by EGI CSIRT | May 9, 2025 | Advisories, News
New Slurm releases 24.11.5, 24.05.8, and 23.11.11 include a fix for a security vulnerability CVE-2025-43904, where an improper permission handling for Coordinators in Slurm’s accounting system could allow a Coordinator to grant administrative privileges to a...
by EGI CSIRT | Oct 14, 2024 | Advisories, News
A critical risk vulnerability has been found in the omniauth_saml plugin (via the ruby-saml library), which is used by e.g. GitLab, allowing potential Authentication bypass. Update your GitLab instances urgently. Details are available in the SVG Advisory.
by EGI CSIRT | Oct 14, 2024 | Advisories, News
HIGH risk use-after-free vulnerability CVE-2024-36971 has been found in the Linux kernel’s network route management. This flaw allows an attacker to alter the behaviour of certain network connections. Sites are recommended to update the relevant software immediately....
by EGI CSIRT | Oct 14, 2024 | Advisories, News
Multiple vulnerabilities have been found in CUPS, CVE-2024-47176, CVE-2024-47076, CVE-2024-47175. These are HIGH risk vulnerabilities which may lead to remote code execution. CUPS is used for printing management, but in case any sites have this software installed,...
by EGI CSIRT | Oct 11, 2024 | Advisories, News
HIGH risk vulnerability has been found concerning the Java version of voms-proxy-init. During the proxy generation process it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that...
by EGI CSIRT | Sep 11, 2024 | Advisories, News
A critical vulnerability CVE-2024-41110 has been found in Docker Authorization that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. See our SVG Advisory for further details.
Recent Comments