Critical vulnerability (CVE-2023-32233) in Netfilter nf_tables
A use-after-free flaw was found in the Netfilter nf_tables (net/netfilter/nf_tables_api.c) in the Linux kernel, assigned CVE is CVE-2023-32233.In order to exploit this flaw, the attacker must have CAP_NET_ADMIN privileges and be able to manipulate netfilter entries....
Thematic CERN school of computing on Security 2023
EGI CSIRT has taken part at the Thematic CERN school of computing on Security, which took place from 8th to 14th of October in Split. The school is proposed to people working in academia and research institutes, who need to tackle security in their work and provide...
Recommendations to enhance security
Based on recent incidents in the EGI environment, we would like to point out some of the guidelines and best practices to enhance the security resilience of the resource providers. Prevention Central logging: Ensure that logs are collected centrally by a remote...
Multiple Supermicro BMC IPMI vulnerabilities
Multiplehigh risk vulnerabilities were found in Supermicro BMC IPMI firmware that could allow XSS attack or command injection attack. For the details, please see the official Supermicro Advisory
Vulnerability in OpenIDC/cjose (CVE-2023-37464)
A high risk vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE) on which mod_auth_openidc depends. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag...
Intel Downfall Vulnerability
A potential security vulnerability CVE-2022-40982 in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability. For details see SVG Advisory...
