by EGI CSIRT | Oct 19, 2023 | Advisories, News
Multiple high kernel vulnerabilities were fixed in the RHEL7, RHEL8 and RHEL9. CVEs affecting RHEL9 only: CVE ID/CVSS Score : CVE-2023-3610/7.8CVE ID/CVSS Score : CVE-2023-4147/7.8 CVE ID/CVSS Score : CVE-2023-31248/7.8 CVEs affecting RHEL9 and RHEL8: CVE ID/CVSS...
by EGI CSIRT | Oct 19, 2023 | Advisories, News
A use-after-free flaw was found in the Netfilter nf_tables (net/netfilter/nf_tables_api.c) in the Linux kernel, assigned CVE is CVE-2023-32233.In order to exploit this flaw, the attacker must have CAP_NET_ADMIN privileges and be able to manipulate netfilter entries....
by EGI CSIRT | Oct 16, 2023 | News, Trainings
EGI CSIRT has taken part at the Thematic CERN school of computing on Security, which took place from 8th to 14th of October in Split. The school is proposed to people working in academia and research institutes, who need to tackle security in their work and provide...
by EGI CSIRT | Oct 13, 2023 | Knowledgebase, News, Recommendations
Based on recent incidents in the EGI environment, we would like to point out some of the guidelines and best practices to enhance the security resilience of the resource providers. Prevention Central logging: Ensure that logs are collected centrally by a remote...
by EGI CSIRT | Oct 11, 2023 | Advisories, News
Multiplehigh risk vulnerabilities were found in Supermicro BMC IPMI firmware that could allow XSS attack or command injection attack. For the details, please see the official Supermicro Advisory
by EGI CSIRT | Sep 19, 2023 | Advisories, News
A high risk vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE) on which mod_auth_openidc depends. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag...
Recent Comments