Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
Line 22: Line 22:
|| Moderate || Fixed ||
|| Moderate || Fixed ||
|-
|-
|-
| 2013-09-26 || CVMFS root exploit  || [[SVG:Advisory-SVG-2013-5890 | Advisory-SVG-2013-5890 ]]
|| Critical || Fixed ||
|-
|-
| 2013-09-17 || Incorrect permission for APEL parser  and client config  || [[SVG:Advisory-SVG-2013-5615 | Advisory-SVG-2013-5615 ]]
|| Moderate || Fixed ||
|-
|-
| 2013-09-17 || Potential for reduced availability of VOMS server || [[SVG:Advisory-SVG-2012-3306 | Advisory-SVG-2012-3306 ]]
|| Low || Fixed ||
|-
|-
| 2013-09-17 || SAML implementation vulnerability in Unicore || [[SVG:Advisory-SVG-2012-4228 | Advisory-SVG-2012-4228 ]]
|| Low || Fixed ||
|-
|-
| 2013-06-14 ||  CREAM BUpdater improperly validated input / arbitrary command execution  || [[SVG:Advisory-SVG-2013-5268 | Advisory-SVG-2013-5268 ]]
|| High || Fixed ||
|-
|-
| 2013-04-29 ||  CREAM Axis2 configuration file permissions  || [[SVG:Advisory-SVG-2013-5244 | Advisory-SVG-2013-5244 ]]
|| High || Fixed ||
|-
|-
| 2013-04-17 ||  VOMS Java APIs incorrect CRL checking || [[SVG:Advisory-SVG-2012-4598 | Advisory-SVG-2012-4598 ]]
|| Moderate || Fixed ||
|-
|-
|2013-03-05 || DPM SQL injection vulnerability  || [[SVG:Advisory-SVG-2011-2683 | Advisory-SVG-2011-2683 ]]
|| High || Fixed ||
|-
|-
|2013-02-25 || L&B servers not properly checked || [[SVG:Advisory-SVG-2011-3202 | Advisory-SVG-2011-3202 ]]
|| Low || Fixed ||
|-
|-
|2013-02-19 || DPM buffer overflow in SRM v2.2 endpoint || [[SVG:Advisory-SVG-2012-4670 | Advisory-SVG-2012-4670 ]]
|| Moderate || Fixed ||
|-
|-
|2012-12-20 || Gridftp CVE-201203292|| [[SVG:Advisory-SVG-2012-3765 | Advisory-SVG-2012-3765 ]]
|| Low || Fixed ||
|-
|-
|2012-12-19 || DPM world writable files || [[SVG:Advisory-SVG-2012-4560 | Advisory-SVG-2012-4560 ]]
|| Moderate || Fixed ||
|-
|-
|2012-11-21 ||  EMI-2 dcache-srmclient contains world writable files || [[SVG:Advisory-SVG-2012-4600 | Advisory-SVG-2012-4600 ]]
|| High || Fixed ||
|-
|-
|2012-11-15 || gLExec - processes not properly cleaned up || [[SVG:Advisory-SVG-2011-1474 | Advisory-SVG-2011-1474 ]]
|| Low || Fixed ||
|-
|-
|2012-11-15 || gLExec - prevention of job logging || [[SVG:Advisory-SVG-2011-1641 | Advisory-SVG-2011-1641 ]]
|| Low || Fixed ||
|-
|-
|2012-08-29 ||  EMI-1 WMS exposes user proxies || [[SVG:Advisory-SVG-2012-4073 | Advisory-SVG-2012-4073 ]]
|| Critical || Fixed ||
|-
|-
|2012-08-29 || WMS proxy theft vulnerability || [[SVG:Advisory-SVG-2012-4039 | Advisory-SVG-2012-4039 ]]
|| High || Fixed ||
|-
|-
|2012-04-04 ||  EMI VOMS CRL handling vulnerability || [[SVG:Advisory-SVG-2012-3438 | Advisory-SVG-2012-3438 ]]
|| Low || Fixed ||
|-
|-
|2012-04-04 || BDII Predictable passwords || [[SVG:Advisory-SVG-2011-3235 | Advisory-SVG-2011-3235 ]]
|| Low || Fixed ||
|-
|-
|2012-01-24 || Torque Munge Impersonation vulnerability  || [[SVG:Advisory-SVG-2011-3094 | Advisory-SVG-2011-3094 ]]
|| High || Fixed ||
|-
|-
|2012-01-24 || APEL publisher File permission vulnerability || [[SVG:Advisory-SVG-2011-504 | Advisory-SVG-2011-504 ]]
|| Low || Fixed ||
|-
|-
|2012-01-09 || File Permission on directory in vdt_globus_data_server RPM  || [[SVG:Advisory-SVG-2010-457 | Advisory-SVG-2010-457 ]]
|| Low || Disclosed ||
|-
|-
|2011-11-15 || BDII file permission and password vulnerability  || [[SVG:Advisory-SVG-2011-1414 | Advisory-SVG-2011-1414 ]]
|| Moderate || Fixed ||
|-
|-
|2011-08-15 || Torque Authentication Bypass Vulnerability CVE-2011-2907
  || [[SVG:Advisory-SVG-2011-2296 | Advisory-SVG-2011-2296 ]]
|| High || Fixed ||
|-
|-
|2011-07-28 || Insecure Library Loading Vulnerability in the VOMS server
  || [[SVG:Advisory-SVG-2011-342 | Advisory-SVG-2011-342 ]]
|| Low || Fixed ||
|-
|-
|2011-07-28 || VOMS server /tmp file vulnerability
  || [[SVG:Advisory-SVG-2011-1866 | Advisory-SVG-2011-1866 ]]
|| Low || Fixed ||
|-
|-
|2011-06-24 || Torque Server Buffer Overflow Vulnerability - CVE-2011-2193.
  || [[SVG:Advisory-SVG-2011-1870 | Advisory-SVG-2011-1870 ]]
|| Moderate || Fixed ||
|-
|-
|2011-04-19 || Critical Vulnerability detected in dCache Admin Web Interface
  || [[SVG:Advisory-SVG-2011-1569 | Advisory-SVG-2011-1569 ]]
|| Critical || Fixed ||
|-
|-
|2011-04-19 || VOMS Admin vulnerabilities found by carrying out detailed vulnerability assessment of the package
|| [[SVG:Advisory-SVG-2011-505 | Advisory-SVG-2011-505 ]]
|| High || Fixed ||
|-
|-
|2011-04-04 || WMS vulnerability allowing proxy access
|| [[SVG:Advisory-SVG-2011-1502 | Advisory-SVG-2011-1502 ]]
|| High || Fixed ||
|-
|-
|2011-03-11 || SQL injection vulnerability in the APEL software
|| [[SVG:Advisory-SVG-2011-373 | Advisory-SVG-2011-373 ]]
|| Moderate || Fixed ||
|-




|}
|}

Revision as of 18:52, 20 February 2014

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


EGI SVG primarily issues advisories concerning gLite Middleware.

CSIRT also issues general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts

A guide to the risk categories is available at Notes On Risk

Earlier Advisories: Advisories from 2011 to 2013


Date Title Contents/Link Risk Status
2013-10-25 Globus GSI-OpenSSH vulnerability Advisory-SVG-2013-5168 Moderate Fixed
2013-10-25 BDII Password access vulnerability Advisory-SVG-2013-5266 Moderate Fixed
Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=64894"