by EGI CSIRT | Feb 26, 2022 | Advisories, News
Heap buffer overflow vulnerability has been found in Linux kernel RHEL 8 and derivatives, CVE-2022-0185, in the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel and the way it verifies the supplied parameters length which could...
by EGI CSIRT | Feb 21, 2022 | Advisories, News
A CRITICAL security flaw was detected in OSG XCache images published in DockerHub and OSG’s Harbor which could compromise the integrity and confidentiality of data on other containers for all varieties of XCache and XRootD standalone. Details are available in...
by EGI CSIRT | Dec 10, 2021 | Advisories, News
A critical zero-day vulnerability in log4j has been discovered (known by the number CVE-2021-44228) with CVSSv3 score 10 out of 10. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related...
by EGI CSIRT | Oct 12, 2021 | Advisories, News
High-risk vulnerability in Linux kernel’s Traffic Control networking system has been found that can lead to a use-after-free condition. You can mitigate this vulnerability by disabling unprivileged network namespaces. Details about this vulnerability can be...
by EGI CSIRT | Oct 6, 2021 | Advisories, News
A vulnerability has been reported which may allow unprivileged users to gain root access, via the crafting of a long path name in the file system. Qualys have announced that their exploit has been released, therefore EGI CSIRT considers this vulnerability as critical...
by EGI CSIRT | Oct 6, 2021 | Advisories, News
There has been a Linux kernel vulnerability reported, enabling an out-of bounds write in net/netfilter/x_tables.c and escalation of privileges, affecting RHEL 8 and derivates. An advisory has been made public and is available on the SVG advisory page.
Recent Comments