Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2021/07/28 #4: Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601) (Jonas Schäfer <jonas@...licki.name>)
• 2021/07/28 #3: Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) (Jonas Schäfer <jonas@...licki.name>)
• 2021/07/28 #2: Re: Polipo: denial-of-service using range ("Alexandr Savca (chinarulezzz)" <alexandr.savca89@...il.com>)
• 2021/07/28 #1: Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) (Salvatore Bonaccorso <carnil@...ian.org>)
• 2021/07/27 #3: Re: Pop!_OS Membership to linux-distros list (Solar Designer <solar@...nwall.com>)
• 2021/07/27 #2: Re: Linux kernel: powerpc: KVM guest to host memory corruption (Michael Ellerman <mpe@...erman.id.au>)
• 2021/07/27 #1: replay-sorcery: CVE-2021-36983: kms service in version 0.6.0 allows local root exploit and other local attack vectors (Matthias Gerstner <mgerstner@...e.de>)
• 2021/07/26 #5: Re: Potential symlink attack in python3 __pycache__ (Jakub Wilk <jwilk@...lk.net>)
• 2021/07/26 #4: Re: Potential symlink attack in python3 __pycache__ (Santiago Torres <torresariass@...il.com>)
• 2021/07/26 #3: Re: Potential symlink attack in python3 __pycache__ (Georgi Guninski <gguninski@...il.com>)
• 2021/07/26 #2: security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0 (Peter van Dijk <peter.van.dijk@...erdns.com>)
• 2021/07/26 #1: Linux kernel: powerpc: KVM guest to host memory corruption (Michael Ellerman <mpe@...erman.id.au>)
• 2021/07/25 #2: Re: ipython3 may execute code from the current working directory (Georgi Guninski <gguninski@...il.com>)
• 2021/07/25 #1: CVE-2020-28020: Integer overflow in Exim that can lead to RCE: Some questions to the Qualys researchers who designed th… ("Jonas Dellinger" <jdellinger@...l2tor.…)
• 2021/07/24 #4: Re: ipython3 may execute code from the current working directory (Jakub Wilk <jwilk@...lk.net>)
• 2021/07/24 #3: Re: Potential symlink attack in python3 __pycache__ (Michael Orlitzky <michael@...itzky.com>)
• 2021/07/24 #2: Potential symlink attack in python3 __pycache__ (Georgi Guninski <gguninski@...il.com>)
• 2021/07/24 #1: CVE-2021-33900: Apache Directory Studio: StartTLS and SASL confidentiality protection bypass (Stefan Seelmann <seelmann@...che.org>)
• 2021/07/23 #3: Re: ipython3 may execute code from the current working directory (Mats Wichmann <mats@...hmann.us>)
• 2021/07/23 #2: Re: ipython3 may execute code from the current working directory (Jakub Wilk <jwilk@...lk.net>)
• 2021/07/23 #1: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2021/07/22 #7: Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer (Qualys Security Advisory <qsa@...lys.com>)
• 2021/07/22 #6: Re: ipython3 may execute code from the current working directory (Jakub Wilk <jwilk@...lk.net>)
• 2021/07/22 #5: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) (Jonas Schäfer <j.wielicki@...ecware.net>)
• 2021/07/22 #4: Re: ipython3 may execute code from the current working directory (Jakub Wilk <jwilk@...lk.net>)
• 2021/07/22 #3: CVE-2021-28131: Apache Impala: Impala logs contain secrets (Zoltán Borók-Nagy <boroknagyz@...che.org>)
• 2021/07/22 #2: ipython3 may execute code from the current working directory (Georgi Guninski <gguninski@...il.com>)
• 2021/07/22 #1: CVE-2021-3640: Linux kernel: UAF in sco_send_frame function (Lin Horse <kylin.formalin@...il.com>)
• 2021/07/21 #4: [SECURITY ADVISORY] curl: TELNET stack contents disclosure again (Daniel Stenberg <daniel@...x.se>)
• 2021/07/21 #3: [SECURITY ADVISORY] curl: Bad connection reuse due to flawed path name checks (Daniel Stenberg <daniel@...x.se>)
• 2021/07/21 #2: [SECURITY ADVISORY] curl: Metalink download sends credentials (Daniel Stenberg <daniel@...x.se>)
• 2021/07/21 #1: [SECURITY ADVISORY] curl: Wrong content via metalink not discarded (Daniel Stenberg <daniel@...x.se>)
• 2021/07/20 #5: Pop!_OS Membership to linux-distros list ("Jeremy Soller" <jeremy@...tem76.com>)
