oss-security mailing list
Recent messages:
- 2024/07/26 #3:
Re: GStreamer Security Advisory 2024-0003: Orc
compiler stack-based buffer overflow (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/07/26 #2:
Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow (Solar Designer <solar@...nwall.com>)
- 2024/07/26 #1:
GStreamer Security Advisory 2024-0003: Orc compiler stack-based
buffer overflow (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/07/25 #2:
CVE-2024-25090: Apache Roller: Insufficient input validation for
some user profile and bookmark fields when Roller in u… ("David M. Johnson" <snoopdave@...che.or…)
- 2024/07/25 #1:
[ANNOUNCE] Apache Traffic Server is vulnerable to request smuggling
and DoS (Masakazu Kitajo <maskit@...che.org>)
- 2024/07/24 #5:
Re: [SECURITY ADVISORY] curl: CVE-2024-6197: freeing
stack buffer in utf8asn1str (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/07/24 #4:
inux kernel: virtio-net host dos (John Haxby <john.haxby@...cle.com>)
- 2024/07/24 #3:
CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format
Reader (James Turton <dzamo@...che.org>)
- 2024/07/24 #2:
[SECURITY ADVISORY] curl: CVE-2024-6874: macidn punycode buffer
overread (Daniel Stenberg <daniel@...x.se>)
- 2024/07/24 #1:
[SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in
utf8asn1str (Daniel Stenberg <daniel@...x.se>)
- 2024/07/23 #6:
Re: linux-distros application for CentOS Project's
Hyperscale SIG (Michel Lind <michel@...hel-slm.name>)
- 2024/07/23 #5:
CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed
sensitive information (Yupeng Fu <yupeng@...che.org>)
- 2024/07/23 #4:
Re: linux-distros application for CentOS Project's Hyperscale SIG (Solar Designer <solar@...nwall.com>)
- 2024/07/23 #3:
CVE-2024-41178: Apache Arrow Rust Object Store: AWS
WebIdentityToken exposure in log files (Andrew Lamb <alamb@...che.org>)
- 2024/07/23 #2:
[OSSA-2024-002] OpenStack Nova: Incomplete file access fix and
regression for QCOW2 backing files and VMDK flat descriptors
… (Jeremy Stanley <fungi@...goth.org>)
- 2024/07/23 #1:
ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760,
CVE-2024-1737, CVE-2024-1975, CVE-2024-4076) (Aram Sargsyan <aram@....org>)
- 2024/07/22 #5:
GNU C Library version 2.40 released with 5 CVE fixes (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/07/22 #4:
CVE-2024-29070: Apache StreamPark: session not invalidated after
logout (Huajie Wang <benjobs@...che.org>)
- 2024/07/22 #3:
CVE-2024-38503: Apache Syncope: HTML tags can be injected into
Console or Enduser text fields (Francesco Chicchiriccò <ilgrosso@...che.org>)
- 2024/07/22 #2:
CVE-2024-34457: Apache StreamPark IDOR Vulnerability (Huajie Wang <benjobs@...che.org>)
- 2024/07/22 #1:
CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of
Sensitive Data (Rongtong Jin <jinrongtong@...che.org>)
- 2024/07/19 #3:
Re: Fwd: Node.js security updates for all active
release lines, July 2024 (Yogesh Mittal <ymittal@...hat.com>)
- 2024/07/19 #2:
CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion (Rohit Yadav <rohit@...che.org>)
- 2024/07/19 #1:
[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion (Abhishek Kumar <shwstppr@...che.org>)
- 2024/07/18 #4:
CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients (Colm O hEigeartaigh <coheigea@...che.org>)
- 2024/07/18 #3:
CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE (Colm O hEigeartaigh <coheigea@...che.org>)
- 2024/07/18 #2:
CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter (Colm O hEigeartaigh <coheigea@...che.org>)
- 2024/07/18 #1:
CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE
Vulnerability (Huajie Wang <benjobs@...che.org>)
- 2024/07/17 #7:
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in
server/vhost context on Windows (Eric Covener <covener@...che.org>)
- 2024/07/17 #6:
CVE-2024-40725: Apache HTTP Server: source code disclosure with
handlers configured via AddType (Eric Covener <covener@...che.org>)
- 2024/07/17 #5:
Python Infrastructure Admin Token Leaked Through Docker Hub ("Andrii Polkovnychenko [EXT]" <andreyp@...og.com>)
- 2024/07/17 #4:
CVE-2024-29120: Apache StreamPark: Information leakage
vulnerability (Huajie Wang <benjobs@...che.org>)
- 2024/07/17 #3:
[kubernetes] CVE-2024-5321: Incorrect permissions on Windows
