oss-security mailing list

Follow @Openwall on Twitter for new release announcements and other news

oss-security mailing list

	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2021	92	91	98	90	88	45
2020	52	47	38	82	70	67	76	64	71	85	90	66
2019	102	48	49	86	51	103	107	80	71	75	67	70
2018	122	81	84	81	71	104	71	135	78	120	75	84
2017	252	278	171	171	209	278	225	157	214	162	196	93
2016	258	207	271	183	267	193	214	184	287	294	257	241
2015	377	336	355	319	277	243	266	197	195	206	205	208
2014	214	252	249	211	183	317	273	201	413	485	382	318
2013	217	323	246	258	200	201	260	265	163	203	182	199
2012	333	189	294	216	234	128	150	207	234	192	191	161
2011	153	169	318	354	159	224	258	164	137	203	241	146
2010	72	96	123	118	115	142	119	144	203	84	187	139
2009	89	81	75	114	96	59	84	99	102	122	108	74
2008		104	103	143	136	112	150	125	127	123	128	107

Recent messages:

2021/06/16 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
2021/06/16 #2: CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (Colm O hEigeartaigh <coheigea@...che.org>)
2021/06/16 #1: CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw (Robert Middleton <rmiddleton@...che.org>)
2021/06/15 #1: CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel (Norbert Slusarek <nslusarek@....net>)
2021/06/14 #1: xscreensaver: filename command injection in vidwhacker screensaver (Hanno Böck <hanno@...eck.de>)
2021/06/12 #2: CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny fi… (Andreas Lehmkuehler <andreas@...mi.de>)
2021/06/12 #1: CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file (Andreas Lehmkuehler <andreas@...mi.de>)
2021/06/11 #1: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Gianluca Gabrielli <ggabrielli@...e.de>)
2021/06/10 #16: Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request (Christophe JAILLET <christophe.jaillet@...adoo.fr>)
2021/06/10 #15: Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request (John Helmert III <jchelmert3@...teo.net>)
2021/06/10 #14: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
2021/06/10 #13: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>)
2021/06/10 #12: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Gianluca Gabrielli <ggabrielli@...e.de>)
2021/06/10 #11: Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Andrew Cooper <andrew.cooper3@...rix.com>)
2021/06/10 #10: Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Sven Kieske <S.Kieske@...twald.de>)
2021/06/10 #9: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #8: CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF' (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #7: CVE-2021-26691: Apache httpd: mod_session response handling heap overflow (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #6: CVE-2021-26690: Apache httpd: mod_session NULL pointer dereference (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #5: CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #4: CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #3: CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #2: CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections (Christophe JAILLET <jailletc36@...che.org>)
2021/06/10 #1: Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Xen.org security team <security@....org>)
2021/06/09 #2: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Xen.org security team <security@....org>)
2021/06/09 #1: connman stack buffer overflow in dnsproxy CVE-2021-33833 (Marcus Meissner <meissner@...e.de>)
2021/06/08 #9: Xen Security Advisory 373 v2 (CVE-2021-28692) - inappropriate x86 IOMMU timeout detection / handling (Xen.org security team <security@....org>)
2021/06/08 #8: Xen Security Advisory 377 v2 (CVE-2021-28690) - x86: TSX Async Abort protections not restored after S3 (Xen.org security team <security@....org>)
