oss-security mailing list
Recent messages:
- 2019/02/15 #1:
MatrixSSL stack buffer overflow (Tavis Ormandy <taviso@...gle.com>)
- 2019/02/13 #10:
Railroader: static analysis tool for Ruby on Rails (OSS fork of
Brakeman) ("David A. Wheeler" <dwheeler@...eeler.com>)
- 2019/02/13 #9:
Re: CVE-2019-5736: runc container breakout (all versions) (Loganaden Velvindron <loganaden@...il.com>)
- 2019/02/13 #8:
Re: CVE-2019-5736: runc container breakout exploit code (EJ Campbell <ejc3@...izonmedia.com>)
- 2019/02/13 #7:
Re: CVE-2019-5736: runc container breakout exploit code (EJ Campbell <ejc3@...izonmedia.com>)
- 2019/02/13 #6:
[CVE-2018-11783] Apache Traffic Server vulnerability with sslheader
plugin (Bryan Call <bcall@...che.org>)
- 2019/02/13 #5:
Re: CVE-2019-5736: runc container breakout exploit
code (Aleksa Sarai <cyphar@...har.com>)
- 2019/02/13 #4:
Re: CVE-2019-5736: runc container breakout exploit
code (Aleksa Sarai <cyphar@...har.com>)
- 2019/02/13 #3:
CVE-2019-5736: runc container breakout exploit code (Aleksa Sarai <cyphar@...har.com>)
- 2019/02/13 #2:
Re: CVE-2019-5736: runc container breakout (all
versions) (Aleksa Sarai <asarai@...e.de>)
- 2019/02/13 #1:
Re: CVE-2019-5736: runc container breakout (all
versions) (Aleksa Sarai <asarai@...e.de>)
- 2019/02/12 #7:
CVE-2017-3164: Apache Solr: SSRF issue (Tomas Fernandez Lobbe <tflobbe@...che.org>)
- 2019/02/12 #6:
Two more LXC breakouts (both privileged), apparmor issue? ("Alexander E. Patrakov" <patrakov@...il.com>)
- 2019/02/12 #5:
Re: CVE-2019-5736: runc container breakout (all versions) (Solar Designer <solar@...nwall.com>)
- 2019/02/12 #4:
Re: CVE-2019-5736: runc container breakout (all
versions) (Aleksa Sarai <cyphar@...har.com>)
- 2019/02/12 #3:
Re: CVE-2019-5736: runc container breakout (all versions) (Steve Grubb <sgrubb@...hat.com>)
- 2019/02/12 #2:
Re: CVE-2019-5736: runc container breakout (all
versions) (Aleksa Sarai <asarai@...e.de>)
- 2019/02/12 #1:
Re: CVE-2019-5736: runc container breakout (all versions) (Florian Weimer <fweimer@...hat.com>)
- 2019/02/11 #2:
CVE-2019-5736: runc container breakout (all versions) (Aleksa Sarai <cyphar@...har.com>)
- 2019/02/11 #1:
CVE-2019-6975 -- Django fixed memory exhaustion in
utils.numberformat.format(). (Carlton Gibson <carlton.gibson@...il.com>)
- 2019/02/09 #1:
WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 (Michael Catanzaro <mcatanzaro@...lia.com>)
- 2019/02/08 #1:
CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail (Randy Barlow <randy@...ctronsweatshop.com>)
- 2019/02/07 #2:
Re: Linux Kernel: Missing access_ok() checks in IOCTL function
(gpu/drm/i915 Driver) (Timothy Michaud <tmm08a@....edu>)
- 2019/02/07 #1:
Re: Linux Kernel: Missing access_ok() checks in IOCTL function
(gpu/drm/i915 Driver) (Ben Hutchings <ben.hutchings@...ethink.co.uk>)
- 2019/02/06 #5:
Re: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2019/02/06 #4:
Re: Notes on fuzzing ImageMagick and GraphicsMagick (Hanno Böck <hanno@...eck.de>)
- 2019/02/06 #3:
[SECURITY ADVISORY] curl: SMTP end-of-response out-of-bounds read (Daniel Stenberg <daniel@...x.se>)
- 2019/02/06 #2:
[SECURITY ADVISORY] curl: NTLMv2 type-3 header stack buffer
overflow (Daniel Stenberg <daniel@...x.se>)
- 2019/02/06 #1:
[SECURITY ADVISORY] curl: NTLM type-2 out-of-bounds buffer read (Daniel Stenberg <daniel@...x.se>)
- 2019/02/05 #2:
Notes on fuzzing ImageMagick and GraphicsMagick (Alex Gaynor <alex.gaynor@...il.com>)
- 2019/02/05 #1:
CVE-2019-3814: Suitable client certificate can be used to login as
other user (Aki Tuomi <aki.tuomi@...n-xchange.com>)
- 2019/02/02 #3:
Linux kernel: BPF spectre v1 mitigation bypass (CVE-2019-7308, fixed
in 4.19.19 and 4.20.6) (Jann Horn <jannhorn@...glemail.com>)
- 2019/02/02 #2:
Re: CVE-2018-1340: Apache Guacamole: Secure flag
missing from session cookie (Mike Jumper <mjumper@...che.org>)
- 2019/02/02 #1:
Re: CVE-2018-1340: Apache Guacamole: Secure flag
missing from session cookie (Salvatore Bonaccorso <carnil@...ian.org>)
