All advisories which are disclosed publicly by EGI Software Vulnerability Group (SVG) are placed on this site.
All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI SVG.
A guide to the risk categories is available at Notes On Risk.
SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities.
| Date | Title | Contents/Link | CVE(s) (if applicable) |
|---|---|---|---|
| 2024-12-12 Updated 2025-01-29 | HIGH risk PAM host name spoofing vulnerability [EGI-SVG-2024-28] | Advisory-EGI-SVG-2024-28 | CVE-2024-10963 |
| 2024-12-04 Updated 2025-01-29 | HIGH risk SinkClose flaw in AMD EPYC processors [EGI-SVG-2024-18] | Advisory-EGI-SVG-2024-18 | CVE-2023-31315 |
| 2024-04-17 Updated 2024-12-10, 2025-01-28 | HIGH risk Intel Native Branch History Vulnerability [EGI-SVG-2024-09] | Advisory-EGI-SVG-2024-09 | CVE-2024-2201 |
| 2024-11-19 Updated 2025-01-28 | CRITICAL risk Icinga 2 Security releases [EGI-SVG-2024-27] | Advisory-EGI-SVG-2024-27 | CVE-2024-49369 |
| 2023-07-04 Updated 2024-12-03 | MODERATE risk Indigo IAM XSS vulnerability [EGI-SVG-2023-20] | Advisory-EGI-SVG-2023-20 | N/A |
| 2024-10-02 Updated 24-11-07 | CRITICAL risk Nvidia container escape Vulnerability [EGI-SVG-2024-22] | Advisory-EGI-SVG-2024-22 | CVE-2024-0132 |
| 2024-10-29 | Multiple Intel Processor Vulnerabilities [EGI-SVG-2024-24] | Advisory-EGI-SVG-2024-24 | CVE-2023-42667 + more |
EGI SVG produces advisories according to the SEC02 EGI Software Vulnerability Issue Handling.
Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC services.
In the past (up to the end of 2015) CSIRT also issued general alerts at EGI CSIRT Alerts and EGI SVG advisories primarily concerned gLite Middleware.