Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2022/08/16 #1: CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag (Ash Berlin-Taylor <ash@...che.org>)
• 2022/08/15 #1: Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (David Hildenbrand <david@...hat.com>)
• 2022/08/14 #3: Multiple DNS Cache poisoning vulnerabilities in dproxy and drpoxy-nexgen (CVE-2022-33988, CVE-2022-33989, CVE-2022-3399… ("Philipp Jeitner (SIT)" <philipp.jeitne…)
• 2022/08/14 #2: Fixed DNS UDP port in totd DNS forwarder (CVE-2022-34294) ("Philipp Jeitner (SIT)" <philipp.jeitner@....fraunhofer.de>)
• 2022/08/14 #1: Multiple DNS Cache poisoning vulnerabilities in dnrd DNS forwarder (CVE-2022-33993, CVE-2022-33992) ("Philipp Jeitner (SIT)" <philipp.jeitner@....fraunhofer.de…)
• 2022/08/13 #2: CVE-2022-37401: Apache OpenOffice Weak Master Keys ("Carl B. Marcum" <cmarcum@...che.org>)
• 2022/08/13 #1: CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Kn… ("Carl B. Marcum" <cmarcum@...che.org>)
• 2022/08/12 #1: Re: [Exim-Security] Exim < 4.95 heap overflow (Roxana Bradescu <roxxbee@...il.com>)
• 2022/08/11 #2: CVE-2022-20359 is not mentioned in linked bulletin (Neil Williams <codehelp@...ian.org>)
• 2022/08/11 #1: Re: CVE-2022-20359 is not mentioned in linked bulletin (Salvatore Bonaccorso <carnil@...ian.org>)
• 2022/08/10 #2: Re: Apache mod_dav off-by-one (John Helmert III <ajak@...too.org>)
• 2022/08/10 #1: Re: [Exim-Security] Exim < 4.95 heap overflow (Graeme Fowler <graeme+osssec@...emef.net>)
• 2022/08/09 #8: Re: CVE-2022-2588 - Linux kernel cls_route UAF (Vegard Nossum <vegard.nossum@...cle.com>)
• 2022/08/09 #7: CVE-2022-2585 - Linux kernel POSIX CPU timer UAF (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2022/08/09 #6: CVE-2022-2588 - Linux kernel cls_route UAF (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2022/08/09 #5: CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2022/08/09 #4: Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (David Hildenbrand <david@...hat.com>)
• 2022/08/09 #3: Exim 4.96 overflow (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/09 #2: Apache mod_dav off-by-one (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/09 #1: Re: zlib buffer overflow (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2022/08/08 #11: CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK (Ryan Skraba <rskraba@...che.org>)
• 2022/08/08 #10: CVE-2022-36124: Apache Avro: Memory overconsumption in Avro Rust SDK (Ryan Skraba <rskraba@...che.org>)
• 2022/08/08 #9: CVE-2022-35724: Apache Avro: Denial of service while reading data in Avro Rust SDK (Ryan Skraba <rskraba@...che.org>)
• 2022/08/08 #8: Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (Demi Marie Obenour <demi@...isiblethingslab.com>)
• 2022/08/08 #7: Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (David Hildenbrand <david@...hat.com>)
• 2022/08/08 #6: wolfSSL 5.4.0 fixes CVE-2022-34293 and other issues (Fabian Keil <freebsd-listen@...iankeil.de>)
• 2022/08/08 #5: Re: Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() (Florian Weimer <fweimer@...hat.com>)
• 2022/08/08 #4: Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() (Solar Designer <solar@...nwall.com>)
• 2022/08/08 #3: Re: Linux: UaF due to concurrency issue in io_uring timeouts (Solar Designer <solar@...nwall.com>)
• 2022/08/08 #2: Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (Solar Designer <solar@...nwall.com>)
• 2022/08/08 #1: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions (David Hildenbrand <david@...hat.com>)
• 2022/08/07 #4: Re: Exim < 4.95 heap overflow (Roxana Bradescu <roxabee@...omium.org>)
