Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2019/03/21 #1: ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-3838 (Cedric Buissart <cbuissar@...hat.com>)
• 2019/03/19 #1: Re: [SECURITY ADVISORIES] libssh2 (Riccardo Schirone <rschiron@...hat.com>)
• 2019/03/18 #4: PowerDNS Security Advisory 2019-03 (Erik Winkels <erik.winkels@...n-xchange.com>)
• 2019/03/18 #3: [SECURITY ADVISORIES] libssh2 (Daniel Stenberg <daniel@...x.se>)
• 2019/03/18 #2: [OSSA-2019-001] Unsupported dport option prevents applying security groups in OpenStack Neutron (CVE-2019-9735) (Jeremy Stanley <fungi@...goth.org>)
• 2019/03/18 #1: CVE-2019-9824 QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (P J P <ppandit@...hat.com>)
• 2019/03/17 #1: CVE-2019-9573 / CVE-2019-9574: WordPress plugin hrm missing server side authorization checks (Henri Salo <henri@...v.fi>)
• 2019/03/16 #1: Fwd: [ANNOUNCE] libXdmcp 1.1.3 [fix for CVE-2017-2625] (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2019/03/15 #1: libseccomp: incorrect generation of syscall argument filters (Paul Moore <paul@...l-moore.com>)
• 2019/03/13 #5: [CVE-2019-5418] File Content Disclosure in Action View (Aaron Patterson <tenderlove@...y-lang.org>)
• 2019/03/13 #4: [CVE-2019-5419] Denial of Service Vulnerability in Action View (Aaron Patterson <tenderlove@...y-lang.org>)
• 2019/03/13 #3: [CVE-2019-5420] Possible Remote Code Execution Exploit in Rails Development Mode (Aaron Patterson <tenderlove@...y-lang.org>)
• 2019/03/13 #2: Re: [SECURITY] CVE-2018-1320 Apache Thrift SASL negotiation vulnerability (update) ("James E. King III" <jking@...che.org>)
• 2019/03/13 #1: Stack/Heap Clashing on Linux >=4.13 when loader directly invoked (Ali Saidi <asaidi@...il.com>)
• 2019/03/11 #1: CVE-2018-11767: Apache Hadoop KMS ACL regression (Akira Ajisaka <aajisaka@...che.org>)
• 2019/03/10 #1: Re: Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213) (Solar Designer <solar@...nwall.com>)
• 2019/03/07 #3: [SECURITY] New security advisory for CVE-2019-0191 released for Apache Karaf (Jean-Baptiste Onofré <jb@...thrax.net>)
• 2019/03/07 #2: [CVE-2018-11789] Apache Incubator Heron file access vulnerability (Neng Lu <freeneng@...il.com>)
• 2019/03/07 #1: CVE-2019-0192 Deserialization of untrusted data via jmx.serviceUrl in Apache Solr (Tomas Fernandez Lobbe <tflobbe@...che.org>)
• 2019/03/06 #3: Transient execution attacks leveraging port contention (Mathias Payer <mathias.payer@...elwelt.net>)
• 2019/03/06 #2: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/03/06 #1: Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213) (Jann Horn <jannhorn@...glemail.com>)
• 2019/03/05 #9: Xen Security Advisory 294 v2 - x86 shadow: Insufficient TLB flushing when using PCID (Xen.org security team <security@....org>)
• 2019/03/05 #8: Xen Security Advisory 293 v3 - x86: PV kernel context switch corruption (Xen.org security team <security@....org>)
• 2019/03/05 #7: Xen Security Advisory 290 v2 - missing preemption in x86 PV page table unvalidation (Xen.org security team <security@....org>)
• 2019/03/05 #6: Xen Security Advisory 288 v2 - x86: Inconsistent PV IOMMU discipline (Xen.org security team <security@....org>)
• 2019/03/05 #5: Xen Security Advisory 292 v2 - x86: insufficient TLB flushing when using PCID (Xen.org security team <security@....org>)
• 2019/03/05 #4: Xen Security Advisory 287 v2 - x86: steal_page violates page_struct access discipline (Xen.org security team <security@....org>)
• 2019/03/05 #3: Xen Security Advisory 291 v2 - x86/PV: page type reference counting issue with failed IOMMU update (Xen.org security team <security@....org>)
• 2019/03/05 #2: Xen Security Advisory 285 v2 - race with pass-through device hotplug (Xen.org security team <security@....org>)
• 2019/03/05 #1: Xen Security Advisory 284 v2 - grant table transfer issues on large hosts (Xen.org security team <security@....org>)
