Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2021/01/22 #3: Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest (P J P <ppandit@...hat.com>)
• 2021/01/22 #2: Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest (Daniel Walsh <dwalsh@...hat.com>)
• 2021/01/22 #1: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest (P J P <ppandit@...hat.com>)
• 2021/01/21 #4: CVE-2021-21261: Flatpak sandbox escape via spawn portal (aka GHSA-4ppf-fxf6-vxg2) (Simon McVittie <smcv@...ian.org>)
• 2021/01/21 #3: Xen Security Advisory 360 v1 - IRQ vector leak on x86 (Xen.org security team <security@....org>)
• 2021/01/21 #2: Re: libreoffice-online "loolforkit" privileged program local root exploit (Matthias Gerstner <mgerstner@...e.de>)
• 2021/01/21 #1: CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability (wjm wjm <wujimin@...che.org>)
• 2021/01/20 #1: CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (Andrew Wesie <andrew@...ori.io>)
• 2021/01/19 #10: Re: mutt recipient parsing memory leak (Utkarsh Gupta <utkarsh@...ian.org>)
• 2021/01/19 #9: Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates (Xen.org security team <security@....org>)
• 2021/01/19 #8: Xen Security Advisory 346 v3 (CVE-2020-27671) - undue deferral of IOMMU TLB flushes (Xen.org security team <security@....org>)
• 2021/01/19 #7: Xen Security Advisory 345 v4 (CVE-2020-27672) - x86: Race condition in Xen mapping code (Xen.org security team <security@....org>)
• 2021/01/19 #6: Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events (Xen.org security team <security@....org>)
• 2021/01/19 #5: Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries (Xen.org security team <security@....org>)
• 2021/01/19 #4: Xen Security Advisory 355 v3 (CVE-2020-29040) - stack corruption from XSA-346 change (Xen.org security team <security@....org>)
• 2021/01/19 #3: Xen Security Advisory 331 v3 (CVE-2020-27675) - Race condition in Linux event handler may crash dom0 (Xen.org security team <security@....org>)
• 2021/01/19 #2: segv_handler junkcode snippet / openSUSE segv_handler package potential local root exploit (Matthias Gerstner <mgerstner@...e.de>)
• 2021/01/19 #1: Multiple CVEs in dnsmasq fixed in version 2.83 (Riccardo Schirone <rschiron@...hat.com>)
• 2021/01/18 #3: libreoffice-online "loolforkit" privileged program local root exploit (Matthias Gerstner <mgerstner@...e.de>)
• 2021/01/18 #2: CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands (P J P <ppandit@...hat.com>)
• 2021/01/18 #1: [SECURITY] CVE-2020-11997: Apache Guacamole: Inconsistent restriction of connection history visibility (Mike Jumper <mjumper@...che.org>)
• 2021/01/17 #2: mutt recipient parsing memory leak (Tavis Ormandy <taviso@...il.com>)
• 2021/01/17 #1: Re: Adding an additional Amazon Linux member to distros@ (Solar Designer <solar@...nwall.com>)
• 2021/01/16 #2: MATE screensaver screen lock bypass with external monitor (Hanno Böck <hanno@...eck.de>)
• 2021/01/16 #1: Adding an additional Amazon Linux member to distros@ (Anthony Liguori <aliguori@...zon.com>)
• 2021/01/15 #2: Re: Re: [vs] Cinnamon lock screen bypass in multiple distributions (Morten Linderud <foxboron@...hlinux.org>)
• 2021/01/15 #1: Re: [vs] Cinnamon lock screen bypass in multiple distributions ("Alexander E. Patrakov" <patrakov@...il.com>)
• 2021/01/14 #1: [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure (Mark Thomas <markt@...che.org>)
• 2021/01/13 #6: CVE-2021-23926: XMLBeans XML Entity Expansion ("fanningpj@...che.org" <fanningpj@...che.org>)
• 2021/01/13 #5: Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload (Marcus Meissner <meissner@...e.de>)
• 2021/01/13 #4: CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2021/01/13 #3: Multiple vulnerabilities in Jenkins and Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/01/13 #2: Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload (David Disseldorp <ddiss@...e.de>)
• 2021/01/13 #1: Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability (Stefan Pietsch <s.pietsch@...vent.io>)
• 2021/01/12 #13: Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload (John Haxby <john.haxby@...cle.com>)
