Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2020/04/07 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/04/07 #2: CVE-2020-1759 ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions (Hardik Vyas <hvyas@...hat.com>)
• 2020/04/07 #1: CVE-2020-1760 ceph: header-splitting in RGW GetObject has a possible XSS (Hardik Vyas <hvyas@...hat.com>)
• 2020/04/06 #2: CVE-2020-8834: Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability (Steve Beattie <steve.beattie@...onical.com>)
• 2020/04/06 #1: CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers (P J P <ppandit@...hat.com>)
• 2020/04/04 #1: Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (Daniel Ruggeri <druggeri@...che.org>)
• 2020/04/03 #1: Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2020/04/02 #5: Re: Deficient engineering processes (Reed Black <reed@...afeword.org>)
• 2020/04/02 #4: Re: Deficient engineering processes (Ulisses Albuquerque <ulisses.montenegro@...il.com>)
• 2020/04/02 #3: Re: Deficient engineering processes (Seth Arnold <seth.arnold@...onical.com>)
• 2020/04/02 #2: Re: Deficient engineering processes (Russ Allbery <eagle@...ie.org>)
• 2020/04/02 #1: Re: Deficient engineering processes (Michael Orlitzky <michael@...itzky.com>)
• 2020/04/01 #7: Deficient engineering processes (Jeffrey Walton <noloader@...il.com>)
• 2020/04/01 #6: [CVE-2020-1958]: Apache Druid LDAP injection vulnerability (Jonathan Wei <jonwei@...che.org>)
• 2020/04/01 #5: CVE-2020-1934: mod_proxy_ftp use of uninitialized value (Daniel Ruggeri <druggeri@...che.org>)
• 2020/04/01 #4: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (Daniel Ruggeri <druggeri@...che.org>)
• 2020/04/01 #3: CVE-2019-11254: Kubernetes: denial of service vulnerability from malicious YAML payloads (CJ Cullen <cjcullen@...gle.com>)
• 2020/04/01 #2: CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack (Colm O hEigeartaigh <coheigea@...che.org>)
• 2020/04/01 #1: Re: pam-krb5 security advisory (4.9 and earlier) (Jason Bishop <jason.bishop@...il.com>)
• 2020/03/31 #3: Re: pam-krb5 security advisory (4.9 and earlier) (Russ Allbery <eagle@...ie.org>)
• 2020/03/31 #2: Re: pam-krb5 security advisory (4.9 and earlier) (Russ Allbery <eagle@...ie.org>)
• 2020/03/31 #1: pam-krb5 security advisory (4.9 and earlier) (Russ Allbery <eagle@...ie.org>)
• 2020/03/30 #3: CVE-2020-8835: Linux kernel bpf incorrect verifier vulnerability (Steve Beattie <steve@...w.org>)
• 2020/03/30 #2: [CVE-2019-17561] "Apache NetBeans" autoupdate system does not fully validate code signatures. (Matthias Bläsing <mblaesing@...pel-helix.eu>)
• 2020/03/30 #1: [CVE-2019-17560] "Apache NetBeans" autoupdate cert validation (Matthias Bläsing <mblaesing@...pel-helix.eu>)
• 2020/03/26 #1: Stealing Videos from VLC-iOS (IDOR) (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2020/03/25 #2: Multiple vulnerabilities in Jenkins and Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/03/25 #1: CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability (Daniel Klco <dklco@...che.org>)
• 2020/03/23 #3: CVE-2020-8551, CVE-2020-8552: Kubernetes: Denial of service (Tim Allclair <tallclair@...gle.com>)
• 2020/03/23 #2: [CVE-2020-1957] Apache Shiro 1.5.2 released (Brian Demers <bdemers@...che.org>)
• 2020/03/23 #1: Serendipity XSS via update notification (minor, exploitable by s9y developers) (Hanno Böck <hanno@...eck.de>)
• 2020/03/19 #1: [CVE-2020-5267] Possible XSS vulnerability in ActionView (Aaron Patterson <tenderlove@...y-lang.org>)
• 2020/03/18 #5: U-Boot verified boot improper signature verification ("Janushkevich, Dmitry" <dmitry.janushkevich@...ecure.com>)
• 2020/03/18 #4: [CVE-2020-1951] Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser (Tim Allison <tallison@...che.org>)
