Apache HTTP request splitting vulnerability
A security vulnerability in the Apache web server was recently announced involving HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690).The bug is only present when certain configurations. For more information, please see...
Security training at EGI Conference in Poznan
EGI CSIRT will organise a security training at the EGI Conference 2023 in Poznan, on the 23rd of June. The training will focus on three key areas: Threat intelligence and SOCSecurity in OIDC deploymentsSSC Forensics Walkthrough You are all welcome to join. We are...
High risk RHEL 9 buffer overflow vulnerability in Linux Kernel Netfilter
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. For RHEL and...
High risk use-after-free flaw affecting RHEL8
A race condition was found in the Linux kernel’s mm/mremap memory address space accounting implementation, leading to a use-after-free vulnerability. This flaw allows a local user to cause a system crash or potentially escalate their privileges on the system. On RHEL...
High risk vulnerabilities for RHEL 8 and RHEL 9 with GPU
Kernel updates have been released which fix among others 2 High risk kernel vulnerabilities. Of these 2, one only affects RHEL 9 and its derivatives, while the other affects both RHEL 8 and RHEL9 and their derivatives if a GPU is present. Sites running RHEL 7 and...
VMware vRealize Log Insight vulnerability
The vRealize Log Insight contains a Directory Traversal Vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8. An unauthenticated, malicious actor can inject files into the operating...
