Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2020/01/21 #2: Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock (Nick Boyce <nick.boyce@...il.com>)
• 2020/01/21 #1: CVE-2019-20384: Portage insecure temporary location (Michael Orlitzky <michael@...itzky.com>)
• 2020/01/20 #6: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #5: CVE-2019-18899: apt-cacher-ng: openSUSE packaging for apt-cacher-ng runs the daemon as root instead of as an unprivileged… (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #4: CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials le… (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #3: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #2: CVE-2020-2656, CVE-2020-2696 - Multiple vulnerabilities in Oracle Solaris (Marco Ivaldi <marco.ivaldi@...iaservice.net>)
• 2020/01/20 #1: Re: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (Peter Kjellström <cap@....liu.se>)
• 2020/01/17 #4: Re: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (John Haxby <john.haxby@...cle.com>)
• 2020/01/17 #3: Re: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (Sven Schwedas <sven.schwedas@....at>)
• 2020/01/17 #2: CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host (P J P <ppandit@...hat.com>)
• 2020/01/17 #1: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (Jeffrey Walton <noloader@...il.com>)
• 2020/01/16 #4: [CVE-2019-17573] Apache CXF Reflected XSS in the services listing page (Colm O hEigeartaigh <coheigea@...che.org>)
• 2020/01/16 #3: [CVE-2019-12423] Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk… (Colm O hEigeartaigh <coheigea@...che.or…)
• 2020/01/16 #2: CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (P J P <ppandit@...hat.com>)
• 2020/01/16 #1: [CVE-2019-17570] xmlrpc-common untrusted deserialization (<cert.cc@...nge.com>)
• 2020/01/15 #2: [CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verification (Ismaël Mejía <iemejia@...che.org>)
• 2020/01/15 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/01/14 #4: Re: linux-distros membership adjustment/vouching (Jorge Lucangeli Obes <jorgelo@...gle.com>)
• 2020/01/14 #3: Xen Security Advisory 312 v1 - arm: a CPU may speculate past the ERET instruction (Xen.org security team <security@....org>)
• 2020/01/14 #2: [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI (Ash Berlin-Taylor <ash@...che.org>)
• 2020/01/14 #1: CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint (Randall Hauch <rhauch@...che.org>)
• 2020/01/12 #1: Re: linux-distros membership adjustment/vouching (Solar Designer <solar@...nwall.com>)
• 2020/01/10 #1: linux-distros membership adjustment/vouching (Kees Cook <kees@...ntu.com>)
• 2020/01/08 #2: [SECURITY] CVE-2020-1925: Possible SSRF in AsyncResponseWrapperImpl (mibo <mibo@...che.org>)
• 2020/01/08 #1: [SECURITY ADVISORY] curl: SMB access smuggling via FILE URL on Windows (CVE-2019-15601) (Daniel Stenberg <daniel@...x.se>)
• 2019/12/30 #1: [CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter (Erik Hatcher <erik.hatcher@...il.com>)
• 2019/12/29 #1: OpenSC 0.20.0 released (Frank Morgner <frankmorgner@...il.com>)
• 2019/12/24 #1: CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities (butt3rflyh4ck <butterflyhuangxx@...il.com>)
• 2019/12/23 #2: Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 ("Larry W. Cashdollar" <larry0@...com>)
• 2019/12/23 #1: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 ("Larry W. Cashdollar" <larry0@...com>)
• 2019/12/20 #2: VNC vulnerabilities. TigerVNC security update (Pavel Cheremushkin <Pavel.Cheremushkin@...persky.com>)
• 2019/12/20 #1: Re: CVE requests: three vulnerabilities in ImageMagick (Mohammad Tausif Siddiqui <msiddiqu@...hat.com>)
• 2019/12/19 #3: Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack ("Stuart D. Gathman" <stuart@...hman.org>)
• 2019/12/19 #2: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer (Matt Sicker <mattsicker@...che.org>)
• 2019/12/19 #1: CVE requests: three vulnerabilities in ImageMagick (GalyCannon <galycannon@...il.com>)
• 2019/12/18 #3: Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack ("Alexander E. Patrakov" <patrakov@...il.com>)
• 2019/12/18 #2: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack (Aaron Patterson <aaron.patterson@...il.com>)
• 2019/12/18 #1: Django: CVE-2019-19844: Potential account hijack via password reset form (Mariusz Felisiak <felisiak.mariusz@...il.com>)
• 2019/12/17 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/12/16 #3: [CVE-2019-12413] Apache Incubator Superset meta data leak vulnerability (daniel gaspar <danielvazgaspar@...il.com>)
• 2019/12/16 #2: [CVE-2019-12414] Apache Incubator Superset medata data leak vulnerability (daniel gaspar <danielvazgaspar@...il.com>)
• 2019/12/16 #1: CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (P J P <ppandit@...hat.com>)
• 2019/12/13 #3: Re: CVE-2019-19722: Critical vulnerability in Dovecot (Aki Tuomi <aki.tuomi@...n-xchange.com>)
• 2019/12/13 #2: CVE-2019-19722: Critical vulnerability in Dovecot (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2019/12/13 #1: Multiple vulnerabilities fixed in Git (Johannes Schindelin <Johannes.Schindelin@....de>)
• 2019/12/12 #2: Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420 ("Kevin A. McGrail" <kmcgrail@...che.org>)
• 2019/12/12 #1: Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805 ("Kevin A. McGrail" <kmcgrail@...che.org>)
• 2019/12/11 #9: Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) (Qualys Security Advisory <qsa@...lys.com>)
