Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2021/04/14 #2: CVE-2021-20288 Ceph: Unauthorized global_id reuse in cephx (Ana McTaggart <amctagga@...hat.com>)
• 2021/04/14 #1: [kubernetes] CVE-2021-25735: Validating Admission Webhook does not observe some previous fields (Tim Allclair <timallclair@...il.com>)
• 2021/04/13 #1: X.Org server security advisory: April 13, 2021 (Matthieu Herrb <matthieu@...rb.eu>)
• 2021/04/12 #4: CVE-2021-27905: Apache Solr: SSRF vulnerability with the Replication handler (Mike Drob <mdrob@...che.org>)
• 2021/04/12 #3: CVE-2021-29262: Apache Solr: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settin… (Mike Drob <mdrob@...che.org>)
• 2021/04/12 #2: CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections (Mike Drob <mdrob@...che.org>)
• 2021/04/12 #1: CVE-2021-29425 (Possible limited path traversal in Apache Commons IO 2.2 to 2.6) (Jochen Wiedmann <jochen.wiedmann@...il.com>)
• 2021/04/10 #1: Re: Risk of local privilege escalation in GNU Guix (Leo Famulari <leo@...ulari.name>)
• 2021/04/09 #2: Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation (Alexander Popov <alex.popov@...ux.com>)
• 2021/04/09 #1: Re: Risk of local privilege escalation in GNU Guix (Leo Famulari <leo@...ulari.name>)
• 2021/04/08 #1: [CVE-2021-29154] Linux kernel incorrect computation of branch displacements in BPF JIT compiler can be abused to execute arbi… (Piotr Krysiuk <piotras@...il.com>)
• 2021/04/07 #2: Multiple vulnerabilities in Jenkins and Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/04/07 #1: CVE-2021-3483: Linux kernel: a use-after-free bug in nosy driver (马哲宇 <zheyuma97@...il.com>)
• 2021/04/06 #2: CVE-2021-29136: umoci: malicious layer with symlink entry for "/" allows overwriting of host files (Aleksa Sarai <cyphar@...har.com>)
• 2021/04/06 #1: Django: CVE-2021-28658: Potential directory-traversal via uploaded files (Mariusz Felisiak <felisiak.mariusz@...il.com>)
• 2021/04/05 #5: Re: Risk of local privilege escalation in GNU Guix (Leo Famulari <leo@...ulari.name>)
• 2021/04/05 #4: Re: Risk of local privilege escalation in GNU Guix (Leo Famulari <leo@...ulari.name>)
• 2021/04/05 #3: Re: Risk of local privilege escalation in GNU Guix (Jan Engelhardt <jengelh@...i.de>)
• 2021/04/05 #2: Re: Risk of local privilege escalation in GNU Guix (Henri Salo <henri@...v.fi>)
• 2021/04/05 #1: Re: Risk of local privilege escalation in GNU Guix (Leo Famulari <leo@...ulari.name>)
• 2021/04/02 #2: CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks (Colm O hEigeartaigh <coheigea@...che.org>)
• 2021/04/02 #1: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access (Jan Engelhardt <jengelh@...i.de>)
• 2021/04/01 #1: Re: kopano-core 11.0.1: Remote DoS by memory exhaustion (Jan Engelhardt <jengelh@...i.de>)
• 2021/03/31 #2: [SECURITY ADVISORY] curl: TLS 1.3 session ticket proxy host mixup (Daniel Stenberg <daniel@...x.se>)
• 2021/03/31 #1: [SECURITY ADVISORY] curl: Automatic referer leaks credentials (Daniel Stenberg <daniel@...x.se>)
• 2021/03/30 #4: Re: Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz (ortmann@...teo.de)
• 2021/03/30 #3: CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser (Tim Allison <tallison@...che.org>)
• 2021/03/30 #2: Xen Security Advisory 371 v3 (CVE-2021-28688) - Linux: blkback driver may leak persistent grants (Xen.org security team <security@....org>)
• 2021/03/30 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/03/29 #3: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0003 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2021/03/29 #2: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems (Jihoon Son <jihoonson@...che.org>)
• 2021/03/29 #1: Re: Linux Kernel: out of bounds array access in dm-ioctl.c (John Haxby <john.haxby@...cle.com>)
