by EGI CSIRT | Apr 21, 2023 | Advisories, News
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. For RHEL and...
by EGI CSIRT | Apr 21, 2023 | Advisories, News
A race condition was found in the Linux kernel’s mm/mremap memory address space accounting implementation, leading to a use-after-free vulnerability. This flaw allows a local user to cause a system crash or potentially escalate their privileges on the system. On RHEL...
by EGI CSIRT | Apr 11, 2023 | Advisories, News
Kernel updates have been released which fix among others 2 High risk kernel vulnerabilities. Of these 2, one only affects RHEL 9 and its derivatives, while the other affects both RHEL 8 and RHEL9 and their derivatives if a GPU is present. Sites running RHEL 7 and...
by EGI CSIRT | Apr 11, 2023 | Advisories, News
The vRealize Log Insight contains a Directory Traversal Vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8. An unauthenticated, malicious actor can inject files into the operating...
by EGI CSIRT | Apr 11, 2023 | Advisories, News
A flaw was found in Swift’s S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. See...
by EGI CSIRT | Apr 3, 2023 | News
EGI CSIRT ran a successful full-day security workshop at the ISGC conference that took place from 19th to 24fh of March 2023 in Taipei. The focus was on Threat intelligence and security operations, Risk Management and Security Challenge that was prepared by the EGI...
Recent Comments