by EGI CSIRT | Oct 11, 2023 | Advisories, News
Multiplehigh risk vulnerabilities were found in Supermicro BMC IPMI firmware that could allow XSS attack or command injection attack. For the details, please see the official Supermicro Advisory
by EGI CSIRT | Sep 19, 2023 | Advisories, News
A high risk vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE) on which mod_auth_openidc depends. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag...
by EGI CSIRT | Sep 18, 2023 | Advisories, News
A potential security vulnerability CVE-2022-40982 in some IntelĀ® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability. For details see SVG Advisory...
by EGI CSIRT | Sep 5, 2023 | Advisories, News
A Use After Free vulnerability (CVE-2023-1281 and CVE-2023-1829) in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Kernel upgrade is recommended. Since an attacker can elevate privileges to root, this vulnerability is considered as...
by EGI CSIRT | Aug 3, 2023 | Advisories, News
Two vulnerabilities have been found that enable bypassing authentication or injecting malicious code via Redfish remote management interfaces. CVE-2023-34329 – Authentication Bypass via HTTP Header SpoofingCVE-2023-34330 – Code injection via Dynamic...
by EGI CSIRT | Jul 26, 2023 | Advisories, News
A speculative execution vulnerability has been discovered in AMD Zen 2 CPUs.This vulnerability has been dubbed “Zenbleed”. A malicious actor could steal sensitive data, such as passwords and encryption keys,resident in the CPU cores. Sensitive data could...
Recent Comments