by EGI CSIRT | Oct 19, 2023 | Advisories, News
Multiple high kernel vulnerabilities were fixed in the RHEL7, RHEL8 and RHEL9. CVEs affecting RHEL9 only: CVE ID/CVSS Score : CVE-2023-3610/7.8CVE ID/CVSS Score : CVE-2023-4147/7.8 CVE ID/CVSS Score : CVE-2023-31248/7.8 CVEs affecting RHEL9 and RHEL8: CVE ID/CVSS...
by EGI CSIRT | Oct 19, 2023 | Advisories, News
A use-after-free flaw was found in the Netfilter nf_tables (net/netfilter/nf_tables_api.c) in the Linux kernel, assigned CVE is CVE-2023-32233.In order to exploit this flaw, the attacker must have CAP_NET_ADMIN privileges and be able to manipulate netfilter entries....
by EGI CSIRT | Oct 11, 2023 | Advisories, News
Multiplehigh risk vulnerabilities were found in Supermicro BMC IPMI firmware that could allow XSS attack or command injection attack. For the details, please see the official Supermicro Advisory
by EGI CSIRT | Sep 19, 2023 | Advisories, News
A high risk vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE) on which mod_auth_openidc depends. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag...
by EGI CSIRT | Sep 18, 2023 | Advisories, News
A potential security vulnerability CVE-2022-40982 in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability. For details see SVG Advisory...
by EGI CSIRT | Sep 5, 2023 | Advisories, News
A Use After Free vulnerability (CVE-2023-1281 and CVE-2023-1829) in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Kernel upgrade is recommended. Since an attacker can elevate privileges to root, this vulnerability is considered as...
Recent Comments