• 2021/03/28 #4: Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in s… (Jeroen Roovers <jer@...all.nl>)
• 2021/03/28 #3: Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in si… (Mark J Cox <mark@...nssl.org>)
• 2021/03/28 #2: Linux kernel: f2fs: out-of-bounds memory access bug (butt3rflyh4ck <butterflyhuangxx@...il.com>)
• 2021/03/28 #1: Linux Kernel: out of bounds array access in dm-ioctl.c (- Nop <nopitydays@...il.com>)
• 2021/03/27 #2: Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref i… (Gordon Tetlow <gordon@...lows.org>)
• 2021/03/27 #1: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in si… (Solar Designer <solar@...nwall.com>)
• 2021/03/24 #5: Re: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak co… (Piotr Krysiuk <piotras@...il.com>)
• 2021/03/24 #4: Re: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged… (Piotr Krysiuk <piotras@...il.com>)
• 2021/03/24 #3: CVE-2020-1946: Apache SpamAssassin has an OS Command Injection vulnerability (Sidney Markowitz <sidney@...che.org>)
• 2021/03/24 #2: Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz (ortmann@...teo.de)
• 2021/03/24 #1: Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable (Fabian Keil <freebsd-listen@...iankeil.de>)
• 2021/03/23 #3: Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2021/03/23 #2: [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation (Steve Beattie <steve.beattie@...onical.com>)
• 2021/03/23 #1: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Petr Matousek <pmatouse@...hat.com>)
• 2021/03/22 #1: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2021/03/21 #2: Re: kopano-core 11.0.1: Remote DoS by memory exhaustion (Robert Scheck <robert@...oraproject.org>)
• 2021/03/21 #1: [CVE-2021-26295] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI (Jacques Le Roux <jacques.le.roux@...7arts.com>)
• 2021/03/19 #16: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Sasha Levin <sashal@...nel.org>)
• 2021/03/19 #15: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Brad Spengler <spender@...ecurity.net>)
• 2021/03/19 #14: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Sasha Levin <sashal@...nel.org>)
• 2021/03/19 #13: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Eddie Chapman <eddie@...k.net>)
• 2021/03/19 #12: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Brad Spengler <spender@...ecurity.net>)
• 2021/03/19 #11: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Sasha Levin <sashal@...nel.org>)
• 2021/03/19 #10: CVE-2021-27906: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file (Andreas Lehmkuehler <lehmi@...che.org>)
• 2021/03/19 #9: CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file (Andreas Lehmkuehler <lehmi@...che.org>)
• 2021/03/19 #8: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Brad Spengler <spender@...ecurity.net>)
• 2021/03/19 #7: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Sasha Levin <sashal@...nel.org>)
• 2021/03/19 #6: kopano-core 11.0.1: Remote DoS by memory exhaustion (Jan Engelhardt <jengelh@...i.de>)
• 2021/03/19 #5: Grafana 7.4.5, 7.3.10 and 6.7.6 released with security fixes for Grafana Enterprose (Vardan Torosyan <vardan.torosyan@...fana.com>)
• 2021/03/19 #4: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Greg KH <greg@...ah.com>)
• 2021/03/19 #3: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak conten… (Piotr Krysiuk <piotras@...il.com>)
• 2021/03/19 #2: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged loc… (Piotr Krysiuk <piotras@...il.com>)
• 2021/03/19 #1: Risk of local privilege escalation in GNU Guix (Leo Famulari <leo@...ulari.name>)
• 2021/03/18 #9: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Solar Designer <solar@...nwall.com>)
• 2021/03/18 #8: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Sasha Levin <sashal@...nel.org>)
