title	permalink
Advisories-SVG-2018	/Advisories-SVG-2018

Advisories for 2018

Recent Advisories

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

This may be useful to sites in conjunction with the advisoriesAdvisory-SVG-CVE-2017-5753, Advisory-SVG-CVE-2018-3639, and Advisory-SVG-CVE-2018-3620 below.

Date	Title	Contents/Link	Risk	Status
2018-12-13 updated 2019-01-03	Vulnerability in Singularity on CentOS/EL7	Advisory-SVG-CVE-2018-19295	Critical	Fixed
2018-12-19	VMware integer overflow vulnerability	Advisory-SVG-CVE-2018-6983	Alert	Fixed
2018-12-14	Remote authenticated DoS on CREAM-CE	Advisory-SVG-2017-12435	Low	Fixed
2018-12-06	Kubernetes privilege escalation vulnerability	Advisory-SVG-CVE-2018-1002105	Critical	Fixed
2018-10-24	VMware out of bounds read vulnerability	Advisory-SVG-CVE-2018-6974	Alert Critical	Fixed
2018-10-18 update 2018-10-23	Multiple Oracle Database and other Oracle Vulnerabilities	Advisory-SVG-CVE-2018-3259	Alert Critical	Fixed
2018-10-03	Vulnerability in RedHat Ceph Storage 2.5	Advisory-SVG-CVE-2018-14649	Alert Critical	Fixed
2018-09-27 update 2018-10-03, 2018-10-11	Integer overflow vulnerability in the Linux kernel's create_elf_tables() function.	Advisory-SVG-CVE-2018-14634	Critical	Fixed
2018-09-04	L1TF - Speculative Execution Side Channel vulnerabilities concerning Intel processors	Advisory-SVG-CVE-2018-3620	High	Fixed
2018-08-17	cobbler vulnerability: CobblerXMLRPCInterface exports all its methods over XMLRPC	Advisory-SVG-CVE-2018-10931	Critical	Fixed
2018-08-17	Oracle Database Vulnerability	Advisory-SVG-CVE-2018-3110	Critical	Fixed
2018-07-05, updated 2018-07-09, 2018-07-20	Singularity vulnerability allowing access to protected files	Advisory-SVG-CVE-2018-12021	Critical	Fixed
2018-03-28 update 2018-07-20	data-channel encryption is not enforced in gridftp	Advisory-SVG-2018-14117	Alert
2018-05-24	Kernel Side-Channel Attack using Speculative Store Bypass vulnerability	Advisory-SVG-CVE-2018-3639	High	Fixed
2018-03-26 update 2018-05-24	glibc vulnerability	Advisory-SVG-CVE-2018-1000001	Up to Critical	Fixed
2018-04-30 update 2018-05-23	Local privilege escalation using singularity	Advisory-SVG-2018-14311	Critical	Fixed
2018-03-29 update 2018-05-23	Singularity can be tricked to create directories and files outside the container.	Advisory-SVG-2018-14213	Critical	Fixed
2018-05-16	Command injection via DHCP response	Advisory-SVG-CVE-2018-1111	Critical	Fixed
2018-05-16	multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939)	Advisory-SVG-CVE-2018-8897	Moderate	Fixed
2018-04-14 update 2018-05-08	DPM SRM Buffer Overflow	Advisory-SVG-2017-13915	Moderate	Fixed
2018-04-13	MySQL Server compromise	Advisory-SVG-CVE-2018-2562	Up to High
2018-03-22 update 2018-04-13	Vulnerability concerning SLURM	Advisory-SVG-CVE-2018-7033	Up to Critical	Fixed
2018-03-05 update 2018-03-19	Vulnerability in Singularity 2.3.2 allowing escape from the container	Advisory-SVG-2018-14145	High	Fixed
2018-03-05 update 2018-03-19	Image mounting via Singularity	Advisory-SVG-2018-13999	Alert
2018-02-23 update 2018-03-19, 2018-05-16	linux kernel 'use-after-free' flaw in XFRM	Advisory-SVG-CVE-2017-16939	Alert
2018-02-07 update 2018-03-05	VOMS Admin privilege escalation vulnerability	Advisory-SVG-2017-13249	Moderate	Fixed
2018-02-12	ROBOT attack - Various Vulnerabilities	Advisory-SVG-2017-13925	(Information)
2018-01-23	CPU speculative execution vulnerabilities (Meltdown and Spectre)	Advisory-SVG-CVE-2017-5753	Critical	Ongoing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Advisories-SVG-2018.md

Advisories-SVG-2018.md

Advisories for 2018

Files

Advisories-SVG-2018.md

Latest commit

History

Advisories-SVG-2018.md

File metadata and controls

Advisories for 2018