Difference between revisions of "SVG:Advisories"
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
{| {{egi-table}} | {| {{egi-table}} | ||
!Date !! Title !! Contents/Link !! Risk !! Status !! | !Date !! Title !! Contents/Link !! Risk !! Status !! | ||
|- | |||
| 2015-10-13 || Dirac does not check CRLs || [[SVG:Advisory-SVG-2015-8580 | Advisory-SVG-2015-8580 ]] | |||
|| || || | |||
|- | |||
|- | |- |
Revision as of 11:53, 13 October 2015
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories
EGI SVG primarily issues advisories concerning gLite Middleware.
CSIRT also issues general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts
A guide to the risk categories is available at Notes On Risk
Earlier Advisories: Advisories from 2011 to 2013
Date | Title | Contents/Link | Risk | Status |
|
---|---|---|---|---|---|
2015-10-13 | Dirac does not check CRLs | Advisory-SVG-2015-8580 | |||
2015-10-13 | security notice regarding signing key and binary downloads of Ceph | Advisory-SVG-2015-9517 | |||
2015-08-18 | VOMs Potential DoS | Advisory-SVG-2014-7159 | Low | Fixed | |
2015-08-13 | DIRAC SQL injection vulnerability | Advisory-SVG-2014-7553 | High | Fixed | |
2015-07-24 | libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat | Alerts/libuser-2015-07-24 | Critical | Fixed | |
2015-07-13 | OpenSSL release on 9th July - CVE-2015-1793 | Advisory-SVG-2015-9065 | N/A | Fixed | |
2015-06-23 | OpenStack Cinder CVE-2015-1850 | Advisory-SVG-2015-8964 | High | Fixed | |
2015-06-05 | Persistent XSS in OpenStack Horizon admin dashboard. CVE-2015-3988 | Advisory-SVG-2015-8706 | Up to High | Fixed | |
2015-05-27 | perfSONAR potential for a remote root exploit (in non-recommended configuration) | Advisory-SVG-2015-8479 | High | Fixed | |
2015-05-13 | Buffer overflow vulnerability in xrootd client | Advisory-SVG-2015-8464 | Low | Fixed | |
2015-04-01 | OpenSSL updates released on 19th March 2015 and VOMS | Advisory-SVG-2015-8343 | Low | Fixed | |
2015-03-31 | Unicore command injection vulnerability | Advisory-SVG-2014-7749 | High | Fixed | |
2015-03-30 | CVE-2015-1815 RedHat setroubleshoot (link to csirt alerts) | Alerts/RedHat-setroubleshoot-2015-03-30 | Critical | Fixed | |
2015-02-20 | EGI SVG Advisory - dCache vulnerability for some access methods | Advisory-SVG-2015-8183 | N/A | Fixed | |
2015-02-11 | CVE-2015-1195 OpenStack | Advisory-SVG-2015-8056 | High | Fixed | |
2015-02-11 | Torque CVE-2014-3684 resolved in Torque version in the EGI AppDB part of the UMD | Advisory-SVG-2014-7628 | Moderate | Fixed | |
2015-01-14 | DPM Wiki instructs insecure configuration if configured 'memcached' | Advisory-SVG-2015-7980 | Moderate | Fixed | |
2015-01-14 | CVE-2014-5261, CVE-2014-5262 Cacti remote command and code execution vulnerabilities - relevant to sites running Perfsonar | Advisory-SVG-2014-7191 | High | Fixed | |
2015-01-14 | FTS3 and GFAL2 allow attacker to impersonate other users and destroy their data | Advisory-SVG-2014-7696 | High | Fixed | |
2014-11-12 | User introduction of Rogue VMs - Openstack | Advisory-SVG-2014-7472 | High | Fixed | |
2014-09-29 | Buffer Overflow Vulnerability (Atlas FAX sites) | Advisory-SVG-2014-7372 | High | Fixed | |
2014-08-06 | WMS allows other users to access logging information | Advisory-SVG-2013-5346 | Moderate | Fixed | |
2014-08-06 | glite_wms_wmproxy_dirmanager allows any user to change the permissions on any directory | Advisory-SVG-2013-5560 | Moderate | Fixed | |
2014-08-05 | Remote access to dCache configuration information | Advisory-SVG-2014-7009 | Moderate | Fixed | |
2014-08-05 | DPM Information Leak Vulnerability | Advisory-SVG-2012-3390 | Low | Fixed | |
2014-08-05 | PerfSONAR web interface vulnerabilities | Advisory-SVG-2013-6052 | Moderate | Fixed | |
2014-08-05 | FTS3 - Lack of Authorization on config commands | Advisory-SVG-2013-5769 | Low | Fixed | |
2014-07-17 | Perfsonar 'Cacti' graphs web vulnerability | Advisory-SVG-2014-7162 | Critical | Fixed | |
2014-06-23 | EMI WMS Impersonation vulnerability | Advisory-SVG-2013-5331 | High | Fixed | |
2014-06-02 | DPM version in EPEL | Advisory-SVG-2014-6963 | High | Fixed | |
2014-04-10 | WN and UI tarballs in the EMI repository contain a version of OpenSSL vulnerable to CVE-2014-016 | Advisory-SVG-2014-6884 | Critical | Fixed | |
2014-04-08 | OpenSSL "Heartbleed" vulnerability CVE-2014-0160 (Link to CSIRT alert) | OpenSSL-2014-04-08 | Critical | Fixed | |
2014-03-27 | Torque Vulnerability: arbitrary code execution via job submission | Advisory-SVG-2014-6627 | High | Fixed | |
2014-03-25 | Vulnerabilities in STORM | Advisory-SVG-2013-6116 | High | Fixed | |
2014-02-13 | Results of CREAM vulnerability Assessment | Advisory-SVG-2013-5813 | High | Fixed |