Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2019/05/19 #6: [CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability (Juan Pablo Santos Rodríguez <juanpablo.santos@...il.com>)
• 2019/05/19 #5: [CVE-2019-10077] Apache JSPWiki Cross-site scripting vulnerability (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2019/05/19 #4: [CVE-2019-10076] Apache JSPWiki Cross-site scripting vulnerability (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2019/05/19 #3: Re: Potential DoS vulnerability in CGit ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2019/05/19 #2: Re: Potential DoS vulnerability in CGit (Wire Snark <wsnark@...a.io>)
• 2019/05/19 #1: Potential DoS vulnerability in CGit (Wire Snark <wsnark@...a.io>)
• 2019/05/16 #1: Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption (Matthias Gerstner <mgerstner@...e.de>)
• 2019/05/14 #3: Xen Security Advisory 297 v1 (CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091) - Microarchitectural Data Sa… (Xen.org security team <security@....org…)
• 2019/05/14 #2: Re: fprintd: found storing user fingerprints without encryption (halfdog <me@...fdog.net>)
• 2019/05/14 #1: Re: fprintd: found storing user fingerprints without encryption (halfdog <me@...fdog.net>)
• 2019/05/11 #1: Re: Re: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/05/10 #4: Re: System Down: A systemd-journald exploit (Qualys Security Advisory <qsa@...lys.com>)
• 2019/05/10 #3: Re: Re: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/05/10 #2: Re: Re: fprintd: found storing user fingerprints without encryption (halfdog <me@...fdog.net>)
• 2019/05/10 #1: Re: XSS via EXIF tag in Serendipity blog (Henri Salo <henri@...v.fi>)
• 2019/05/09 #1: [CVE-2018-11800] and [CVE-2018-11801] Apache Fineract SQL Injection Vulnerabilities fixed in v1.3.0 (Michael Vorburger <vorburger@...che.org>)
• 2019/05/08 #7: Re: Re: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/05/08 #6: Re: Re: fprintd: found storing user fingerprints without encryption (Roman Drahtmueller <draht@...altsekun.de>)
• 2019/05/08 #5: Re: Re: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/05/08 #4: Re: Re: fprintd: found storing user fingerprints without encryption (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/05/08 #3: Re: Re: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/05/08 #2: Re: Re: fprintd: found storing user fingerprints without encryption (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/05/08 #1: Re: Re: fprintd: found storing user fingerprints without encryption (Roman Drahtmueller <draht@...altsekun.de>)
• 2019/05/07 #1: Re: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/05/06 #1: [SECURITY] New security advisory for CVE-2019-0226 released for Apache Karaf (Jean-Baptiste Onofré <jb@...thrax.net>)
• 2019/05/05 #4: Re: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel (Greg KH <greg@...ah.com>)
• 2019/05/05 #3: Cross Site Scripting | WolfCMS v0.8.3.1 and before (Pramod Rana <varchashva@...il.com>)
• 2019/05/05 #2: CSV Injection | Alkacon OpenCMS v10.5.4 and before (Pramod Rana <varchashva@...il.com>)
• 2019/05/05 #1: Open source tool | Lets Map Your Network (Pramod Rana <varchashva@...il.com>)
• 2019/05/03 #3: XSS via EXIF tag in Serendipity blog (Hanno Böck <hanno@...eck.de>)
• 2019/05/03 #2: [CVE-2018-17202]: Apache Commons Imaging information disclosure vulnerability ("Bruno P. Kinoshita" <kinow@...che.org>)
• 2019/05/03 #1: [CVE-2018-17201]: Apache Commons Imaging information disclosure vulnerability ("Bruno P. Kinoshita" <kinow@...che.org>)
• 2019/05/02 #1: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel (Andrey Konovalov <andreyknvl@...il.com>)
• 2019/05/01 #1: [ANNOUNCE] CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability fix (Lou DeGenaro <lou.degenaro@...il.com>)
• 2019/04/30 #8: [SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server (Martin <martin_s@...che.org>)
• 2019/04/30 #7: [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS (Martin <martin_s@...che.org>)
• 2019/04/30 #6: Multiple vulnerabilities in Dovecot 2.3 (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2019/04/30 #5: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/04/30 #4: Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients) (Marcus Brinkmann <marcus.brinkmann@...r-uni-bochum.de>)
• 2019/04/30 #3: Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before (Pramod Rana <varchashva@...il.com>)
• 2019/04/30 #2: [SECURITY] New security advisory CVE-2019-0194 released for Apache Camel (Andrea Cosentino <ancosen1985@...oo.com>)
• 2019/04/30 #1: Re: Linux kernel: multiple issues (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/04/29 #3: [CVE-2019-9826] phpBB Native Fulltext Search denial of service (Colin Snover <mx1xcb@...afleet.com>)
• 2019/04/29 #2: Re: Linux kernel: multiple issues (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/04/29 #1: Linux kernel: multiple issues (Jann Horn <jannhorn@...glemail.com>)
• 2019/04/27 #3: Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) (andreas@...mhold.de)
• 2019/04/27 #2: Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) (Peter Korsgaard <peter@...sgaard.com>)
• 2019/04/27 #1: Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) (andreas@...mhold.de)
• 2019/04/26 #1: Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/04/25 #8: [CVE-2019-0186] The input fields of the Chat Room demo are vulnerable to Cross-Site Scripting (XSS) attacks (Neil Griffin <asfgriff@...che.org>)
