by EGI CSIRT | Sep 5, 2023 | Advisories, News
A Use After Free vulnerability (CVE-2023-1281 and CVE-2023-1829) in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Kernel upgrade is recommended. Since an attacker can elevate privileges to root, this vulnerability is considered as...
by EGI CSIRT | Aug 3, 2023 | Advisories, News
Two vulnerabilities have been found that enable bypassing authentication or injecting malicious code via Redfish remote management interfaces. CVE-2023-34329 – Authentication Bypass via HTTP Header SpoofingCVE-2023-34330 – Code injection via Dynamic...
by EGI CSIRT | Jul 26, 2023 | Advisories, News
A speculative execution vulnerability has been discovered in AMD Zen 2 CPUs.This vulnerability has been dubbed “Zenbleed”. A malicious actor could steal sensitive data, such as passwords and encryption keys,resident in the CPU cores. Sensitive data could...
by EGI CSIRT | Jul 26, 2023 | Advisories, News
A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on...
by EGI CSIRT | Jul 10, 2023 | Advisories, News
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. The assigned CVE to this vulnerability is CVE-2023-0461. This flaw allows a local user to crash or...
Recent Comments