• 2021/03/18 #7: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Kurt H Maier <khm@...ops.net>)
• 2021/03/18 #6: Xen Security Advisory 368 v3 (CVE-2021-28687) - HVM soft-reset crashes toolstack (Xen.org security team <security@....org>)
• 2021/03/18 #5: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/03/18 #4: Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Greg KH <greg@...ah.com>)
• 2021/03/18 #3: Xen Security Advisory 368 v2 - HVM soft-reset crashes toolstack (Xen.org security team <security@....org>)
• 2021/03/18 #2: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Rohit Keshri <rkeshri@...hat.com>)
• 2021/03/18 #1: Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read (Salvatore Bonaccorso <carnil@...ian.org>)
• 2021/03/17 #18: Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read (Sasha Levin <sashal@...nel.org>)
• 2021/03/17 #17: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read (Rohit Keshri <rkeshri@...hat.com>)
• 2021/03/17 #16: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Greg KH <greg@...ah.com>)
• 2021/03/17 #15: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Evgenii Shatokhin <eshatokhin@...tuozzo.com>)
• 2021/03/17 #14: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Evgenii Shatokhin <eshatokhin@...tuozzo.com>)
• 2021/03/17 #13: Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Jan Kara <jack@...e.cz>)
• 2021/03/17 #12: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Salvatore Bonaccorso <carnil@...ian.org>)
• 2021/03/17 #11: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Greg KH <greg@...ah.com>)
• 2021/03/17 #10: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS (Rohit Keshri <rkeshri@...hat.com>)
• 2021/03/17 #9: Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Brad Spengler <spender@...ecurity.net>)
• 2021/03/17 #8: Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Greg Kroah-Hartman <gregkh@...uxfoundation.org>)
• 2021/03/17 #7: Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Wolfgang Frisch <wolfgang.frisch@...e.com>)
• 2021/03/17 #6: Re: Use After Free and Double Free bugs in Linux Kernel mainline (Greg KH <greg@...ah.com>)
• 2021/03/17 #5: Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Salvatore Bonaccorso <carnil@...ian.org>)
• 2021/03/17 #4: Re: Use After Free and Double Free bugs in Linux Kernel mainline (John Haxby <john.haxby@...cle.com>)
• 2021/03/17 #3: Use After Free and Double Free bugs in Linux Kernel mainline (lyl2019@...l.ustc.edu.cn)
• 2021/03/17 #2: Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Greg KH <greg@...ah.com>)
• 2021/03/17 #1: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent (Rohit Keshri <rkeshri@...hat.com>)
• 2021/03/16 #2: [CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities (Phil Pennock <oss-security-phil@...dhuis.org>)
• 2021/03/16 #1: [CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities (Phil Pennock <oss-security-phil@...dhuis.org>)
• 2021/03/15 #3: ES2021-04: VoIPmonitor static builds are compiled without any standard memory corruption protection ("Sandro Gauci" <sandro@...blesecurity.com>)
• 2021/03/15 #2: ES2021-03: VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer ("Sandro Gauci" <sandro@...blesecurity.com>)
• 2021/03/15 #1: ES2021-02: VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages ("Sandro Gauci" <sandro@...blesecurity.com>)
• 2021/03/13 #1: CVE-2021-27576: Apache OpenMeetings: bandwidth can be overloaded with public web service (Maxim Solodovnik <solomax@...che.org>)
• 2021/03/11 #2: CVE-2021-20269: kexec-tools: incorrect permissions on vmcore-dmesg.txt file (Wade Mealing <wmealing@...hat.com>)
• 2021/03/11 #1: CVE-2021-20261: kernel: panic in start_motor+0x21 when /dev/fd0 is read by multiple threads. (Wade Mealing <wmealing@...hat.com>)

26846 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.