by EGI CSIRT | Jun 8, 2021 | Advisories, News
A serious vulnerability has been found in Apache Struts on which VOMS-Admin is dependent. The exploit of this vulnerability could cause remote code execution. Apache Struts version 2.5.26 fixes this issue. Sites running VOMS-Admin should upgrade to voms-admin-server...
by EGI CSIRT | May 12, 2021 | Advisories, News
The Squid project has publicly announced new vulnerabilities, one of which is deemed HIGH risk, viz. CVE-2020-25097, because it may allow services to be exposed that are not directly accessible from the client host. The other ones only concern potential denial of...
by EGI CSIRT | Apr 9, 2021 | Advisories, News
We would like to point out two vulnerabilities found in the Linux Kernel, that are high risk for our infrastructure. CVE-2020-25211 A buffer overflow vulnerability has been announced by RedHat which may allow a local user to crash the system, compromise data...
by EGI CSIRT | Mar 22, 2021 | Advisories, News
2 vulnerabilities have been found concerning HTCondor, affecting a limited number of versions. One may allow any authenticated user to impersonate any other user on the Condor system, and potentially reconfigure the HTCondor daemons. The other may allow any...
by EGI CSIRT | Jan 27, 2021 | Advisories, News
The Qualys Research Team has discovered a vulnerability in sudo, CVE-2021-3156. Patches are already available in the vendor repositories. Any unprivileged user can gain root privileges. The vulnerability is present in all legacy versions from 1.8.2 to 1.8.31p2 and all...
by EGI CSIRT | Jan 20, 2021 | Advisories, News
In the end of November, a vulnerability has been discovered in dCache service, which may in some circumstances allow an unauthenticated person to change file ownership, view and delete arbitrary files. The vulnerability has been fixed in dCache versions 6.2.10,...
Recent Comments