2021/06/08 #7: Xen Security Advisory 375 v2 (CVE-2021-0089) - Speculative Code Store Bypass (Xen.org security team <security@....org>)
2021/06/08 #6: Xen Security Advisory 374 v2 (CVE-2021-28691) - Guest triggered use-after-free in Linux xen-netback (Xen.org security team <security@....org>)
2021/06/08 #5: Xen Security Advisory 372 v3 (CVE-2021-28693) - xen/arm: Boot modules are not scrubbed (Xen.org security team <security@....org>)
2021/06/08 #4: CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control (JunXu Chen <chenjunxu@...che.org>)
2021/06/08 #3: Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname (butt3rflyh4ck <butterflyhuangxx@...il.com>)
2021/06/08 #2: CVE-2021-3573: UAF in hci_sock_bound_ioctl() function (Lin Horse <kylin.formalin@...il.com>)
2021/06/08 #1: Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname (Wade Mealing <wmealing@...hat.com>)
2021/06/07 #2: [CVE-2021-33896] Path traversal in Dino file transfers (Dino Team <team@...o.im>)
2021/06/07 #1: CVE-2021-3578: possible remote code execution in isync/mbsync (Oswald Buddenhagen <oswald.buddenhagen@....de>)
2021/06/06 #2: Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname (butt3rflyh4ck <butterflyhuangxx@...il.com>)
2021/06/06 #1: Re: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock ("Mike O'Connor" <mjo@...o.mi.org>)
2021/06/05 #2: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>)
2021/06/05 #1: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>)
2021/06/03 #1: CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() (Cedric Buissart <cbuissar@...hat.com>)
2021/06/02 #1: Django security releases 3.2.4, 3.1.12, and 2.2.24 for CVE-2021-33203 and CVE-2021-33571 (Carlton Gibson <carlton.gibson@...il.com>)
2021/06/01 #2: Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug (Mart111n <mmmart11nnnnn@...il.com>)
2021/06/01 #1: Linux kernel: nfc: null ptr dereference in llcp_sock_getname (butt3rflyh4ck <butterflyhuangxx@...il.com>)
2021/05/31 #1: QEMU: security issues in vhost-user-gpu (Mauro Matteo Cascella <mcascell@...hat.com>)
2021/05/29 #1: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Greg Kroah-Hartman <gregkh@...uxfoundation.org>)
2021/05/28 #2: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Marc Kleine-Budde <mkl@...gutronix.de>)
2021/05/28 #1: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Oliver Hartkopp <socketcan@...tkopp.net>)
2021/05/27 #2: CVE-2020-17514: Apache Fineract: Disabled hostname verification for HTTPS (James Dailey <jamespdailey@...il.com>)
2021/05/27 #1: [CVE-2021-33200] Linux kernel enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to p… (Piotr Krysiuk <piotras@...il.com>)
2021/05/26 #6: ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217) (Michael McNally <mcnally@....org>)
2021/05/26 #5: Re: CVE-2021-22543 - /dev/kvm LPE (Paolo Bonzini <pbonzini@...hat.com>)
2021/05/26 #4: Re: CVE-2021-22543 - /dev/kvm LPE (Solar Designer <solar@...nwall.com>)
2021/05/26 #3: CVE-2021-22543 - /dev/kvm LPE ("Eduardo' Vela\" <Nava>" <evn@...gle.com>)
2021/05/26 #2: [SECURITY ADVISORY] curl: TLS session caching disaster (Daniel Stenberg <daniel@...x.se>)
2021/05/26 #1: [SECURITY ADVISORY] curl: TELNET stack contents disclosure (Daniel Stenberg <daniel@...x.se>)
2021/05/25 #5: X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
2021/05/25 #4: CVE-2021-22160 Apache Pulsar Information Disclosure (PengHui Li <penghui@...che.org>)
2021/05/25 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
2021/05/25 #2: CVE-2021-23937: Apache Wicket: DNS proxy and possible amplification attack (Emond Papegaaij <papegaaij@...che.org>)
2021/05/25 #1: CVE-2021-3564 Linux Bluetooth device initialization implementation bug (Mart111n <mmmart11nnnnn@...il.com>)
2021/05/22 #1: Re: Plone security hotfix 20210518 (Maurits van Rees <maurits@...rees.org>)
2021/05/21 #1: Plone security hotfix 20210518 (Maurits van Rees <maurits@...rees.org>)
