by EGI CSIRT | Aug 3, 2023 | Advisories, News
Two vulnerabilities have been found that enable bypassing authentication or injecting malicious code via Redfish remote management interfaces. CVE-2023-34329 – Authentication Bypass via HTTP Header SpoofingCVE-2023-34330 – Code injection via Dynamic...
by EGI CSIRT | Jul 26, 2023 | Advisories, News
A speculative execution vulnerability has been discovered in AMD Zen 2 CPUs.This vulnerability has been dubbed “Zenbleed”. A malicious actor could steal sensitive data, such as passwords and encryption keys,resident in the CPU cores. Sensitive data could...
by EGI CSIRT | Jul 26, 2023 | Advisories, News
A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on...
by EGI CSIRT | Jul 10, 2023 | Advisories, News
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. The assigned CVE to this vulnerability is CVE-2023-0461. This flaw allows a local user to crash or...
by EGI CSIRT | Jun 12, 2023 | Advisories, News
A security vulnerability in the Apache web server was recently announced involving HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690).The bug is only present when certain configurations. For more information, please see...
by EGI CSIRT | Apr 21, 2023 | Advisories, News
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. For RHEL and...
Recent Comments