• 2019/04/25 #7: Re: Security issues in snapcraft snap-confine set*id binary (Jamie Strandboge <jamie@...onical.com>)
• 2019/04/25 #6: Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments (Jamie Strandboge <jamie@...onical.com>)
• 2019/04/25 #5: Re: Linux kernel: no permission check during open() time of /proc/[pid]/maps in kernels < 3.18 (Solar Designer <solar@...nwall.com>)
• 2019/04/25 #4: Linux kernel: no permission check during open() time of /proc/[pid]/maps in kernels < 3.18 (Matthias Gerstner <mgerstner@...e.de>)
• 2019/04/25 #3: Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) (Peter Korsgaard <peter@...sgaard.com>)
• 2019/04/25 #2: CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS (P J P <ppandit@...hat.com>)
• 2019/04/25 #1: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) (Michael McNally <mcnally@....org>)
• 2019/04/24 #4: Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments (Jamie Strandboge <jamie@...onical.com>)
• 2019/04/24 #3: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments (Jamie Strandboge <jamie@...onical.com>)
• 2019/04/24 #2: Re: CVE-2018-11802: Apache Solr authorization bug vulnerability disclosure (Ishan Chattopadhyaya <ichattopadhyaya@...il.com>)
• 2019/04/24 #1: CVE-2018-11802: Apache Solr authorization bug vulnerability disclosure (Noble Paul <noble@...che.org>)
• 2019/04/23 #5: Re: Nokogiri security update v1.10.3 (Mike Dalessio <mike.dalessio@...il.com>)
• 2019/04/23 #4: [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability (Robbie Gemmell <robbie@...che.org>)
• 2019/04/23 #3: fprintd: found storing user fingerprints without encryption (Seong-Joong Kim <sungjungk@...il.com>)
• 2019/04/23 #2: Re: Nokogiri security update v1.10.3 (Florian Weimer <fweimer@...hat.com>)
• 2019/04/23 #1: Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328) (Apache Security Team <security@...che.org>)
• 2019/04/22 #1: Nokogiri security update v1.10.3 (Mike Dalessio <mike.dalessio@...il.com>)
• 2019/04/20 #1: [CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS (Daniel Gruno <humbedooh@...che.org>)
• 2019/04/19 #1: Re: urllib3: adds system certificates to ssl_context (Havoc Pennington <hp@...elift.com>)
• 2019/04/18 #20: Re: Linux kernel address leaks (Greg KH <greg@...ah.com>)
• 2019/04/18 #19: Linux kernel address leaks (Solar Designer <solar@...nwall.com>)
• 2019/04/18 #18: Linux kernel < 4.14.111 drivers/scsi/cxgbi/cxgb4i/cxgb4i.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #17: Linux kernel < 4.14.111 drivers/scsi/cxgbi/cxgb3i/cxgb3i.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #16: Linux kernel < 4.14.111 drivers/nfc/nfcmrvl/usb.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #15: Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #14: Linux kernel < 4.14.111 drivers/net/ethernet/netronome/nfp/nfp_net_debugfs.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #13: Linux kernel < 4.14.111 drivers/message/fusion/mptscsih.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #12: Linux kernel < 4.14.111 drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #11: Linux kernel < 4.14.111 drivers/message/fusion/mptbase.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #10: Linux kernel < 4.14.111 drivers/media/pci/saa7164/saa7164-core.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #9: Linux kernel < 4.14.111 drivers/media/dvb-frontends/horus3a.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #8: Linux kernel < 4.14.111 drivers/media/dvb-frontends/helene.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #7: Linux kernel < 4.14.111 drivers/media/dvb-frontends/cxd2841er.c kernel address dumps to user space (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/18 #6: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment (Jouni Malinen <j@...fi>)
• 2019/04/18 #5: Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID (Vladis Dronov <vdronov@...hat.com>)
• 2019/04/18 #4: Security issues in snapcraft snap-confine set*id binary (Matthias Gerstner <mgerstner@...e.de>)
• 2019/04/18 #3: CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2019/04/18 #2: Re: 3 pacemaker security flaws (Jan Pokorný <jpokorny@...hat.com>)
• 2019/04/18 #1: Announce: OpenSSH 8.0 released (Damien Miller <djm@...nbsd.org>)
• 2019/04/17 #3: urllib3: adds system certificates to ssl_context (Havoc Pennington <hp@...elift.com>)
• 2019/04/17 #2: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/04/17 #1: 3 pacemaker security flaws (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
• 2019/04/16 #1: kernel address leak in drivers/media/dvb-frontends/ascot2e.c - linux 4.14.111 LTS (Fuqian Huang <huangfq.daxian@...il.com>)
• 2019/04/15 #1: Re: Linux kernel < 4.8 local generic ASLR - CVE-ID (Vladis Dronov <vdronov@...hat.com>)
• 2019/04/14 #2: CVE-2019-3893: Foreman: Compute resource credentials exposed during deletion on API (Tomer Brisker <tbrisker@...hat.com>)
• 2019/04/14 #1: [CVE-2019-0231] MINA SSLFilter security Issue (Emmanuel Lecharny <elecharny@...che.org>)
• 2019/04/12 #2: Re: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/04/12 #1: [SECURITY] CVE-2019-0228 Apache PDFBox XML External Entity vulnerability (Andreas Lehmkuehler <andreas@...mi.de>)
• 2019/04/11 #1: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 (Michael Catanzaro <mcatanzaro@...lia.com>)
• 2019/04/10 #6: CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component (Ash Berlin-Taylor <ash@...che.org>)

25144 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.