Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2020/07/03 #1: Re: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/02 #7: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/07/02 #6: Re: Contributing Back (Daniel Stenberg <daniel@...x.se>)
• 2020/07/02 #5: Re: Contributing Back (Francis Perron <francisp@...gle.com>)
• 2020/07/02 #4: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/02 #3: [SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling (Mike Jumper <mjumper@...che.org>)
• 2020/07/02 #2: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels (Mike Jumper <mjumper@...che.org>)
• 2020/07/02 #1: CVE-2020-15469 QEMU: MMIO ops null pointer dereference may lead to DoS (P J P <ppandit@...hat.com>)
• 2020/07/01 #1: PowerDNS Recursor 4.3.2, 4.2.3. and 4.1.17 released fixing CVE-2020-14196: Access restriction,bypass (Otto Moerbeek <otto.moerbeek@...n-xchange.com>)
• 2020/06/30 #3: Re: libvncserver: old websocket decoding patch (Stefan Cornelius <scorneli@...hat.com>)
• 2020/06/30 #2: libvncserver: old websocket decoding patch (Stefan Cornelius <scorneli@...hat.com>)
• 2020/06/30 #1: default behavior in unzip more dangerous then -^ (Dennis Goodlett <dennis@...ricanelabs.com>)
• 2020/06/25 #6: CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service (Mark Thomas <markt@...che.org>)
• 2020/06/25 #5: CVE-2020-10753 ceph: radosgw: HTTP header injection via CORS ExposeHeader tag (Przemyslaw Roguski <proguski@...hat.com>)
• 2020/06/25 #4: [cve-request@...re.org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v… (Seth Arnold <seth.arnold@...onical.com>)
• 2020/06/25 #3: Re: Requesting a CVE id for Trojitá, an e-mail client: Improper Certificate Validation (Johannes Segitz <jsegitz@...e.de>)
• 2020/06/25 #2: Re: Requesting a CVE id for Trojitá, an e-mail client: Improper Certificate Validation (Agostino Sarubbo <ago@...too.org>)
• 2020/06/25 #1: Requesting a CVE id for Trojitá, an e-mail client: Improper Certificate Validation (Jan Kundrát <jkt@....org>)
• 2020/06/24 #2: [SECURITY ADVISORY] curl: overwrite local file with -J (Daniel Stenberg <daniel@...x.se>)
• 2020/06/24 #1: [SECURITY ADVISORY] curl: Partial password leak over DNS on HTTP redirect (Daniel Stenberg <daniel@...x.se>)
• 2020/06/23 #2: Re: CVE-2020-10769 kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not align… (Eric Biggers <ebiggers@...nel.org>)
• 2020/06/23 #1: CVE-2020-10769 kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (Rohit Keshri <rkeshri@...hat.com>)
• 2020/06/22 #2: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master (Sean Owen <srowen@...che.org>)
• 2020/06/22 #1: [CVE-2020-11989] Apache Shiro authentication bypass vulnerability (Brian Demers <bdemers@...che.org>)
• 2020/06/20 #1: Squirrelmail: Use of unserialize() on user data (Hanno Böck <hanno@...eck.de>)
• 2020/06/19 #1: [SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection (Martin <martin_s@...che.org>)
• 2020/06/18 #1: CVE-2020-10781 kernel: zram sysfs resource consumption (Wade Mealing <wmealing@...hat.com>)
• 2020/06/17 #1: ISC announces two medium-severity vulnerabilities, CVE-2020-8618 and CVE-2020-8619 (Michael McNally <mcnally@....org>)
• 2020/06/16 #2: Re: Remote Code Execution in qmail (CVE-2005-1513) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/06/16 #1: Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules (Reed Loden <reed@...dloden.com>)
• 2020/06/15 #10: Re: lockdown bypass on mainline kernel for loading unsigned modules ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/06/15 #9: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/06/15 #8: Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS (P J P <ppandit@...hat.com>)
• 2020/06/15 #7: Re: lockdown bypass on mainline kernel for loading unsigned modules ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/06/15 #6: Re: lockdown bypass on mainline kernel for loading unsigned modules (Jann Horn <jannh@...gle.com>)
