The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "SVG:Advisories"
Jump to navigation
Jump to search
| Line 12: | Line 12: | ||
|- | |- | ||
|2012-11-15 || | |2012-11-15 || gLExec - processes not properly cleaned up || [[SVG:Advisory-SVG-2011-1474 | Advisory-SVG-2011-1474 ]] | ||
|| Low || Fixed || | || Low || Fixed || | ||
|- | |- | ||
|- | |- | ||
|2012-11-15 || | |2012-11-15 || gLExec - prevention of job logging || [[SVG:Advisory-SVG-2011-1641 | Advisory-SVG-2011-1641 ]] | ||
|| Low || Fixed || | || Low || Fixed || | ||
|- | |- | ||
Revision as of 17:18, 15 November 2012
| Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories
EGI SVG primarily issues advisories concerning gLite Middleware.
CSIRT also issues general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts
A guide to the risk categories is available at Notes On Risk
| Date | Title | Contents/Link | Risk | Status | |
|---|---|---|---|---|---|
| 2012-11-15 | gLExec - processes not properly cleaned up | Advisory-SVG-2011-1474 | Low | Fixed | |
| 2012-11-15 | gLExec - prevention of job logging | Advisory-SVG-2011-1641 | Low | Fixed | |
| 2012-08-29 | EMI-1 WMS exposes user proxies | Advisory-SVG-2012-4073 | Critical | Fixed | |
| 2012-08-29 | WMS proxy theft vulnerability | Advisory-SVG-2012-4039 | High | Fixed | |
| 2012-04-04 | EMI VOMS CRL handling vulnerability | Advisory-SVG-2012-3438 | Low | Fixed | |
| 2012-04-04 | BDII Predictable passwords | Advisory-SVG-2011-3235 | Low | Fixed | |
| 2012-01-24 | Torque Munge Impersonation vulnerability | Advisory-SVG-2011-3094 | High | Fixed | |
| 2012-01-24 | APEL publisher File permission vulnerability | Advisory-SVG-2011-504 | Low | Fixed | |
| 2012-01-09 | File Permission on directory in vdt_globus_data_server RPM | Advisory-SVG-2010-457 | Low | Disclosed | |
| 2011-11-15 | BDII file permission and password vulnerability | Advisory-SVG-2011-1414 | Moderate | Fixed | |
| 2011-08-15 | Torque Authentication Bypass Vulnerability CVE-2011-2907 | Advisory-SVG-2011-2296 | High | Fixed | |
| 2011-07-28 | Insecure Library Loading Vulnerability in the VOMS server | Advisory-SVG-2011-342 | Low | Fixed | |
| 2011-07-28 | VOMS server /tmp file vulnerability | Advisory-SVG-2011-1866 | Low | Fixed | |
| 2011-06-24 | Torque Server Buffer Overflow Vulnerability - CVE-2011-2193. | Advisory-SVG-2011-1870 | Moderate | Fixed | |
| 2011-04-19 | Critical Vulnerability detected in dCache Admin Web Interface | Advisory-SVG-2011-1569 | Critical | Fixed | |
| 2011-04-19 | VOMS Admin vulnerabilities found by carrying out detailed vulnerability assessment of the package | Advisory-SVG-2011-505 | High | Fixed | |
| 2011-04-04 | WMS vulnerability allowing proxy access | Advisory-SVG-2011-1502 | High | Fixed | |
| 2011-03-11 | SQL injection vulnerability in the APEL software | Advisory-SVG-2011-373 | Moderate | Fixed |