• 2020/03/18 #3: [CVE-2020-1950] Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser (Tim Allison <tallison@...che.org>)
• 2020/03/18 #2: Re: Insecure implementation of OpenResty ngx.req.set_uri + memory content leak in nginx. (Vladimir Dubrovin <vlad@...urityvulns.ru>)
• 2020/03/18 #1: Insecure implementation of OpenResty ngx.req.set_uri + memory content leak in nginx. (Vladimir Dubrovin <vlad@...urityvulns.ru>)
• 2020/03/14 #1: [CVE-2019-10091] Apache Geode SSL endpoint verification vulnerability (Anthony Baker <abaker@...che.org>)
• 2020/03/13 #2: Re: Bluez <5.53 DoS/privilege escalation (Marc Deslauriers <marc.deslauriers@...onical.com>)
• 2020/03/13 #1: [CVE-2020-1953] Uncontrolled class instantiation when loading YAML files in Apache Commons Configuration (Oliver Heger <oheger@...che.org>)
• 2020/03/12 #4: Bluez <5.53 DoS/privilege escalation (Matthew Garrett <mjg59@...gle.com>)
• 2020/03/12 #3: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0003 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2020/03/12 #2: roccat-tools: unsafe multi user scenario involving group-writeable /var/lib/roccat directory (Matthias Gerstner <mgerstner@...e.de>)
• 2020/03/12 #1: [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543) (Goutham Pacha Ravi <gouthampravi@...il.com>)
• 2020/03/11 #1: [CVE-2020-1947] Apache ShardingSphere(incubator) deserialization vulnerability (Chen QingYang <chenqingyang@...che.org>)
• 2020/03/10 #1: Xen Security Advisory 315 v1 (CVE-2020-0551) - Load Value Injection (LVI) speculative side channel (Xen.org security team <security@....org>)
• 2020/03/09 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/03/06 #3: CVE-2020-10174: timeshift: arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift (Matthias Gerstner <mgerstner@...e.de>)
• 2020/03/06 #2: [CVE-2020-1943] Apache OFBiz XSS Vulnerability (Jacopo Cappellato <jacopoc@...che.org>)
• 2020/03/06 #1: BIND Operational Notification: An error in handling TCP client quota limits can exhaust TCP connections in BIND 9.16.0 (ISC Security Officer <security-officer@…)
• 2020/03/05 #1: CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect (P J P <ppandit@...hat.com>)
• 2020/03/04 #3: Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities (John Haxby <john.haxby@...cle.com>)
• 2020/03/04 #2: Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities (Igor Seletskiy <i@...udlinux.com>)
• 2020/03/04 #1: Django: CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle (Mariusz Felisiak <felisiak.mariusz@...il.com>)
• 2020/03/03 #1: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities (Benjamin Gilbert <benjamin.gilbert@...eos.com>)
• 2020/03/01 #2: Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (Florian Weimer <fweimer@...hat.com>)
• 2020/03/01 #1: Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ("Alexander E. Patrakov" <patrakov@...il.com>)
• 2020/02/27 #2: Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) (Jouni Malinen <jkmalinen@...il.com>)
• 2020/02/27 #1: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) (Jonathan Brossard <endrazine@...il.com>)
• 2020/02/26 #1: Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/02/25 #7: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Amadeusz Sławiński <amade@...blr.net>)
• 2020/02/25 #6: CVE-2020-9391: Ignoring the top byte of addresses in brk causes heap corruption (AArch64) (Florian Weimer <fweimer@...hat.com>)
• 2020/02/25 #5: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Salvatore Bonaccorso <carnil@...ian.org>)
• 2020/02/25 #4: Re: CVE-2020-2732: Nested VMX vulnerability (P J P <ppandit@...hat.com>)
• 2020/02/25 #3: CVE-2020-2732: Nested VMX vulnerability (Boris Ostrovsky <boris.ostrovsky@...cle.com>)
