Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2020/08/08 #10: Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (Solar Designer <solar@...nwall.com>)
• 2020/08/08 #9: Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (Daniel Ruggeri <druggeri@...che.org>)
• 2020/08/08 #8: Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (Daniel Ruggeri <druggeri@...che.org>)
• 2020/08/08 #7: Re: [prometheus-team] Voiding CVE-2020-16248 (Julien Pivotto <roidelapluie@...metheus.io>)
• 2020/08/08 #6: Re: Voiding CVE-2020-16248 (Sylvain Beucler <beuc@...c.net>)
• 2020/08/08 #5: Re: [prometheus-team] Voiding CVE-2020-16248 (Bartłomiej Płotka <bwplotka@...il.com>)
• 2020/08/08 #4: Re: Voiding CVE-2020-16248 (Hanno Böck <hanno@...eck.de>)
• 2020/08/08 #3: Voiding CVE-2020-16248 (Richard Hartmann <richih.mailinglist@...il.com>)
• 2020/08/08 #2: [CVE-2020-9479] Directory traversal vulnerability in Apache AsterixDB (Ian Maxon <imaxon@...che.org>)
• 2020/08/08 #1: Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (Seth Arnold <seth.arnold@...onical.com>)
• 2020/08/07 #5: Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (Solar Designer <solar@...nwall.com>)
• 2020/08/07 #4: CVE-2020-9490: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header (Daniel Ruggeri <druggeri@...che.org>)
• 2020/08/07 #3: CVE-2020-11993: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header (Daniel Ruggeri <druggeri@...che.org>)
• 2020/08/07 #2: CVE-2020-11985: Apache httpd: CWE-345: Insufficient verification of data authenticity (Daniel Ruggeri <druggeri@...che.org>)
• 2020/08/07 #1: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (Daniel Ruggeri <druggeri@...che.org>)
• 2020/08/06 #4: Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (James Bottomley <jejb@...ux.ibm.com>)
• 2020/08/06 #3: Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Debora Velarde Babb <debora@...ux.ibm.com>)
• 2020/08/06 #2: Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Jonas Witschel <diabonas@...hlinux.org>)
• 2020/08/06 #1: Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Jerry Snitselaar <jsnitsel@...hat.com>)
• 2020/08/05 #3: [CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated. (Sheng Wu <wusheng@...che.org>)
• 2020/08/05 #2: Re: ansi escape sequence injection into ubuntu's add-apt-repository ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/08/05 #1: Re: ansi escape sequence injection into ubuntu's add-apt-repository ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/08/04 #2: Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Marco Benatto <mbenatto@...hat.com>)
• 2020/08/04 #1: Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Debora Velarde Babb <debora@...ux.ibm.com>)
• 2020/08/03 #2: Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon (Marco Benatto <mbenatto@...hat.com>)
• 2020/08/03 #1: ansi escape sequence injection into ubuntu's add-apt-repository ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/07/31 #2: Fwd: X.Org security advisory: July 31, 2020: Xserver (Matthieu Herrb <matthieu@...rb.eu>)
• 2020/07/31 #1: Fwd: X.Org security advisory: July 31, 2020: libX11 (Matthieu Herrb <matthieu@...rb.eu>)
• 2020/07/30 #8: Re: Alternative CET ABI ("H.J. Lu" <hjl.tools@...il.com>)
• 2020/07/30 #7: Re: Alternative CET ABI (Szabolcs Nagy <szabolcs.nagy@....com>)
• 2020/07/30 #6: Re: Alternative CET ABI (Florian Weimer <fweimer@...hat.com>)
• 2020/07/30 #5: Re: Alternative CET ABI (Jann Horn <jannh@...gle.com>)
• 2020/07/30 #4: Alternative CET ABI (Florian Weimer <fweimer@...hat.com>)