- 2019/02/01 #2:
Re: CVE-2018-1340: Apache Guacamole: Secure flag
missing from session cookie (Salvatore Bonaccorso <carnil@...ian.org>)
- 2019/02/01 #1:
Re: [CVE-2018-20242] Apache JSPWiki Cross-site
scripting vulnerability on Apache JSPWiki (Juan Pablo Santos Rodríguez <juanpablo.santos@...il.com>)
- 2019/01/31 #2:
Re: [CVE-2018-20242] Apache JSPWiki Cross-site
scripting vulnerability on Apache JSPWiki (Henri Salo <henri@...v.fi>)
- 2019/01/31 #1:
[CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on
Apache JSPWiki (Juan Pablo Santos Rodríguez <juanpablo@...che.org>)
- 2019/01/30 #1:
[CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities
in Zimbra Collaboration (Sysdream Labs <labs@...dream.com>)
- 2019/01/29 #1:
CVE-2018-11760: Apache Spark local privilege escalation vulnerability (Imran Rashid <irashid@...che.org>)
- 2019/01/28 #3:
Re: CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c (Peter Korsgaard <peter@...sgaard.com>)
- 2019/01/28 #2:
CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c (Scott Gayou <sgayou@...hat.com>)
- 2019/01/28 #1:
Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2019/01/25 #1:
CVE-2018-16880 Linux kernel: oob-write in
drivers/vhost/net.c:get_rx_bufs() (Vladis Dronov <vdronov@...hat.com>)
- 2019/01/24 #5:
CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() (P J P <ppandit@...hat.com>)
- 2019/01/24 #4:
Re: Linux Kernel: Missing access_ok() checks in
IOCTL function (gpu/drm/i915 Driver) (Yves-Alexis Perez <corsac@...ian.org>)
- 2019/01/24 #3:
CVE-2018-1296: Apache Hadoop HDFS Permissive listXAttr Authorization (Akira Ajisaka <aajisaka@...che.org>)
- 2019/01/24 #2:
CVE-2018-1340: Apache Guacamole: Secure flag missing from session cookie (Mike Jumper <mjumper@...che.org>)
- 2019/01/24 #1:
CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling
inquiry request (P J P <ppandit@...hat.com>)
- 2019/01/23 #6:
Linux Kernel: Missing access_ok() checks in IOCTL function
(gpu/drm/i915 Driver) (Timothy Michaud <tmm08a@....edu>)
- 2019/01/23 #5:
ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (Tavis Ormandy <taviso@...gle.com>)
- 2019/01/23 #4:
Re: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
- 2019/01/23 #3:
Re: Sandbox bypass in multiple Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2019/01/23 #2:
Re: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
- 2019/01/23 #1:
[CVE-2018-11803] Apache Subversion Denial of Service Vulnerability (Troy Curtis <troycurtisjr@...che.org>)
- 2019/01/22 #4:
CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 (Daniel Ruggeri <druggeri@...che.org>)
- 2019/01/22 #3:
CVE-2018-17199: mod_session_cookie does not respect expiry time (Daniel Ruggeri <druggeri@...che.org>)
- 2019/01/22 #2:
CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies (Daniel Ruggeri <druggeri@...che.org>)
- 2019/01/22 #1:
Re: Re: ghostscript: 1Policy operator gives access to
.forceput CVE-2018-18284 (Thomas Jarosch <thomas.jarosch@...ra2net.com>)
- 2019/01/21 #8:
Xen Security Advisory 289 v3 - Cache-load gadgets exploitable
with L1TF (Xen.org security team <security@....org>)
- 2019/01/21 #7:
PowerDNS Security Advisories 2011-01 and 2019-02 (Remi Gacogne <remi.gacogne@...erdns.com>)
- 2019/01/21 #6:
Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable
with L1TF (Xen.org security team <security@....org>)
- 2019/01/21 #5:
Re: Apache web server use after free bugs (unfixed) (Craig Young <cyoung@...pwire.com>)
- 2019/01/21 #4:
Unfixed FreeBSD uninitialized memory disclosures (Vlad Tsyrklevich <vlad@...rklevich.net>)
- 2019/01/21 #3:
GattLib 0.2 has a stack-based buffer - CVE-2019-6498 (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
- 2019/01/21 #2:
Re: Apache web server use after free bugs (unfixed) (Florian Weimer <fweimer@...hat.com>)
- 2019/01/21 #1:
Apache web server use after free bugs (unfixed) (Hanno Böck <hanno@...eck.de>)
- 2019/01/16 #4:
Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
- 2019/01/16 #3:
