|
|
Line 9: |
Line 9: |
| [[SVG:Speculative Execution Vulnerabilities | SVG Speculative execution vulnerabilities ]] | | [[SVG:Speculative Execution Vulnerabilities | SVG Speculative execution vulnerabilities ]] |
|
| |
|
| This may be useful to sites in conjunction with the advisories[[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]], [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]], and [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620]] below. | | This may be useful to sites in conjunction with the advisories[[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]], [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]], and [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620]] from 2018. |
|
| |
|
| {| {{egi-table}} | | {| {{egi-table}} |
Line 17: |
Line 17: |
| | 2019-01-10 || systemd-journald vulnerabilities | | | 2019-01-10 || systemd-journald vulnerabilities |
| || [[SVG:Advisory-SVG-2019-15258| Advisory-SVG-2019-15258 ]] || Up to Critical ||Heads Up || | | || [[SVG:Advisory-SVG-2019-15258| Advisory-SVG-2019-15258 ]] || Up to Critical ||Heads Up || |
| |-
| |
|
| |
| |-
| |
| | 2018-12-13 updated 2019-01-03 || Vulnerability in Singularity on CentOS/EL7
| |
| || [[SVG:Advisory-SVG-CVE-2018-19295| Advisory-SVG-CVE-2018-19295 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-12-19 || VMware integer overflow vulnerability
| |
| || [[SVG:Advisory-SVG-CVE-2018-6983| Advisory-SVG-CVE-2018-6983 ]] || Alert || Fixed ||
| |
| |-
| |
|
| |
|
| |
|
| |
| |-
| |
| | 2018-12-14 || Remote authenticated DoS on CREAM-CE
| |
| || [[SVG:Advisory-SVG-2017-12435| Advisory-SVG-2017-12435 ]] || Low || Fixed ||
| |
| |-
| |
|
| |
|
| |
|
| |
|
| |
| |-
| |
| | 2018-12-06 || Kubernetes privilege escalation vulnerability || [[SVG:Advisory-SVG-CVE-2018-1002105 | Advisory-SVG-CVE-2018-1002105 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
|
| |
| |-
| |
| | 2018-10-24 || VMware out of bounds read vulnerability || [[SVG:Advisory-SVG-CVE-2018-6974 | Advisory-SVG-CVE-2018-6974 ]] || Alert Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-10-18 update 2018-10-23|| Multiple Oracle Database and other Oracle Vulnerabilities || [[SVG:Advisory-SVG-CVE-2018-3259 | Advisory-SVG-CVE-2018-3259 ]] || Alert Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-10-03|| Vulnerability in RedHat Ceph Storage 2.5 || [[SVG:Advisory-SVG-CVE-2018-14649 | Advisory-SVG-CVE-2018-14649 ]] || Alert Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-09-27 update 2018-10-03, 2018-10-11|| Integer overflow vulnerability in the Linux kernel's create_elf_tables() function. || [[SVG:Advisory-SVG-CVE-2018-14634 | Advisory-SVG-CVE-2018-14634 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
|
| |
| |-
| |
| | 2018-09-04 || L1TF - Speculative Execution Side Channel vulnerabilities concerning Intel processors || [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || High || Fixed ||
| |
| |-
| |
|
| |
|
| |
|
| |
| |-
| |
| | 2018-08-17 || cobbler vulnerability: CobblerXMLRPCInterface exports all its methods over XMLRPC || [[SVG:Advisory-SVG-CVE-2018-10931 | Advisory-SVG-CVE-2018-10931 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-08-17 || Oracle Database Vulnerability || [[SVG:Advisory-SVG-CVE-2018-3110 | Advisory-SVG-CVE-2018-3110 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-07-05, updated 2018-07-09, 2018-07-20 || Singularity vulnerability allowing access to protected files || [[SVG:Advisory-SVG-CVE-2018-12021 | Advisory-SVG-CVE-2018-12021 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-03-28 update 2018-07-20 ||data-channel encryption is not enforced in gridftp || [[SVG:Advisory-SVG-2018-14117 | Advisory-SVG-2018-14117 ]] || Alert || ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-05-24 || Kernel Side-Channel Attack using Speculative Store Bypass vulnerability || [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] || High || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-03-26 update 2018-05-24 || glibc vulnerability || [[SVG:Advisory-SVG-CVE-2018-1000001 | Advisory-SVG-CVE-2018-1000001 ]] || Up to Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-04-30 update 2018-05-23 || Local privilege escalation using singularity || [[SVG:Advisory-SVG-2018-14311 | Advisory-SVG-2018-14311 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-03-29 update 2018-05-23 ||Singularity can be tricked to create directories and files outside the container. || [[SVG:Advisory-SVG-2018-14213 | Advisory-SVG-2018-14213 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-05-16 || Command injection via DHCP response || [[SVG:Advisory-SVG-CVE-2018-1111 | Advisory-SVG-CVE-2018-1111 ]] || Critical || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-05-16 || multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) || [[SVG:Advisory-SVG-CVE-2018-8897 | Advisory-SVG-CVE-2018-8897 ]] || Moderate || Fixed ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-04-14 update 2018-05-08 || DPM SRM Buffer Overflow || [[SVG:Advisory-SVG-2017-13915 | Advisory-SVG-2017-13915 ]] || Moderate || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-04-13 || MySQL Server compromise || [[SVG:Advisory-SVG-CVE-2018-2562 | Advisory-SVG-CVE-2018-2562 ]] || Up to High || ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-03-22 update 2018-04-13 || Vulnerability concerning SLURM || [[SVG:Advisory-SVG-CVE-2018-7033 | Advisory-SVG-CVE-2018-7033 ]] || Up to Critical || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-03-05 update 2018-03-19 || Vulnerability in Singularity 2.3.2 allowing escape from the container || [[SVG:Advisory-SVG-2018-14145 | Advisory-SVG-2018-14145 ]] || High || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-03-05 update 2018-03-19 || Image mounting via Singularity || [[SVG:Advisory-SVG-2018-13999 | Advisory-SVG-2018-13999 ]] || Alert || ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-02-23 update 2018-03-19, 2018-05-16 || linux kernel 'use-after-free' flaw in XFRM || [[SVG:Advisory-SVG-CVE-2017-16939 | Advisory-SVG-CVE-2017-16939 ]] || Alert || ||
| |
| |-
| |
|
| |
|
| |
| |-
| |
| | 2018-02-07 update 2018-03-05 || VOMS Admin privilege escalation vulnerability || [[SVG:Advisory-SVG-2017-13249 | Advisory-SVG-2017-13249 ]] || Moderate || Fixed ||
| |
| |-
| |
|
| |
| |-
| |
| | 2018-02-12 || ROBOT attack - Various Vulnerabilities || [[SVG:Advisory-SVG-2017-13925 | Advisory-SVG-2017-13925 ]] || (Information) || ||
| |
| |-
| |
|
| |
|
| |
|
| |
| |-
| |
| | 2018-01-23 || CPU speculative execution vulnerabilities (Meltdown and Spectre) || [[SVG:Advisory-SVG-CVE-2017-5753 | Advisory-SVG-CVE-2017-5753 ]] || Critical || Ongoing ||
| |
| |- | | |- |
|
| |
|