oss-security mailing list
Recent messages:
- 2024/09/07 #3:
Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10,
3.10.15, 3.9.20, and 3.8.20 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/09/07 #2:
CVE-2024-45751: CHAP authentication bypass in user-space Linux target
framework (tgt) up to v1.0.92 (David Gstir <david@...ma-star.at>)
- 2024/09/07 #1:
libpcap 1.10.5 released with two security fixes (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/09/06 #4:
CVE-2024-7012, CVE-2024-7923: Authentication bypass in Foreman &
Pulpcore (Christian Hoffmann <christian@...fie.info>)
- 2024/09/06 #3:
CVE-2024-45034: Apache Airflow: Authenticated DAG authors could
execute code on scheduler nodes (Ephraim Anierobi <ephraimanierobi@...che.org>)
- 2024/09/06 #2:
CVE-2024-45498: Apache Airflow: Command Injection in an example
DAG (Ephraim Anierobi <ephraimanierobi@...che.org>)
- 2024/09/06 #1:
Re: Linux kernel: memory leak in
arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() (Michael Ellerman <mpe@...erman.id.au>)
- 2024/09/05 #1:
Go 1.23.1 and Go 1.22.7 released with 3 security fixes (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/09/04 #4:
[OSSA-2024-003] OpenStack Ironic: Unvalidated image data passed to
qemu-img (CVE-2024-44082) (Brian Rosmaita <rosmaita.fossdev@...il.com>)
- 2024/09/04 #3:
CVE-2024-43402: Rust before 1.81.0 didn't fully fix argument escaping for
batch files ("Pietro Albini" <pietro@...troalbini.org>)
- 2024/09/04 #2:
Re: CVE-2024-45310: runc can be tricked into creating empty
files/directories on host (Aleksa Sarai <cyphar@...har.com>)
- 2024/09/04 #1:
Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05) (Sergei G <serg.gordey@...il.com>)
- 2024/09/03 #7:
CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when
loading them from Java or Groovy, leading to a RCE (Jacques Le Roux <jleroux@...che.org>)
- 2024/09/03 #6:
CVE-2024-45195: Apache OFBiz: Confused controller-view
authorization logic (forced browsing) (Jacques Le Roux <jleroux@...che.org>)
- 2024/09/03 #5:
CPython: [CVE-2024-6232] Regular-expression DoS when parsing TarFile
headers (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/09/03 #4:
CVE-2024-6119: OpenSSL: Possible denial of service in X.509 name checks (Tomas Mraz <tomas@...nssl.org>)
- 2024/09/03 #3:
Django CVE-2024-45230 and CVE-2024-45231 (Natalia Bidart <nataliabidart@...ngoproject.com>)
- 2024/09/03 #2:
Re: CVE-2024-45310: runc can be tricked into creating
empty files/directories on host ("Mike O'Connor" <mjo@...o.mi.org>)
- 2024/09/03 #1:
CVE-2024-45310: runc can be tricked into creating empty
files/directories on host (Aleksa Sarai <cyphar@...har.com>)
- 2024/09/02 #2:
Re: Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() (Solar Designer <solar@...nwall.com>)
- 2024/09/02 #1:
Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() ("2639161967" <2639161967@...com>)
- 2024/08/31 #1:
[vim-security] heap-buffer-overflow in Vim > 9.1.0038 && < 9.1.0707 (Christian Brabandt <cb@...bit.org>)
- 2024/08/26 #1:
CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax
shared memory permissions (Eric Covener <covener@...che.org>)
- 2024/08/25 #1:
[vim-security] heap-buffer-overflow in ins_typebuf() in Vim <
9.1.0697 (Christian Brabandt <cb@...bit.org>)
- 2024/08/23 #2:
Re: CPython: CVE-2024-8088: Infinite loop when
iterating over zip archive entry names (Fay Stegerman <flx@...usk.net>)
- 2024/08/23 #1:
Re: CPython: CVE-2024-8088: Infinite loop when
iterating over zip archive entry names (Fay Stegerman <flx@...usk.net>)
- 2024/08/22 #4:
Re: CPython: CVE-2024-8088: Infinite loop when
iterating over zip archive entry names (Fay Stegerman <flx@...usk.net>)
- 2024/08/22 #3:
[vim-security] heap-buffer-overflow in do_search() in Vim < 9.1.0689 (Christian Brabandt <cb@...bit.org>)
- 2024/08/22 #2:
gh:facebook/rocksdb v9.5.2 - SupplyChainAttackPoC for Meta BB (Andreas Stieger <Andreas.Stieger@....de>)
- 2024/08/22 #1:
CPython: CVE-2024-8088: Infinite loop when iterating over zip archive
entry names (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/08/21 #3:
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on
provider link (Ephraim Anierobi <ephraimanierobi@...che.org>)
- 2024/08/21 #2:
CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read
vulnerability (Jun Gao <gaojun2048@...che.org>)
- 2024/08/21 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/20 #3:
CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded
secret in the express-session (Junkai Xue <jxue@...che.org>)
- 2024/08/20 #2:
CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution
Vulnerability (ShunFeng Cai <caishunfeng@...che.org>)
