Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
(Deprecate and redirect page)
Tag: Replaced
 
(247 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{svg-header}}
{{DeprecatedAndMovedTo|new_location=https://advisories.egi.eu/}}
 
EGI SVG primarily issues advisories concerning gLite Middleware. 
 
CSIRT also issues general alerts  at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts
 
A guide to the risk categories is available at  [[SVG:Notes On Risk | Notes On Risk]]
 
Earlier Advisories: [[SVG:Advisories-SVG-2011-2013 | Advisories from 2011 to 2013 ]]
 
 
{| {{egi-table}}
!Date !! Title !! Contents/Link !! Risk !!  Status !!
 
|-
| 2013-10-25 || Globus GSI-OpenSSH vulnerability  || [[SVG:Advisory-SVG-2013-5168 | Advisory-SVG-2013-5168 ]]
|| Moderate || Fixed ||
|-
 
|-
| 2013-10-25 || BDII Password access vulnerability  || [[SVG:Advisory-SVG-2013-5266 | Advisory-SVG-2013-5266 ]]
|| Moderate || Fixed ||
|-
 
 
 
|-
| 2013-09-26 || CVMFS root exploit  || [[SVG:Advisory-SVG-2013-5890 | Advisory-SVG-2013-5890 ]]
|| Critical || Fixed ||
|-
 
 
|-
| 2013-09-17 || Incorrect permission for APEL parser  and client config  || [[SVG:Advisory-SVG-2013-5615 | Advisory-SVG-2013-5615 ]]
|| Moderate || Fixed ||
|-
 
|-
| 2013-09-17 || Potential for reduced availability of VOMS server || [[SVG:Advisory-SVG-2012-3306 | Advisory-SVG-2012-3306 ]]
|| Low || Fixed ||
|-
 
 
|-
| 2013-09-17 || SAML implementation vulnerability in Unicore || [[SVG:Advisory-SVG-2012-4228 | Advisory-SVG-2012-4228 ]]
|| Low || Fixed ||
|-
 
 
 
 
 
 
 
|-
| 2013-06-14 ||  CREAM BUpdater improperly validated input / arbitrary command execution  || [[SVG:Advisory-SVG-2013-5268 | Advisory-SVG-2013-5268 ]]
|| High || Fixed ||
|-
 
 
 
 
|-
| 2013-04-29 ||  CREAM Axis2 configuration file permissions  || [[SVG:Advisory-SVG-2013-5244 | Advisory-SVG-2013-5244 ]]
|| High || Fixed ||
|-
 
 
|-
| 2013-04-17 ||  VOMS Java APIs incorrect CRL checking || [[SVG:Advisory-SVG-2012-4598 | Advisory-SVG-2012-4598 ]]
|| Moderate || Fixed ||
|-
 
 
 
|-
|2013-03-05 || DPM SQL injection vulnerability  || [[SVG:Advisory-SVG-2011-2683 | Advisory-SVG-2011-2683 ]]
|| High || Fixed ||
|-
 
 
|-
|2013-02-25 || L&B servers not properly checked || [[SVG:Advisory-SVG-2011-3202 | Advisory-SVG-2011-3202 ]]
|| Low || Fixed ||
|-
 
 
 
 
|-
|2013-02-19 || DPM buffer overflow in SRM v2.2 endpoint || [[SVG:Advisory-SVG-2012-4670 | Advisory-SVG-2012-4670 ]]
|| Moderate || Fixed ||
|-
 
 
|-
|2012-12-20 || Gridftp CVE-201203292|| [[SVG:Advisory-SVG-2012-3765 | Advisory-SVG-2012-3765 ]]
|| Low || Fixed ||
|-
 
 
 
|-
|2012-12-19 || DPM world writable files || [[SVG:Advisory-SVG-2012-4560 | Advisory-SVG-2012-4560 ]]
|| Moderate || Fixed ||
|-
 
 
 
|-
|2012-11-21 ||  EMI-2 dcache-srmclient contains world writable files || [[SVG:Advisory-SVG-2012-4600 | Advisory-SVG-2012-4600 ]]
|| High || Fixed ||
|-
 
