Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2019/12/11 #9: Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) (Qualys Security Advisory <qsa@...lys.com>)
• 2019/12/11 #8: [OSSA-2019-006] Keystone: Credentials API allows listing and retrieving of all users credentials (CVE-2019-19687) (Gage Hugo <gagehugo@...il.com>)
• 2019/12/11 #7: Xen Security Advisory 308 v3 (CVE-2019-19583) - VMX: VMentry failure with debug exceptions and blocked states (Xen.org security team <security@....org>)
• 2019/12/11 #6: Xen Security Advisory 311 v4 (CVE-2019-19577) - Bugs in dynamic height handling for AMD IOMMU pagetables (Xen.org security team <security@....org>)
• 2019/12/11 #5: Xen Security Advisory 310 v3 (CVE-2019-19580) - Further issues with restartable PV type change operations (Xen.org security team <security@....org>)
• 2019/12/11 #4: Xen Security Advisory 309 v3 (CVE-2019-19578) - Linear pagetable use / entry miscounts (Xen.org security team <security@....org>)
• 2019/12/11 #3: Xen Security Advisory 307 v3 (CVE-2019-19581,CVE-2019-19582) - find_next_bit() issues (Xen.org security team <security@....org>)
• 2019/12/11 #2: Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability (VMware Security Response Center <security@...are.com>)
• 2019/12/11 #1: Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (P J P <ppandit@...hat.com>)
• 2019/12/10 #4: Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (Tyler Hicks <tyhicks@...onical.com>)
• 2019/12/10 #3: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (P J P <ppandit@...hat.com>)
• 2019/12/10 #2: Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability (Riccardo Schirone <rschiron@...hat.com>)
• 2019/12/10 #1: CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow (<sandreim@...zon.com>)
• 2019/12/09 #8: Re: Shell wildcards considered dangerous? (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/09 #7: Re: Shell wildcards considered dangerous? (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/09 #6: Re: Shell wildcards considered dangerous? (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/09 #5: Re: Shell wildcards considered dangerous? (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/09 #4: Re: Shell wildcards considered dangerous? (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/09 #3: Re: Shell wildcards considered dangerous? (Heiko Schlittermann <hs@...littermann.de>)
• 2019/12/09 #2: Re: Shell wildcards considered dangerous? (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/09 #1: Shell wildcards considered dangerous? (Georgi Guninski <gguninski@...il.com>)
• 2019/12/08 #1: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/06 #3: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (ValdikSS <iam@...dikss.org.ru>)
• 2019/12/06 #2: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (ValdikSS <iam@...dikss.org.ru>)
• 2019/12/06 #1: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability (VMware Security Response Center <security@...are.com>)
• 2019/12/05 #7: Xen Security Advisory 306 v3 (CVE-2019-19579) - Device quarantine for alternate pci assignment methods (Xen.org security team <security@....org>)
• 2019/12/05 #6: Re: Authentication vulnerabilities in OpenBSD (Arrigo Triulzi <arrigo@...hemistowl.org>)
• 2019/12/05 #5: Re: Authentication vulnerabilities in OpenBSD (Renaud Allard <renaud@...ard.it>)
• 2019/12/05 #4: Re: Authentication vulnerabilities in OpenBSD (Georgi Guninski <gguninski@...il.com>)
• 2019/12/05 #3: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (Colm MacCárthaigh <colm@...costs.net>)
• 2019/12/05 #2: Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (Noel Kuntze <noel.kuntze+oss-security@...rmi.consulting>)
