Recent Advisories
EGI SVG primarily issues advisories concerning gLite Middleware.
CSIRT also issues general alerts at EGI CSIRT Alert
A guide to the risk categories is available at Notes On Risk
| Date | Title | Contents/Link | Risk | Status |
|---|---|---|---|---|
| 2013-10-25 | Globus GSI-OpenSSH vulnerability | Advisory-SVG-2013-5168 | Moderate | Fixed |
| 2013-10-25 | BDII Password access vulnerability | Advisory-SVG-2013-5266 | Moderate | Fixed |
| 2013-09-26 | CVMFS root exploit | Advisory-SVG-2013-5890 | Critical | Fixed |
| 2013-09-17 | Incorrect permission for APEL parser and client config | Advisory-SVG-2013-5615 | Moderate | Fixed |
| 2013-09-17 | Potential for reduced availability of VOMS server | Advisory-SVG-2012-3306 | Low | Fixed |
| 2013-09-17 | SAML implementation vulnerability in Unicore | Advisory-SVG-2012-4228 | Low | Fixed |
| 2013-06-14 | CREAM BUpdater improperly validated input / arbitrary command execution | Advisory-SVG-2013-5268 | High | Fixed |
| 2013-04-29 | CREAM Axis2 configuration file permissions | Advisory-SVG-2013-5244 | High | Fixed |
| 2013-04-17 | VOMS Java APIs incorrect CRL checking | Advisory-SVG-2012-4598 | Moderate | Fixed |
| 2013-03-05 | DPM SQL injection vulnerability | Advisory-SVG-2011-2683 | High | Fixed |
| 2013-02-25 | L\&B servers not properly checked | Advisory-SVG-2011-3202 | Low | Fixed |
| 2013-02-19 | DPM buffer overflow in SRM v2.2 endpoint | Advisory-SVG-2012-4670 | Moderate | Fixed |
| 2012-12-20 | Gridftp CVE-201203292 | Advisory-SVG-2012-3765 | Low | Fixed |
| 2012-12-19 | DPM world writable files | Advisory-SVG-2012-4560 | Moderate | Fixed |
| 2012-11-21 | EMI-2 dcache-srmclient contains world writable files | Advisory-SVG-2012-4600 | High | Fixed |
| 2012-11-15 | gLExec - processes not properly cleaned up | Advisory-SVG-2011-1474 | Low | Fixed |
| 2012-11-15 | gLExec - prevention of job logging | Advisory-SVG-2011-1641 | Low | Fixed |
| 2012-08-29 | EMI-1 WMS exposes user proxies | Advisory-SVG-2012-4073 | Critical | Fixed |
| 2012-08-29 | WMS proxy theft vulnerability | Advisory-SVG-2012-4039 | High | Fixed |
| 2012-04-04 | EMI VOMS CRL handling vulnerability | Advisory-SVG-2012-3438 | Low | Fixed |
| 2012-04-04 | BDII Predictable passwords | Advisory-SVG-2011-3235 | Low | Fixed |
| 2012-01-24 | Torque Munge Impersonation vulnerability | Advisory-SVG-2011-3094 | High | Fixed |
| 2012-01-24 | APEL publisher File permission vulnerability | Advisory-SVG-2011-504 | Low | Fixed |
| 2012-01-09 | File Permission on directory in vdt_globus_data_server RPM | Advisory-SVG-2010-457 | Low | Disclosed |
| 2011-11-15 | BDII file permission and password vulnerability | Advisory-SVG-2011-1414 | Moderate | Fixed |
| 2011-08-15 | Torque Authentication Bypass Vulnerability CVE-2011-2907 | Advisory-SVG-2011-2296 | High | Fixed |
| 2011-07-28 | Insecure Library Loading Vulnerability in the VOMS server | Advisory-SVG-2011-342 | Low | Fixed |
| 2011-07-28 | VOMS server /tmp file vulnerability | Advisory-SVG-2011-1866 | Low | Fixed |
| 2011-06-24 | Torque Server Buffer Overflow Vulnerability - CVE-2011-2193. | Advisory-SVG-2011-1870 | Moderate | Fixed |
| 2011-04-19 | Critical Vulnerability detected in dCache Admin Web Interface | Advisory-SVG-2011-1569 | Critical | Fixed |
| 2011-04-19 | VOMS Admin vulnerabilities found by carrying out detailed vulnerability assessment of the package | Advisory-SVG-2011-505 | High | Fixed |
| 2011-04-04 | WMS vulnerability allowing proxy access | Advisory-SVG-2011-1502 | High | Fixed |
| 2011-03-11 | SQL injection vulnerability in the APEL software | Advisory-SVG-2011-373 | Moderate | Fixed |