• 2021/07/20 #4: Re: CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2021/07/20 #3: Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer (Petr Matousek <pmatouse@...hat.com>)
• 2021/07/20 #2: CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) (Qualys Security Advisory <qsa@...lys.com>)
• 2021/07/20 #1: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer (Qualys Security Advisory <qsa@...lys.com>)
• 2021/07/19 #2: CVE-2021-32760: containerd archive package allows chmod of file outside of unpack target directory ("Karp, Samuel" <skarp@...zon.com>)
• 2021/07/19 #1: Re: Polipo: denial-of-service using range (Jeffrey Walton <noloader@...il.com>)
• 2021/07/18 #1: Re: Polipo: denial-of-service using range (John Helmert III <jchelmert3@...teo.net>)
• 2021/07/14 #1: [kubernetes] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding (CJ Cullen <cjcullen@...gle.com>)
• 2021/07/13 #6: CVE-2021-36374: Apache Ant ZIP, and ZIP based, archive denial of service vulerability (Stefan Bodewig <bodewig@...che.org>)
• 2021/07/13 #5: CVE-2021-36373: Apache Ant TAR archive denial of service vulnerability (Stefan Bodewig <bodewig@...che.org>)
• 2021/07/13 #4: CVE-2021-36090: Apache Commons Compress 1.0 to 1.20 denial of service vulnerability (Stefan Bodewig <bodewig@...che.org>)
• 2021/07/13 #3: CVE-2021-35517: Apache Commons Compress 1.1 to 1.20 denial of service vulnerability (Stefan Bodewig <bodewig@...che.org>)
• 2021/07/13 #2: CVE-2021-35516: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability (Stefan Bodewig <bodewig@...che.org>)
• 2021/07/13 #1: CVE-2021-35515: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability (Stefan Bodewig <bodewig@...che.org>)
• 2021/07/12 #2: [OSSA-2021-001] Neutron: Anti-spoofing bypass for Open vSwitch networks (CVE-2021-20267) (Jeremy Stanley <fungi@...goth.org>)
• 2021/07/12 #1: CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server (Guillaume Nodet <gnodet@...che.org>)
• 2021/07/06 #3: CVE-2021-35039: Linux kernel loading unsigned kernel modules via init_module syscall (Nayna <nayna@...ux.vnet.ibm.com>)
• 2021/07/06 #2: xscreensaver 5.45 crash (Mustafa Kuscu <mustafakuscu@...il.com>)
• 2021/07/06 #1: linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571 (Richard Cochran <richardcochran@...il.com>)
• 2021/07/05 #1: Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) (vpn-research@...akpointingbad.com)
• 2021/07/04 #1: CVE-2021-33192: Apache Jena Fuseki: Display information UI XSS (Andy Seaborne <andy@...che.org>)
• 2021/07/02 #2: Django: CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input (Mariusz Felisiak <felisiak.mariusz@...il.com>)
• 2021/07/02 #1: CVE-2021-26920: Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (Jihoon Son <jihoonson@...che.org>)
• 2021/06/30 #2: Plone: stored XSS in folder contents (Maurits van Rees <maurits@...rees.org>)
• 2021/06/30 #1: Multiple vulnerabilities in Jenkins and Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/06/28 #3: CVE-2020-28200: Dovecot Pigeonhole Sieve excessive resource usage (Aki Tuomi <aki.tuomi@...n-xchange.com>)
• 2021/06/28 #2: CVE-2021-33515: Dovecot SMTP Submission service STARTTLS injection. (Aki Tuomi <aki.tuomi@...n-xchange.com>)
• 2021/06/28 #1: CVE-2021-29157: Dovecot oauth2 JWT local validation path traversal (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2021/06/26 #1: Re: CVE-2021-22543 - /dev/kvm LPE ("Eduardo' Vela\" <Nava>" <evn@...gle.com>)
• 2021/06/25 #1: FW: An out-of-bound read/write in fsi driver ("Luo Likang" <luolikang@...ocus.com>)
• 2021/06/23 #1: CVE-2021-3600 - Linux kernel eBPF 32-bit source register truncation on div/mod (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2021/06/21 #2: CVE-2021-26461: Apache NuttX (incubating): malloc, realloc and memalign implementations are vulnerable to integer wrap-aro… (Brennan Ashton <btashton@...che.org>)