• 2022/08/07 #3: Re: Exim 4.95 invalid free (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/07 #2: Re: Exim < 4.95 heap overflow (Stuart Henderson <sthen@...nbsd.org>)
• 2022/08/07 #1: Re: Exim < 4.95 heap overflow (John Helmert III <ajak@...too.org>)
• 2022/08/06 #8: Exim < 4.95 heap overflow (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/06 #7: Re: Exim 4.95 invalid free (Solar Designer <solar@...nwall.com>)
• 2022/08/06 #6: Re: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation (Solar Designer <solar@...nwall.com>)
• 2022/08/06 #5: Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init (Solar Designer <solar@...nwall.com>)
• 2022/08/06 #4: Re: Exim 4.95 invalid free (Solar Designer <solar@...nwall.com>)
• 2022/08/06 #3: Re: Exim 4.95 invalid free (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/06 #2: Re: Exim 4.95 invalid free (John Helmert III <ajak@...too.org>)
• 2022/08/06 #1: Exim 4.95 invalid free (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/05 #2: zlib buffer overflow (Evgeny Legerov <admin@...ndisco.cc>)
• 2022/08/05 #1: Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow (Marko Lindqvist <cazfi74@...il.com>)
• 2022/08/04 #1: gromox: potential local privilege escalation (CVE-2022-37030) (Filippo Bonazzi <fbonazzi@...e.de>)
• 2022/08/03 #6: CVE-2022-34158: Apache JSPWiki: User Group Privilege Escalation (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2022/08/03 #5: CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2022/08/03 #4: CVE-2022-28731: Apache JSPWiki CSRF in UserPreferences.jsp (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2022/08/03 #3: CVE-2022-28730: Apache JSPWiki Cross-site scripting vulnerability on AJAXPreview.jsp (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2022/08/03 #2: CVE-2022-27166: Apache JSPWiki: XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2 (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2022/08/03 #1: Django: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse. (Carlton Gibson <carlton.gibson@...il.com>)
• 2022/08/02 #1: CVE-2022-29154: Rsync client-side arbitrary file write vulnerability. (EGE BALCI <ege@...daft.com>)
• 2022/07/28 #2: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2022/07/28 #1: CVE-2022-36364: Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector (Ruben Q L <rubenql@...che.org>)
• 2022/07/27 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2022/07/26 #3: Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode (Xen.org security team <security@....org>)
• 2022/07/26 #2: Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode (Xen.org security team <security@....org>)
• 2022/07/26 #1: Re: snowflakedb security contacts (Christian Heinrich <christian.heinrich@...h.id.au>)
• 2022/07/25 #2: Re: snowflakedb security contacts (Seth Arnold <seth.arnold@...onical.com>)
• 2022/07/25 #1: Re: CVE Request: heap buffer overflow in gdk-pixbuf (Pedro Ribeiro <pedrib@...il.com>)
• 2022/07/24 #3: Re: snowflakedb security contacts (Roxana Bradescu <roxxbee@...il.com>)
• 2022/07/24 #2: CVE-2022-24294: ReDoS in Apache MXNet RTC Module (Sheng Zha <zhasheng@...che.org>)
• 2022/07/24 #1: Re: CVE Request: heap buffer overflow in gdk-pixbuf (Pedro Ribeiro <pedrib@...il.com>)
• 2022/07/23 #2: Re: CVE Request: heap buffer overflow in gdk-pixbuf (John Helmert III <ajak@...too.org>)
• 2022/07/23 #1: CVE Request: heap buffer overflow in gdk-pixbuf (Pedro Ribeiro <pedrib@...il.com>)
• 2022/07/20 #4: Grails Framework Remote Code Execution Vulnerability, CVE-2022-35912 ("Myers, Christopher" <Christopher.Myers@...or.edu>)
• 2022/07/20 #3: Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious X… (Moritz Muehlenhoff <jmm@...til.org>)
