All advisories which are disclosed publicly by EGI Software Vulnerability Group (SVG) are placed on this site.
All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI SVG.
A guide to the risk categories is available at Notes On Risk.
SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities.
| Date | Title | Contents/Link | CVE(s) (if applicable) |
|---|---|---|---|
| 2024-10-02 Updated 24-11-07 | CRITICAL risk Nvidia container escape Vulnerability [EGI-SVG-2024-22] | Advisory-EGI-SVG-2024-22 | CVE-2024-0132 |
| 2024-10-29 | Multiple Intel Processor Vulnerabilities [EGI-SVG-2024-24] | Advisory-EGI-SVG-2024-24 | CVE-2023-42667 + more |
| 2024-08-20 Updated 2024-10-09, 2024-10-24 | CRITICAL risk SAML Authentication bypass flaw [EGI-SVG-2024-21 | Advisory-EGI-SVG-2024-21 | CVE-2024-45409 |
| 2024-08-20 Updated 2024-10-09 | HIGH risk Flaw in Linux kernel’s network route management [EGI-SVG-2024-19] | Advisory-EGI-SVG-2024-19 | CVE-2024-36971 |
| 2024-10-04 Updated 2024-10-08 | HIGH risk - CUPS vulnerabilities [EGI-SVG-2024-23] | Advisory-EGI-SVG-2024-23 | CVE-2024-47176 + more |
| 2024-07-31 Updated 2024-08-02, 2024-09-12 | HIGH risk - voms-proxy-init susceptible to proxy theft [EGI-SVG-2024-15] | Advisory-EGI-SVG-2024-15 | N/A |
| 2024-09-11 | SLUBStick Attack Scenario [EGI-SVG-2024-20] | Advisory-EGI-SVG-2024-20 | N/A |
| 2024-07-29 Updated 2024-09-11 | CRITICAL risk Docker Vulnerability [EGI-SVG-2024-17] | Advisory-EGI-SVG-2024-17 | CVE-2024-41110 |
| 2024-07-23 Updated 2024-08-22 | HIGH risk vulnerability in libndp [EGI-SVG-2024-16] | Advisory-EGI-SVG-2024-16 | CVE-2024-5564 |
| 2024-07-11 Updated 2024-08-22 | HIGH risk ANOTHER OpenSSH vulnerability [EGI-SVG-2024-14] | Advisory-EGI-SVG-2024-14 | CVE-2024-6409 |
| 2024-07-11 Updated 2024-08-22 | HIGH risk OpenSSH vulnerability [EGI-SVG-2024-13] | Advisory-EGI-SVG-2024-13 | CVE-2024-6387 |
| 2024-07-09 Updated 2024-08-22 | HIGH risk OpenStack arbitrary file access vulnerability [EGI-SVG-2024-12] | Advisory-EGI-SVG-2024-12 | CVE-2024-32498 |
| 2024-06-03 Updated 2024-07-25 | ALERT Apptainer github/containers/image Vulnerability [EGI-SVG-2024-11] | Advisory-EGI-SVG-2024-11 | CVE-2024-3727 |
| 2024-05-03 Updated 2024-06-05 | HIGH risk glibc vulnerability [EGI-SVG-2024-10] | Advisory-EGI-SVG-2024-10 | CVE-2024-2961 |
| 2024-04-10 Updated 2024-05-24 | CRITICAL risk Netfilter vulnerability [EGI-SVG-2024-08] | Advisory-EGI-SVG-2024-08 | CVE-2024-1086 |
| 2024-03-06 Updated 2024-04-19 | HIGH risk Linux Kernel vulnerabilities (RHEL9) [EGI-SVG-2024-06] | Advisory-EGI-SVG-2024-06 | CVE-2023-6817 + more |
| 2024-03-06 Updated 2024-04-10 | HIGH risk Linux Kernel vulnerabilities [EGI-SVG-2024-05] | Advisory-EGI-SVG-2024-05 | CVE-2023-4623 + more |
| 2024-03-05 Updated 2024-04-10 | HIGH risk vulnerability in Lustre [EGI-SVG-2024-04] | Advisory-EGI-SVG-2024-04 | CVE-2023-51786 |
| 2024-04-03 Updated 2024-04-10 | CRITICAL risk vulnerability in xz data compression tools [EGI-SVG-2024-07] | Advisory-EGI-SVG-2024-07 | CVE-2024-3094 |
| 2024-02-12 Updated 2024-03-15 | HIGH risk vulnerability in runc affecting containers [EGI-SVG-2024-03] | Advisory-EGI-SVG-2024-03 | CVE-2024-21626 |
| 2024-01-30 Updated 2024-03-15 | HIGH risk array indexing vulnerability in netfilter [EGI-SVG-2023-54] | Advisory-EGI-SVG-2023-54 | CVE-2023-42753 |
| 2024-01-18 Updated 2024-02-20 | HIGH risk Linux privilege escalation Vulnerabilities [EGI-SVG-2024-01] | Advisory-EGI-SVG-2024-01 | CVE-2023-4206 + 2 more |
| 2023-12-14 Updated 2024-02-20 | CRITICAL risk Multiple SLURM Vulnerabilities [EGI-SVG-2023-59] | Advisory-EGI-SVG-2023-59 | CVE-2023-49934 + 5 more |
| 2023-09-25 Updated 2024-02-20 | CRITICAL risk PMIX race condition vulnerability [EGI-SVG-2023-51] | Advisory-EGI-SVG-2023-51 | CVE-2023-41915 |
| 2023-08-23 Updated 2024-02-19 | HIGH risk AMD CPU Processor Vulnerability [EGI-SVG-CVE-2023-20569] | Advisory-SVG-CVE-2023-20569 | CVE-2023-20569 |
| 2023-08-16 Updated 2023-10-19, 2024-02-19 | HIGH risk Intel Downfall Vulnerability [EGI-SVG-CVE-2022-40982] | Advisory-SVG-CVE-2022-40982 | CVE-2022-40982 |
| 2023-07-26 Updated 2023-08-15, 2023-09-21, 2023-09-22, 2024-02-16 | ALERT Zenbleed speculative execution vulnerability [EGI-SVG-CVE-2023-20593] | Advisory-SVG-CVE-2023-20593 | CVE-2023-20593 |
| 2023-11-21 Updated 2024-10-29 | Intel processor vulnerability [EGI-SVG-2023-58] | Advisory-EGI-SVG-2023-58 | CVE-2023-23583 |
| 2023-10-16 Updated 2023-11-14 | HIGH risk Slurm race condition vulnerability [EGI-SVG-2023-57] | Advisory-EGI-SVG-2023-57 | CVE-2023-41914 |
| 2023-10-06 Updated 2023-11-14 | HIGH Risk glibc vulnerability [EGI-SVG-2023-55] | Advisory-EGI-SVG-2023-55 | CVE-2023-4911 |
| 2023-09-21 Updated 2023-11-14 | HIGH Risk INDIGO-IAM Vulnerability [EGI-SVG-2023-53] | Advisory-EGI-SVG-2023-53 | N/A |
| 2023-09-21 Updated 2023-10-19, 2023-10-24 | HIGH Risk Linux kernel vulnerabilities [EGI-SVG-2023-52] | Advisory-EGI-SVG-2023-52 | CVE-2023-3610 +9 more |
EGI SVG produces advisories according to the SEC02 EGI Software Vulnerability Issue Handling.
Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC services.
In the past (up to the end of 2015) CSIRT also issued general alerts at EGI CSIRT Alerts and EGI SVG advisories primarily concerned gLite Middleware.