GitHub - EGI-Federation/SVG-advisories: Archived EGI SVG Advisories

EGI SVG advisories

All advisories which are disclosed publicly by EGI Software Vulnerability Group (SVG) are placed on this site.

All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI SVG.

A guide to the risk categories is available at Notes On Risk.

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities.

Current advisories

Date	Title	Contents/Link	CVE(s) (if applicable)
2024-12-12 Updated 2025-01-29	HIGH risk PAM host name spoofing vulnerability [EGI-SVG-2024-28]	Advisory-EGI-SVG-2024-28	CVE-2024-10963
2024-12-04 Updated 2025-01-29	HIGH risk SinkClose flaw in AMD EPYC processors [EGI-SVG-2024-18]	Advisory-EGI-SVG-2024-18	CVE-2023-31315
2024-04-17 Updated 2024-12-10, 2025-01-28	HIGH risk Intel Native Branch History Vulnerability [EGI-SVG-2024-09]	Advisory-EGI-SVG-2024-09	CVE-2024-2201
2024-11-19 Updated 2025-01-28	CRITICAL risk Icinga 2 Security releases [EGI-SVG-2024-27]	Advisory-EGI-SVG-2024-27	CVE-2024-49369
2023-07-04 Updated 2024-12-03	MODERATE risk Indigo IAM XSS vulnerability [EGI-SVG-2023-20]	Advisory-EGI-SVG-2023-20	N/A
2024-10-02 Updated 24-11-07	CRITICAL risk Nvidia container escape Vulnerability [EGI-SVG-2024-22]	Advisory-EGI-SVG-2024-22	CVE-2024-0132
2024-10-29	Multiple Intel Processor Vulnerabilities [EGI-SVG-2024-24]	Advisory-EGI-SVG-2024-24	CVE-2023-42667 + more

EGI SVG produces advisories according to the SEC02 EGI Software Vulnerability Issue Handling.

Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC services.

Earlier advisories

Advisories from 2024
Advisories from 2023
Advisories from 2022
Advisories from 2021
Advisories from 2020
Advisories from 2019
Advisories from 2018
Advisories from 2017
Advisories from 2016
Advisories from 2014 and 2015
Advisories from 2011 to 2013
Advisories from prior to 2011 Gridpp Advisories Archive

In the past (up to the end of 2015) CSIRT also issued general alerts at EGI CSIRT Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Publishing an advisory

See Publishing an Advisory

Name		Name	Last commit message	Last commit date
Latest commit History 729 Commits
.github		.github
2006		2006
2007		2007
2008		2008
2009		2009
2010		2010
2011-2013		2011-2013
2014-2015		2014-2015
2016		2016
2017		2017
2018		2018
2019		2019
2020		2020
2021		2021
2022		2022
2023		2023
2024		2024
Advisory-SVG-2022-test-alias.md		Advisory-SVG-2022-test-alias.md
Advisory-SVG-CVE-Template-LAC.md		Advisory-SVG-CVE-Template-LAC.md
Advisory-SVG-YYYY-XX-Template.md		Advisory-SVG-YYYY-XX-Template.md
CNAME		CNAME
CSIRT_Alerts.md		CSIRT_Alerts.md
Header-new-template-lac.md		Header-new-template-lac.md
LICENSE		LICENSE
Publishing_an_advisory.md		Publishing_an_advisory.md
README.md		README.md
_config.yml		_config.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

EGI SVG advisories

Current advisories

Earlier advisories

Publishing an advisory

About

Contributors 2

License

EGI-Federation/SVG-advisories

Folders and files

Latest commit

History

Repository files navigation

EGI SVG advisories

Current advisories

Earlier advisories

Publishing an advisory

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Contributors 2