• 2020/06/15 #5: Re: lockdown bypass on mainline kernel for loading unsigned modules (John Haxby <john.haxby@...cle.com>)
• 2020/06/15 #4: CVE-2020-11969 Apache TomEE - useJMX attribute on ActiveMQ resource adapter URI causes authenticated JMX port to be ope… (Jonathan Gallimore <jgallimore@...che.o…)
• 2020/06/15 #3: lockdown bypass on mainline kernel for loading unsigned modules ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/06/15 #2: [CVE-2019-17566] Apache XML Graphics Batik SSRF vulnerability ("Simon Steiner" <simonsteiner1984@...il.com>)
• 2020/06/15 #1: [CVE-2020-9483] Apache SkyWalking SQL injection vulnerability (Sheng Wu <wusheng@...che.org>)
• 2020/06/14 #1: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/06/12 #3: Re: icinga2: CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context (Michael Orlitzky <michael@...itzky.com>)
• 2020/06/12 #2: [CVE-2020-11980] A remote client could create MBeans from arbitrary URLs (Jean-Baptiste Onofre <jb@...thrax.net>)
• 2020/06/12 #1: icinga2: CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context (Matthias Gerstner <mgerstner@...e.de>)
• 2020/06/11 #2: adns (dns resolver library) multiple vulns (Ian Jackson <ijackson@...ark.greenend.org.uk>)
• 2020/06/11 #1: Xen Security Advisory 320 v2 (CVE-2020-0543) - Special Register Buffer speculative side channel (Xen.org security team <security@....org>)
• 2020/06/10 #5: Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (Monsieur Francis Perron <francisp@...gle.com>)
• 2020/06/10 #4: Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (Greg KH <greg@...ah.com>)
• 2020/06/10 #3: Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (Wade Mealing <wmealing@...hat.com>)
• 2020/06/10 #2: Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (Greg KH <gregkh@...uxfoundation.org>)
• 2020/06/10 #1: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (Wade Mealing <wmealing@...hat.com>)
• 2020/06/09 #3: Xen Security Advisory 320 v1 (CVE-2020-0543) - Special Register Buffer speculative side channel (Xen.org security team <security@....org>)
• 2020/06/09 #2: Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379 (Richard Hartmann <richih.mailinglist@...il.com>)
• 2020/06/09 #1: CVE-2020-10761 QEMU: nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client (P J P <ppandit@...hat.com>)
• 2020/06/08 #2: hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (Jouni Malinen <j@...fi>)
• 2020/06/08 #1: CVE-2020-13881: pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if configured with de… ("Gollub, Daniel" <daniel.gollub@...l.at…)
• 2020/06/05 #1: [SECURITY][ANNOUNCEMENT] Fix for CVE-2020-11975 in Apache Unomi 1.5.1 (Serge Huber <shuber@...che.org>)
• 2020/06/04 #6: xawtv: CVE-2020-13696: v4l-conf setuid-root program allows file existence tests and open(..., O_RDRW) on arbitrary files (Matthias Gerstner <mgerstner@...e.de>)
• 2020/06/04 #5: linux-pam: pam_setquota.so vulnerability facilitated through fusermount setuid-root program (Matthias Gerstner <mgerstner@...e.de>)
• 2020/06/04 #4: CVE-2020-10757 Linux kernel: mremap hugepage mmaped DAX nvdimm may cause corrupted page table (Fan Yang <fan_yang@...U.EDU.CN>)
• 2020/06/04 #3: CVE-2020-12049: dbus: denial of service via file descriptor leak (Simon McVittie <smcv@...ian.org>)
• 2020/06/04 #2: CVE-2020-13800 QEMU: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS (P J P <ppandit@...hat.com>)
• 2020/06/04 #1: CVE-2020-13791 QEMU: ati-vga: OOB access while reading PCI configuration may lead to DoS (P J P <ppandit@...hat.com>)
• 2020/06/03 #6: CVE-2020-13765 QEMU: loader: OOB access while loading registered ROM may lead to code execution (P J P <ppandit@...hat.com>)
• 2020/06/03 #5: Re: Exploitability of the integer overflows in djbdns 1.05? (Georgi Guninski <gguninski@...il.com>)
