Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2018/12/18 #5: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array (P J P <ppandit@...hat.com>)
• 2018/12/18 #4: Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array (Agostino Sarubbo <ago@...too.org>)
• 2018/12/18 #3: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array (saar amar <saaramar5@...il.com>)
• 2018/12/18 #2: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array (P J P <ppandit@...hat.com>)
• 2018/12/18 #1: CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference (P J P <ppandit@...hat.com>)
• 2018/12/17 #1: Apache CouchDB CVE-2018-17188: Remote Privilege Escalations (Affects all versions < 2.3.0) (Jan Lehnardt <jan@...che.org>)
• 2018/12/14 #9: Go security releases 1.11.3 and 1.10.6 (Dmitri Shuralyov <dmitshur@...ang.org>)
• 2018/12/14 #8: Re: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/14 #7: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Solar Designer <solar@...nwall.com>)
• 2018/12/14 #6: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Solar Designer <solar@...nwall.com>)
• 2018/12/14 #5: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Solar Designer <solar@...nwall.com>)
• 2018/12/14 #4: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Jann Horn <jannhorn@...glemail.com>)
• 2018/12/14 #3: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Brad Spengler <spender@...ecurity.net>)
• 2018/12/14 #2: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Solar Designer <solar@...nwall.com>)
• 2018/12/14 #1: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Solar Designer <solar@...nwall.com>)
• 2018/12/13 #14: Re: Linux kernel: userfaultfd bypasses tmpfs file (Nicholas Luedtke <nicholas.luedtke@...lumni.com>)
• 2018/12/13 #13: WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 (Michael Catanzaro <mcatanzaro@...lia.com>)
• 2018/12/13 #12: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Yves-Alexis Perez <corsac@...ian.org>)
• 2018/12/13 #11: CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) (P J P <ppandit@...hat.com>)
• 2018/12/13 #10: Re: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/13 #9: Re: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/13 #8: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Greg KH <greg@...ah.com>)
• 2018/12/13 #7: Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) (Salva Peiró <speirofr@...il.com>)
• 2018/12/13 #6: Re: libvnc and tightvnc vulnerabilities (Solar Designer <solar@...nwall.com>)
• 2018/12/13 #5: Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) (Solar Designer <solar@...nwall.com>)
• 2018/12/13 #4: CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug (P J P <ppandit@...hat.com>)
• 2018/12/13 #3: Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) (Salva Peiró <speirofr@...il.com>)
• 2018/12/13 #2: Re: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/13 #1: Re: Multiple telnet.c overflows (Tavis Ormandy <taviso@...gle.com>)
• 2018/12/12 #13: Re: Multiple telnet.c overflows (Tavis Ormandy <taviso@...gle.com>)
• 2018/12/12 #12: Re: Multiple telnet.c overflows (Tavis Ormandy <taviso@...gle.com>)
• 2018/12/12 #11: Re: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/12 #10: Re: Multiple telnet.c overflows (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2018/12/12 #9: Re: Multiple telnet.c overflows (Tavis Ormandy <taviso@...gle.com>)
• 2018/12/12 #8: Re: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/12 #7: Re: Multiple telnet.c overflows (Tavis Ormandy <taviso@...gle.com>)
• 2018/12/12 #6: Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/12/12 #5: Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) (Solar Designer <solar@...nwall.com>)
• 2018/12/12 #4: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) (Salva Peiró <speirofr@...il.com>)
• 2018/12/12 #3: Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Solar Designer <solar@...nwall.com>)
• 2018/12/12 #2: Singularity: CVE-2018-19295: local root exploit - unprivileged users can join arbitrary mnt, net, pid and ipc namespaces (Matthias Gerstner <mgerstner@...e.de>)
• 2018/12/12 #1: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) (Jann Horn <jannh@...gle.com>)
• 2018/12/11 #2: Re: Multiple telnet.c overflows (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2018/12/11 #1: Multiple telnet.c overflows (Hacker Fantastic <hackerfantastic@...glemail.com>)
• 2018/12/10 #9: Re: mpg321: Out-of-bounds Write (Ren Kimura <rkx1209dev@...il.com>)
• 2018/12/10 #8: Re: libvnc and tightvnc vulnerabilities (Solar Designer <solar@...nwall.com>)
• 2018/12/10 #7: RE: libvnc and tightvnc vulnerabilities (Pavel Cheremushkin <Pavel.Cheremushkin@...persky.com>)
• 2018/12/10 #6: Re: libvnc and tightvnc vulnerabilities (Solar Designer <solar@...nwall.com>)
• 2018/12/10 #5: libvnc and tightvnc vulnerabilities (Pavel Cheremushkin <Pavel.Cheremushkin@...persky.com>)
• 2018/12/10 #4: Re: mpg321: Out-of-bounds Write (Ren Kimura <rkx1209dev@...il.com>)
• 2018/12/10 #3: Re: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