• 2020/07/30 #3: Re: UEFI SecureBoot bypass fixes rolled out to kernels below radar (John Haxby <john.haxby@...cle.com>)
• 2020/07/30 #2: UEFI SecureBoot bypass fixes rolled out to kernels below radar ("Jason A. Donenfeld" <Jason@...c4.com>)
• 2020/07/30 #1: Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update (张云海 <zhangyunhai@...ocus.com>)
• 2020/07/29 #3: multiple secure boot grub2 and linux kernel vulnerabilities (John Haxby <john.haxby@...cle.com>)
• 2020/07/29 #2: Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update (Solar Designer <solar@...nwall.com>)
• 2020/07/29 #1: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2020/07/28 #3: Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update (Eric Biggers <ebiggers@...nel.org>)
• 2020/07/28 #2: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update (张云海 <zhangyunhai@...ocus.com>)
• 2020/07/28 #1: Re: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/25 #1: Re: Flatcar membership on the linux-distros list (Solar Designer <solar@...nwall.com>)
• 2020/07/24 #1: Re: Flatcar membership on the linux-distros list (Greg KH <greg@...ah.com>)
• 2020/07/23 #8: Re: Flatcar membership on the linux-distros list (Jeff Law <law@...hat.com>)
• 2020/07/23 #7: Re: Flatcar membership on the linux-distros list (Solar Designer <solar@...nwall.com>)
• 2020/07/23 #6: Re: Flatcar membership on the linux-distros list (Jeff Law <law@...hat.com>)
• 2020/07/23 #5: Re: Flatcar membership on the linux-distros list (Solar Designer <solar@...nwall.com>)
• 2020/07/23 #4: Re: Flatcar membership on the linux-distros list (Vincent Batts <vbatts@...volk.io>)
• 2020/07/23 #3: Re: Contributing Back (Solar Designer <solar@...nwall.com>)
• 2020/07/23 #2: Re: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/23 #1: Re: Contributing Back (Mohammad Tausif Siddiqui <msiddiqu@...hat.com>)
• 2020/07/22 #1: CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2020/07/21 #3: CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets (P J P <ppandit@...hat.com>)
• 2020/07/21 #2: Xen Security Advisory 329 v3 (CVE-2020-15852) - Linux ioperm bitmap context switching issues (Xen.org security team <security@....org>)
• 2020/07/21 #1: Re: Perl 5.32.0 mishandling of rpath and runpath tokens (Casper.Dik@...cle.COM)
• 2020/07/20 #10: Re: Contributing Back (Solar Designer <solar@...nwall.com>)
• 2020/07/20 #9: Re: Flatcar membership on the linux-distros list (Solar Designer <solar@...nwall.com>)
• 2020/07/20 #8: CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin (Gary Tully <gtully@...che.org>)
• 2020/07/20 #7: Re: Re: lockdown bypass on mainline kernel for loading unsigned modules (Marcus Meissner <meissner@...e.de>)
• 2020/07/20 #6: Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules (Marcus Meissner <meissner@...e.de>)
• 2020/07/20 #5: Re: Perl 5.32.0 mishandling of rpath and runpath tokens (Jeffrey Walton <noloader@...il.com>)
• 2020/07/20 #4: Re: Perl 5.32.0 mishandling of rpath and runpath tokens (Phil Pennock <oss-security-phil@...dhuis.org>)
• 2020/07/20 #3: Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues (Andrew Cooper <andrew.cooper3@...rix.com>)
• 2020/07/20 #2: Re: Perl 5.32.0 mishandling of rpath and runpath tokens (Jeffrey Walton <noloader@...il.com>)
• 2020/07/20 #1: Perl 5.32.0 mishandling of rpath and runpath tokens (Jeffrey Walton <noloader@...il.com>)
• 2020/07/19 #1: CVE-2018-21036: Sails.js before v1.0.0-46 DoS (ali.of.south@...mail.me)
• 2020/07/17 #1: Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues (Mauro Matteo Cascella <mcascell@...hat.com>)
