Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2020/02/19 #2: [OSSA-2020-001] Nova can leak consoleauth token into log files (CVE-2015-9543) (Jeremy Stanley <fungi@...goth.org>)
• 2020/02/19 #1: Wordpress themegrill-demo-importer: database reset/auth bypass, incomplete fix due to CSRF (Hanno Böck <hanno@...eck.de>)
• 2020/02/14 #6: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2020/02/14 #5: Re: CVE for program distributing vulnerable components ? (Francis Perron <francisp@...gle.com>)
• 2020/02/14 #4: Re: Potential regression and/or incomplete fix for CVE-2017-12762 (Ibrahim el-sayed <i.elsayed92@...il.com>)
• 2020/02/14 #3: Re: CVE for program distributing vulnerable components ? (Simon McVittie <smcv@...ian.org>)
• 2020/02/14 #2: CVE for program distributing vulnerable components ? (security minded <osssecur1tym1nded@...il.com>)
• 2020/02/14 #1: Announce: OpenSSH 8.2 released (Damien Miller <djm@...nbsd.org>)
• 2020/02/12 #3: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/02/12 #2: CVE-2020-7957: Dovecot: Specially crafted mail can crash snippet generation (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2020/02/12 #1: CVE-2020-7046: Dovecot: Truncated UTF-8 can be used to DoS submission-login and lmtp processes (Aki Tuomi <aki.tuomi@...ecot.fi>)
• 2020/02/11 #2: Re: Potential regression and/or incomplete fix for CVE-2017-12762 (Brad Spengler <spender@...ecurity.net>)
• 2020/02/11 #1: Potential regression and/or incomplete fix for CVE-2017-12762 (Ibrahim el-sayed <i.elsayed92@...il.com>)
• 2020/02/10 #1: CVE-2020-1942: Apache NiFi 0.0.1 to 1.11.0 information disclosure in logs (Andy LoPresto <alopresto@...che.org>)
• 2020/02/06 #5: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Amadeusz Sławiński <amade@...blr.net>)
• 2020/02/06 #4: [SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz (Jacopo Cappellato <jacopoc@...che.org>)
• 2020/02/06 #3: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" (Solar Designer <solar@...nwall.com>)
• 2020/02/06 #2: CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (P J P <ppandit@...hat.com>)
• 2020/02/06 #1: Re: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/05 #5: Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2020/02/05 #4: Re: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script ("Larry W. Cashdollar" <larry0@...com>)
• 2020/02/05 #3: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/05 #2: Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled (William Bowling <will@...wling.info>)
• 2020/02/05 #1: CVE-2020-1712 systemd: use-after-free when asynchronous polkit queries are performed (Riccardo Schirone <rschiron@...hat.com>)
• 2020/02/04 #3: Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of … (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/04 #2: Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr… (Solar Designer <solar@...nwall.com>)
• 2020/02/04 #1: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr… (Matthias Gerstner <mgerstner@...e.de>)
• 2020/02/03 #1: Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)`` (Carlton Gibson <carlton.gibson@...il.com>)
• 2020/02/02 #2: Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) (Al Viro <viro@...iv.linux.org.uk>)
• 2020/02/02 #1: Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) (Solar Designer <solar@...nwall.com>)
• 2020/01/31 #3: multiple NULL pointer dereference vulnerabilities in newlib (Dimitrios Glynos <dimitris@...sus-labs.com>)
• 2020/01/31 #2: CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server (Hardik Vyas <hvyas@...hat.com>)
• 2020/01/31 #1: Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2020/01/30 #6: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2020/01/30 #5: Linux kernel: arm64/KVM debug registers vulnerability (Catalin Marinas <catalin.marinas@....com>)
• 2020/01/30 #4: CVE-2019-3016: information leak within a KVM guest (John Haxby <john.haxby@...cle.com>)
• 2020/01/30 #3: [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands ("Kevin A. McGrail" <kmcgrail@...che.org>)
• 2020/01/30 #2: [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands w… ("Kevin A. McGrail" <kmcgrail@...che.org…)
• 2020/01/30 #1: New Qt vulnerabilities (Thiago Macieira <thiago.macieira@...el.com>)
• 2020/01/29 #1: Multiple vulnerabilities in Jenkins and Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/01/28 #4: Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) (Solar Designer <solar@...nwall.com>)
• 2020/01/28 #3: LPE and RCE in OpenSMTPD (CVE-2020-7247) (Qualys Security Advisory <qsa@...lys.com>)
• 2020/01/28 #2: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) (Solar Designer <solar@...nwall.com>)
• 2020/01/28 #1: CVE-2020-1940: Apache Jackrabbit Oak sensitive information disclosure vulnerability (Angela Schreiber <anchela@...be.com>)
• 2020/01/27 #4: [CVE-2020-1932] Apache Incubator Superset user data leak vulnerability (daniel gaspar <danielvazgaspar@...il.com>)
• 2020/01/27 #3: [CVE-2020-1933] Apache NiFi XSS Attack (Nathan Gough <thenatog@...che.org>)
• 2020/01/27 #2: [CVE-2020-1933] Apache NiFi Information Disclosure (Nathan Gough <thenatog@...che.org>)
• 2020/01/27 #1: Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/24 #2: RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization (<cert.cc@...nge.com>)
• 2020/01/24 #1: Re: Plone security hotfix 20200121 (Maurits van Rees <maurits@...rees.org>)
• 2020/01/23 #3: CVE-2020-1711 QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (P J P <ppandit@...hat.com>)