• 2019/03/04 #1: CVE-2018-11793: Mesos components might crash when parsing deeply nested JSON structures. (Alex R <alexr@...che.org>)
• 2019/03/03 #2: Re: Open Redirect in Tiny Tiny RSS (tt-rss) (Mark Steward <marksteward@...il.com>)
• 2019/03/03 #1: Open Redirect in Tiny Tiny RSS (tt-rss) (Hanno Böck <hanno@...eck.de>)
• 2019/03/02 #1: [SECURITY] CVE-2019-0187: Apache JMeter Missing client auth for RMI connection when distributed test is used (Philippe Mouawad <pmouawad@...che.org>)
• 2019/03/01 #3: [SECURITY] CVE-2019-0200: Apache Qpid Broker-J Denial of Service due to malformed AMQP 0-8 to 0-10 commands (Alex Rudyy <orudyy@...che.org>)
• 2019/03/01 #2: Re: Squirrelmail XSS Fixes (Hanno Böck <hanno@...eck.de>)
• 2019/03/01 #1: Squirrelmail XSS Fixes (Hanno Böck <hanno@...eck.de>)
• 2019/02/28 #1: ikiwiki: CVE-2019-9187: Server-side request forgery (Simon McVittie <smcv@...ian.org>)
• 2019/02/23 #1: Re: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/02/22 #2: Xen Security Advisory 283 v2 - Withdrawn Xen Security Advisory number (Xen.org security team <security@....org>)
• 2019/02/22 #1: Multiple BIND CVEs disclosed (CVE-2018-5744, CVE-2018-5745, CVE-2019-6465) (Michael McNally <mcnally@....org>)
• 2019/02/21 #3: CVE-2018-1002161 - Koji - SQL injection in multiple remote calls (Patrick Uiterwijk <puiterwijk@...hat.com>)
• 2019/02/21 #2: Kernel local root in SCTP / CVE-2019-8956 (Marcus Meissner <meissner@...e.de>)
• 2019/02/21 #1: CVE-2019-8934 QEMU: ppc64: sPAPR emulator leaks the host hardware identity (P J P <ppandit@...hat.com>)
• 2019/02/19 #2: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/02/19 #1: Re: CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message (Simon McVittie <smcv@...ian.org>)
• 2019/02/18 #3: CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message (Chris Coulson <chris.coulson@...onical.com>)
• 2019/02/18 #2: Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222) (Jann Horn <jannhorn@...glemail.com>)
• 2019/02/18 #1: CVE-2019-3812 - qemu - Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure (Wade Mealing <wmealing@...hat.com>)
• 2019/02/15 #1: MatrixSSL stack buffer overflow (Tavis Ormandy <taviso@...gle.com>)
• 2019/02/13 #10: Railroader: static analysis tool for Ruby on Rails (OSS fork of Brakeman) ("David A. Wheeler" <dwheeler@...eeler.com>)
• 2019/02/13 #9: Re: CVE-2019-5736: runc container breakout (all versions) (Loganaden Velvindron <loganaden@...il.com>)
• 2019/02/13 #8: Re: CVE-2019-5736: runc container breakout exploit code (EJ Campbell <ejc3@...izonmedia.com>)
• 2019/02/13 #7: Re: CVE-2019-5736: runc container breakout exploit code (EJ Campbell <ejc3@...izonmedia.com>)
• 2019/02/13 #6: [CVE-2018-11783] Apache Traffic Server vulnerability with sslheader plugin (Bryan Call <bcall@...che.org>)
• 2019/02/13 #5: Re: CVE-2019-5736: runc container breakout exploit code (Aleksa Sarai <cyphar@...har.com>)
• 2019/02/13 #4: Re: CVE-2019-5736: runc container breakout exploit code (Aleksa Sarai <cyphar@...har.com>)
• 2019/02/13 #3: CVE-2019-5736: runc container breakout exploit code (Aleksa Sarai <cyphar@...har.com>)
• 2019/02/13 #2: Re: CVE-2019-5736: runc container breakout (all versions) (Aleksa Sarai <asarai@...e.de>)
• 2019/02/13 #1: Re: CVE-2019-5736: runc container breakout (all versions) (Aleksa Sarai <asarai@...e.de>)
• 2019/02/12 #7: CVE-2017-3164: Apache Solr: SSRF issue (Tomas Fernandez Lobbe <tflobbe@...che.org>)
• 2019/02/12 #6: Two more LXC breakouts (both privileged), apparmor issue? ("Alexander E. Patrakov" <patrakov@...il.com>)
• 2019/02/12 #5: Re: CVE-2019-5736: runc container breakout (all versions) (Solar Designer <solar@...nwall.com>)
• 2019/02/12 #4: Re: CVE-2019-5736: runc container breakout (all versions) (Aleksa Sarai <cyphar@...har.com>)
• 2019/02/12 #3: Re: CVE-2019-5736: runc container breakout (all versions) (Steve Grubb <sgrubb@...hat.com>)