• 2020/07/16 #1: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues (Xen.org security team <security@....org>)
• 2020/07/15 #6: Kubernetes: CVE-2020-8559: Privilege escalation from compromised node to cluster (Tim Allclair <tallclair@...gle.com>)
• 2020/07/15 #5: Multiple vulnerabilities in Jenkins and Jenkins plugins (Wadeck Follonier <wfollonier@...udbees.com>)
• 2020/07/15 #4: CVE-2020-8557: Kubernetes: Node disk DOS by writing to container /etc/hosts (Joel Smith <joelsmith@...hat.com>)
• 2020/07/15 #3: [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication (Jacques Le Roux <jacques.le.roux@...7arts.com>)
• 2020/07/15 #2: [CVE-2020-13923] IDOR in Apache OFBiz (Jacques Le Roux <jacques.le.roux@...7arts.com>)
• 2020/07/15 #1: Re: Flatcar membership on the linux-distros list (Randy Barlow <randy@...ctronsweatshop.com>)
• 2020/07/14 #5: Flatcar membership on the linux-distros list (Vincent Batts <vbatts@...volk.io>)
• 2020/07/14 #4: [SECURITY] CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service (Mark Thomas <markt@...che.org>)
• 2020/07/14 #3: [SECURITY] CVE-2020-13935 Apache Tomcat WebSocket Denial of Service (Mark Thomas <markt@...che.org>)
• 2020/07/14 #2: [SECURITY][CVE-2020-13926] Apache Kylin SQL injection vulnerability (ShaoFeng Shi <shaofengshi@...che.org>)
• 2020/07/14 #1: [SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability (ShaoFeng Shi <shaofengshi@...che.org>)
• 2020/07/13 #1: Re: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/11 #1: Re: Contributing Back (Solar Designer <solar@...nwall.com>)
• 2020/07/10 #1: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2020/07/09 #2: X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
• 2020/07/09 #1: SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql ("Larry W. Cashdollar" <larry0@...com>)
• 2020/07/08 #1: [Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary (Joel Smith <joelsmith@...hat.com>)
• 2020/07/07 #6: Xen Security Advisory 328 v3 (CVE-2020-15567) - non-atomic modification of live EPT PTE (Xen.org security team <security@....org>)
• 2020/07/07 #5: Xen Security Advisory 327 v3 (CVE-2020-15564) - Missing alignment check in VCPUOP_register_vcpu_info (Xen.org security team <security@....org>)
• 2020/07/07 #4: Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d (Xen.org security team <security@....org>)
• 2020/07/07 #3: Xen Security Advisory 319 v3 (CVE-2020-15563) - inverted code paths in x86 dirty VRAM tracking (Xen.org security team <security@....org>)
• 2020/07/07 #2: Xen Security Advisory 317 v3 (CVE-2020-15566) - Incorrect error handling in event channel port allocation (Xen.org security team <security@....org>)
• 2020/07/07 #1: veyon: Veyon uses fixed logfile paths in /tmp in versions prior v4.4.0 (Matthias Gerstner <mgerstner@...e.de>)
• 2020/07/06 #1: CVE-2020-13640: WordPress Plugin wpDiscuz <= 5.3.5 SQL injection (asterite <asterite@...lab.cs.msu.su>)
• 2020/07/03 #1: Re: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/02 #7: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2020/07/02 #6: Re: Contributing Back (Daniel Stenberg <daniel@...x.se>)
• 2020/07/02 #5: Re: Contributing Back (Francis Perron <francisp@...gle.com>)
• 2020/07/02 #4: Contributing Back (Zhang Xiao <xiao.zhang@...driver.com>)
• 2020/07/02 #3: [SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling (Mike Jumper <mjumper@...che.org>)
• 2020/07/02 #2: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels (Mike Jumper <mjumper@...che.org>)

26192 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.