Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2023/06/08 #1: Re: Linux kernel: off-by-one in fl_set_geneve_opt (Hangyu Hua <hbh25y@...il.com>)
• 2023/06/07 #2: Re: Linux kernel: off-by-one in fl_set_geneve_opt (Hangyu Hua <hbh25y@...il.com>)
• 2023/06/07 #1: Linux kernel: off-by-one in fl_set_geneve_opt (Hangyu Hua <hbh25y@...il.com>)
• 2023/06/06 #5: Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer (Michael Jumper <mjumper@...che.org>)
• 2023/06/06 #4: Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer (Demi Marie Obenour <demi@...isiblethingslab.com>)
• 2023/06/06 #3: LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 (Qualys Security Advisory <qsa@...lys.com>)
• 2023/06/06 #2: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer (Michael Jumper <mjumper@...che.org>)
• 2023/06/06 #1: [SECURITY] CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths (Michael Jumper <mjumper@...che.org>)
• 2023/06/05 #1: RE: Update CVE-2021-3610 (cpe_dictionary <cpe_dictionary@...t.gov>)
• 2023/06/01 #1: [vs] CVE-2023-32324 heap buffer overflow in cupsd (Zdenek Dohnal <zdohnal@...hat.com>)
• 2023/05/30 #2: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2023/05/30 #1: OpenSSL Security Advisory (Tomas Mraz <tomas@...nssl.org>)
• 2023/05/29 #4: Update CVE-2021-3610: ImageMagick (Bastien Roucariès <rouca@...ian.org>)
• 2023/05/29 #3: Re: Stack overflow in imagemagick coders/tiff.c (Bastien Roucariès <rouca@...ian.org>)
• 2023/05/29 #2: CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs (Marcus Eriksson <marcuse@...che.org>)
• 2023/05/29 #1: Stack overflow in imagemagick coders/tiff.c (Bastien Roucariès <rouca@...ian.org>)
• 2023/05/26 #1: CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration (Elad Kalif <eladkal@...che.org>)
• 2023/05/25 #2: [kubernetes] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs (Monis Khan <i@...is.app>)
• 2023/05/25 #1: CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
• 2023/05/24 #7: Attestation, reproducible builds, and bootstrapping (Ludovic Courtès <ludo@....org>)
• 2023/05/24 #6: Re: Clarification on embargoed testing in a partner cloud (Brian Behlendorf <brian@...lendorf.com>)
• 2023/05/24 #5: Re: Clarification on embargoed testing in a partner cloud (Jeremy Stanley <fungi@...goth.org>)
• 2023/05/24 #4: Re: Clarification on embargoed testing in a partner cloud (Anthony Liguori <anthony@...emonkey.ws>)
• 2023/05/24 #3: Fwd: Forthcoming OpenSSL Releases (Solar Designer <solar@...nwall.com>)
• 2023/05/24 #2: Re: Clarification on embargoed testing in a partner cloud (Solar Designer <solar@...nwall.com>)
• 2023/05/24 #1: Re: Clarification on embargoed testing in a partner cloud (Moritz Mühlenhoff <jmm@...til.org>)
• 2023/05/23 #1: CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configurat… (Rongtong Jin <jinrongtong@...che.org>)
• 2023/05/22 #2: c-ares multiple vulnerabilities: CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124 (Brad House <brad@...d-house.com>)
• 2023/05/22 #1: CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete (Mark Thomas <markt@...che.org>)
• 2023/05/21 #11: CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #10: CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #9: CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #8: CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #7: CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #6: CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #5: CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #4: CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #3: CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #2: CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/21 #1: CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks (Charles Zhang <dockerzhang@...che.org>)
• 2023/05/19 #1: Re: IPv6 and Route of Death (Dominique Martinet <asmadeus@...ewreck.org>)
• 2023/05/18 #1: Re: IPv6 and Route of Death (Andrew Worsley <amworsley@...il.com>)
• 2023/05/17 #9: Re: IPv6 and Route of Death (Erik Auerswald <auerswal@...x-ag.uni-kl.de>)
• 2023/05/17 #8: Re: IPv6 and Route of Death (Solar Designer <solar@...nwall.com>)
• 2023/05/17 #7: Re: IPv6 and Route of Death (Barry Greene <bgreene@...ki.org>)
• 2023/05/17 #6: IPv6 and Route of Death (Jeffrey Walton <noloader@...il.com>)
• 2023/05/17 #5: CVE-2023-24805: RCE in cups-filters, beh CUPS backend (Till Kamppeter <till.kamppeter@...il.com>)
• 2023/05/17 #4: curl: CVE-2023-28322: more POST-after-PUT confusion (Daniel Stenberg <daniel@...x.se>)
• 2023/05/17 #3: curl: CVE-2023-28321: IDN wildcard match (Daniel Stenberg <daniel@...x.se>)
• 2023/05/17 #2: curl: CVE-2023-28320: siglongjmp race condition (Daniel Stenberg <daniel@...x.se>)
• 2023/05/17 #1: curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check (Daniel Stenberg <daniel@...x.se>)
• 2023/05/16 #5: Xen Security Advisory 431 v1 (CVE-2022-42336) - Mishandling of guest SSBD selection on AMD hardware (Xen.org security team <security@....org>)
• 2023/05/16 #4: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2023/05/16 #3: Re: Clarification on embargoed testing in a partner cloud (Marc Deslauriers <marc.deslauriers@...onical.com>)
