Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2023/03/28 #7: Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free (Seth Arnold <seth.arnold@...onical.com>)
• 2023/03/28 #6: Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free (Solar Designer <solar@...nwall.com>)
• 2023/03/28 #5: Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free (Seth Arnold <seth.arnold@...onical.com>)
• 2023/03/28 #4: OpenSSL Security Advisory (Tomas Mraz <tomas@...nssl.org>)
• 2023/03/28 #3: Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free (Solar Designer <solar@...nwall.com>)
• 2023/03/28 #2: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free (Zhenghan Wang <wzhmmmmm@...il.com>)
• 2023/03/28 #1: CVE-2023-28326: Apache OpenMeetings: allows user impersonation (Maxim Solodovnik <solomax@...che.org>)
• 2023/03/27 #6: Re: New distros list statistics (Anthony Liguori <anthony@...emonkey.ws>)
• 2023/03/27 #5: Re: New distros list statistics (Solar Designer <solar@...nwall.com>)
• 2023/03/27 #4: CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls (James Dailey <jdailey@...che.org>)
• 2023/03/27 #3: CVE-2023-25196: Apache Fineract: SQL injection vulnerability (James Dailey <jdailey@...che.org>)
• 2023/03/27 #2: CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users (James Dailey <jdailey@...che.org>)
• 2023/03/27 #1: CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability in InLong (Charles Zhang <dockerzhang@...che.org>)
• 2023/03/24 #4: Re: TTY pushback vulnerabilities / TIOCSTI (Hanno Böck <hanno@...eck.de>)
• 2023/03/24 #3: CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution (Marcus Lange <marcus@...che.org>)
• 2023/03/24 #2: CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path (Marcus Lange <marcus@...che.org>)
• 2023/03/24 #1: New distros list statistics (Anthony Liguori <anthony@...emonkey.ws>)
• 2023/03/23 #1: [CVE-2023-28686] Insufficient message sender validation in Dino (Dino Team <team@...o.im>)
• 2023/03/22 #2: CVE-2023-0464: OpenSSL: Excessive Resource Usage Verifying X.509 Policy Constraints (Solar Designer <solar@...nwall.com>)
• 2023/03/22 #1: CVE-2023-28708: Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations (Mark Thomas <markt@...che.org>)
• 2023/03/21 #5: Re: TTY pushback vulnerabilities / TIOCSTI (Jakub Wilk <jwilk@...lk.net>)
• 2023/03/21 #4: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2023/03/21 #3: Xen Security Advisory 429 v3 (CVE-2022-42331) - x86: speculative vulnerability in 32bit SYSCALL path (Xen.org security team <security@....org>)
• 2023/03/21 #2: Xen Security Advisory 428 v3 (CVE-2022-42333,CVE-2022-42334) - x86/HVM pinned cache attributes mis-handling (Xen.org security team <security@....org>)
• 2023/03/21 #1: Xen Security Advisory 427 v2 (CVE-2022-42332) - x86 shadow plus log-dirty mode use-after-free (Xen.org security team <security@....org>)
• 2023/03/20 #7: CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to … (Radu Cotescu <radu@...che.org>)
• 2023/03/20 #6: [SECURITY ADVISORY] curl: CVE-2023-27538: SSH connection too eager reuse still (Daniel Stenberg <daniel@...x.se>)
• 2023/03/20 #5: [SECURITY ADVISORY] curl: CVE-2023-27537: HSTS double-free (Daniel Stenberg <daniel@...x.se>)
• 2023/03/20 #4: [SECURITY ADVISORY] curl: CVE-2023-27536: GSS delegation too eager connection re-use (Daniel Stenberg <daniel@...x.se>)
• 2023/03/20 #3: [SECURITY ADVISORY] curl: CVE-2023-27535: FTP too eager connection reuse (Daniel Stenberg <daniel@...x.se>)
• 2023/03/20 #2: [SECURITY ADVISORY] curl: CVE-2023-27534: SFTP path ~ resolving discrepancy (Daniel Stenberg <daniel@...x.se>)
• 2023/03/20 #1: [SECURITY ADVISORY] curl: CVE-2023-27533: TELNET option IAC injection (Daniel Stenberg <daniel@...x.se>)
• 2023/03/19 #4: Re: First result on google promotes insecure coding (XSS) (Georgi Guninski <gguninski@...il.com>)
