High risk use-after-free flaw affecting RHEL8
A race condition was found in the Linux kernel’s mm/mremap memory address space accounting implementation, leading to a use-after-free vulnerability. This flaw allows a local user to cause a system crash or potentially escalate their privileges on the system. On RHEL...
High risk vulnerabilities for RHEL 8 and RHEL 9 with GPU
Kernel updates have been released which fix among others 2 High risk kernel vulnerabilities. Of these 2, one only affects RHEL 9 and its derivatives, while the other affects both RHEL 8 and RHEL9 and their derivatives if a GPU is present. Sites running RHEL 7 and...
VMware vRealize Log Insight vulnerability
The vRealize Log Insight contains a Directory Traversal Vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8. An unauthenticated, malicious actor can inject files into the operating...
Arbitrary file access through custom S3 XML entities in Swift’s XML parser
A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. See more...
Security workshop at ISGC in Taipei
EGI CSIRT ran a successful full-day security workshop at the ISGC conference that took place from 19th to 24fh of March 2023 in Taipei. The focus was on Threat intelligence and security operations, Risk Management and Security Challenge that was prepared by the EGI...
Multiple NVIDIA GPU vulnerabilities
NVIDIA has announced several vulnerabilities in the NVIDIA GPU display driver. Affected sites should upgrade as soon as possible. See more in the Advisory-SVG-CVE-2023-0189