 
 
 
|-
|2012-11-15 || gLExec - processes not properly cleaned up || [[SVG:Advisory-SVG-2011-1474 | Advisory-SVG-2011-1474 ]]
|| Low || Fixed ||
|-
 
|-
|2012-11-15 || gLExec - prevention of job logging || [[SVG:Advisory-SVG-2011-1641 | Advisory-SVG-2011-1641 ]]
|| Low || Fixed ||
|-
 
 
 
 
|-
|2012-08-29 ||  EMI-1 WMS exposes user proxies || [[SVG:Advisory-SVG-2012-4073 | Advisory-SVG-2012-4073 ]]
|| Critical || Fixed ||
|-
 
|-
|2012-08-29 || WMS proxy theft vulnerability || [[SVG:Advisory-SVG-2012-4039 | Advisory-SVG-2012-4039 ]]
|| High || Fixed ||
|-
 
 
 
|-
|2012-04-04 ||  EMI VOMS CRL handling vulnerability || [[SVG:Advisory-SVG-2012-3438 | Advisory-SVG-2012-3438 ]]
|| Low || Fixed ||
|-
 
|-
|2012-04-04 || BDII Predictable passwords || [[SVG:Advisory-SVG-2011-3235 | Advisory-SVG-2011-3235 ]]
|| Low || Fixed ||
|-
 
 
 
 
|-
|2012-01-24 || Torque Munge Impersonation vulnerability  || [[SVG:Advisory-SVG-2011-3094 | Advisory-SVG-2011-3094 ]]
|| High || Fixed ||
|-
 
|-
|2012-01-24 || APEL publisher File permission vulnerability || [[SVG:Advisory-SVG-2011-504 | Advisory-SVG-2011-504 ]]
|| Low || Fixed ||
|-
 
 
 
 
|-
|2012-01-09 || File Permission on directory in vdt_globus_data_server RPM  || [[SVG:Advisory-SVG-2010-457 | Advisory-SVG-2010-457 ]]
|| Low || Disclosed ||
|-
 
 
 
 
|-
|2011-11-15 || BDII file permission and password vulnerability  || [[SVG:Advisory-SVG-2011-1414 | Advisory-SVG-2011-1414 ]]
|| Moderate || Fixed ||
|-
 
 
|-
|2011-08-15 || Torque Authentication Bypass Vulnerability CVE-2011-2907
  || [[SVG:Advisory-SVG-2011-2296 | Advisory-SVG-2011-2296 ]]
|| High || Fixed ||
|-
 
|-
|2011-07-28 || Insecure Library Loading Vulnerability in the VOMS server
  || [[SVG:Advisory-SVG-2011-342 | Advisory-SVG-2011-342 ]]
|| Low || Fixed ||
|-
|-
|2011-07-28 || VOMS server /tmp file vulnerability
  || [[SVG:Advisory-SVG-2011-1866 | Advisory-SVG-2011-1866 ]]
 
|| Low || Fixed ||
|-
 
 
|-
|2011-06-24 || Torque Server Buffer Overflow Vulnerability - CVE-2011-2193.
  || [[SVG:Advisory-SVG-2011-1870 | Advisory-SVG-2011-1870 ]]
 
|| Moderate || Fixed ||
|-
|-
|2011-04-19 || Critical Vulnerability detected in dCache Admin Web Interface
  || [[SVG:Advisory-SVG-2011-1569 | Advisory-SVG-2011-1569 ]]
 
|| Critical || Fixed ||
|-
|-
|2011-04-19 || VOMS Admin vulnerabilities found by carrying out detailed vulnerability assessment of the package
|| [[SVG:Advisory-SVG-2011-505 | Advisory-SVG-2011-505 ]]
|| High || Fixed ||
|-
|-
|2011-04-04 || WMS vulnerability allowing proxy access
|| [[SVG:Advisory-SVG-2011-1502 | Advisory-SVG-2011-1502 ]]
|| High || Fixed ||
|-
|-
|2011-03-11 || SQL injection vulnerability in the APEL software
|| [[SVG:Advisory-SVG-2011-373 | Advisory-SVG-2011-373 ]]
|| Moderate || Fixed ||
|-
 
 
 
 
|}

Latest revision as of 15:15, 24 June 2022

Alert.png This article is Deprecated and has been moved to https://advisories.egi.eu/.


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=113877"