• 2023/03/19 #3: Re: First result on google promotes insecure coding (XSS) (Solar Designer <solar@...nwall.com>)
• 2023/03/19 #2: First result on google promotes insecure coding (XSS) (Georgi Guninski <gguninski@...il.com>)
• 2023/03/19 #1: Re: TTY pushback vulnerabilities / TIOCSTI (Hanno Böck <hanno@...eck.de>)
• 2023/03/18 #3: Re: TTY pushback vulnerabilities / TIOCSTI (Eric Ashley <eric@...data.us>)
• 2023/03/18 #2: Re: TTY pushback vulnerabilities / TIOCSTI (Christos Zoulas <christos@...las.com>)
• 2023/03/18 #1: Re: TTY pushback vulnerabilities / TIOCSTI ("Lyndon Nerenberg (VE7TFX/VE6BBM)" <lyndon@...hanc.ca>)
• 2023/03/17 #5: Re: TTY pushback vulnerabilities / TIOCSTI (Jakub Wilk <jwilk@...lk.net>)
• 2023/03/17 #4: Re: TTY pushback vulnerabilities / TIOCSTI (Ed Maste <emaste@...ebsd.org>)
• 2023/03/17 #3: Re: TTY pushback vulnerabilities / TIOCSTI (Hanno Böck <hanno@...eck.de>)
• 2023/03/17 #2: flatpak: CVE-2023-28101: escape characters in metadata can hide app permissions in terminal (Simon McVittie <smcv@...ian.org>)
• 2023/03/17 #1: flatpak: CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console (Simon McVittie <smcv@...ian.org>)
• 2023/03/16 #2: CVE-2023-24278 - Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint (Giannis Christodoulakos <gchristodoulakos@...sus-labs.com>)
• 2023/03/16 #1: CVE-2023-24278 - Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint (Giannis Christodoulakos <gchristodoulakos@...sus-labs.com>)
• 2023/03/15 #8: Announce: OpenSSH 9.3 released (Damien Miller <djm@....openbsd.org>)
• 2023/03/15 #7: Minor stack-based buffer overflow in OpenBSD's libskey (Qualys Security Advisory <qsa@...lys.com>)
• 2023/03/15 #6: Re: TTY pushback vulnerabilities / TIOCSTI (Jan Engelhardt <jengelh@...i.de>)
• 2023/03/15 #5: Re: TTY pushback vulnerabilities / TIOCSTI (Hanno Böck <hanno@...eck.de>)
• 2023/03/15 #4: Re: TTY pushback vulnerabilities / TIOCSTI (Casper Dik <casper.dik@...cle.com>)
• 2023/03/15 #3: Re: TTY pushback vulnerabilities / TIOCSTI (Dave Horsfall <dave@...sfall.org>)
• 2023/03/15 #2: CVE-2023-25695: Information disclosure in Apache Airflow (Jarek Potiuk <potiuk@...che.org>)
• 2023/03/15 #1: Re: TTY pushback vulnerabilities / TIOCSTI (Fabian Keil <freebsd-listen@...iankeil.de>)
• 2023/03/14 #11: Re: TTY pushback vulnerabilities / TIOCSTI (Shawn Webb <shawn.webb@...denedbsd.org>)
• 2023/03/14 #10: Re: Re: sox: patches for old vulnerabilities (Steffen Nurpmeso <steffen@...oden.eu>)
• 2023/03/14 #9: Re: Re: sox: patches for old vulnerabilities (Steffen Nurpmeso <steffen@...oden.eu>)
• 2023/03/14 #8: Security issue in Hotspot elevate_perf_privileges.sh (CVE-2023-28144) (Matthias Gerstner <mgerstner@...e.de>)
• 2023/03/14 #7: Re: sox: patches for old vulnerabilities (Helmut Grohne <helmut@...divi.de>)
• 2023/03/14 #6: Re: TTY pushback vulnerabilities / TIOCSTI (Peter Bex <peter@...e-magic.net>)
• 2023/03/14 #5: Re: TTY pushback vulnerabilities / TIOCSTI (Hanno Böck <hanno@...eck.de>)
• 2023/03/14 #4: Re: TTY pushback vulnerabilities / TIOCSTI (Peter Bex <peter@...e-magic.net>)
• 2023/03/14 #3: Re: TTY pushback vulnerabilities / TIOCSTI (Jakub Wilk <jwilk@...lk.net>)
• 2023/03/14 #2: TTY pushback vulnerabilities / TIOCSTI (Hanno Böck <hanno@...eck.de>)
• 2023/03/14 #1: Re: A USB-accessible slab-out-of-bounds read in Linux kernel driver (Jisoo Jang <jisoo.jang@...sei.ac.kr>)
• 2023/03/13 #2: CVE-2023-1032 - Linux kernel io_uring IORING_OP_SOCKET double free (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2023/03/13 #1: A USB-accessible slab-out-of-bounds read in Linux kernel driver (Jisoo Jang <jisoo.jang@...sei.ac.kr>)
• 2023/03/10 #1: CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender (Arnout Engelen <engelen@...che.org>)
