by EGI CSIRT | Aug 26, 2024 | Advisories, News
OpenSSH has a high-risk vulnerability, allowing an Unauthenticated Remote Code Execution due to a race condition in signal handling. The vulnerability only affects RHEL9 and derivates. Check our SVG Advisory to learn more about this vulnerability.
by EGI CSIRT | Aug 26, 2024 | Advisories, News
A vulnerability CVE-2024-32498 has been found in QCOW2 image processing for Cinder, Glance and Nova. By supplying a specially created QCOW2 image which references a specific data file path, an authenticated user may convince systems to return a copy of that file...
by EGI CSIRT | Jul 30, 2024 | Advisories, News
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. For further details, please...
by EGI CSIRT | May 28, 2024 | Advisories, News
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when...
by EGI CSIRT | May 20, 2024 | Advisories, News
The Git project released new security bug-fix versions on May 14th, 2024: v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4: CVE-2024-32002: https://nvd.nist.gov/vuln/detail/CVE-2024-32002 CVE-2024-32004: https://nvd.nist.gov/vuln/detail/CVE-2024-32004...
by EGI CSIRT | Apr 25, 2024 | Advisories, News
There are a large number of CVE’s patched in this RHEL9 release, we have identified the 3 listed above as ‘HIGH’ risk according to our criteria (CVE-2023-6817, CVE-2024-0193, CVE-2024-0646). We have not investigated all the CVE’s in detail, and there is the...
Recent Comments