by EGI CSIRT | Jul 26, 2023 | Advisories, News
A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on...
by EGI CSIRT | Jul 10, 2023 | Advisories, News
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. The assigned CVE to this vulnerability is CVE-2023-0461. This flaw allows a local user to crash or...
by EGI CSIRT | Jun 12, 2023 | Advisories, News
A security vulnerability in the Apache web server was recently announced involving HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690).The bug is only present when certain configurations. For more information, please see...
by EGI CSIRT | Apr 21, 2023 | Advisories, News
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. For RHEL and...
by EGI CSIRT | Apr 21, 2023 | Advisories, News
A race condition was found in the Linux kernel’s mm/mremap memory address space accounting implementation, leading to a use-after-free vulnerability. This flaw allows a local user to cause a system crash or potentially escalate their privileges on the system. On RHEL...
by EGI CSIRT | Apr 11, 2023 | Advisories, News
Kernel updates have been released which fix among others 2 High risk kernel vulnerabilities. Of these 2, one only affects RHEL 9 and its derivatives, while the other affects both RHEL 8 and RHEL9 and their derivatives if a GPU is present. Sites running RHEL 7 and...
Recent Comments