• 2018/12/10 #2: Re: Script sandbox bypass in multiple Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2018/12/10 #1: Re: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
• 2018/12/08 #2: Re: mpg321: Out-of-bounds Write (Matthew Fernandez <matthew.fernandez@...il.com>)
• 2018/12/08 #1: mpg321: Out-of-bounds Write (Ren Kimura <rkx1209dev@...il.com>)
• 2018/12/07 #3: Invalid free in cairo_ft_apply_variations (Michael Catanzaro <mcatanzaro@...lia.com>)
• 2018/12/07 #2: Enigmail XSA issue with WKD and HTTP authentication (Hanno Böck <hanno@...eck.de>)
• 2018/12/07 #1: [ANNOUNCE] Apache Ignite 2.7.0 Vulnerable Dependecies Updates (Dmitriy Pavlov <dpavlov@...che.org>)
• 2018/12/06 #1: CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) (P J P <ppandit@...hat.com>)
• 2018/12/05 #2: Re: PHP imap_open() script injection (sjw@....ch)
• 2018/12/05 #1: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
• 2018/12/04 #1: Re: UAF write in usb_audio_probe (Marcus Meissner <meissner@...e.de>)
• 2018/12/03 #2: PolicyKit: CVE-2018-19788: Improper handling of user with uid > INT_MAX leading to authentication bypass (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/12/03 #1: UAF write in usb_audio_probe (Mathias Payer <mathias.payer@...elwelt.net>)
• 2018/12/02 #2: Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Wei Wu <ww9210@...il.com>)
• 2018/12/02 #1: Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2018/11/29 #5: Re: memory safety bugs in bc (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• 2018/11/29 #4: Re: memory safety bugs in bc (Hanno Böck <hanno@...eck.de>)
• 2018/11/29 #3: Re: memory safety bugs in bc (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• 2018/11/29 #2: Re: memory safety bugs in bc (Marcus Meissner <meissner@...e.de>)
• 2018/11/29 #1: CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption (P J P <ppandit@...hat.com>)
• 2018/11/28 #1: memory safety bugs in bc (Hanno Böck <hanno@...eck.de>)
• 2018/11/27 #5: [CVE-2018-16477] Bypass vulnerability in Active Storage (Rafael Mendonça França <rafaelmfranca@...il.com>)
• 2018/11/27 #4: [CVE-2018-16476] Broken Access Control vulnerability in Active Job (Rafael Mendonça França <rafaelmfranca@...il.com>)
• 2018/11/27 #3: CVE-2018-19591: glibc if_nametoindex may not close descriptor (Florian Weimer <fweimer@...hat.com>)
• 2018/11/27 #2: CVE-2018-11766: Apache Hadoop privilege escalation vulnerability (Akira Ajisaka <aajisaka@...che.org>)
• 2018/11/27 #1: Re: Crashes and memory safety bugs in dcraw (Marcus Meissner <meissner@...e.de>)
• 2018/11/26 #2: PowerDNS Security Advisory 2018-09 (Remi Gacogne <remi.gacogne@...erdns.com>)
• 2018/11/26 #1: CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files (P J P <ppandit@...hat.com>)
• 2018/11/25 #4: Re: catdoc: out of bounds heap read and nullpointer / segfault (Hanno Böck <hanno@...eck.de>)
• 2018/11/25 #3: Re: PHP imap_open() script injection (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/11/25 #2: Re: catdoc: out of bounds heap read and nullpointer / segfault (Agostino Sarubbo <ago@...too.org>)
• 2018/11/25 #1: catdoc: out of bounds heap read and nullpointer / segfault (Hanno Böck <hanno@...eck.de>)
• 2018/11/24 #3: Path traversal in mozilla PDF.js [Unpatched] (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2018/11/24 #2: Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Yves-Alexis Perez <corsac@...ian.org>)
• 2018/11/24 #1: Re: Re: Crashes and memory safety bugs in dcraw (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2018/11/23 #10: Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Daniel Borkmann <daniel@...earbox.net>)
• 2018/11/23 #9: Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Yves-Alexis Perez <corsac@...ian.org>)
• 2018/11/23 #8: Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Greg KH <greg@...ah.com>)
• 2018/11/23 #7: Re: Crashes and memory safety bugs in dcraw (Ian Zimmerman <itz@...y.loosely.org>)
• 2018/11/23 #6: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) (Yves-Alexis Perez <corsac@...ian.org>)
• 2018/11/23 #5: CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak (Vladis Dronov <vdronov@...hat.com>)
• 2018/11/23 #4: Re: Crashes and memory safety bugs in dcraw (Marcus Meissner <meissner@...e.de>)
• 2018/11/23 #3: Re: Crashes and memory safety bugs in dcraw (Hanno Böck <hanno@...eck.de>)
• 2018/11/23 #2: Re: Crashes and memory safety bugs in dcraw (Agostino Sarubbo <ago@...too.org>)
• 2018/11/23 #1: Crashes and memory safety bugs in dcraw (Hanno Böck <hanno@...eck.de>)
• 2018/11/22 #3: PHP imap_open() script injection (Hanno Böck <hanno@...eck.de>)
• 2018/11/22 #2: CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability (Akira Ajisaka <aajisaka@...che.org>)
• 2018/11/22 #1: WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 (Michael Catanzaro <mcatanzaro@...lia.com>)
• 2018/11/20 #9: Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 ("Larry W. Cashdollar" <larry0@...com>)

24807 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.