Difference between revisions of "SVG:Advisories-SVG-2016"
Jump to navigation
Jump to search
(Created page with "{{svg-header}}") |
|||
Line 1: | Line 1: | ||
{{svg-header}} | {{svg-header}} | ||
Recent [[SVG:Advisories | Advisories]] | |||
Earlier Advisories: [[SVG:Advisories-SVG-2014-2015 | Advisories from 2014 and 2015 ]] | |||
Earlier Advisories: [[SVG:Advisories-SVG-2011-2013 | Advisories from 2011 to 2013 ]] | |||
{| {{egi-table}} | |||
!Date !! Title !! Contents/Link !! Risk !! Status !! | |||
|- | |||
| 2016-12-20 || Linux kernel's IPv6 implementation - mishandled socket options || [[SVG:Advisory-SVG-CVE-2016-3841 | Advisory-SVG-CVE-2016-3841 ]] || High || Fixed || | |||
|- | |||
|- | |||
| 2016-11-10 updated 2016-12-14 || Linux kernel vulnerability || [[SVG:Advisory-SVG-CVE-2016-7117 | Advisory-SVG-CVE-2016-7117 ]] || High || Heads up || | |||
|- | |||
|- | |||
| 2016-12-06 ||HIGH risk vulnerabilities concerning Xen || [[SVG:Advisory-SVG-CVE-2016-9379 | Advisory-SVG-CVE-2016-9379 ]] || High || Fixed || | |||
|- | |||
|- | |||
| 2016-11-24 ||VOMS server certificate chain/user validation || [[SVG:Advisory-SVG-2016-11495 | Advisory-SVG-2016-11495 ]] || Moderate || Fixed || | |||
|- | |||
|- | |||
| 2016-10-21 || XSS in DIRAC Webapp and Web portal || [[SVG:Advisory-SVG-2016-11107 | Advisory-SVG-2016-11107 ]] || Moderate || Fixed || | |||
|- | |||
|- | |||
| 2016-10-20 updated 2016-10-26 || Linux kernel privilege escalation || [[SVG:Advisory-SVG-CVE-2016-5195 | Advisory-SVG-CVE-2016-5195 ]] || Critical || Fixed || | |||
|- | |||
|- | |||
| 2016-10-10 || gridsite / canl-c impersonation vulnerability || [[SVG:Advisory-SVG-2016-11476 | Advisory-SVG-2016-11476 ]] || Critical || Fixed || | |||
|- | |||
|- | |||
| 2016-08-25 || KeyStone VOMS does not check CRLs || [[SVG:Advisory-SVG-2016-10558 | Advisory-SVG-2016-10558 ]] || Moderate || Fixed || | |||
|- | |||
|- | |||
| 2016-07-18 ||DIRAC configuration - database passwords visible on dirac interface || [[SVG:Advisory-SVG-2016-11255 | Advisory-SVG-2016-11255 ]] || Up to High || Fixed || | |||
|- | |||
|- | |||
| 2016-07-15 || Two Perfsonar Vulnerabilities announced by the Perfsonar team || [[SVG:Advisory-SVG-2016-11363 | Advisory-SVG-2016-11363 ]] || Moderate || Fixed || | |||
|- | |||
|- | |||
| 2016-07-12 || dCache READONLY and non-/ user root not enforced || [[SVG:Advisory-SVG-2016-11288 | Advisory-SVG-2016-11288 ]] || Moderate || Fixed || | |||
|- | |||
|- | |||
| 2016-06-20 || STORM WebDAV interface XXE vulnerability || [[SVG:Advisory-SVG-2015-10134 | Advisory-SVG-2015-10134 ]] || Low || Fixed || | |||
|- | |||
|- | |||
| 2016-06-20 || dCache WebDAV interface XXE vulnerability || [[SVG:Advisory-SVG-2015-10121 | Advisory-SVG-2015-10121 ]] || Low || Fixed || | |||
|- | |||
|- | |||
| 2016-06-13 || iperf3 used in perfSONAR CVE-2016-4303 || [[SVG:Advisory-SVG-CVE-2016-4303 | Advisory-SVG-CVE-2016-4303]] || Critical || Fixed || | |||
|- | |||
|- | |||
| 2016-06-08 || Vulnerability in IBM's GPFS CVE-2016-0392 || [[SVG:Advisory-SVG-CVE-2016-0392 | Advisory-SVG-CVE-2016-0392]] || Critical || Fixed || | |||
|- | |||
|- | |||
| 2016-06-08 || Arbitrary file overwrite vulnerability in WebAppDIRAC || [[SVG:Advisory-SVG-2016-11033 | Advisory-SVG-2016-11033 ]] || High || Fixed || | |||
|- | |||
|- | |||
| 2016-06-08 || dCache configuration issue || [[SVG:Advisory-SVG-2016-10837 | Advisory-SVG-2016-10837 ]] || High || (Config) || | |||
|- | |||
|- | |||
| 2016-06-08 || LHCb Setup scripts || [[SVG:Advisory-SVG-2015-9809 | Advisory-SVG-2015-9809]] || Low || Fixed || | |||
|- | |||
|- | |||
| 2016-06-07 || Authorization by user_id to manage VMs does not work in V2.1 Nova API for OpenStack || [[SVG:Advisory-SVG-2016-11190 | Advisory-SVG-2016-11190]] || High || || | |||
|- | |||
|- | |||
| 2016-05-25 || Dirac Pilot factory payload verification || [[SVG:Advisory-SVG-2014-7440 | Advisory-SVG-2014-7440]] || Low || Migrating from || | |||
|- | |||
|- | |||
| 2016-05-25 || PANDA Pilot factory payload verification || [[SVG:Advisory-SVG-2014-7430 | Advisory-SVG-2014-7430]] || Low || Migrating from || | |||