• 2023/03/09 #2: Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) (Qualys Security Advisory <qsa@...lys.com>)
• 2023/03/09 #1: Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop (Salvatore Bonaccorso <carnil@...ian.org>)
• 2023/03/08 #3: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
• 2023/03/08 #2: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop (Gabriel Corona <gabriel.corona@...e.fr>)
• 2023/03/08 #1: CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass (Albumen Kevin <albumenj@...che.org>)
• 2023/03/07 #2: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (Eric Covener <covener@...che.org>)
• 2023/03/07 #1: CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy (Eric Covener <covener@...che.org>)
• 2023/03/06 #1: Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) (Georgi Guninski <gguninski@...il.com>)
• 2023/03/03 #1: UAF in OpenSSL up to 3.0.7 (Octavio Galland <octavio.galland@...il.com>)
• 2023/03/02 #1: Linux kernel: CVE-2023-1118: UAF vulnerabilities in "drivers/media/rc" directory (duoming@....edu.cn)
• 2023/03/01 #8: Re: sudo: double free with per-command chroot sudoers rules (Marc Deslauriers <marc.deslauriers@...onical.com>)
• 2023/03/01 #7: CVE-2023-1077: Linux kernel: Type confusion in pick_next_rt_entity() (Pietro Borrello <borrello@...g.uniroma1.it>)
• 2023/03/01 #6: CVE-2023-1075 - Linux Kernel: Type Confusion in tls_is_tx_ready() (Pietro Borrello <borrello@...g.uniroma1.it>)
• 2023/03/01 #5: CVE-2023-1076: Linux Kernel: Type Confusion hardcodes tuntap socket UID to root (Pietro Borrello <borrello@...g.uniroma1.it>)
• 2023/03/01 #4: CVE-2023-1079: Linux Kernel: Use-After-Free in asus_kbd_backlight_set() (Pietro Borrello <borrello@...g.uniroma1.it>)
• 2023/03/01 #3: Re: sudo: double free with per-command chroot sudoers rules ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2023/03/01 #2: Re: sudo: double free with per-command chroot sudoers rules (Noryungi <noryungi@...il.com>)
• 2023/03/01 #1: Re: sudo: double free with per-command chroot sudoers rules (John Helmert III <ajak@...too.org>)
• 2023/02/28 #1: sudo: double free with per-command chroot sudoers rules ("Todd C. Miller" <Todd.Miller@...lert.dev>)
• 2023/02/23 #8: CVE-2023-25956: Apache Airflow AWS Provider: Arbitrary file read via AWS provider (Jarek Potiuk <potiuk@...che.org>)
• 2023/02/23 #7: CVE-2023-25696: Apache Airflow Hive Provider Beeline RCE (Jarek Potiuk <potiuk@...che.org>)
• 2023/02/23 #6: CVE-2023-25693: Sqoop Apache Airflow Provider Remote Code Execution Vulnerability (Jarek Potiuk <potiuk@...che.org>)
• 2023/02/23 #5: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service (Jarek Potiuk <potiuk@...che.org>)
• 2023/02/23 #4: CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution (Jarek Potiuk <potiuk@...che.org>)
• 2023/02/23 #3: Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) (Qualys Security Advisory <qsa@...lys.com>)
• 2023/02/23 #2: CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way (Carsten Ziegeler <cziegeler@...che.org>)
• 2023/02/23 #1: Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup (butt3rflyh4ck <butterflyhuangxx@...il.com>)
• 2023/02/22 #2: Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) (Demi Marie Obenour <demi@...isiblethingslab.com>)
• 2023/02/22 #1: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) (Qualys Security Advisory <qsa@...lys.com>)
• 2023/02/20 #3: CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts (Mark Thomas <markt@...che.org>)
• 2023/02/20 #2: CVE-2023-24998: Apache Commons FileUpload: FileUpload DoS with excessive parts (Mark Thomas <markt@...che.org>)
• 2023/02/20 #1: CVE-2023-25613: LDAP Injection Vulnerability in Apache Kerby (Colm O hEigeartaigh <coheigea@...che.org>)

28597 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.