EGI SVG Advisories

Advisories for 2016

Earlier Advisories: Advisories from 2014 and 2015

Earlier Advisories: Advisories from 2011 to 2013

Date	Title	Contents/Link	Risk	Status
2016-12-20	Linux kernel’s IPv6 implementation - mishandled socket options	Advisory-SVG-CVE-2016-3841	High	Fixed
2016-11-10 updated 2016-12-14, 2017-01-13	Linux kernel vulnerability	Advisory-SVG-CVE-2016-7117	High	Heads up
2016-12-06	HIGH risk vulnerabilities concerning Xen	Advisory-SVG-CVE-2016-9379	High	Fixed
2016-11-24	VOMS server certificate chain/user validation	Advisory-SVG-2016-11495	Moderate	Fixed
2016-10-21	XSS in DIRAC Webapp and Web portal	Advisory-SVG-2016-11107	Moderate	Fixed
2016-10-20 updated 2016-10-26	Linux kernel privilege escalation	Advisory-SVG-CVE-2016-5195	Critical	Fixed
2016-10-10	gridsite / canl-c impersonation vulnerability	Advisory-SVG-2016-11476	Critical	Fixed
2016-08-25	KeyStone VOMS does not check CRLs	Advisory-SVG-2016-10558	Moderate	Fixed
2016-07-18	DIRAC configuration - database passwords visible on dirac interface	Advisory-SVG-2016-11255	Up to High	Fixed
2016-07-15	Two Perfsonar Vulnerabilities announced by the Perfsonar team	Advisory-SVG-2016-11363	Moderate	Fixed
2016-07-12	dCache READONLY and non-/ user root not enforced	Advisory-SVG-2016-11288	Moderate	Fixed
2016-06-20	STORM WebDAV interface XXE vulnerability	Advisory-SVG-2015-10134	Low	Fixed
2016-06-20	dCache WebDAV interface XXE vulnerability	Advisory-SVG-2015-10121	Low	Fixed
2016-06-13	iperf3 used in perfSONAR CVE-2016-4303	Advisory-SVG-CVE-2016-4303	Critical	Fixed
2016-06-08	Vulnerability in IBM’s GPFS CVE-2016-0392	Advisory-SVG-CVE-2016-0392	Critical	Fixed
2016-06-08	Arbitrary file overwrite vulnerability in WebAppDIRAC	Advisory-SVG-2016-11033	High	Fixed
2016-06-08	dCache configuration issue	Advisory-SVG-2016-10837	High	(Config)
2016-06-08	LHCb Setup scripts	Advisory-SVG-2015-9809	Low	Fixed
2016-06-07	Authorization by user_id to manage VMs does not work in V2.1 Nova API for OpenStack	Advisory-SVG-2016-11190	High
2016-05-25	Dirac Pilot factory payload verification	Advisory-SVG-2014-7440	Low	Migrating from
2016-05-25	PANDA Pilot factory payload verification	Advisory-SVG-2014-7430	Low	Migrating from
2016-04-28	OpenStack VM management permissions	Advisory-SVG-2016-10636	Moderate	(Config)
2016-03-11	NSS heap buffer overflow vulnerability	Advisory-SVG-CVE-2016-1950	Critical	Fixed
2016-02-17	glibc remote code execution vulnerability - CVE-2015-7547	Advisory-SVG-CVE-2015-7547	Critical	Fixed
2016-02-03	Linux Kernel Vulnerability - CVE-2016-0728	Advisory-SVG-2016-10376	High	Fixed
2016-01-05	Linux Kernel Vulnerabilities	Advisory-SVG-2015-CVE-2015-7613	Moderate/High	Fixed

This site is open source. Improve this page.