• 2021/01/12 #12: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload (David Disseldorp <ddiss@...e.de>)
• 2021/01/12 #11: RE: Gentoo's "contributing back" linux-distros tasks (Anthony Liguori <aliguori@...zon.com>)
• 2021/01/12 #10: Re: Gentoo's "contributing back" linux-distros tasks (Solar Designer <solar@...nwall.com>)
• 2021/01/12 #9: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (Philip Pettersson <philip.pettersson@...il.com>)
• 2021/01/12 #8: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (Solar Designer <solar@...nwall.com>)
• 2021/01/12 #7: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (Greg KH <greg@...ah.com>)
• 2021/01/12 #6: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (Sasha Levin <sashal@...nel.org>)
• 2021/01/12 #5: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic ("David A. Wheeler" <dwheeler@...eeler.com>)
• 2021/01/12 #4: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (John Haxby <john.haxby@...cle.com>)
• 2021/01/12 #3: Security issues in hawk2 and crmsh (Marcus Meissner <meissner@...e.de>)
• 2021/01/12 #2: Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (Greg KH <greg@...ah.com>)
• 2021/01/12 #1: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic (Wade Mealing <wmealing@...hat.com>)
• 2021/01/11 #6: [Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client (Brendan Burns <bburns@...rosoft.com>)
• 2021/01/11 #5: Re: Gentoo's "contributing back" linux-distros tasks (Anthony Liguori <aliguori@...n.com>)
• 2021/01/11 #4: Re: Gentoo's "contributing back" linux-distros tasks (Thomas Deutschmann <whissi@...too.org>)
• 2021/01/11 #3: Advisory: ES2021-01 - Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address ("Sandro Gauci" <sandro@...blesecurity.com>)
• 2021/01/11 #2: Various security fixes in sudo 1.9.5 (CVE-2021-23239, CVE-2021-23240) (Matthias Gerstner <mgerstner@...e.de>)
• 2021/01/11 #1: [CVE-2020-17534] HTML/Java API 1.7: A race condition between deletion of the temporary file and creation of the temporar… (Jaroslav Tulach <jaroslav.tulach@...il.…)
• 2021/01/10 #3: Re: Gentoo's "contributing back" linux-distros tasks (Solar Designer <solar@...nwall.com>)
• 2021/01/10 #2: Re: Gentoo's "contributing back" linux-distros tasks (Solar Designer <solar@...nwall.com>)
• 2021/01/10 #1: Re: distros list archive (Solar Designer <solar@...nwall.com>)
• 2021/01/08 #1: Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability (Stefan Pietsch <s.pietsch@...vent.io>)
• 2021/01/07 #1: Trovent Security Advisory 2010-01 / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability (Stefan Pietsch <s.pietsch@...vent.io>)
• 2021/01/06 #1: A security vulnerability in linux kernel 5.8.10 (Anthony Liguori <aliguori@...zon.com>)
• 2021/01/05 #2: [CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API (Robert Metzger <rmetzger@...che.org>)
• 2021/01/05 #1: [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API (Robert Metzger <rmetzger@...che.org>)
• 2021/01/04 #6: CVE-2020-26297: mdBook XSS (Pietro Albini <pietro@...troalbini.org>)
• 2021/01/04 #5: Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2021/01/04 #4: CVE-2020-24386: Dovecot: IMAP hibernation allows accessing other peoples mail (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2021/01/04 #3: CVE-2020-25275: Dovecot: MIME parsing crash (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2021/01/04 #2: Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (Ferruh Yigit <ferruh.yigit@...el.com>)
• 2021/01/04 #1: Re: DPDK security advisory for multiple vhost crypto issues (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2020/12/29 #1: CVE-2020-17533: Apache Accumulo Improper Handling of Insufficient Permissions (Billie Rinaldi <billie@...che.org>)
• 2020/12/28 #1: Re: CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree (butt3rflyh4ck <butterflyhuangxx@...il.com>)
• 2020/12/25 #3: Re: More CVE request experience (Fwd: Automatic reply: [EXT] Need a CVE for Crypto++) (Noel Kuntze <noel.kuntze@...rmi.consulting>)
• 2020/12/25 #2: More CVE request experience (Fwd: Automatic reply: [EXT] Need a CVE for Crypto++) (Jeffrey Walton <noloader@...il.com>)
