Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
(Deprecate and redirect page)
Tag: Replaced
 
(203 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{svg-header}}
{{DeprecatedAndMovedTo|new_location=https://advisories.egi.eu/}}
 
EGI SVG primarily issues advisories concerning gLite Middleware. 
 
CSIRT also issues general alerts  at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts
 
A guide to the risk categories is available at  [[SVG:Notes On Risk | Notes On Risk]]
 
Earlier Advisories: [[SVG:Advisories-SVG-2011-2013 | Advisories from 2011 to 2013 ]]
 
 
{| {{egi-table}}
!Date !! Title !! Contents/Link !! Risk !!  Status !!
 
|-
| 2015-11-06 || Remote arbitrary code execution vulnerabilities in the core crypto library used by RedHat.  ||  [[SVG:Advisory-SVG-2015-CVE-2015-7813 | Advisory-SVG-2015-CVE-2015-7813 ]]  || Critical  || Fixed  ||
|-
 
 
 
 
|-
| 2015-11-03 || Xen Breakout Vulnerability  ||  [[SVG:Advisory-SVG-2015-CVE-2015-7835 | Advisory-SVG-2015-CVE-2015-7835 ]]
  || Critical  || Fixed  ||
|-
 
 
 
|-
| 2015-10-28 || Various Java CVE's with max CVSS score ||  [[SVG:Advisory-SVG-2015-9707 | Advisory-SVG-2015-9707 ]]
  ||  || Fixed  ||
|-
 
|-
| 2015-10-26 || Vulnerability in the dCache SRM server module  ||  [[SVG:Advisory-SVG-2015-9495 | Advisory-SVG-2015-9495 ]]
  || High  || Fixed  ||
|-
 
 
 
 
|-
| 2015-10-13 || Dirac does not check CRLs  ||  [[SVG:Advisory-SVG-2015-8580 | Advisory-SVG-2015-8580 ]]
  || High  || Fixed  ||
|-
 
 
|-
| 2015-10-13 ||security notice regarding signing key and binary downloads of Ceph  ||  [[SVG:Advisory-SVG-2015-9517 | Advisory-SVG-2015-9517 ]]
  ||  ||  ||
|-
 
 
|-
| 2015-08-18 || VOMs Potential DoS  ||  [[SVG:Advisory-SVG-2014-7159 | Advisory-SVG-2014-7159 ]]
  || Low || Fixed ||
|-
 
 
|-
| 2015-08-13 || DIRAC SQL injection vulnerability  ||  [[SVG:Advisory-SVG-2014-7553 | Advisory-SVG-2014-7553 ]]
  || High || Fixed ||
|-
 
 
 
|-
| 2015-07-24 || libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat  ||  [[EGI_CSIRT:Alerts/libuser-2015-07-24  | Alerts/libuser-2015-07-24  ]]
  || Critical || Fixed ||
|-
 
 
 
|-
| 2015-07-13 || OpenSSL release on 9th July - CVE-2015-1793 ||  [[SVG:Advisory-SVG-2015-9065 | Advisory-SVG-2015-9065 ]]
  || N/A || Fixed ||
|-
 
 
|-
| 2015-06-23 ||  OpenStack Cinder CVE-2015-1850  ||  [[SVG:Advisory-SVG-2015-8964 | Advisory-SVG-2015-8964 ]]
  || High || Fixed ||
|-
 
 
|-
| 2015-06-05 || Persistent XSS in OpenStack Horizon admin dashboard. CVE-2015-3988  ||  [[SVG:Advisory-SVG-2015-8706 | Advisory-SVG-2015-8706 ]]
  || Up to High || Fixed ||
|-
 
 
|-
| 2015-05-27 || perfSONAR potential for a remote root exploit (in non-recommended configuration) ||  [[SVG:Advisory-SVG-2015-8479 | Advisory-SVG-2015-8479 ]]
  || High || Fixed ||
|-
 
 
 
 
|-
| 2015-05-13 || Buffer overflow vulnerability in xrootd client  ||  [[SVG:Advisory-SVG-2015-8464 | Advisory-SVG-2015-8464 ]]
  || Low || Fixed ||
|-
 
 
 
|-
| 2015-04-01 || OpenSSL updates released on 19th March 2015 and VOMS  ||  [[SVG:Advisory-SVG-2015-8343 | Advisory-SVG-2015-8343 ]]
  || Low || Fixed ||
|-
 
 
|-
| 2015-03-31 || Unicore command injection vulnerability  ||  [[SVG:Advisory-SVG-2014-7749 | Advisory-SVG-2014-7749 ]]
  || High || Fixed ||
|-
 
 
|-
| 2015-03-30 ||  CVE-2015-1815 RedHat setroubleshoot (link to csirt alerts)  ||  [[EGI_CSIRT:Alerts/RedHat-setroubleshoot-2015-03-30  | Alerts/RedHat-setroubleshoot-2015-03-30    ]]
  || Critical || Fixed ||
|-
 
|-
| 2015-02-20 || EGI SVG Advisory - dCache vulnerability for some access methods  ||  [[SVG:Advisory-SVG-2015-8183 | Advisory-SVG-2015-8183 ]]
  || N/A || Fixed ||
|-
 
