oss-security mailing list
Recent messages:
- 2024/04/19 #6:
Re: Linux: Disabling network namespaces (nightmare.yeah27@...ecat.org)
- 2024/04/19 #5:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/19 #4:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/19 #3:
CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with
unverified SSL context (Elad Kalif <eladkal@...che.org>)
- 2024/04/19 #2:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/19 #1:
CVE-2024-29217: Apache Answer: XSS vulnerability when changing
personal website (Enxin Xie <linkinstar@...che.org>)
- 2024/04/18 #5:
flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal
and CWE-88 (Simon McVittie <smcv@...ian.org>)
- 2024/04/18 #4:
Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-… (Solar Designer <solar@...nwall.com>)
- 2024/04/18 #3:
Re: Make your own backdoor: CFLAGS code injection,
Makefile injection, pkg-config (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/18 #2:
libreswan: IKEv1 default AH/ESP responder can crash and restart (David Morel <david.morel@...es.tech>)
- 2024/04/18 #1:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Matt Johnston <matt@....asn.au>)
- 2024/04/17 #10:
CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used (Ephraim Anierobi <ephraimanierobi@...che…)
- 2024/04/17 #9:
The GNU C Library security advisories update for 2024-04-17:
GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out… (Adhemerval Zanella Netto <zatrazz@...il…)
- 2024/04/17 #8:
Terrapin vulnerability in Jenkins CLI client (Daniel Beck <ml@...kweb.net>)
- 2024/04/17 #7:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Loganaden Velvindron <loganaden@...il.com>)
- 2024/04/17 #6:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/17 #5:
Re: Linux: Disabling network namespaces (Georgia Garcia <georgia.garcia@...onical.com>)
- 2024/04/17 #4:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/17 #3:
Make your own backdoor: CFLAGS code injection, Makefile injection,
pkg-config (Vegard Nossum <vegard.nossum@...cle.com>)
- 2024/04/17 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/17 #1:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Greg KH <greg@...ah.com>)
- 2024/04/16 #6:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/16 #5:
Re: backdoor in upstream xz/liblzma leading to ssh server compromise (Solar Designer <solar@...nwall.com>)
- 2024/04/16 #4:
[kubernetes] CVE-2024-3177: Bypassing mountable secrets policy
imposed by the ServiceAccount admission plugin (Rita Zhang <rita.z.zhang@...il.com>)
- 2024/04/16 #3:
Re: Linux: Disabling network namespaces (Philippe Cerfon <philcerf@...il.com>)
- 2024/04/16 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/16 #1:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/15 #6:
CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys
Through Biased ECDSA Nonces in PuTTY Client (Fabian Bäumer <fabian.baeumer@....de>)
- 2024/04/15 #5:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/15 #4:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/15 #3:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/15 #2:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/15 #1:
Re: less(1) with LESSOPEN mishandles \n in paths (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/14 #1:
Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/13 #2:
Re: less(1) with LESSOPEN mishandles \n in paths (Tobias Powalowski <tobias.powalowski@...glemail.com>)
- 2024/04/13 #1:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/12 #11:
PHP security releases 8.1.28, 8.2.18, & 8.3.6 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/12 #10:
Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to
21.1.12 and Xwayland prior to 23.2.5 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/12 #9:
Re: Re: backdoor in upstream xz/liblzma leading to
ssh server compromise (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/12 #8:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/12 #7:
CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and
readiness probes may leak basic auth credentials (Jason Gerlowski <gerlowskija@...che.org>)
- 2024/04/12 #6:
Re: less(1) with LESSOPEN mishandles \n in paths (Sam James <sam@...too.org>)
- 2024/04/12 #5:
less(1) with LESSOPEN mishandles \n in paths (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/12 #4:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/12 #3:
CVE-2024-27309: Apache Kafka: Potential incorrect access control
during migration from ZK mode to KRaft mode (Colin McCabe <cmccabe@...che.org>)
- 2024/04/12 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Kyle Zeng <zengyhkyle@...il.com>)
- 2024/04/12 #1:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Kyle Zeng <zengyhkyle@...il.com>)
- 2024/04/11 #15:
Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit
on /dev/shm ("Yann E. MORIN" <yann.morin.1998@...e.fr>)
- 2024/04/11 #14:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/11 #13:
Buildroot: incorrect permissons on /dev/shm (Ben Hutchings <ben.hutchings@...ensium.com>)
- 2024/04/11 #12:
[PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm (Ben Hutchings <ben.hutchings@...d.be>)
- 2024/04/11 #11:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/11 #10:
Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Michael Knap <oss-sec@...ap.com>)