• 2020/02/25 #2: Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/02/25 #1: Re: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Cedric Buissart <cbuissar@...hat.com>)
• 2020/02/24 #6: Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ("Alexander E. Patrakov" <patrakov@...il.com>)
• 2020/02/24 #5: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/02/24 #4: Local information disclosure in OpenSMTPD (CVE-2020-8793) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/02/24 #3: Re: mailman 2.x: XSS via file attachments in list archives (Jim Popovitch <jim@...qc.com>)
• 2020/02/24 #2: mailman 2.x: XSS via file attachments in list archives (Hanno Böck <hanno@...eck.de>)
• 2020/02/24 #1: Re: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Cedric Buissart <cbuissar@...hat.com>)
• 2020/02/23 #1: [CVE-2020-1937] Apache Kylin SQL injection vulnerability (George Ni <nic@...che.org>)
• 2020/02/19 #2: [OSSA-2020-001] Nova can leak consoleauth token into log files (CVE-2015-9543) (Jeremy Stanley <fungi@...goth.org>)
• 2020/02/19 #1: Wordpress themegrill-demo-importer: database reset/auth bypass, incomplete fix due to CSRF (Hanno Böck <hanno@...eck.de>)
• 2020/02/14 #6: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2020/02/14 #5: Re: CVE for program distributing vulnerable components ? (Francis Perron <francisp@...gle.com>)
• 2020/02/14 #4: Re: Potential regression and/or incomplete fix for CVE-2017-12762 (Ibrahim el-sayed <i.elsayed92@...il.com>)
• 2020/02/14 #3: Re: CVE for program distributing vulnerable components ? (Simon McVittie <smcv@...ian.org>)
• 2020/02/14 #2: CVE for program distributing vulnerable components ? (security minded <osssecur1tym1nded@...il.com>)
• 2020/02/14 #1: Announce: OpenSSH 8.2 released (Damien Miller <djm@...nbsd.org>)
• 2020/02/12 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/02/12 #2: CVE-2020-7957: Dovecot: Specially crafted mail can crash snippet generation (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2020/02/12 #1: CVE-2020-7046: Dovecot: Truncated UTF-8 can be used to DoS submission-login and lmtp processes (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2020/02/11 #2: Re: Potential regression and/or incomplete fix for CVE-2017-12762 (Brad Spengler <spender@...ecurity.net>)
• 2020/02/11 #1: Potential regression and/or incomplete fix for CVE-2017-12762 (Ibrahim el-sayed <i.elsayed92@...il.com>)
• 2020/02/10 #1: CVE-2020-1942: Apache NiFi 0.0.1 to 1.11.0 information disclosure in logs (Andy LoPresto <alopresto@...che.org>)
• 2020/02/06 #5: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Amadeusz Sławiński <amade@...blr.net>)
• 2020/02/06 #4: [SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz (Jacopo Cappellato <jacopoc@...che.org>)
• 2020/02/06 #3: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Solar Designer <solar@...nwall.com>)
• 2020/02/06 #2: CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (P J P <ppandit@...hat.com>)
• 2020/02/06 #1: Re: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/05 #5: Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2020/02/05 #4: Re: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script ("Larry W. Cashdollar" <larry0@...com>)
• 2020/02/05 #3: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/05 #2: Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled (William Bowling <will@...wling.info>)
• 2020/02/05 #1: CVE-2020-1712 systemd: use-after-free when asynchronous polkit queries are performed (Riccardo Schirone <rschiron@...hat.com>)
• 2020/02/04 #3: Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of … (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/04 #2: Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr… (Solar Designer <solar@...nwall.com>)

25890 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.