Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2019/09/13 #6: CVE-2019-10071: Apache Tapestry vulnerability disclosure ("Thiago H. de Paula Figueiredo" <thiagohp@...il.com>)
• 2019/09/13 #5: CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability ("Thiago H. de Paula Figueiredo" <thiagohp@...il.com>)
• 2019/09/13 #4: [CVE-2019-0195] Apache Tapestry vulnerability disclosure ("Thiago H. de Paula Figueiredo" <thiagohp@...il.com>)
• 2019/09/13 #3: Re: Telegram privacy fails again. (Stuart Henderson <stu@...cehopper.org>)
• 2019/09/13 #2: Re: Telegram privacy fails again. (notspam@...st)
• 2019/09/13 #1: CVE-2019-14822 ibus: missing authorization flaw (Riccardo Schirone <rschiron@...hat.com>)
• 2019/09/12 #6: Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/09/12 #5: 3 CVEs in dino (Randy Barlow <randy@...ctronsweatshop.com>)
• 2019/09/12 #4: Re: Telegram privacy fails again. (Ben Tasker <ben@...tasker.co.uk>)
• 2019/09/12 #3: Re: Telegram privacy fails again. (Solar Designer <solar@...nwall.com>)
• 2019/09/12 #2: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/09/12 #1: pam_p11 0.3.1 released (Frank Morgner <frankmorgner@...il.com>)
• 2019/09/11 #8: OpenDMARC signature bypass with multiple From addresses (Hanno Böck <hanno@...eck.de>)
• 2019/09/11 #7: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass (Jouni Malinen <j@...fi>)
• 2019/09/11 #6: [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow (Daniel Stenberg <daniel@...x.se>)
• 2019/09/11 #5: [SECURITY ADVISORY] curl: FTP-KRB double-free (Daniel Stenberg <daniel@...x.se>)
• 2019/09/11 #4: [CVE-2019-10074] Apache OFBiz RCE (template injection) (Jacopo Cappellato <jacopoc@...che.org>)
• 2019/09/11 #3: [CVE-2019-10073] Apache OFBiz XSS vulnerability in the "ecommerce" component (Jacopo Cappellato <jacopoc@...che.org>)
• 2019/09/11 #2: [CVE-2019-0189] Apache OFBiz remote code execution and arbitrary file delete via Java deserialization (Jacopo Cappellato <jacopoc@...che.org>)
• 2019/09/11 #1: [CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine (Jacopo Cappellato <jacopoc@...che.org>)
• 2019/09/10 #4: CVE-2019-15031: Linux kernel: powerpc: data leak with FP/VMX triggerable by interrupt in transaction (Michael Neuling <mikey@...ling.org>)
• 2019/09/10 #3: CVE-2019-15030: Linux kernel: powerpc: data leak with FP/VMX triggerable by unavailable exception in transaction (Michael Neuling <mikey@...ling.org>)
• 2019/09/10 #2: Re: Telegram privacy fails again. (Ilya Matveychikov <matvejchikov@...il.com>)
• 2019/09/10 #1: [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0 (Tomas Fernandez Lobbe <tflobbe@...che.org>)
• 2019/09/09 #2: Telegram privacy fails again. (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2019/09/09 #1: Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges (Phil Pennock <pdp@...m.org>)
• 2019/09/08 #1: Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Sylvain Beucler <beuc@...c.net>)
• 2019/09/07 #2: Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges (Phil Pennock <pdp@...m.org>)
• 2019/09/07 #1: Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/09/06 #8: Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (akuster <akuster@...sta.com>)
• 2019/09/06 #7: CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability (Rawlin Peters <rawlin@...che.org>)
• 2019/09/06 #6: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges ("Sebastian Nielsen" <sebastian@...be.eu>)
• 2019/09/06 #5: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/09/06 #4: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...littermann.de>)
• 2019/09/06 #3: CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly (P J P <ppandit@...hat.com>)
• 2019/09/06 #2: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/09/06 #1: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/09/04 #2: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...littermann.de>)
• 2019/09/04 #1: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/09/03 #1: CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface (Chris Coulson <chris.coulson@...onical.com>)
• 2019/09/02 #5: Re: MITRE response time (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/09/02 #4: Re: MITRE response time (Florian Weimer <fweimer@...hat.com>)
• 2019/09/02 #3: Re: MITRE response time (Johannes Segitz <jsegitz@...e.de>)
• 2019/09/02 #2: Re: MITRE response time ("(RS) Tyler Schroder" <redorhcs@...coded.com>)
• 2019/09/02 #1: MITRE response time (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• 2019/08/29 #5: Re: Irssi 1.2.2:CVE-2019-15717 (Santiago Torres <torresariass@...il.com>)
• 2019/08/29 #4: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 (Adrian Perez de Castro <aperez@...lia.com>)
• 2019/08/29 #3: Irssi 1.2.2:CVE-2019-15717 (Ailin Nemui <ailin.nemui@...il.com>)
• 2019/08/29 #2: [OSSA-2019-004] Ageing time of 0 disables linuxbridge MAC learning (CVE-2019-15753) (Jeremy Stanley <fungi@...goth.org>)
• 2019/08/29 #1: Three vulnerabilities in Kea DHCP disclosed by ISC, 28 August 2019 (Michael McNally <mcnally@....org>)
• 2019/08/28 #9: CVE-2019-10222: ceph: unauthenticated clients can crash RGW (Alexandros Toptsoglou <atoptsoglou@...e.com>)
• 2019/08/28 #8: Re: Critical Dovecot and Pigeonhole vulnerability (Larry Rosenman <ler@...eBSD.org>)
