by EGI CSIRT | Aug 21, 2025 | Advisories, News
There are two vulnerabilities in libxml2 (CVE-2025-49794, CVE-2025-49796), wich is a dependency for a lot of software in different Linux distributions, including RHEL, Debian etc. Also software in EGI UMD is impacted, the following software has libxml2 as a direct...
by EGI CSIRT | Aug 20, 2025 | Advisories, News
There are two vulnerabilities, CVE-2025-23266 and CVE-2025-23267, in NVIDIA Container Toolkit. CVE-2025-23266 with CVSS score 9.0 is a critical vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated...
by EGI CSIRT | Aug 7, 2025 | Advisories, News
Two vulnerabilities have been found in sudo (CVE-2025-32462, CVE-2025-32463), which could allow privilege escalation. In certain configurations, unauthorised users can gain elevated system privileges via the Sudo host option (-h or –host). When using the default...
by EGI CSIRT | Jun 27, 2025 | News
From the 23rd to the 24th of June, we held an in-person meeting in Ljubljana. We have held debriefings for the incidents over the past four months and discussed future objectives for our activities, which range from training to security exercises, incident response,...
by EGI CSIRT | Jun 23, 2025 | Advisories, News
A critical risk vulnerability has been found in FTS3 Web Monitoring, concerning “blind” SQL injection via the /linkinfo endpoint, which allows database access to the attacker. This is fixed in version fts-monitoring-3.14.1-1 and backported via fts-monitoring-3.13.3-1....
by EGI CSIRT | Jun 4, 2025 | Advisories, News
RedHat has released Kernel updates to fix several kernel vulnerabilities, one of which (CVE-2025-21756), the EGI SVG considers ‘CRITICAL’ for the EGI infrastructure. A flaw was found in the Linux kernel’s virtual socket protocol network driver (vsock), where an...
Recent Comments