- 2024/04/11 #9:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/11 #8:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/11 #7:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Donald Buczek <buczek@...gen.mpg.de>)
- 2024/04/11 #6:
Re: Is CVE-2024-30203 bogus? (Emacs) (Max Nikulin <manikulin@...il.com>)
- 2024/04/11 #5:
Re: Re: Is CVE-2024-30203 bogus? (Emacs) (Sean Whitton <spwhitton@...hitton.name>)
- 2024/04/11 #4:
Re: Is CVE-2024-30203 bogus? (Emacs) (Sean Whitton <spwhitton@...hitton.name>)
- 2024/04/11 #3:
Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Michael Knap <oss-sec@...ap.com>)
- 2024/04/11 #2:
Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Tianyu Chen <billchenchina2001@...il.com>)
- 2024/04/11 #1:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/10 #23:
Re: CVE-2024-1086: Linux: nf_tables: use-after-free
vulnerability in the nft_verdict_init() function (Jonathan Wright <jonathan@...alinux.org>)
- 2024/04/10 #22:
CVE-2024-1086: Linux: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (Solar Designer <solar@...nwall.com>)
- 2024/04/10 #21:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/10 #20:
Re: CERT VU#123335: Multiple Programming
Languages Fail to Escape Arguments Properly in Microsoft Windows (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/04/10 #19:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Vegard Nossum <vegard.nossum@...cle.com>)
- 2024/04/10 #18:
New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/10 #17:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/10 #16:
CERT VU#123335: Multiple Programming Languages Fail to Escape
Arguments Properly in Microsoft Windows (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/10 #15:
NodeJS Command injection via args parameter of child_process.spawn
without shell option enabled on Windows (CVE-2024-27… (Jan Schaumann <jschauma@...meister.org>)
- 2024/04/10 #14:
Fwd: Node.js security update for all active relesae lines, April 9
2024 (Rafael Gonzaga <work@...aelgss.dev>)
- 2024/04/10 #13:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Chris Down <chris@...isdown.name>)
- 2024/04/10 #12:
Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Solar Designer <solar@...nwall.com>)
- 2024/04/10 #11:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Joey Hess <id@...yh.name>)
- 2024/04/10 #10:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/10 #9:
Analysis on who is Jia Tan, and who he could work for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/10 #8:
CVE-2024-31861: Apache Zeppelin: Code injection by Shell
interpreter (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/10 #7:
CVE-2024-31309: Apache Traffic Server: HTTP/2 CONTINUATION frames
can be utilized for DoS attack (Bryan Call <bcall@...che.org>)
- 2024/04/10 #6:
Re: Is CVE-2024-30203 bogus? (Emacs) (Max Nikulin <manikulin@...il.com>)
- 2024/04/10 #5:
Re: Re: Is CVE-2024-30203 bogus? (Emacs) (Salvatore Bonaccorso <carnil@...ian.org>)
- 2024/04/10 #4:
Re: Is CVE-2024-30203 bogus? (Emacs) (Ihor Radchenko <yantar92@...teo.net>)
- 2024/04/10 #3:
Re: Is CVE-2024-30203 bogus? (Emacs) (Sean Whitton <spwhitton@...hitton.name>)
- 2024/04/10 #2:
Re: xz backdoor prevention using hosts.deny? (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/10 #1:
Re: xz backdoor prevention using hosts.deny? (Christoph Anton Mitterer <calestyo@...entia.org>)
- 2024/04/09 #17:
Re: xz backdoor prevention using hosts.deny? (Andres Freund <andres@...razel.de>)
- 2024/04/09 #16:
CVE-2024-24576: Rust 1.77.1 and earlier did not properly escape arguments of
batch files on Windows ("Pietro Albini" <pietro@...troalbini.org>)
- 2024/04/09 #15:
Xen Security Advisory 456 v2 (CVE-2024-2201) - x86: Native Branch
History Injection (Xen.org security team <security@....org>)
- 2024/04/09 #14:
Xen Security Advisory 455 v4 (CVE-2024-31142) - x86: Incorrect
logic for BTC/SRSO mitigations (Xen.org security team <security@....org>)
- 2024/04/09 #13:
CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Michael Knap <oss-sec@...ap.com>)
- 2024/04/09 #12:
CVE-2024-31867: Apache Zeppelin: LDAP search filter query
Injection Vulnerability (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #11:
CVE-2024-31868: Apache Zeppelin: XSS vulnerability in the helium
module (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #10:
CVE-2024-31866: Apache Zeppelin: Interpreter download command does
not escape malicious code injection (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #9:
CVE-2024-31865: Apache Zeppelin: Cron arbitrary user impersonation
with improper privileges (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #8:
CVE-2024-31864: Apache Zeppelin: Remote code execution by adding
malicious JDBC connection string (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #7:
Re: xz backdoor prevention using hosts.deny? (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/09 #6:
CVE-2024-31863: Apache Zeppelin: Replacing other users notebook,
bypassing any permissions (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #5:
CVE-2024-31862: Apache Zeppelin: Denial of service with invalid
notebook name (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #4:
CVE-2022-47894: Apache Zeppelin SAP: connecting to a malicious SAP
server allowed it to perform XXE (Jongyoul Lee <jongyoul@...che.org>)
- 2024/04/09 #3:
CVE-2021-28656: Apache Zeppelin: CSRF vulnerability in the
Credentials page (Jongyoul Lee <jongyoul@...che.org>)
30057 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.