• 2023/05/16 #2: Re: libcap-2.69 addresses 2 CVEs (Solar Designer <solar@...nwall.com>)
• 2023/05/16 #1: Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition (Zheng Hacker <hackerzheng666@...il.com>)
• 2023/05/15 #5: Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perfo… (Piotr Krysiuk <piotras@...il.com>)
• 2023/05/15 #4: libcap-2.69 addresses 2 CVEs ("Andrew G. Morgan" <morgan@...nel.org>)
• 2023/05/15 #3: Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition (Greg KH <greg@...ah.com>)
• 2023/05/15 #2: CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module (Robert Munteanu <rombert@...che.org>)
• 2023/05/15 #1: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition (蓝色的小羊 <1395428693sheep@...il.com>)
• 2023/05/14 #3: Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? (Solar Designer <solar@...nwall.com>)
• 2023/05/14 #2: Re: Clarification on embargoed testing in a partner cloud (Solar Designer <solar@...nwall.com>)
• 2023/05/14 #1: Re: semi-public issues on (linux-)distros (Solar Designer <solar@...nwall.com>)
• 2023/05/12 #3: CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection (Maxim Solodovnik <solomax@...che.org>)
• 2023/05/12 #2: CVE-2023-29032: Apache OpenMeetings: allows bypass authentication (Maxim Solodovnik <solomax@...che.org>)
• 2023/05/12 #1: CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash (Maxim Solodovnik <solomax@...che.org>)
• 2023/05/11 #5: Re: New Linux kernel NetFilter flaw gives attackers root privileges (Florian Weimer <fweimer@...hat.com>)
• 2023/05/11 #4: Re: New Linux kernel NetFilter flaw gives attackers root privileges (David Leadbeater <dgl@....cx>)
• 2023/05/11 #3: Re: Clarification on embargoed testing in a partner cloud (Marcus Meissner <meissner@...e.de>)
• 2023/05/11 #2: Clarification on embargoed testing in a partner cloud (Marc Deslauriers <marc.deslauriers@...onical.com>)
• 2023/05/11 #1: Re: New Linux kernel NetFilter flaw gives attackers root privileges (Solar Designer <solar@...nwall.com>)
• 2023/05/10 #8: Re: New Linux kernel NetFilter flaw gives attackers root privileges (Tobias Heider <tobias.heider@...onical.com>)
• 2023/05/10 #7: Re: New Linux kernel NetFilter flaw gives attackers root privileges (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2023/05/10 #6: Re: New Linux kernel NetFilter flaw gives attackers root privileges (Piotr Krysiuk <piotras@...il.com>)
• 2023/05/10 #5: [OSSA-2023-003] cinder, glance_store, nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-202… (Jeremy Stanley <fungi@...goth.org>)
• 2023/05/10 #4: Re: Linux kernel io_uring out-of-bounds access to physical memory (Solar Designer <solar@...nwall.com>)
• 2023/05/10 #3: Re: New Linux kernel NetFilter flaw gives attackers root privileges (Solar Designer <solar@...nwall.com>)
• 2023/05/10 #2: New Linux kernel NetFilter flaw gives attackers root privileges (Turritopsis Dohrnii Teo En Ming <tdtemccnp@...il.com>)
• 2023/05/10 #1: Re: CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input (Cathy Hu <cahu@...e.de>)
• 2023/05/09 #2: Re: Linux kernel io_uring out-of-bounds access to physical memory (Solar Designer <solar@...nwall.com>)
• 2023/05/09 #1: CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input (Cathy Hu <cahu@...e.de>)
• 2023/05/08 #4: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform a… (Piotr Krysiuk <piotras@...il.com>)
• 2023/05/08 #3: Linux kernel io_uring out-of-bounds access to physical memory (Tobias Holl <tobias@...ll.xyz>)
• 2023/05/08 #2: CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs (Jarek Potiuk <potiuk@...che.org>)
• 2023/05/08 #1: CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution (Wang Weibing <wwbmmm@...che.org>)
• 2023/05/07 #3: CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender (Robert Middleton <rmiddleton@...che.org>)
• 2023/05/07 #2: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (John Helmert III <ajak@...too.org>)
• 2023/05/07 #1: CVE-2023-29247: Stored XSS on Apache Airflow (Pierre Jeambrun <pierrejeambrun@...che.org>)
• 2023/05/05 #1: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Steffen Nurpmeso <steffen@...oden.eu>)
• 2023/05/04 #8: CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in … (Ramesh Mani <rmani@...che.org>)
• 2023/05/04 #7: CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions (Madhan Neethiraj <madhan@...che.org>)
• 2023/05/04 #6: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules ("David A. Wheeler" <dwheeler@...eeler.com>)
• 2023/05/04 #5: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Rainer Canavan <rainer.canavan@...nga.com>)
• 2023/05/04 #4: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2023/05/04 #3: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Sam Bull <9m199i@...bull.org>)
• 2023/05/04 #2: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Reid Sutherland <reid@...rddimension.net>)
• 2023/05/04 #1: Re: semi-public issues on (linux-)distros (Johannes Segitz <jsegitz@...e.de>)
• 2023/05/03 #8: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Michael Orlitzky <michael@...itzky.com>)
• 2023/05/03 #7: Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules (Moritz Bechler <mbechler@...terphace.org>)

28827 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.