containers logs (Craig Ingram <cjingram@...gle.com>)
- 2024/07/17 #2:
CVE-2024-29737: Apache StreamPark (incubating): maven build params
could trigger remote command execution (Huajie Wang <benjobs@...che.org>)
- 2024/07/17 #1:
CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven
build params could trigger remote command execution (Huajie Wang <benjobs@...che.org>)
- 2024/07/16 #11:
CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in
pipeline element installation process (Dominik Riemer <riemer@...che.org>)
- 2024/07/16 #10:
CVE-2024-31411: Apache StreamPipes: Potential remote code
execution (RCE) via file upload (Dominik Riemer <riemer@...che.org>)
- 2024/07/16 #9:
CVE-2024-30471: Apache StreamPipes: Potential creation of multiple
identical accounts (Dominik Riemer <riemer@...che.org>)
- 2024/07/16 #8:
Landlock news #4 (Mickaël Salaün <mic@...ikod.net>)
- 2024/07/16 #7:
CVE-2024-39877: Apache Airflow: DAG Author Code Execution
possibility in airflow-scheduler (Ephraim Anierobi <ephraimanierobi@...che.org>)
- 2024/07/16 #6:
CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability (Ephraim Anierobi <ephraimanierobi@...che.org>)
- 2024/07/16 #5:
CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse
not checking for specific engine functions (Daniel Gaspar <dpgaspar@...che.org>)
- 2024/07/16 #4:
Xen Security Advisory 459 v2 (CVE-2024-31144) - Xapi: Metadata
injection attack against backup/restore functionality (Xen.org security team <security@....org>)
- 2024/07/16 #3:
Xen Security Advisory 458 v2 (CVE-2024-31143) - double unlock in
x86 guest IRQ handling (Xen.org security team <security@....org>)
- 2024/07/16 #2:
Re: ASLRn't is still alive and well on x86
kernels, despite CVE-2024-26621 patch (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/07/16 #1:
Re: ASLRn't is still alive and well on x86
kernels, despite CVE-2024-26621 patch (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/07/15 #4:
CVE-2023-52290: Apache StreamPark (incubating): Unchecked SQL
query fields trigger SQL injection vulnerability (Huajie Wang <benjobs@...che.org>)
- 2024/07/15 #3:
Re: linux-distros application for CentOS Project's
Hyperscale SIG (Jonathan Wright <jonathan@...alinux.org>)
- 2024/07/15 #2:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/07/15 #1:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/07/13 #7:
Re: ASLRn't is still alive and well on x86
kernels, despite CVE-2024-26621 patch (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/07/13 #6:
CVE-2023-46801: Apache Linkis DataSource: Remote code execution
vulnerability in apache Linkis 1.4.0 (Heping Wang <peacewong@...che.org>)
- 2024/07/13 #5:
CVE-2023-49566: Apache Linkis DataSource: JDBC Datasource Module
with DB2 has JNDI Injection vulnerability (Heping Wang <peacewong@...che.org>)
- 2024/07/13 #4:
CVE-2023-41916: Apache Linkis DataSource: DatasourceManager module
has a JDBC parameter judgment logic vulnerability that a… (Heping Wang <peacewong@...che.org>)
- 2024/07/13 #3:
Re: backtrace_symbols() misuse by Ceph and its
supposedly-safe use (Simon McVittie <smcv@...ian.org>)
- 2024/07/13 #2:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/07/13 #1:
Re: backtrace_symbols() misuse by Ceph and its supposedly-safe
use (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/07/12 #3:
Re: ASLRn't is still alive and well on x86
kernels, despite CVE-2024-26621 patch (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/07/12 #2:
CVE-2024-36522: Apache Wicket: Remote code execution via XSLT
injection (Martin Tzvetanov Grigorov <mgrigorov@...che.org>)
- 2024/07/12 #1:
backtrace_symbols() misuse by Ceph and its supposedly-safe use (Alexander Patrakov <patrakov@...il.com>)
- 2024/07/11 #7:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Yves-Alexis Perez <corsac@...ian.org>)
- 2024/07/11 #6:
Re: Fwd: Node.js security updates for all active release lines, July 2024 (Solar Designer <solar@...nwall.com>)
- 2024/07/11 #5:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch ("David A. Wheeler" <dwheeler@...eeler.com>)
- 2024/07/11 #4:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Yves-Alexis Perez <corsac@...sac.net>)
- 2024/07/11 #3:
Re: linux-distros application for CentOS Project's
Hyperscale SIG (Neil Hanlon <neil@...ug.pw>)
