Use-after-free vulnerability in the tcindex in the Linux kernel
A Use After Free vulnerability (CVE-2023-1281 and CVE-2023-1829) in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Kernel upgrade is recommended. Since an attacker can elevate privileges to root, this vulnerability is considered as...
BMC vulnerabilities
Two vulnerabilities have been found that enable bypassing authentication or injecting malicious code via Redfish remote management interfaces. CVE-2023-34329 - Authentication Bypass via HTTP Header SpoofingCVE-2023-34330 - Code injection via Dynamic Redfish Extension...
Zenbleed speculative execution vulnerability
A speculative execution vulnerability has been discovered in AMD Zen 2 CPUs.This vulnerability has been dubbed "Zenbleed". A malicious actor could steal sensitive data, such as passwords and encryption keys,resident in the CPU cores. Sensitive data could be extracted...
Critical vulnerability for OpenStack with iSCSI or FC-based volumes
A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on...
High risk Use-after-free flaw in Linux kernel TLS protocol
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. The assigned CVE to this vulnerability is CVE-2023-0461. This flaw allows a local user to crash or...
13th Thematic CERN School of Computing on Security
Registration to the 13th Thematic CERN School of Computing on Security 2023 is now opened, where members of EGI CSIRT will be actively involved. It will take place in Split from 8th to 14th of October 2023. The theme of the school is "Security of research computing...