• 2022/07/20 #2: Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious X… (Roxana Bradescu <roxxbee@...il.com>)
• 2022/07/20 #1: Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741) (Rohit Yadav <rohit@...che.org>)
• 2022/07/19 #6: Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XS… (John Helmert III <ajak@...too.org>)
• 2022/07/19 #5: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT style… ("Mark J. Cox" <mjc@...che.org>)
• 2022/07/19 #4: CVE-2022-21505: Kernel lockdown bypass bug (John Haxby <john.haxby@...cle.com>)
• 2022/07/19 #3: CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out o… ("Weigang (Jimmy)" <weigang12@...wei.com…)
• 2022/07/19 #2: CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write m… ("Weigang (Jimmy)" <weigang12@...wei.com…)
• 2022/07/19 #1: snowflakedb security contacts (Seth Arnold <seth.arnold@...onical.com>)
• 2022/07/18 #2: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741) (Rohit Yadav <rohit@...che.org>)
• 2022/07/18 #1: CVE-2022-36127: Apache SkyWalking NodeJS Agent: Service unavailability impact in NodeJS agent(version <= 0.5.0) (Zhenxu Ke <kezhenxu94@...che.org>)
• 2022/07/17 #1: CVE-2022-33891: Apache Spark shell command injection vulnerability via Spark UI (Sean Owen <srowen@...che.org>)
• 2022/07/15 #1: [Security] CVE-2021-34538: Security vulnerability in Hive with UDFs (Naveen Gangam <ngangam@...udera.com>)
• 2022/07/14 #1: Git v2.37.1 and friends for CVE-2022-29187 (Junio C Hamano <junio@...ox.com>)
• 2022/07/13 #1: Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative cod… (Andrew Cooper <Andrew.Cooper3@...rix.co…)
• 2022/07/12 #5: Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative cod… (Salvatore Bonaccorso <carnil@...ian.org…)
• 2022/07/12 #4: Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative cod… (Salvatore Bonaccorso <carnil@...ian.org…)
• 2022/07/12 #3: [CVE-2022-31781] Apache Tapestry denial of service vulnerability ("Thiago H. de Paula Figueiredo" <thiagohp@...il.com>)
• 2022/07/12 #2: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code exe… (Xen.org security team <security@....org…)
• 2022/07/12 #1: Fwd: X.Org Security Advisory: July 12, 2022 (Povilas Kanapickas <povilas@...ix.lt>)
• 2022/07/11 #1: [kubernetes] CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass ("Hausler, Micah" <mhausler@...zon.com>)
• 2022/07/08 #2: Fwd: CVE-2022-2347 - Unchecked Download Size and Direction in U-Boot USB DFU ("Eduardo' Vela\" <Nava>" <evn@...gle.com>)
• 2022/07/08 #1: Re: CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2022/07/07 #3: CVE-2022-28889: Apache Druid: Clickjacking in the web console (Abhishek Agarwal <abhishek@...che.org>)
• 2022/07/07 #2: CVE-2021-44791: Apache Druid: Reflected XSS on certain HTTP endpoints (Abhishek Agarwal <abhishek@...che.org>)
• 2022/07/07 #1: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Florian Weimer <fweimer@...hat.com>)
• 2022/07/06 #12: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Demi Marie Obenour <demi@...isiblethingslab.com>)
• 2022/07/06 #11: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Grant Taylor <gtaylor@...tconsulting.net>)
• 2022/07/06 #10: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Solar Designer <solar@...nwall.com>)
• 2022/07/06 #9: CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2022/07/06 #8: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Demi Marie Obenour <demi@...isiblethingslab.com>)
• 2022/07/06 #7: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Solar Designer <solar@...nwall.com>)
• 2022/07/06 #6: Re: Re: DO NOT OPEN PREVIOUS MAIL Re: Denial of service in GnuPG (Alexander Burke <alex@...xburke.ca>)

27998 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.