• 2020/06/03 #4: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379 (Richard Hartmann <richih.mailinglist@...il.com>)
• 2020/06/03 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/06/03 #2: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability (Юрий <jury.gerzhedowich@...il.com>)
• 2020/06/03 #1: Django security releases issued: 3.0.7, and 2.2.13 for CVE-2020-13254 & CVE-2020-13596. (Carlton Gibson <carlton.gibson@...il.com>)
• 2020/06/02 #1: Re: Exploitability of the integer overflows in djbdns 1.05? (Georgi Guninski <gguninski@...il.com>)
• 2020/06/01 #6: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS (P J P <ppandit@...hat.com>)
• 2020/06/01 #5: Kubernetes: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements (Joel Smith <joelsmith@...hat.com>)
• 2020/06/01 #4: CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager (Tim Allclair <tallclair@...gle.com>)
• 2020/06/01 #3: CVE-2020-13659 QEMU: exec: address_space_map returns NULL without setting length to zero may lead to DoS (P J P <ppandit@...hat.com>)
• 2020/06/01 #2: Re: Exploitability of the integer overflows in djbdns 1.05? (Solar Designer <solar@...nwall.com>)
• 2020/06/01 #1: Exploitability of the integer overflows in djbdns 1.05? (Georgi Guninski <gguninski@...il.com>)
• 2020/05/28 #2: CVE-2020-13362 QEMU: megasas: OOB read access due to invalid index leads to DoS (P J P <ppandit@...hat.com>)
• 2020/05/28 #1: CVE-2020-13361 QEMU: es1370: OOB access due to incorrect frame count leads to DoS (P J P <ppandit@...hat.com>)
• 2020/05/27 #5: Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities (Vincent Batts <vbatts@...volk.io>)
• 2020/05/27 #4: Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities (Benjamin Gilbert <benjamin.gilbert@...eos.com>)
• 2020/05/27 #3: CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass (Ondrej Mosnacek <omosnace@...hat.com>)
• 2020/05/27 #2: CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS (P J P <ppandit@...hat.com>)
• 2020/05/27 #1: Announce: OpenSSH 8.3 released (Damien Miller <djm@...nbsd.org>)
• 2020/05/22 #6: Re: Short notes on qmail security guarantee (Jeffrey Walton <noloader@...il.com>)
• 2020/05/22 #5: Re: Short notes on qmail security guarantee ("Perry E. Metzger" <perry@...rmont.com>)
• 2020/05/22 #4: Re: Short notes on qmail security guarantee (Arrigo Triulzi <arrigo@...hemistowl.org>)
• 2020/05/22 #3: Re: Short notes on qmail security guarantee (Georgi Guninski <gguninski@...il.com>)
• 2020/05/22 #2: Re: Short notes on qmail security guarantee (Michal Zalewski <lcamtuf@...edump.cx>)
• 2020/05/22 #1: Re: Short notes on qmail security guarantee (Solar Designer <solar@...nwall.com>)
• 2020/05/21 #1: Short notes on qmail security guarantee (Georgi Guninski <gguninski@...il.com>)
• 2020/05/20 #5: Re: Remote Code Execution in qmail (CVE-2005-1513) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/05/20 #4: CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence (Mark Thomas <markt@...che.org>)
• 2020/05/20 #3: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Matthias Gerstner <mgerstner@...e.de>)
• 2020/05/20 #2: Re: Remote Code Execution in qmail (CVE-2005-1513) (Georgi Guninski <gguninski@...il.com>)
• 2020/05/20 #1: [CVE-2020-1956] Apache Kylin command injection vulnerability (George Ni <nic@...che.org>)
• 2020/05/19 #9: qmail: short/int vs. gid_t (Qualys Security Advisory <qsa@...lys.com>)
• 2020/05/19 #8: Remote Code Execution in qmail (CVE-2005-1513) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/05/19 #7: [CVE-2020-1955] Apache CouchDB Remote Privilege Escalation (Jan Lehnardt <jan@...che.org>)
• 2020/05/19 #6: CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (P J P <ppandit@...hat.com>)
• 2020/05/19 #5: Unbound - CVE-2020-12662, CVE-2020-12663 (Ralph Dolmans <ralph@...etlabs.nl>)

26099 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.