• 2020/12/25 #1: Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) (Jeffrey Walton <noloader@...il.com>)
• 2020/12/23 #2: Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) (Nick Tait <ntait@...hat.com>)
• 2020/12/23 #1: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) (Fabian Keil <freebsd-listen@...iankeil.de>)
• 2020/12/22 #1: CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2020/12/21 #1: CVE-2020-17526: Apache Airflow Incorrect Session Validation in Airflow Webserver with default config (Kaxil Naik <kaxilnaik@...che.org>)
• 2020/12/17 #1: CVE-2020-17520 Apache Pulsar Manager Information Disclosure (bypass admin interceptor) (Guangning E <guangning@...che.org>)
• 2020/12/16 #7: CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila (Ana McTaggart <amctagga@...hat.com>)
• 2020/12/16 #6: CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2020/12/16 #5: Xen Security Advisory 343 v5 (CVE-2020-25599) - races with evtchn_reset() (Xen.org security team <security@....org>)
• 2020/12/16 #4: Xen Security Advisory 358 v5 (CVE-2020-29570) - FIFO event channels control block related ordering (Xen.org security team <security@....org>)
• 2020/12/16 #3: Xen Security Advisory 322 v5 (CVE-2020-29481) - Xenstore: new domains inheriting existing node permissions (Xen.org security team <security@....org>)
• 2020/12/16 #2: CVE-2020-13931 Apache TomEE - Incorrect config on JMS Resource Adapter can lead to JMX being enabled (Jonathan Gallimore <jonathan.gallimore@...il.com>)
• 2020/12/16 #1: [ANNOUNCE] qemu-security mailing list (P J P <ppandit@...hat.com>)
• 2020/12/15 #16: Xen Security Advisory 359 v3 (CVE-2020-29571) - FIFO event channels control structure ordering (Xen.org security team <security@....org>)
• 2020/12/15 #15: Xen Security Advisory 356 v3 (CVE-2020-29567) - infinite loop when cleaning up IRQ vectors (Xen.org security team <security@....org>)
• 2020/12/15 #14: Xen Security Advisory 358 v4 (CVE-2020-29570) - FIFO event channels control block related ordering (Xen.org security team <security@....org>)
• 2020/12/15 #13: Xen Security Advisory 353 v4 (CVE-2020-29479) - oxenstored: permissions not checked on root node (Xen.org security team <security@....org>)
• 2020/12/15 #12: Xen Security Advisory 352 v3 (CVE-2020-29486) - oxenstored: node ownership can be changed by unprivileged clients (Xen.org security team <security@....org>)
• 2020/12/15 #11: Xen Security Advisory 354 v4 (CVE-2020-29487) - XAPI: guest-triggered excessive memory usage (Xen.org security team <security@....org>)
• 2020/12/15 #10: Xen Security Advisory 349 v3 (CVE-2020-29568) - Frontends can trigger OOM in Backends by update a watched path (Xen.org security team <security@....org>)
• 2020/12/15 #9: Xen Security Advisory 350 v4 (CVE-2020-29569) - Use after free triggered by block frontend in Linux blkback (Xen.org security team <security@....org>)
• 2020/12/15 #8: Xen Security Advisory 348 v3 (CVE-2020-29566) - undue recursion in x86 HVM context switch code (Xen.org security team <security@....org>)
• 2020/12/15 #7: Xen Security Advisory 330 v3 (CVE-2020-29485) - oxenstored memory leak in reset_watches (Xen.org security team <security@....org>)
• 2020/12/15 #6: Xen Security Advisory 323 v3 (CVE-2020-29482) - Xenstore: wrong path length check (Xen.org security team <security@....org>)
• 2020/12/15 #5: Xen Security Advisory 324 v3 (CVE-2020-29484) - Xenstore: guests can crash xenstored via watchs (Xen.org security team <security@....org>)
• 2020/12/15 #4: Xen Security Advisory 325 v3 (CVE-2020-29483) - Xenstore: guests can disturb domain cleanup (Xen.org security team <security@....org>)
• 2020/12/15 #3: Xen Security Advisory 322 v4 (CVE-2020-29481) - Xenstore: new domains inheriting existing node permissions (Xen.org security team <security@....org>)
• 2020/12/15 #2: Xen Security Advisory 115 v4 (CVE-2020-29480) - xenstore watch notifications lacking permission checks (Xen.org security team <security@....org>)
• 2020/12/15 #1: Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? (Douglas Bagnall <douglas.bagnall@...alyst.net.nz>)

26609 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.