• 2021/06/21 #1: [CVE-2021-33624] Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel me… (Adam Morrison <mad@...tau.ac.il>)
• 2021/06/19 #2: Re: CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
• 2021/06/19 #1: CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation (Norbert Slusarek <nslusarek@....net>)
• 2021/06/18 #1: Vulnerability in Jenkins Generic Webhook Trigger Plugin (Daniel Beck <ml@...kweb.net>)
• 2021/06/17 #1: New Open-Source Forensic Tool for SQLite Data Recovery (Andrew Zayine <scholarshipchile@...il.com>)
• 2021/06/16 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/06/16 #2: CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (Colm O hEigeartaigh <coheigea@...che.org>)
• 2021/06/16 #1: CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw (Robert Middleton <rmiddleton@...che.org>)
• 2021/06/15 #1: CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel (Norbert Slusarek <nslusarek@....net>)
• 2021/06/14 #1: xscreensaver: filename command injection in vidwhacker screensaver (Hanno Böck <hanno@...eck.de>)
• 2021/06/12 #2: CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny fi… (Andreas Lehmkuehler <andreas@...mi.de>)
• 2021/06/12 #1: CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file (Andreas Lehmkuehler <andreas@...mi.de>)
• 2021/06/11 #1: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Gianluca Gabrielli <ggabrielli@...e.de>)
• 2021/06/10 #16: Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request (Christophe JAILLET <christophe.jaillet@...adoo.fr>)
• 2021/06/10 #15: Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request (John Helmert III <jchelmert3@...teo.net>)
• 2021/06/10 #14: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2021/06/10 #13: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>)
• 2021/06/10 #12: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock (Gianluca Gabrielli <ggabrielli@...e.de>)
• 2021/06/10 #11: Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Andrew Cooper <andrew.cooper3@...rix.com>)
• 2021/06/10 #10: Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Sven Kieske <S.Kieske@...twald.de>)
• 2021/06/10 #9: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #8: CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF' (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #7: CVE-2021-26691: Apache httpd: mod_session response handling heap overflow (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #6: CVE-2021-26690: Apache httpd: mod_session NULL pointer dereference (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #5: CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #4: CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #3: CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #2: CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections (Christophe JAILLET <jailletc36@...che.org>)
• 2021/06/10 #1: Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Xen.org security team <security@....org>)
• 2021/06/09 #2: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass (Xen.org security team <security@....org>)
• 2021/06/09 #1: connman stack buffer overflow in dnsproxy CVE-2021-33833 (Marcus Meissner <meissner@...e.de>)
• 2021/06/08 #9: Xen Security Advisory 373 v2 (CVE-2021-28692) - inappropriate x86 IOMMU timeout detection / handling (Xen.org security team <security@....org>)
• 2021/06/08 #8: Xen Security Advisory 377 v2 (CVE-2021-28690) - x86: TSX Async Abort protections not restored after S3 (Xen.org security team <security@....org>)
• 2021/06/08 #7: Xen Security Advisory 375 v2 (CVE-2021-0089) - Speculative Code Store Bypass (Xen.org security team <security@....org>)
• 2021/06/08 #6: Xen Security Advisory 374 v2 (CVE-2021-28691) - Guest triggered use-after-free in Linux xen-netback (Xen.org security team <security@....org>)

27116 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.