerability | Advisory-SVG-CVE-2016-9587 | Up to High | Fixed | |
2016-11-10 updated 2016-12-14, 2017-01-13 | Linux kernel vulnerability | Advisory-SVG-CVE-2016-7117 | High | Fixed | |
2017-01-11 | OpenStack Nova Metadata leak -sites should check | Advisory-SVG-2016-12231 | (check) | ||
2017-01-10 | SLURM vulnerability CVE-2016-10030 | Advisory-SVG-CVE-2016-10030 | High | Fixed |
EGI SVG produces advisories according to the EGI SVG issue handling procedure, which was revised in autumn 2015.
Earlier Advisories: Advisories from 2016
Earlier Advisories: Advisories from 2014 and 2015
In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.
Earlier Advisories: Advisories from 2011 to 2013
Advisories from prior to 2011 Gridpp Advisories Archive