- 2024/07/11 #2:
Re: linux-distros application for CentOS Project's
Hyperscale SIG (Michel Lind <michel@...hel-slm.name>)
- 2024/07/11 #1:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/07/10 #8:
Re: ASLRn't is still alive and well on x86
kernels, despite CVE-2024-26621 patch (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/07/10 #7:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Will Dormann <will.dormann@...lygence.com>)
- 2024/07/10 #6:
Re: linux-distros application for CentOS Project's
Hyperscale SIG (Mark Esler <mark.esler@...onical.com>)
- 2024/07/10 #5:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Yves-Alexis Perez <corsac@...ian.org>)
- 2024/07/10 #4:
Re: linux-distros application for CentOS Project's
Hyperscale SIG (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/07/10 #3:
linux-distros application for CentOS Project's Hyperscale SIG (Michel Lind <michel@...hel-slm.name>)
- 2024/07/10 #2:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Pete Allor <pallor@...hat.com>)
- 2024/07/10 #1:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Nick Tait <ntait@...hat.com>)
- 2024/07/09 #5:
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (Solar Designer <solar@...nwall.com>)
- 2024/07/09 #4:
CVE-2024-3596: RADIUS/UDP vulnerable to improved MD5 collision attack (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/07/09 #3:
Django CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 (Natalia Bidart <nataliabidart@...il.com>)
- 2024/07/09 #2:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Damien Miller <djm@...drot.org>)
- 2024/07/09 #1:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Florian Weimer <fweimer@...hat.com>)
- 2024/07/08 #8:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch ("David A. Wheeler" <dwheeler@...eeler.com>)
- 2024/07/08 #7:
Re: ASLRn't is still alive and well on x86 kernels, despite
CVE-2024-26621 patch (Will Dormann <will.dormann@...lygence.com>)
- 2024/07/08 #6:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Simon McVittie <smcv@...ian.org>)
- 2024/07/08 #5:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Will Dormann <will.dormann@...lygence.com>)
- 2024/07/08 #4:
Re: ASLRn't is still alive and well on x86 kernels,
despite CVE-2024-26621 patch (Florian Weimer <fweimer@...hat.com>)
- 2024/07/08 #3:
ASLRn't is still alive and well on x86 kernels, despite
CVE-2024-26621 patch (Will Dormann <will.dormann@...lygence.com>)
- 2024/07/08 #2:
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (Solar Designer <solar@...nwall.com>)
- 2024/07/08 #1:
CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in
Parameter Context Description (David Handermann <exceptionfactory@...che.org>)
- 2024/07/05 #1:
[ANNOUNCE] Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2 (Abhishek Kumar <shwstppr@...che.org>)
- 2024/07/04 #2:
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based
Linux systems (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/07/04 #1:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Qualys Security Advisory <qsa@...lys.com>)
- 2024/07/03 #11:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Yves-Alexis Perez <corsac@...ian.org>)
- 2024/07/03 #10:
CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read
vulnerabilities in the 7-Zip archiver (Maxim Suhanov <dfirblog@...il.com>)
- 2024/07/03 #9:
CVE-2024-39844: ZNC modtcl RCE (Martin Weinelt <martin@...uxlounge.net>)
- 2024/07/03 #8:
CVE-2024-39884: Apache HTTP Server: source code disclosure with
handlers configured via AddType (Eric Covener <covener@...che.org>)
- 2024/07/03 #7:
Re: Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including
CVE-2024-33871 arbitrary code execution (Thomas Rinsma <thomas@...ean.io>)
- 2024/07/03 #6:
Re: Announce: OpenSSH 9.8 released (Christian Fischer <christian.fischer@...enbone.net>)
- 2024/07/03 #5:
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux
systems (Qualys Security Advisory <qsa@...lys.com>)
- 2024/07/03 #4:
Re: CVE-2024-6387: RCE in OpenSSH's server, on
glibc-based Linux systems (Qualys Security Advisory <qsa@...lys.com>)
- 2024/07/03 #3:
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (Solar Designer <solar@...nwall.com>)
30340 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.