Re: Heap based buffer overflow in wolfSSL (Alexander Potapenko <glider@...gle.com>)
- 2019/01/16 #2:
CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string length calculation (Peter Kovacs <Petko@...che.org>)
- 2019/01/16 #1:
Heap based buffer overflow in wolfSSL (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
- 2019/01/14 #4:
Statistics for distros lists updated for 2018Q4 (Kristian Fiskerstrand <k_f@...too.org>)
- 2019/01/14 #3:
CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS()
via gRPC-gateway (Paul Harvey <pharvey@...hat.com>)
- 2019/01/14 #2:
Re: Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460) (Michael Ellerman <mpe@...erman.id.au>)
- 2019/01/14 #1:
SCP client multiple vulnerabilities (Harry Sintonen <security-advisories@...er.fi>)
- 2019/01/11 #6:
SEGV in libIEC61850 protocol (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
- 2019/01/11 #5:
NULL pointer dereference in lib60870 protocol (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
- 2019/01/11 #4:
Memory leak in libiec61850 (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
- 2019/01/11 #3:
Memory leak in libiec61850 protocol (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
- 2019/01/11 #2:
Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460) (Solar Designer <solar@...nwall.com>)
- 2019/01/11 #1:
[CVE-2018-17198] Server-side Request Forgery (SSRF) and File
Enumeration vulnerability in Apache Roller (Dave <snoopdave@...il.com>)
- 2019/01/10 #2:
X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in
UA-Parser (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
- 2019/01/10 #1:
Irssi 1.1.2: CVE-2019-5882 (Ailin Nemui <ailin.nemui@...il.com>)
- 2019/01/09 #3:
System Down: A systemd-journald exploit (Qualys Security Advisory <qsa@...lys.com>)
- 2019/01/09 #2:
Fastbin double free issue in MP4v2 2.0.0 (Purushottam Choudhary <Purushottam.Choudhary@...t.com>)
- 2019/01/09 #1:
Re: Re: Linux Kernel 4.20(21) deadlock vulnerability. (Michael Ellerman <mpe@...erman.id.au>)
- 2019/01/08 #21:
CVE-2018-20245: Apache Airflow LDAP auth backend did not validate SSL
certificate for <= 1.10.0 (Ash Berlin-Taylor <ash@...che.org>)
- 2019/01/08 #20:
RCE, CSRF and Information leak vulnerabilities against Airflow <=
1.8.2 (CVE-2017-15720, CVE-2017-17835, CVE-2017-17836) (Ash Berlin-Taylor <ash@...che.org>)
- 2019/01/08 #19:
Xen Security Advisory 282 v2 (CVE-2018-19967) - guest use of HLE
constructs may lock up host (Xen.org security team <security@....org>)
- 2019/01/08 #18:
Xen Security Advisory 275 v3 (CVE-2018-19961,CVE-2018-19962) -
insufficient TLB flushing / improper large page mappings… (Xen.org security team <security@....org…)
- 2019/01/08 #17:
Xen Security Advisory 280 v3 (CVE-2018-19966) - Fix for XSA-240
conflicts with shadow paging (Xen.org security team <security@....org>)
- 2019/01/08 #16:
Xen Security Advisory 276 v3 (CVE-2018-19963) - resource
accounting issues in x86 IOREQ server handling (Xen.org security team <security@....org>)
- 2019/01/08 #15:
Xen Security Advisory 279 v3 (CVE-2018-19965) - x86: DoS from
attempting to use INVPCID with a non-canonical addresses (Xen.org security team <security@....org…)
- 2019/01/08 #14:
Xen Security Advisory 277 v3 (CVE-2018-19964) - x86: incorrect
error handling for guest p2m page removals (Xen.org security team <security@....org>)
- 2019/01/08 #13:
Re: Linux Kernel 4.20(21) deadlock vulnerability. (Entropy Moe <3ntr0py1337@...il.com>)
- 2019/01/08 #12:
Re: Linux Kernel 4.20(21) deadlock vulnerability. (Greg KH <gregkh@...uxfoundation.org>)
- 2019/01/08 #11:
Re: Linux Kernel 4.20(21) deadlock vulnerability. (Entropy Moe <3ntr0py1337@...il.com>)
- 2019/01/08 #10:
Re: Linux Kernel 4.20(21) deadlock vulnerability. (Greg KH <gregkh@...uxfoundation.org>)
- 2019/01/08 #9:
Re: KASAN stack out of bound bug (Entropy Moe <3ntr0py1337@...il.com>)
- 2019/01/08 #8:
Re: KASAN stack out of bound bug (Eric Dumazet <edumazet@...gle.com>)
24963 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