• 2019/02/12 #2: Re: CVE-2019-5736: runc container breakout (all versions) (Aleksa Sarai <asarai@...e.de>)
• 2019/02/12 #1: Re: CVE-2019-5736: runc container breakout (all versions) (Florian Weimer <fweimer@...hat.com>)
• 2019/02/11 #2: CVE-2019-5736: runc container breakout (all versions) (Aleksa Sarai <cyphar@...har.com>)
• 2019/02/11 #1: CVE-2019-6975 -- Django fixed memory exhaustion in utils.numberformat.format(). (Carlton Gibson <carlton.gibson@...il.com>)
• 2019/02/09 #1: WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 (Michael Catanzaro <mcatanzaro@...lia.com>)
• 2019/02/08 #1: CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail (Randy Barlow <randy@...ctronsweatshop.com>)
• 2019/02/07 #2: Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) (Timothy Michaud <tmm08a@....edu>)
• 2019/02/07 #1: Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) (Ben Hutchings <ben.hutchings@...ethink.co.uk>)
• 2019/02/06 #5: Re: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/02/06 #4: Re: Notes on fuzzing ImageMagick and GraphicsMagick (Hanno Böck <hanno@...eck.de>)
• 2019/02/06 #3: [SECURITY ADVISORY] curl: SMTP end-of-response out-of-bounds read (Daniel Stenberg <daniel@...x.se>)
• 2019/02/06 #2: [SECURITY ADVISORY] curl: NTLMv2 type-3 header stack buffer overflow (Daniel Stenberg <daniel@...x.se>)
• 2019/02/06 #1: [SECURITY ADVISORY] curl: NTLM type-2 out-of-bounds buffer read (Daniel Stenberg <daniel@...x.se>)
• 2019/02/05 #2: Notes on fuzzing ImageMagick and GraphicsMagick (Alex Gaynor <alex.gaynor@...il.com>)
• 2019/02/05 #1: CVE-2019-3814: Suitable client certificate can be used to login as other user (Aki Tuomi <aki.tuomi@...n-xchange.com>)
• 2019/02/02 #3: Linux kernel: BPF spectre v1 mitigation bypass (CVE-2019-7308, fixed in 4.19.19 and 4.20.6) (Jann Horn <jannhorn@...glemail.com>)
• 2019/02/02 #2: Re: CVE-2018-1340: Apache Guacamole: Secure flag missing from session cookie (Mike Jumper <mjumper@...che.org>)
• 2019/02/02 #1: Re: CVE-2018-1340: Apache Guacamole: Secure flag missing from session cookie (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/02/01 #2: Re: CVE-2018-1340: Apache Guacamole: Secure flag missing from session cookie (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/02/01 #1: Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki (Juan Pablo Santos Rodríguez <juanpablo.santos@...il.com>)
• 2019/01/31 #2: Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki (Henri Salo <henri@...v.fi>)
• 2019/01/31 #1: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2019/01/30 #1: [CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration (Sysdream Labs <labs@...dream.com>)
• 2019/01/29 #1: CVE-2018-11760: Apache Spark local privilege escalation vulnerability (Imran Rashid <irashid@...che.org>)
• 2019/01/28 #3: Re: CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c (Peter Korsgaard <peter@...sgaard.com>)
• 2019/01/28 #2: CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c (Scott Gayou <sgayou@...hat.com>)
• 2019/01/28 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/01/25 #1: CVE-2018-16880 Linux kernel: oob-write in drivers/vhost/net.c:get_rx_bufs() (Vladis Dronov <vdronov@...hat.com>)
• 2019/01/24 #5: CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() (P J P <ppandit@...hat.com>)
• 2019/01/24 #4: Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) (Yves-Alexis Perez <corsac@...ian.org>)
• 2019/01/24 #3: CVE-2018-1296: Apache Hadoop HDFS Permissive listXAttr Authorization (Akira Ajisaka <aajisaka@...che.org>)
• 2019/01/24 #2: CVE-2018-1340: Apache Guacamole: Secure flag missing from session cookie (Mike Jumper <mjumper@...che.org>)
• 2019/01/24 #1: CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request (P J P <ppandit@...hat.com>)
• 2019/01/23 #6: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) (Timothy Michaud <tmm08a@....edu>)

25013 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.