• 2019/12/05 #1: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ("William J. Tolley" <william@...akpointingbad.com>)
• 2019/12/04 #6: Re: Authentication vulnerabilities in OpenBSD (Solar Designer <solar@...nwall.com>)
• 2019/12/04 #5: Authentication vulnerabilities in OpenBSD (Qualys Security Advisory <qsa@...lys.com>)
• 2019/12/04 #4: [CVE-2019-19331] Knot Resolver 4.3.0 security release (Vladimír Čunát <vladimir.cunat@....cz>)
• 2019/12/04 #3: CVE-2019-17556: Olingo: Deserialization vulnerability (mibo <mibo@...che.org>)
• 2019/12/04 #2: CVE-2019-17555: Olingo: DoS via Retry-After header vulnerability (mibo <mibo@...che.org>)
• 2019/12/04 #1: CVE-2019-17554: Olingo: XML External Entity resolution attack (mibo <mibo@...che.org>)
• 2019/12/03 #4: Linux kernel: multiple vulnerabilities in the USB subsystem x3 (Andrey Konovalov <andreyknvl@...il.com>)
• 2019/12/03 #3: Re: virtual consoles (Tavis Ormandy <taviso@...il.com>)
• 2019/12/03 #2: Re: virtual consoles (Simon McVittie <smcv@...ian.org>)
• 2019/12/03 #1: Re: virtual consoles (Georgi Guninski <gguninski@...il.com>)
• 2019/12/02 #6: Re: virtual consoles (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/02 #5: Re: virtual consoles (Leonid Isaev <leonid.isaev@...x.com>)
• 2019/12/02 #4: Re: virtual consoles (Tavis Ormandy <taviso@...il.com>)
• 2019/12/02 #3: Re: virtual consoles (Solar Designer <solar@...nwall.com>)
• 2019/12/02 #2: virtual consoles (Tavis Ormandy <taviso@...il.com>)
• 2019/12/02 #1: Django 2.2.8 and 2.1.15: CVE-2019-19118: Privilege escalation in the Django admin. (Carlton Gibson <carlton.gibson@...il.com>)
• 2019/11/28 #2: Multiple issues in lemonldap-ng (Raphael Geissert <geissert@...ian.org>)
• 2019/11/28 #1: CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) (Jesse <purplecabbage@...il.com>)
• 2019/11/27 #1: CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation (Michael Ellerman <mpe@...erman.id.au>)
• 2019/11/26 #2: Xen Security Advisory 306 v2 - Device quarantine for alternate pci assignment methods (Xen.org security team <security@....org>)
• 2019/11/26 #1: grub2-set-bootflag utility causes grubenv corruption rendering the system un-bootable (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
• 2019/11/25 #4: Re: Lots of bugs in 32-bit x86 Linux entry code (Simon McVittie <smcv@...ian.org>)
• 2019/11/25 #3: Re: Lots of bugs in 32-bit x86 Linux entry code ("Stuart D. Gathman" <stuart@...hman.org>)
• 2019/11/25 #2: Lots of bugs in 32-bit x86 Linux entry code (Andy Lutomirski <luto@...nel.org>)
• 2019/11/25 #1: Re: Linux kernel: heap overflow in the marvell wifi driver (Solar Designer <solar@...nwall.com>)
• 2019/11/22 #2: Linux kernel: heap overflow in the marvell wifi driver (qize wang <wangqize888888888@...il.com>)
• 2019/11/22 #1: Linux kernel: three buffer overflow in the marvell wifi driver (huangwen <huangwenabc@...il.com>)
• 2019/11/21 #1: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/11/20 #9: Re: Mitigating malicious packages in gnu/linux (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2019/11/20 #8: BIND9 CVE-2019-6477 (ISC Security Officer <security-officer@....org>)
• 2019/11/20 #7: Re: Mitigating malicious packages in gnu/linux (Jeremy Stanley <fungi@...goth.org>)
• 2019/11/20 #6: Re: Mitigating malicious packages in gnu/linux (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2019/11/20 #5: Re: Mitigating malicious packages in gnu/linux (Mark Hatle <mark.hatle@...nel.crashing.org>)
• 2019/11/20 #4: Re: Mitigating malicious packages in gnu/linux (Aditya Sirish Arunkumar Yelgundhalli <asy278@....edu>)
• 2019/11/20 #3: Re: Mitigating malicious packages in gnu/linux (Solar Designer <solar@...nwall.com>)
