-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bc1c413
commit 458bd33
Showing
1 changed file
with
38 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
title: Advisories-SVG-2023 | ||
permalink: /Advisories-SVG-2023 | ||
--- | ||
|
||
## Advisories for 2023 | ||
|
||
Recent [Advisories](../README.md). | ||
|
||
A guide to the risk categories is available at | ||
[Notes On Risk](https://confluence.egi.eu/display/EGIBG/Notes+on+Risk). | ||
Date | Title | Contents/Link | Risk | Status | | ||
| ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | -------- | ------ | | ||
| 2023-11-21 | Intel processor vulnerability [EGI-SVG-2023-58] | [Advisory-EGI-SVG-2023-58](./2023/Advisory-EGI-SVG-2023-58.md) | ALERT | Fixed | | ||
| 2023-10-16 Updated 2023-11-14 | HIGH risk Slurm race condition vulnerability [EGI-SVG-2023-57] | [Advisory-EGI-SVG-2023-57](./2023/Advisory-EGI-SVG-2023-57.md) | HIGH | Fixed | | ||
| 2023-10-06 Updated 2023-11-14 | HIGH Risk glibc vulnerability [EGI-SVG-2023-55] | [Advisory-EGI-SVG-2023-55](./2023/Advisory-EGI-SVG-2023-55.md) | HIGH | Fixed | | ||
| 2023-09-21 Updated 2023-11-14 | HIGH Risk INDIGO-IAM Vulnerability [EGI-SVG-2023-53] | [Advisory-EGI-SVG-2023-53](./2023/Advisory-EGI-SVG-2023-53.md) | HIGH | Fixed | | ||
| 2023-08-16 Updated 2023-10-19 | HIGH risk Intel Downfall Vulnerability [EGI-SVG-CVE-2022-40982] | [Advisory-SVG-CVE-2022-40982](./2023/Advisory-SVG-CVE-2022-40982.md) | HIGH | Fixed/Mitigated | | ||
| 2023-09-21 Updated 2023-10-19, 2023-10-24 | HIGH Risk Linux kernel vulnerabilities [EGI-SVG-2023-52] | [Advisory-EGI-SVG-2023-52](./2023/Advisory-EGI-SVG-2023-52.md) | HIGH | Fixed (Mostly) | | ||
| 2023-08-10 Updated 2023-09-15 | Up to CRITICAL Risk Linux kernel vulnerabilities [EGI-SVG-CVE-2023-1829] | [Advisory-SVG-CVE-2023-1829](./2023/Advisory-SVG-CVE-2023-1829.md) | Up to CRITICAL | Fixed (Partially) | | ||
| 2023-08-08 Updated 2023-09-15 | HIGH Risk mod_auth_openidc vulnerability [EGI-SVG-CVE-2023-37464] | [Advisory-SVG-CVE-2023-37464](./2023/Advisory-SVG-CVE-2023-37464.md) | HIGH | Fixed | | ||
| 2023-05-11 Updated 2023-06-12, 2023-06-22, 2023-09-15, 2023-10-19 | CRITICAL risk Netfilter nf_tables use-after-free flaw. [EGI-SVG-CVE-2023-32233] | [Advisory-SVG-CVE-2023-32233](./2023/Advisory-SVG-CVE-2023-32233.md) | CRITICAL | Fixed | | ||
| 2023-07-27 | ALERT Two BMC vulnerabilities [EGI-SVG-CVE-2023-34329] | [Advisory-SVG-CVE-2023-34329](./2023/Advisory-SVG-CVE-2023-34329.md) | ALERT | | | ||
| 2023-07-26 Updated 2023-08-15, 2023-09-21, 2023-09-22 | ALERT Zenbleed speculative execution vulnerability [EGI-SVG-CVE-2023-20593] | [Advisory-SVG-CVE-2023-20593](./2023/Advisory-SVG-CVE-2023-20593.md) | ALERT | Fixed | | ||
| 2023-07-04 | MODERATE risk Indigo IAM XSS vulnerability [EGI-SVG-2023-20] | [Advisory-EGI-SVG-2023-20](./2023/Advisory-EGI-SVG-2023-20.md) | MODERATE | Fixed | | ||