|-
| 2015-02-11 || CVE-2015-1195 OpenStack  ||  [[SVG:Advisory-SVG-2015-8056 | Advisory-SVG-2015-8056 ]]
  || High || Fixed ||
|-
 
|-
| 2015-02-11 || Torque CVE-2014-3684 resolved in Torque version in the EGI AppDB part of the UMD  ||  [[SVG:Advisory-SVG-2014-7628 | Advisory-SVG-2014-7628 ]]
  || Moderate || Fixed ||
|-
 
|-
| 2015-01-14 || DPM Wiki instructs insecure configuration if configured 'memcached' ||  [[SVG:Advisory-SVG-2015-7980 | Advisory-SVG-2015-7980 ]]
  || Moderate || Fixed ||
|-
 
|-
| 2015-01-14 || CVE-2014-5261,  CVE-2014-5262  Cacti remote command and code execution vulnerabilities - relevant to sites running Perfsonar  ||  [[SVG:Advisory-SVG-2014-7191 | Advisory-SVG-2014-7191 ]]
  || High || Fixed ||
|-
 
|-
| 2015-01-14 || FTS3 and GFAL2 allow attacker to impersonate other users and destroy their data  ||  [[SVG:Advisory-SVG-2014-7696 | Advisory-SVG-2014-7696 ]]
  || High || Fixed ||
|-
 
 
 
 
 
|-
| 2014-11-12 || User introduction of Rogue VMs - Openstack ||  [[SVG:Advisory-SVG-2014-7472 | Advisory-SVG-2014-7472 ]]
  || High || Fixed ||
|-
 
 
|-
| 2014-09-29 || Buffer Overflow Vulnerability (Atlas FAX sites) ||  [[SVG:Advisory-SVG-2014-7372 | Advisory-SVG-2014-7372 ]]
  || High || Fixed ||
|-
 
|-
| 2014-08-06 ||  WMS allows other users to access logging information  ||  [[SVG:Advisory-SVG-2013-5346 | Advisory-SVG-2013-5346 ]]
  || Moderate || Fixed ||
|-
 
|-
| 2014-08-06 ||  glite_wms_wmproxy_dirmanager allows any user to change the permissions on any directory  ||  [[SVG:Advisory-SVG-2013-5560 | Advisory-SVG-2013-5560 ]]
  || Moderate || Fixed ||
|-
 
 
 
 
 
|-
| 2014-08-05 || Remote access to dCache configuration information  ||  [[SVG:Advisory-SVG-2014-7009 | Advisory-SVG-2014-7009 ]]
  || Moderate || Fixed ||
|-
 
|-
| 2014-08-05 || DPM Information Leak Vulnerability  ||  [[SVG:Advisory-SVG-2012-3390 | Advisory-SVG-2012-3390 ]]
  || Low || Fixed ||
|-
 
|-
| 2014-08-05 || PerfSONAR web interface vulnerabilities  ||  [[SVG:Advisory-SVG-2013-6052 | Advisory-SVG-2013-6052 ]]
  || Moderate || Fixed ||
|-
 
|-
| 2014-08-05 || FTS3 - Lack of Authorization on config commands ||  [[SVG:Advisory-SVG-2013-5769 | Advisory-SVG-2013-5769 ]]
  || Low || Fixed ||
|-
 
|-
| 2014-07-17 || Perfsonar 'Cacti' graphs web vulnerability  ||  [[SVG:Advisory-SVG-2014-7162 | Advisory-SVG-2014-7162 ]]
  || Critical || Fixed ||
|-
 
|-
| 2014-06-23 || EMI WMS Impersonation vulnerability  ||  [[SVG:Advisory-SVG-2013-5331 | Advisory-SVG-2013-5331 ]]
  || High || Fixed ||
|-
 
|-
| 2014-06-02 ||  DPM version in EPEL  ||  [[SVG:Advisory-SVG-2014-6963 | Advisory-SVG-2014-6963 ]]
  || High || Fixed ||
|-
 
 
|-
| 2014-04-10 || WN and UI tarballs in the EMI repository contain a version of OpenSSL vulnerable to CVE-2014-016  ||  [[SVG:Advisory-SVG-2014-6884 | Advisory-SVG-2014-6884 ]]
  || Critical || Fixed ||
|-
 
|-
| 2014-04-08 || OpenSSL "Heartbleed" vulnerability CVE-2014-0160 (Link to CSIRT alert) ||  [[EGI_CSIRT:Alerts/OpenSSL-2014-04-08| OpenSSL-2014-04-08]] || Critical || Fixed ||
|-
 
 
|-
| 2014-03-27 || Torque Vulnerability: arbitrary code execution via job submission || [[SVG:Advisory-SVG-2014-6627 | Advisory-SVG-2014-6627 ]]
|| High || Fixed ||
|-
 
|-
| 2014-03-25 || Vulnerabilities in STORM || [[SVG:Advisory-SVG-2013-6116 | Advisory-SVG-2013-6116 ]]
|| High || Fixed ||
|-
 
|-
| 2014-02-13 ||  Results of CREAM vulnerability Assessment || [[SVG:Advisory-SVG-2013-5813 | Advisory-SVG-2013-5813 ]]
|| High || Fixed ||
|-
 
 
|}

Latest revision as of 15:15, 24 June 2022

Alert.png This article is Deprecated and has been moved to https://advisories.egi.eu/.


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=113877"