• 2019/12/11 #8: [OSSA-2019-006] Keystone: Credentials API allows listing and retrieving of all users credentials (CVE-2019-19687) (Gage Hugo <gagehugo@...il.com>)
• 2019/12/11 #7: Xen Security Advisory 308 v3 (CVE-2019-19583) - VMX: VMentry failure with debug exceptions and blocked states (Xen.org security team <security@....org>)
• 2019/12/11 #6: Xen Security Advisory 311 v4 (CVE-2019-19577) - Bugs in dynamic height handling for AMD IOMMU pagetables (Xen.org security team <security@....org>)
• 2019/12/11 #5: Xen Security Advisory 310 v3 (CVE-2019-19580) - Further issues with restartable PV type change operations (Xen.org security team <security@....org>)
• 2019/12/11 #4: Xen Security Advisory 309 v3 (CVE-2019-19578) - Linear pagetable use / entry miscounts (Xen.org security team <security@....org>)
• 2019/12/11 #3: Xen Security Advisory 307 v3 (CVE-2019-19581,CVE-2019-19582) - find_next_bit() issues (Xen.org security team <security@....org>)
• 2019/12/11 #2: Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability (VMware Security Response Center <security@...are.com>)
• 2019/12/11 #1: Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (P J P <ppandit@...hat.com>)
• 2019/12/10 #4: Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (Tyler Hicks <tyhicks@...onical.com>)
• 2019/12/10 #3: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (P J P <ppandit@...hat.com>)
• 2019/12/10 #2: Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability (Riccardo Schirone <rschiron@...hat.com>)
• 2019/12/10 #1: CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow (<sandreim@...zon.com>)
• 2019/12/09 #8: Re: Shell wildcards considered dangerous? (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/09 #7: Re: Shell wildcards considered dangerous? (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/09 #6: Re: Shell wildcards considered dangerous? (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/09 #5: Re: Shell wildcards considered dangerous? (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/09 #4: Re: Shell wildcards considered dangerous? (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/09 #3: Re: Shell wildcards considered dangerous? (Heiko Schlittermann <hs@...littermann.de>)
• 2019/12/09 #2: Re: Shell wildcards considered dangerous? (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/09 #1: Shell wildcards considered dangerous? (Georgi Guninski <gguninski@...il.com>)
• 2019/12/08 #1: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/06 #3: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (ValdikSS <iam@...dikss.org.ru>)
• 2019/12/06 #2: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (ValdikSS <iam@...dikss.org.ru>)
• 2019/12/06 #1: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability (VMware Security Response Center <security@...are.com>)
• 2019/12/05 #7: Xen Security Advisory 306 v3 (CVE-2019-19579) - Device quarantine for alternate pci assignment methods (Xen.org security team <security@....org>)
• 2019/12/05 #6: Re: Authentication vulnerabilities in OpenBSD (Arrigo Triulzi <arrigo@...hemistowl.org>)
• 2019/12/05 #5: Re: Authentication vulnerabilities in OpenBSD (Renaud Allard <renaud@...ard.it>)
• 2019/12/05 #4: Re: Authentication vulnerabilities in OpenBSD (Georgi Guninski <gguninski@...il.com>)
• 2019/12/05 #3: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (Colm MacCárthaigh <colm@...costs.net>)
• 2019/12/05 #2: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/05 #1: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ("William J. Tolley" <william@...akpointingbad.com>)
• 2019/12/04 #6: Re: Authentication vulnerabilities in OpenBSD (Solar Designer <solar@...nwall.com>)
• 2019/12/04 #5: Authentication vulnerabilities in OpenBSD (Qualys Security Advisory <qsa@...lys.com>)
• 2019/12/04 #4: [CVE-2019-19331] Knot Resolver 4.3.0 security release (Vladimír Čunát <vladimir.cunat@....cz>)
• 2019/12/04 #3: CVE-2019-17556: Olingo: Deserialization vulnerability (mibo <mibo@...che.org>)
• 2019/12/04 #2: CVE-2019-17555: Olingo: DoS via Retry-After header vulnerability (mibo <mibo@...che.org>)
• 2019/12/04 #1: CVE-2019-17554: Olingo: XML External Entity resolution attack (mibo <mibo@...che.org>)
• 2019/12/03 #4: Linux kernel: multiple vulnerabilities in the USB subsystem x3 (Andrey Konovalov <andreyknvl@...il.com>)
• 2019/12/03 #3: Re: virtual consoles (Tavis Ormandy <taviso@...il.com>)
• 2019/12/03 #2: Re: virtual consoles (Simon McVittie <smcv@...ian.org>)
• 2019/12/03 #1: Re: virtual consoles (Georgi Guninski <gguninski@...il.com>)
• 2019/12/02 #6: Re: virtual consoles (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/02 #5: Re: virtual consoles (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/02 #4: Re: virtual consoles (Tavis Ormandy <taviso@...il.com>)
• 2019/12/02 #3: Re: virtual consoles (Solar Designer <solar@...nwall.com>)
• 2019/12/02 #2: virtual consoles (Tavis Ormandy <taviso@...il.com>)
• 2019/12/02 #1: Django 2.2.8 and 2.1.15: CVE-2019-19118: Privilege escalation in the Django admin. (Carlton Gibson <carlton.gibson@...il.com>)
• 2019/11/28 #2: Multiple issues in lemonldap-ng (Raphael Geissert <geissert@...ian.org>)
• 2019/11/28 #1: CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) (Jesse <purplecabbage@...il.com>)
• 2019/11/27 #1: CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation (Michael Ellerman <mpe@...erman.id.au>)
• 2019/11/26 #2: Xen Security Advisory 306 v2 - Device quarantine for alternate pci assignment methods (Xen.org security team <security@....org>)

25760 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.