• 2020/01/23 #2: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2020/01/23 #1: Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock (Nick Boyce <nick.boyce@...il.com>)
• 2020/01/22 #3: Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lo… (Matthias Gerstner <matthias.gerstner@su…)
• 2020/01/22 #2: Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lo… (Matthias Gerstner <matthias.gerstner@su…)
• 2020/01/22 #1: Plone security hotfix 20200121 (Maurits van Rees <maurits@...rees.org>)
• 2020/01/21 #2: Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock (Nick Boyce <nick.boyce@...il.com>)
• 2020/01/21 #1: CVE-2019-20384: Portage insecure temporary location (Michael Orlitzky <michael@...itzky.com>)
• 2020/01/20 #6: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #5: CVE-2019-18899: apt-cacher-ng: openSUSE packaging for apt-cacher-ng runs the daemon as root instead of as an unprivileged… (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #4: CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials le… (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #3: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock (Matthias Gerstner <mgerstner@...e.de>)
• 2020/01/20 #2: CVE-2020-2656, CVE-2020-2696 - Multiple vulnerabilities in Oracle Solaris (Marco Ivaldi <marco.ivaldi@...iaservice.net>)
• 2020/01/20 #1: Re: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (Peter Kjellström <cap@....liu.se>)
• 2020/01/17 #4: Re: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (John Haxby <john.haxby@...cle.com>)
• 2020/01/17 #3: Re: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (Sven Schwedas <sven.schwedas@....at>)
• 2020/01/17 #2: CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host (P J P <ppandit@...hat.com>)
• 2020/01/17 #1: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume (Jeffrey Walton <noloader@...il.com>)
• 2020/01/16 #4: [CVE-2019-17573] Apache CXF Reflected XSS in the services listing page (Colm O hEigeartaigh <coheigea@...che.org>)
• 2020/01/16 #3: [CVE-2019-12423] Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk… (Colm O hEigeartaigh <coheigea@...che.or…)
• 2020/01/16 #2: CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (P J P <ppandit@...hat.com>)
• 2020/01/16 #1: [CVE-2019-17570] xmlrpc-common untrusted deserialization (<cert.cc@...nge.com>)
• 2020/01/15 #2: [CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verification (Ismaël Mejía <iemejia@...che.org>)
• 2020/01/15 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/01/14 #4: Re: linux-distros membership adjustment/vouching (Jorge Lucangeli Obes <jorgelo@...gle.com>)
• 2020/01/14 #3: Xen Security Advisory 312 v1 - arm: a CPU may speculate past the ERET instruction (Xen.org security team <security@....org>)
• 2020/01/14 #2: [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI (Ash Berlin-Taylor <ash@...che.org>)
• 2020/01/14 #1: CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint (Randall Hauch <rhauch@...che.org>)
• 2020/01/12 #1: Re: linux-distros membership adjustment/vouching (Solar Designer <solar@...nwall.com>)
• 2020/01/10 #1: linux-distros membership adjustment/vouching (Kees Cook <kees@...ntu.com>)
• 2020/01/08 #2: [SECURITY] CVE-2020-1925: Possible SSRF in AsyncResponseWrapperImpl (mibo <mibo@...che.org>)
• 2020/01/08 #1: [SECURITY ADVISORY] curl: SMB access smuggling via FILE URL on Windows (CVE-2019-15601) (Daniel Stenberg <daniel@...x.se>)
• 2019/12/30 #1: [CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter (Erik Hatcher <erik.hatcher@...il.com>)
• 2019/12/29 #1: OpenSC 0.20.0 released (Frank Morgner <frankmorgner@...il.com>)
• 2019/12/24 #1: CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities (butt3rflyh4ck <butterflyhuangxx@...il.com>)
• 2019/12/23 #2: Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 ("Larry W. Cashdollar" <larry0@...com>)
• 2019/12/23 #1: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 ("Larry W. Cashdollar" <larry0@...com>)
• 2019/12/20 #2: VNC vulnerabilities. TigerVNC security update (Pavel Cheremushkin <Pavel.Cheremushkin@...persky.com>)
• 2019/12/20 #1: Re: CVE requests: three vulnerabilities in ImageMagick (Mohammad Tausif Siddiqui <msiddiqu@...hat.com>)
• 2019/12/19 #3: Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack ("Stuart D. Gathman" <stuart@...hman.org>)
• 2019/12/19 #2: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer (Matt Sicker <mattsicker@...che.org>)
• 2019/12/19 #1: CVE requests: three vulnerabilities in ImageMagick (GalyCannon <galycannon@...il.com>)
• 2019/12/18 #3: Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack ("Alexander E. Patrakov" <patrakov@...il.com>)
• 2019/12/18 #2: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack (Aaron Patterson <aaron.patterson@...il.com>)
• 2019/12/18 #1: Django: CVE-2019-19844: Potential account hijack via password reset form (Mariusz Felisiak <felisiak.mariusz@...il.com>)
• 2019/12/17 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/12/16 #3: [CVE-2019-12413] Apache Incubator Superset meta data leak vulnerability (daniel gaspar <danielvazgaspar@...il.com>)
• 2019/12/16 #2: [CVE-2019-12414] Apache Incubator Superset medata data leak vulnerability (daniel gaspar <danielvazgaspar@...il.com>)
• 2019/12/16 #1: CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (P J P <ppandit@...hat.com>)
• 2019/12/13 #3: Re: CVE-2019-19722: Critical vulnerability in Dovecot (Aki Tuomi <aki.tuomi@...n-xchange.com>)

25816 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.