Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2018/09/24 #2: CVE-2018-14633: Linux kernel: security flaw in iscsi target code (Vladis Dronov <vdronov@...hat.com>)
• 2018/09/24 #1: Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access t… (Terry Chia <terrycwk1994@...il.com>)
• 2018/09/22 #1: Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated acce… (Ariel Zelivansky <ariel.zelivans@...il.…)
• 2018/09/21 #1: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Execut… (Alex R <alexr@...che.org>)
• 2018/09/20 #4: CVE-2018-5740 BIND (named vuln) and bad OVAL dict file maintenance (scrumpyjack@...ilet.to)
• 2018/09/20 #3: Re: ISC has issued new patch releases of BIND (Solar Designer <solar@...nwall.com>)
• 2018/09/20 #2: X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
• 2018/09/20 #1: X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
• 2018/09/19 #11: ISC has issued new patch releases of BIND (Michael McNally <mcnally@....org>)
• 2018/09/19 #10: Re: tdesktop 1.3.14: index out of range (Solar Designer <solar@...nwall.com>)
• 2018/09/19 #9: Re: tdesktop 1.3.14: index out of range ("Stuart D. Gathman" <stuart@...hman.org>)
• 2018/09/19 #8: tdesktop 1.3.14: index out of range (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2018/09/19 #7: CVE-2018-12642: Incorrect Access Control of tickets in Froxlor <= 0.9.39.5 (chbi@...i.eu)
• 2018/09/19 #6: [CVE-2018-8017] Apache Tika Denial of Service Vulnerability -- Potential Infinite Loop in IptcAnpaParser (Tim Allison <tallison@...che.org>)
• 2018/09/19 #5: [CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app (Tim Allison <tallison@...che.org>)
• 2018/09/19 #4: [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability (Tim Allison <tallison@...che.org>)
• 2018/09/19 #3: Re: Linux kernel: potential local priviledge escalation bug in vmacache code (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/09/19 #2: Re: Linux kernel: potential local priviledge escalation bug in vmacache code (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/09/19 #1: Re: Linux kernel: potential local priviledge escalation bug in vmacache code (Vladis Dronov <vdronov@...hat.com>)
• 2018/09/18 #4: Linux kernel: potential local priviledge escalation bug in vmacache code (Davidlohr Bueso <dave@...olabs.net>)
• 2018/09/18 #3: [SECURITY] New security advisory for CVE-2018-11787 released for Apache Karaf (Jean-Baptiste Onofré <jb@...thrax.net>)
• 2018/09/18 #2: [SECURITY] New security advisory for CVE-2018-11786 released for Apache Karaf (Jean-Baptiste Onofré <jb@...thrax.net>)
• 2018/09/18 #1: CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() (Vladis Dronov <vdronov@...hat.com>)
• 2018/09/17 #5: Re: Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 (Leo Famulari <leo@...ulari.name>)
• 2018/09/17 #4: [SBA-ADV-20180420-01] CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal (SBA Research Advisory <advisory@...-research.org>)
• 2018/09/17 #3: Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 (Reindl Harald <h.reindl@...lounge.net>)
• 2018/09/17 #2: Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 ("Kevin A. McGrail" <kmcgrail@...che.org>)
• 2018/09/17 #1: Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 (Reindl Harald <h.reindl@...lounge.net>)
• 2018/09/16 #1: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 ("Kevin A. McGrail" <kmcgrail@...che.org>)
• 2018/09/15 #1: haskell-tls: Inconsistencies in answers to RSA errors (possiby Bleichenbacher/ROBOT attack) (Hanno Böck <hanno@...eck.de>)
• 2018/09/13 #3: CVE-2018-1330: Libprocess might crash when decoding malformed HTTP requests or malformed JSON payload. (Alex R <alexr@...che.org>)
• 2018/09/13 #2: OpenSC release 0.19.0 (Frank Morgner <frankmorgner@...il.com>)
• 2018/09/13 #1: Cleartext passwords external services in Squash TM's web interface (Guillaume Quéré <guillaume@...re.eu>)
• 2018/09/12 #2: Re: tdesktop leaks user IP address (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• 2018/09/12 #1: [SECURITY] New security advisory CVE-2018-8041 released for Apache Camel (Andrea Cosentino <ancosen1985@...oo.com>)
• 2018/09/11 #3: tdesktop leaks user IP address (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2018/09/11 #2: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v… ("Larry W. Cashdollar" <larry0@...com>)
• 2018/09/11 #1: Re: Re: Ghostscript 9.24 issues (Marcus Meissner <meissner@...e.de>)
• 2018/09/10 #3: Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification (Solar Designer <solar@...nwall.com>)
• 2018/09/10 #2: Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification (Christopher Shannon <christopher.l.shannon@...il.com>)
• 2018/09/10 #1: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification (Christopher Shannon <christopher.l.shannon@...il.com>)
• 2018/09/09 #2: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/09/09 #1: Re: Ghostscript 9.24 issues (Tavis Ormandy <taviso@...gle.com>)
• 2018/09/07 #1: perl Crypt::JWT vulnerability (Jeremy Choi <jechoi@...hat.com>)
• 2018/09/06 #5: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Leonid Isaev <leonid.isaev@...a.colorado.edu>)
• 2018/09/06 #4: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Jakub Wilk <jwilk@...lk.net>)