|- | |||
|- | |||
| 2016-04-28 || OpenStack VM management permissions || [[SVG:Advisory-SVG-2016-10636 | Advisory-SVG-2016-10636]] || Moderate || (Config) || | |||
|- | |||
|- | |||
| 2016-03-11 || NSS heap buffer overflow vulnerability || [[SVG:Advisory-SVG-CVE-2016-1950 | Advisory-SVG-CVE-2016-1950]] || Critical || Fixed || | |||
|- | |||
|- | |||
| 2016-02-17 || glibc remote code execution vulnerability - CVE-2015-7547 || [[SVG:Advisory-SVG-CVE-2015-7547 | Advisory-SVG-CVE-2015-7547]] || Critical || Fixed || | |||
|- | |||
|- | |||
| 2016-02-03 || Linux Kernel Vulnerability - CVE-2016-0728 || [[SVG:Advisory-SVG-2016-10376 | Advisory-SVG-2016-10376 ]] || High || Fixed || | |||
|- | |||
|- | |||
| 2016-01-05 || Linux Kernel Vulnerabilities || [[SVG:Advisory-SVG-2015-CVE-2015-7613 | Advisory-SVG-2015-CVE-2015-7613 ]] || Moderate/High || Fixed || | |||
|- | |||
|} |
Revision as of 13:06, 10 January 2017
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories-SVG-2016
Recent Advisories
Earlier Advisories: Advisories from 2014 and 2015
Earlier Advisories: Advisories from 2011 to 2013
Date | Title | Contents/Link | Risk | Status |
|
---|---|---|---|---|---|
2016-12-20 | Linux kernel's IPv6 implementation - mishandled socket options | Advisory-SVG-CVE-2016-3841 | High | Fixed | |
2016-11-10 updated 2016-12-14 | Linux kernel vulnerability | Advisory-SVG-CVE-2016-7117 | High | Heads up | |
2016-12-06 | HIGH risk vulnerabilities concerning Xen | Advisory-SVG-CVE-2016-9379 | High | Fixed | |
2016-11-24 | VOMS server certificate chain/user validation | Advisory-SVG-2016-11495 | Moderate | Fixed | |
2016-10-21 | XSS in DIRAC Webapp and Web portal | Advisory-SVG-2016-11107 | Moderate | Fixed | |
2016-10-20 updated 2016-10-26 | Linux kernel privilege escalation | Advisory-SVG-CVE-2016-5195 | Critical | Fixed | |
2016-10-10 | gridsite / canl-c impersonation vulnerability | Advisory-SVG-2016-11476 | Critical | Fixed | |
2016-08-25 | KeyStone VOMS does not check CRLs | Advisory-SVG-2016-10558 | Moderate | Fixed | |
2016-07-18 | DIRAC configuration - database passwords visible on dirac interface | Advisory-SVG-2016-11255 | Up to High | Fixed | |
2016-07-15 | Two Perfsonar Vulnerabilities announced by the Perfsonar team | Advisory-SVG-2016-11363 | Moderate | Fixed | |
2016-07-12 | dCache READONLY and non-/ user root not enforced | Advisory-SVG-2016-11288 | Moderate | Fixed | |
2016-06-20 | STORM WebDAV interface XXE vulnerability | Advisory-SVG-2015-10134 | Low | Fixed | |
2016-06-20 | dCache WebDAV interface XXE vulnerability | Advisory-SVG-2015-10121 | Low | Fixed | |
2016-06-13 | iperf3 used in perfSONAR CVE-2016-4303 | Advisory-SVG-CVE-2016-4303 | Critical | Fixed | |
2016-06-08 | Vulnerability in IBM's GPFS CVE-2016-0392 | Advisory-SVG-CVE-2016-0392 | Critical | Fixed | |
2016-06-08 | Arbitrary file overwrite vulnerability in WebAppDIRAC | Advisory-SVG-2016-11033 | High | Fixed | |
2016-06-08 | dCache configuration issue | Advisory-SVG-2016-10837 | High | (Config) | |
2016-06-08 | LHCb Setup scripts | Advisory-SVG-2015-9809 | Low | Fixed | |
2016-06-07 | Authorization by user_id to manage VMs does not work in V2.1 Nova API for OpenStack | Advisory-SVG-2016-11190 | High | ||
2016-05-25 | Dirac Pilot factory payload verification | Advisory-SVG-2014-7440 | Low | Migrating from | |
2016-05-25 | PANDA Pilot factory payload verification | Advisory-SVG-2014-7430 | Low | Migrating from | |
2016-04-28 | OpenStack VM management permissions | Advisory-SVG-2016-10636 | Moderate | (Config) | |
2016-03-11 | NSS heap buffer overflow vulnerability | Advisory-SVG-CVE-2016-1950 | Critical | Fixed | |
2016-02-17 | glibc remote code execution vulnerability - CVE-2015-7547 | Advisory-SVG-CVE-2015-7547 | Critical | Fixed | |
2016-02-03 | Linux Kernel Vulnerability - CVE-2016-0728 | Advisory-SVG-2016-10376 | High | Fixed | |
2016-01-05 | Linux Kernel Vulnerabilities | Advisory-SVG-2015-CVE-2015-7613 | Moderate/High | Fixed |