• 2019/11/20 #2: Re: Mitigating malicious packages in gnu/linux (Russ Allbery <eagle@...ie.org>)
• 2019/11/20 #1: Re: Mitigating malicious packages in gnu/linux (Solar Designer <solar@...nwall.com>)
• 2019/11/19 #12: [CVE-2019-10080] Apache NiFi XXE information disclosure (Nathan Gough <thenatog@...che.org>)
• 2019/11/19 #11: [CVE-2019-12421] Apache NiFi 'Log out' button did not completely log user out (Nathan Gough <thenatog@...che.org>)
• 2019/11/19 #10: [CVE-2019-10083] Apache NiFi process group information disclosure (Nathan Gough <thenatog@...che.org>)
• 2019/11/19 #9: Re: Mitigating malicious packages in gnu/linux (Morten Linderud <morten@...derud.pw>)
• 2019/11/19 #8: Re: Mitigating malicious packages in gnu/linux (Jakub Wilk <jwilk@...lk.net>)
• 2019/11/19 #7: Re: Mitigating malicious packages in gnu/linux (Ludovic Courtès <ludo@....org>)
• 2019/11/19 #6: Re: Mitigating malicious packages in gnu/linux (Tim Kuijsten <info+oss-security@...send.nl>)
• 2019/11/19 #5: Re: Mitigating malicious packages in gnu/linux ("Stuart D. Gathman" <stuart@...hman.org>)
• 2019/11/19 #4: Re: Mitigating malicious packages in gnu/linux (Pavel Heimlich <pavel.heimlich@...cle.com>)
• 2019/11/19 #3: Re: Mitigating malicious packages in gnu/linux (Morten Linderud <morten@...derud.pw>)
• 2019/11/19 #2: Mitigating malicious packages in gnu/linux (Georgi Guninski <gguninski@...il.com>)
• 2019/11/19 #1: CVE-2019-18934 Unbound: Vulnerability in IPSEC module (Ralph Dolmans <ralph@...etlabs.nl>)
• 2019/11/18 #1: [CVE-2019-12422] Apache Shiro weak cookie vulnerability (Brian Demers <bdemers@...che.org>)
• 2019/11/17 #2: Nokogiri security update v1.10.5 (Mike Dalessio <mike.dalessio@...il.com>)
• 2019/11/17 #1: [CVE-2019-10070] Apache Atlas Stored XSS Vulnerability (Madhan Neethiraj <madhan@...che.org>)
• 2019/11/15 #1: CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys (Cedric Buissart <cbuissar@...hat.com>)
• 2019/11/14 #1: Security release of kubernetes-csi sidecars - CVE-2019-11255 (Tim Allclair <tallclair@...gle.com>)
• 2019/11/12 #4: Xen Security Advisory 305 v1 (CVE-2019-11135) - TSX Asynchronous Abort speculative side channel (Xen.org security team <security@....org>)
• 2019/11/12 #3: Xen Security Advisory 304 v1 (CVE-2018-12207) - x86: Machine Check Error on Page Size Change DoS (Xen.org security team <security@....org>)
• 2019/11/12 #2: DPDK security advisory: CVE-2019-14818 (Ferruh Yigit <ferruh.yigit@...el.com>)
• 2019/11/12 #1: Re: CVE-2019-2201: libjpeg-turbo: code execution (pgajdos <pgajdos@...e.cz>)
• 2019/11/11 #1: CVE-2019-2201: libjpeg-turbo: code execution (Wolfgang Frisch <wolfgang.frisch@...e.com>)
• 2019/11/08 #8: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (Florian Weimer <fw@...eb.enyo.de>)
• 2019/11/08 #7: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (Russ Allbery <eagle@...ie.org>)
• 2019/11/08 #6: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2019/11/08 #5: CVE-2019-18397 - Stack buffer overflow in GNU FriBidi >= 1.0.0 (Alex Murray <alex.murray@...onical.com>)
• 2019/11/08 #4: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (John Haxby <john.haxby@...cle.com>)
• 2019/11/08 #3: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (John Haxby <john.haxby@...cle.com>)
• 2019/11/08 #2: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (Georgi Guninski <gguninski@...il.com>)
• 2019/11/08 #1: [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 (Micah Kornfield <emkornfield@...che.org>)
• 2019/11/07 #2: Re: independent volunteers on distros list (Solar Designer <solar@...nwall.com>)

25712 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.