EGI Conference 2024 in Lecce
The 2024 edition of the EGI Conference was held in Lecce from 30 September to 4 October. The program addressed several key issues, including data management, integrating diverse technologies, like high-throughput computing, cloud and high-performance computing...
SLUBStick attacks
SLUBStick is a kernel exploit technique that elevates a heap vulnerability to an arbitrary memory read/write primitive. It works in several steps: first, it exploits a timing side channel of the allocator to reliably perform a cross-cache attack on commonly used...
CVE-2024-41110 – Critical Docker Authorization vulnerability
A critical vulnerability CVE-2024-41110 has been found in Docker Authorization that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. See our SVG Advisory for further details.
HIGH risk vulnerability in libndp – CVE-2024-5564
There is a HIGH-risk vulnerability CVE-2024-5564 in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. Further information on this vulnerability can be found...
HIGH risk OpenSSH vulnerability – CVE-2024-6387
OpenSSH has a high-risk vulnerability, allowing an Unauthenticated Remote Code Execution due to a race condition in signal handling. The vulnerability only affects RHEL9 and derivates. Check our SVG Advisory to learn more about this vulnerability.
HIGH risk OpenStack arbitrary file access vulnerability
A vulnerability CVE-2024-32498 has been found in QCOW2 image processing for Cinder, Glance and Nova. By supplying a specially created QCOW2 image which references a specific data file path, an authenticated user may convince systems to return a copy of that file...
