SVG:Advisories
Jump to navigation
Jump to search
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories
All advisories which are disclosed publicly by SVG are placed on this wiki.
A guide to the risk categories is available at Notes On Risk
Date | Title | Contents/Link | Risk | Status | |
---|---|---|---|---|---|
2017-08-22 | XROOTD potential for remote code execution | Advisory-SVG-2017-12728 | Low | Fixed | |
2017-08-22 | Old dCache "gridftp door" re-introduced | Advisory-SVG-2015-9323 | Moderate | Fixed | |
2017-08-07 | VOMS Admin allows VO membership requests from users without a certificate | Advisory-SVG-2016-11839 | Low | Fixed | |
2017-08-07 | ARC 5.2.1 World Writeable log directory | Advisory-SVG-2017-12319 | Moderate | Fixed | |
2017-03-20 updated 2017-03-27, 2017-07-04 | Vulnerability concerning VOMS Admin | Advisory-SVG-2017-12543 | Critical | Fixed | |
2017-06-21 updated 2017-07-11 | Stack clash memory allocation vulnerability | Advisory-SVG-CVE-2017-1000364 | High | Fixed | |
2017-06-06 | NSS out of bounds write flaw | Advisory-SVG-CVE-2017-5461 | High | Fixed | |
2017-06-06 | sudo local root vulnerability | Advisory-SVG-CVE-2017-1000367 | Moderate | Fixed | |
2017-03-24 updated 2017-06-01 | canl-c impersonation vulnerability | Advisory-SVG-2017-12276 | High | Fixed | |
2017-04-07 updated 2017-06-01 | OpenStack Vulnerable Configuration problem | Advisory-SVG-2017-12680 | (Check) | ||
2017-06-01 | Qemu and Xen guest escape issues CVE-2016-9603 and others | Advisory-SVG-CVE-2016-9603 | Up to High | Fixed | |
2017-05-17 | Intel AMT Vulnerability | Advisory-SVG-CVE-2017-5689 | (Check) | ||
2017-03-09 updated 2017-04-27 | Linux Kernel (n_hdlc module) privilege escalation vulnerability | Advisory-SVG-CVE-2017-2636 | High | Fixed | |
2017-02-28 | Linux Kernel (DCCP module) privilege escalation vulnerability | Advisory-SVG-CVE-2017-6074 | High | Fixed | |
2017-02-17 | Singularity container escape vulnerability | Advisory-SVG-2017-12381 | Up to High | Fixed | |
2017-02-13 | Attacks on Hadoop installations - check configuration | Advisory-SVG-2017-12931 | (Check) | ||
2017-02-01 | Ansible input validation vulnerability | Advisory-SVG-CVE-2016-9587 | Up to High | Fixed | |
2016-11-10 updated 2016-12-14, 2017-01-13 | Linux kernel vulnerability | Advisory-SVG-CVE-2016-7117 | High | Fixed | |
2017-01-11 | OpenStack Nova Metadata leak -sites should check | Advisory-SVG-2016-12231 | (check) | ||
2017-01-10 | SLURM vulnerability CVE-2016-10030 | Advisory-SVG-CVE-2016-10030 | High | Fixed |
EGI SVG produces advisories according to the EGI SVG issue handling procedure, which was revised in autumn 2015.
Earlier Advisories: Advisories from 2016
Earlier Advisories: Advisories from 2014 and 2015
In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.
Earlier Advisories: Advisories from 2011 to 2013
Advisories from prior to 2011 Gridpp Advisories Archive