2021/05/19 #2: CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack (Aleksa Sarai <cyphar@...har.com>)
2021/05/19 #1: Prometheus 2.26.1-2.27.1 released to fix an Open Redirect security issue (Julien Pivotto <roidelapluie@...metheus.io>)
2021/05/18 #4: [kubernetes] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack (CJ Cullen <cjcullen@...gle.com>)
2021/05/18 #3: libx11 API Protocol Command Injection (Unparalleled IT Security Research <info@...aralleled.eu>)
2021/05/18 #2: libX11 security advisory: May 18, 2021 (Matthieu Herrb <matthieu@...rb.eu>)
2021/05/18 #1: please: CVE-2021-31153,CVE-2021-31154,CVE-2021-31155: local root exploit and further security issues in sudo-like utility (Matthias Gerstner <mgerstner@...e.de>)
2021/05/17 #7: Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service (Ana McTaggart <amctagga@...hat.com>)
2021/05/17 #6: Re: rxvt terminal (+bash) remoteish code execution 0day (Dan Yefihmov <dan@...htwave.net.ru>)
2021/05/17 #5: Re: rxvt terminal (+bash) remoteish code execution 0day (Jakub Wilk <jwilk@...lk.net>)
2021/05/17 #4: Re: Re: rxvt terminal (+bash) remoteish code execution 0day (def <def@...meet.info>)
2021/05/17 #3: Re: rxvt terminal (+bash) remoteish code execution 0day ("Priedhorsky, Reid" <reidpr@...l.gov>)
2021/05/17 #2: Re: rxvt terminal (+bash) remoteish code execution 0day (def <def@...meet.info>)
2021/05/17 #1: rxvt terminal (+bash) remoteish code execution 0day (def <def@...meet.info>)
2021/05/16 #3: Re: Open Source WAF testing tools (Ivan Novikov <in@...larm.com>)
2021/05/16 #2: Re: Open Source WAF testing tools (Brandon Perry <bperry.volatile@...il.com>)
2021/05/16 #1: Open Source WAF testing tools ("Martin O'Neil" <martinoneil.cyber@...il.com>)
2021/05/14 #5: CVE-2021-3531: Ceph: RGW unauthenticated denial of service (Ana McTaggart <amctagga@...hat.com>)
2021/05/14 #4: CVE-2021-3509: Ceph: Cross Site Scripting via token Cookie (Ana McTaggart <amctagga@...hat.com>)
2021/05/14 #3: Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) (Matthew Wild <mwild1@...il.com>)
2021/05/14 #2: Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) ("Robert G." <robert.groesser@...glemail.com>)
2021/05/14 #1: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Solar Designer <solar@...nwall.com>)
2021/05/13 #2: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Norbert Slusarek <nslusarek@....net>)
2021/05/13 #1: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) (Matthew Wild <mwild1@...il.com>)
2021/05/12 #3: Re: [CVE-2020-28018] Use-After-Free on Exim Question (Qualys Security Advisory <qsa@...lys.com>)
2021/05/12 #2: Re: [CVE-2020-28018] Use-After-Free on Exim Question ("harris.johnson.x" <harris.johnson.x@...tonmail.com>)
2021/05/12 #1: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Salvatore Bonaccorso <carnil@...ian.org>)
2021/05/11 #17: Re: [CVE-2020-28018] Use-After-Free on Exim Question (Qualys Security Advisory <qsa@...lys.com>)
2021/05/11 #16: Linux kernel: net/can/isotp: race condition leads to local privilege escalation (Norbert Slusarek <nslusarek@....net>)
2021/05/11 #15: Re: [CVE-2020-28018] Use-After-Free on Exim Question (null p0int3r <nullp0int3rx@...il.com>)
2021/05/11 #14: Re: [CVE-2020-28018] Use-After-Free on Exim Question (Qualys Security Advisory <qsa@...lys.com>)
2021/05/11 #13: CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
2021/05/11 #12: various 802.11 security issues - fragattacks.com (Johannes Berg <johannes@...solutions.net>)
2021/05/11 #11: CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
2021/05/11 #10: CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
2021/05/11 #9: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
2021/05/11 #8: Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 (Stefan Pietsch <s.pietsch@...vent.io>)

27046 messages

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.