• 2018/09/06 #3: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Marcus Meissner <meissner@...e.de>)
• 2018/09/06 #2: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Leonid Isaev <leonid.isaev@...a.colorado.edu>)
• 2018/09/06 #1: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/09/05 #5: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Stuart Gathman <stuart@...hman.org>)
• 2018/09/05 #4: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/09/05 #3: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/09/05 #2: Re: CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free (Vladis Dronov <vdronov@...hat.com>)
• 2018/09/05 #1: [SECURITY ADVISORY] curl: NTLM password overflow via integer overflow (Daniel Stenberg <daniel@...x.se>)
• 2018/09/04 #6: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/09/04 #5: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Brandon Perry <bperry.volatile@...il.com>)
• 2018/09/04 #4: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/09/04 #3: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/09/04 #2: CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free (Tyler Hicks <tyhicks@...onical.com>)
• 2018/09/04 #1: glusterfs: multiple flaws (Siddharth Sharma <siddharth@...hat.com>)
• 2018/09/03 #2: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Marcus Meissner <meissner@...e.de>)
• 2018/09/03 #1: Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. (Wade Mealing <wmealing@...hat.com>)
• 2018/09/02 #1: CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write (P J P <ppandit@...hat.com>)
• 2018/09/01 #2: Re: Travis CI MITM RCE (zugtprgfwprz@...rnkuller.de)
• 2018/09/01 #1: Re: Travis CI MITM RCE (zugtprgfwprz@...rnkuller.de)
• 2018/08/31 #2: Re: Travis CI MITM RCE (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• 2018/08/31 #1: Re: Travis CI MITM RCE (vines@...eup.net)
• 2018/08/30 #1: Re: Travis CI MITM RCE (zugtprgfwprz@...rnkuller.de)
• 2018/08/29 #8: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/08/29 #7: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/08/29 #6: Re: [ANNOUNCE] Apache Traffic Server vulnerability with header variable access in the ESI plugin - CVE-2018-8040 (Bryan Call <bcall@...che.org>)
• 2018/08/29 #5: [ANNOUNCE] Apache Traffic Server vulnerability with multiple HTTP smuggling and cache poisoning attacks - CVE-2018-8004 (Bryan Call <bcall@...che.org>)
• 2018/08/29 #4: [ANNOUNCE] Apache Traffic Server vulnerability with multi-range requests - CVE-2018-8005 (Bryan Call <bcall@...che.org>)
• 2018/08/29 #3: [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318 (Bryan Call <bcall@...che.org>)
• 2018/08/29 #2: [ANNOUNCE] Apache Traffic Server vulnerability with header variable access in the ESI plugin - CVE-2018-8040 (Bryan Call <bcall@...che.org>)
• 2018/08/29 #1: [ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022 (Bryan Call <bcall@...che.org>)
• 2018/08/28 #11: Re: Travis CI MITM RCE (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• 2018/08/28 #10: Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. (Greg KH <greg@...ah.com>)
• 2018/08/28 #9: Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. (Florian Weimer <fweimer@...hat.com>)
• 2018/08/28 #8: Re: CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS (Greg KH <greg@...ah.com>)
• 2018/08/28 #7: Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. (Greg KH <greg@...ah.com>)
• 2018/08/28 #6: CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads (P J P <ppandit@...hat.com>)
• 2018/08/28 #5: Re: Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down (Xiami <pengyu.tao@...li.com>)
• 2018/08/28 #4: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Marcus Meissner <meissner@...e.de>)
• 2018/08/28 #3: Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down (zhrzhang(张洪睿) <zhrzhang@...cent.com>)
• 2018/08/28 #2: Re: Another OpenSSH "user enumeration" (Marcus Meissner <meissner@...e.de>)
• 2018/08/28 #1: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. (Wade Mealing <wmealing@...hat.com>)
• 2018/08/27 #5: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/08/27 #4: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? (Tavis Ormandy <taviso@...gle.com>)
• 2018/08/27 #3: Another "user enumeration" in Dropbear (sjw@....ch)
• 2018/08/27 #2: Another OpenSSH "user enumeration" (Qualys Security Advisory <qsa@...lys.com>)
• 2018/08/27 #1: CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS (Vladis Dronov <vdronov@...hat.com>)
• 2018/08/26 #4: Re: Travis CI MITM RCE (Jeremy Stanley <fungi@...goth.org>)
• 2018/08/26 #3: Re: About OpenSSH "user enumeration" / CVE-2018-15473 (Solar Designer <solar@...nwall.com>)
• 2018/08/26 #2: Re: About OpenSSH "user enumeration" / CVE-2018-15473 (Damien Miller <djm@...drot.org>)
• 2018/08/26 #1: Re: Travis CI MITM RCE (Phil Pennock <oss-security-phil@...dhuis.org>)
• 2018/08/25 #3: Travis CI MITM RCE (Jakub Wilk <jwilk@...lk.net>)
• 2018/08/25 #2: Re: About OpenSSH "user enumeration" / CVE-2018-15473 (Solar Designer <solar@...nwall.com>)
• 2018/08/25 #1: Re: Re: About OpenSSH "user enumeration" / CVE-2018-15473 (Damien Miller <djm@...drot.org>)
• 2018/08/24 #2: Re: About OpenSSH "user enumeration" / CVE-2018-15473 (Solar Designer <solar@...nwall.com>)

24533 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.