Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:Advisories-SVG-2018

From EGIWiki
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories-SVG-2018


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

This may be useful to sites in conjunction with the advisories Advisory-SVG-CVE-2017-5753 , Advisory-SVG-CVE-2018-3639 , and Advisory-SVG-CVE-2018-3620 below.

Date Title Contents/Link Risk Status
2019-01-10 systemd-journald vulnerabilities Advisory-SVG-2019-15258 Up to Critical Heads Up
2018-12-13 updated 2019-01-03 Vulnerability in Singularity on CentOS/EL7 Advisory-SVG-CVE-2018-19295 Critical Fixed
2018-12-19 VMware integer overflow vulnerability Advisory-SVG-CVE-2018-6983 Alert Fixed
2018-12-14 Remote authenticated DoS on CREAM-CE Advisory-SVG-2017-12435 Low Fixed
2018-12-06 Kubernetes privilege escalation vulnerability Advisory-SVG-CVE-2018-1002105 Critical Fixed
2018-10-24 VMware out of bounds read vulnerability Advisory-SVG-CVE-2018-6974 Alert Critical Fixed
2018-10-18 update 2018-10-23 Multiple Oracle Database and other Oracle Vulnerabilities Advisory-SVG-CVE-2018-3259 Alert Critical Fixed
2018-10-03 Vulnerability in RedHat Ceph Storage 2.5 Advisory-SVG-CVE-2018-14649 Alert Critical Fixed
2018-09-27 update 2018-10-03, 2018-10-11 Integer overflow vulnerability in the Linux kernel's create_elf_tables() function. Advisory-SVG-CVE-2018-14634 Critical Fixed
2018-09-04 L1TF - Speculative Execution Side Channel vulnerabilities concerning Intel processors Advisory-SVG-CVE-2018-3620 High Fixed
2018-08-17 cobbler vulnerability: CobblerXMLRPCInterface exports all its methods over XMLRPC Advisory-SVG-CVE-2018-10931 Critical Fixed
2018-08-17 Oracle Database Vulnerability Advisory-SVG-CVE-2018-3110 Critical Fixed
2018-07-05, updated 2018-07-09, 2018-07-20 Singularity vulnerability allowing access to protected files Advisory-SVG-CVE-2018-12021 Critical Fixed
2018-03-28 update 2018-07-20 data-channel encryption is not enforced in gridftp Advisory-SVG-2018-14117 Alert
2018-05-24 Kernel Side-Channel Attack using Speculative Store Bypass vulnerability Advisory-SVG-CVE-2018-3639 High Fixed
2018-03-26 update 2018-05-24 glibc vulnerability Advisory-SVG-CVE-2018-1000001 Up to Critical Fixed
2018-04-30 update 2018-05-23 Local privilege escalation using singularity Advisory-SVG-2018-14311 Critical Fixed
2018-03-29 update 2018-05-23 Singularity can be tricked to create directories and files outside the container. Advisory-SVG-2018-14213 Critical Fixed
2018-05-16 Command injection via DHCP response Advisory-SVG-CVE-2018-1111 Critical Fixed
2018-05-16 multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) Advisory-SVG-CVE-2018-8897 Moderate Fixed
2018-04-14 update 2018-05-08 DPM SRM Buffer Overflow Advisory-SVG-2017-13915 Moderate Fixed
2018-04-13 MySQL Server compromise Advisory-SVG-CVE-2018-2562 Up to High
2018-03-22 update 2018-04-13 Vulnerability concerning SLURM Advisory-SVG-CVE-2018-7033 Up to Critical Fixed
2018-03-05 update 2018-03-19 Vulnerability in Singularity 2.3.2 allowing escape from the container Advisory-SVG-2018-14145 High Fixed
2018-03-05 update 2018-03-19 Image mounting via Singularity Advisory-SVG-2018-13999 Alert
2018-02-23 update 2018-03-19, 2018-05-16 linux kernel 'use-after-free' flaw in XFRM Advisory-SVG-CVE-2017-16939 Alert
2018-02-07 update 2018-03-05 VOMS Admin privilege escalation vulnerability Advisory-SVG-2017-13249 Moderate Fixed
2018-02-12 ROBOT attack - Various Vulnerabilities Advisory-SVG-2017-13925 (Information)
2018-01-23 CPU speculative execution vulnerabilities (Meltdown and Spectre) Advisory-SVG-CVE-2017-5753 Critical Ongoing