by EGI CSIRT | Dec 10, 2021 | Advisories, News
A critical zero-day vulnerability in log4j has been discovered (known by the number CVE-2021-44228) with CVSSv3 score 10 out of 10. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related...
by EGI CSIRT | Nov 22, 2021 | News
EGI CSIRT site security contacts challenge was run on the 16th of November 2021. During the campaign, the EGI CSIRT sent an email with a unique reaction link to all site security contacts. The purpose of this type of challenge is to check the sites’ ability to respond...
by EGI CSIRT | Nov 21, 2021 | News
GÉANT module, entitled IT Forensics for System Administrators encompasses 8 webinars on different aspects of IT forensics. The webinars start in November and end in January 2022. Some of the lectures will be presented by our EGI CSIRT member, Toby Tussa, an expert in...
by EGI CSIRT | Oct 12, 2021 | Advisories, News
High-risk vulnerability in Linux kernel’s Traffic Control networking system has been found that can lead to a use-after-free condition. You can mitigate this vulnerability by disabling unprivileged network namespaces. Details about this vulnerability can be...
by EGI CSIRT | Oct 6, 2021 | Advisories, News
A vulnerability has been reported which may allow unprivileged users to gain root access, via the crafting of a long path name in the file system. Qualys have announced that their exploit has been released, therefore EGI CSIRT considers this vulnerability as critical...
by EGI CSIRT | Oct 6, 2021 | Advisories, News
There has been a Linux kernel vulnerability reported, enabling an out-of bounds write in net/netfilter/x_tables.c and escalation of privileges, affecting RHEL 8 and derivates. An advisory has been made public and is available on the SVG advisory page.
Recent Comments