• 2019/08/28 #7: Re: Critical Dovecot and Pigeonhole vulnerability (aki.tuomi@...ecot.fi)
• 2019/08/28 #6: Re: Critical Dovecot and Pigeonhole vulnerability (Hanno Böck <hanno@...eck.de>)
• 2019/08/28 #5: Re: Critical Dovecot and Pigeonhole vulnerability (Hanno Böck <hanno@...eck.de>)
• 2019/08/28 #4: Multiple vulnerabilities in Jenkins and Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/08/28 #3: Critical Dovecot and Pigeonhole vulnerability (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2019/08/28 #2: ghostscript: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and CVE-2019-14817 (.forceput exposed) (Cedric Buissart <cbuissar@...hat.com>)
• 2019/08/28 #1: Linux kernel: three heap overflow in the marvell wifi driver (huangwen <huangwenabc@...il.com>)
• 2019/08/27 #1: [CVE-2019-12402] Apache Commons Compress denial of service vulnerability (Stefan Bodewig <bodewig@...che.org>)
• 2019/08/26 #1: CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270 (Carlos Eduardo <carlosecg@...il.com>)
• 2019/08/23 #5: CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry (David Tomaschik <davidtomaschik@...gle.com>)
• 2019/08/23 #4: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source (Colm O hEigeartaigh <coheigea@...che.org>)
• 2019/08/23 #3: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Greg KH <greg@...ah.com>)
• 2019/08/23 #2: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Eddie Chapman <eddie@...k.net>)
• 2019/08/23 #1: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 ("Perry E. Metzger" <perry@...rmont.com>)
• 2019/08/22 #17: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 ("Stuart D. Gathman" <stuart@...hman.org>)
• 2019/08/22 #16: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Mathias Payer <mathias.payer@...elwelt.net>)
• 2019/08/22 #15: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Greg KH <greg@...ah.com>)
• 2019/08/22 #14: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Eddie Chapman <eddie@...k.net>)
• 2019/08/22 #13: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 ("Perry E. Metzger" <perry@...rmont.com>)
• 2019/08/22 #12: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Eddie Chapman <eddie@...k.net>)
• 2019/08/22 #11: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Kurt H Maier <khm@...ops.net>)
• 2019/08/22 #10: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (John Haxby <john.haxby@...cle.com>)
• 2019/08/22 #9: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Jeremy Stanley <fungi@...goth.org>)
• 2019/08/22 #8: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 ("Perry E. Metzger" <perry@...rmont.com>)
• 2019/08/22 #7: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Brad Spengler <spender@...ecurity.net>)
• 2019/08/22 #6: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Greg KH <greg@...ah.com>)
• 2019/08/22 #5: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Andrey Konovalov <andreyknvl@...il.com>)
• 2019/08/22 #4: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (John Haxby <john.haxby@...cle.com>)
• 2019/08/22 #3: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Marcus Meissner <meissner@...e.de>)
• 2019/08/22 #2: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (John Haxby <john.haxby@...cle.com>)
• 2019/08/22 #1: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Eric Biggers <ebiggers@...nel.org>)
• 2019/08/21 #1: RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack ("Vogl, Todd" <ToddVogl@...iantenergy.com>)
• 2019/08/20 #2: Linux kernel: multiple vulnerabilities in the USB subsystem x2 (Andrey Konovalov <andreyknvl@...il.com>)
• 2019/08/20 #1: [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514 ("Hausler, Micah" <mhausler@...zon.com>)
• 2019/08/19 #1: [CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3 (Justin Bull <me@...tinbull.ca>)
• 2019/08/15 #8: Re: [ANNOUNCE] Security release of kube-state-metrics v1.7.2 (Sam Fowler <sfowler@...hat.com>)
• 2019/08/15 #7: CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers (Daniel Ruggeri <druggeri@...che.org>)
• 2019/08/15 #6: CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect (Daniel Ruggeri <druggeri@...che.org>)
• 2019/08/15 #5: CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference (Daniel Ruggeri <druggeri@...che.org>)
• 2019/08/15 #4: CVE-2019-10092: Limited cross-site scripting in mod_proxy (Daniel Ruggeri <druggeri@...che.org>)
• 2019/08/15 #3: CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown (Daniel Ruggeri <druggeri@...che.org>)
• 2019/08/15 #2: CVE-2019-10081: mod_http2, memory corruption on early pushes (Daniel Ruggeri <druggeri@...che.org>)
• 2019/08/15 #1: CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation. (Wade Mealing <wmealing@...hat.com>)
• 2019/08/13 #1: Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 (Cedric Buissart <cbuissar@...hat.com>)
• 2019/08/12 #5: Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2019/08/12 #4: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 (Cedric Buissart <cbuissar@...hat.com>)
• 2019/08/12 #3: Re: linux-distros membership application - Microsoft (Solar Designer <solar@...nwall.com>)
• 2019/08/12 #2: gnu/linux rediscovers macro malware (Georgi Guninski <gguninski@...il.com>)

25496 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.