| 2023-05-26 Updated 2023-07-04 | CRITICAL risk OpenStack Vulnerability with iSCSI or FC based volumes. [EGI-SVG-CVE-2023-2088] | [Advisory-SVG-CVE-2023-2088](./2023/Advisory-SVG-CVE-2023-2088.md) | CRITICAL | Fixed | | ||
| 2023-05-17 Updated 2023-07-04 | HIGH risk Use-after-free flaw was found in the Linux kernel’s TLS protocol [EGI-SVG-CVE-2023-0461] | [Advisory-SVG-CVE-2023-0461](./2023/Advisory-SVG-CVE-2023-0461.md) | HIGH | Fixed | | ||
| 2023-04-27 Updated 2023-06-01, 2023-04-07 | HIGH risk Apptainer /Singularity setuid-root installations vulnerability [EGI-SVG-CVE-2023-30549] | [Advisory-SVG-CVE-2023-30549](./2023/Advisory-SVG-CVE-2023-30549.md) | HIGH | Fixed | | ||
| 2023-04-06 Updated 2023-06-08 | HIGH Apache HTTP request splitting vulnerability [EGI-SVG-CVE-2023-25690] | [Advisory-SVG-CVE-2023-25690](./2023/Advisory-SVG-CVE-2023-25690.md) | HIGH | Fixed | | ||
| 2023-04-21 Updated 2023-06-07 | CRITICAL Linux kernel OverlayFS subsystem vulnerability [EGI-SVG-CVE-2023-0386] | [Advisory-SVG-CVE-2023-0386](./2023/Advisory-SVG-CVE-2023-0386.md) | CRITICAL | Fixed | | ||
| 2023-04-21 Updated 2023-04-25 | ALERT Multiple NVIDIA GPU vulnerabilities [EGI-SVG-CVE-2023-0189] | [Advisory-SVG-CVE-2023-0189](./2023/Advisory-SVG-CVE-2023-0189.md) | ALERT | Fixed | | ||
| 2023-03-13 Updated 2023-04-21 | CRITICAL risk - RHEL 9 - Buffer overflow vulnerability in Linux Kernel Netfilter. [EGI-SVG-CVE-2023-0179] | [Advisory-SVG-CVE-2023-0179](./2023/Advisory-SVG-CVE-2023-0179.md) | CRITICAL | Fixed | | ||
| 2023-03-09 Updated 2023-04-21 | HIGH risk - Stack overflow flaw in the Linux kernel's SYSCTL subsystem [EGI-SVG-CVE-2022-4378] | [Advisory-SVG-CVE-2022-4378](./2023/Advisory-SVG-CVE-2022-4378.md) | HIGH | Fixed | | ||
| 2023-02-24 Updated 2023-04-21 | HIGH risk Use-after-free flaw affecting RHEL8. [EGI-SVG-CVE-2022-41222] | [Advisory-SVG-CVE-2022-41222](./2023/Advisory-SVG-CVE-2022-41222.md) | HIGH | Fixed | | ||
| 2023-02-13 Updated 2023-02-14, 2023-04-21 | HIGH risk OpenSSL vulnerabilities announced [EGI-SVG-CVE-2023-0286] | [Advisory-SVG-CVE-2023-0286](./2023/Advisory-SVG-CVE-2023-0286.md) | HIGH | Fixed | | ||
| 2023-01-26 Updated 2023-04-11 | HIGH risk kernel vulnerabilities for RHEL 8 with GPU, RHEL 9 | [Advisory-SVG-CVE-2022-2959](./2023/Advisory-SVG-CVE-2022-2959.md) | HIGH | Fixed | | ||
| 2023-01-26 Updated 2023-04-11 | ALERT - VMware vRealize Log Insight vulnerability | [Advisory-SVG-CVE-2022-31706](./2023/Advisory-SVG-CVE-2022-31706.md) | ALERT | Fixed | | ||
| 2023-01-23 Updated 2023-04-11 | CRITICAL risk Arbitrary file access through custom S3 XML entities in Swift's XML parser | [Advisory-SVG-CVE-2022-47950](./2023/Advisory-SVG-CVE-2022-47950.md) | CRITICAL | Fixed | |