- 2024/08/20 #1:
Re: feedback requested regarding deprecation
of TLS 1.0/1.1 (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/08/19 #2:
Re: AI Cyber Challenge (AIxCC) semi-final results from
DEF CON 32 (2024) ("David A. Wheeler" <dwheeler@...eeler.com>)
- 2024/08/19 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/18 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Peter Gutmann <pgut001@...auckland.ac.nz>)
- 2024/08/17 #3:
Re: AI Cyber Challenge (AIxCC) semi-final results from
DEF CON 32 (2024) (Alfredo Ortega <ortegaalfredo@...il.com>)
- 2024/08/17 #2:
Landlock Houdini fix: CVE-2024-42318 (Mickaël Salaün <mic@...ikod.net>)
- 2024/08/17 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/16 #8:
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0004 (Adrian Perez de Castro <aperez@...lia.com>)
- 2024/08/16 #7:
AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) ("David A. Wheeler" <dwheeler@...eeler.com>)
- 2024/08/16 #6:
Unbound 1.21.0 released with multiple security fixes (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/08/16 #5:
[kubernetes] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass (Craig Ingram <cjingram@...gle.com>)
- 2024/08/16 #4:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Jeffrey Walton <noloader@...il.com>)
- 2024/08/16 #3:
Heads-up: there are two versions of Intel microcode update IPU 2024.3 (Samuel Verschelde <samuel.verschelde@...es.tech>)
- 2024/08/16 #2:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/16 #1:
Re: collision confounders (was: feedback requested
regarding deprecation of TLS 1.0/1.1) (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/15 #6:
[vim-security] use-after-free in alist_add() in Vim < v9.1.0678 (Christian Brabandt <cb@...bit.org>)
- 2024/08/15 #5:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Peter Gutmann <pgut001@...auckland.ac.nz>)
- 2024/08/15 #4:
Dovecot CVE-2024-23185: Very large headers can cause resource
exhaustion when parsing message (Aki Tuomi <aki.tuomi@...ecot.fi>)
- 2024/08/15 #3:
Dovecot CVE-2024-23184: Having a large number of address headers
(From, To, Cc, Bcc, etc.) becomes excessively CPU intensive (Aki Tuomi <aki.tuomi@...ecot.fi>)
- 2024/08/15 #2:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/15 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Hanno Böck <hanno@...eck.de>)
- 2024/08/14 #8:
Re: Tracking down a lost CVE request (MITRE) (Michael Orlitzky <michael@...itzky.com>)
- 2024/08/14 #7:
Re: Tracking down a lost CVE request (MITRE) (Mark Esler <mark.esler@...onical.com>)
- 2024/08/14 #6:
flatpak CVE-2024-42472: Access to files outside sandbox for apps
using persistent= (--persist) (Simon McVittie <smcv@...labora.com>)
- 2024/08/14 #5:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Pat Gunn <pgunn01@...il.com>)
- 2024/08/14 #4:
CVE-2024-7347: nginx: ngx_http_mp4_module: Worker process crash by using a specially crafted mp4 file (Solar Designer <solar@...nwall.com>)
- 2024/08/14 #3:
Xen Security Advisory 461 v2 (CVE-2024-31146) - PCI device
pass-through with shared resources (Xen.org security team <security@....org>)
- 2024/08/14 #2:
Xen Security Advisory 460 v2 (CVE-2024-31145) - error handling in
x86 IOMMU identity mapping (Xen.org security team <security@....org>)
- 2024/08/14 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 ("Mike O'Connor" <mjo@...o.mi.org>)
- 2024/08/12 #2:
CVE-2024-41909: Apache MINA SSHD: integrity check bypass (Arnout Engelen <engelen@...che.org>)
- 2024/08/12 #1:
CVE-2024-42008 and more: XSS vulnerabilities in Roundcube webmail (Valtteri Vuorikoski <vuori@...com.org>)
- 2024/08/11 #1:
CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (Solar Designer <solar@...nwall.com>)
- 2024/08/09 #7:
CVE-2024-30188: Apache DolphinScheduler: Resource File Read And
Write Vulnerability (ShunFeng Cai <caishunfeng@...che.org>)
- 2024/08/09 #6:
CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js
execution (ShunFeng Cai <caishunfeng@...che.org>)
- 2024/08/09 #5:
CVE-2024-41888: Apache Answer: The link for resetting user
password is not Single-Use (Enxin Xie <linkinstar@...che.org>)
- 2024/08/09 #4:
CVE-2024-41890: Apache Answer: The link to reset the user's
password will remain valid after sending a new link (Enxin Xie <linkinstar@...che.org>)
- 2024/08/09 #3:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jens Timmerman <jens@...et.be>)
- 2024/08/09 #2:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Peter Gutmann <pgut001@...auckland.ac.nz>)
- 2024/08/09 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/08/08 #10:
Re: feedback requested regarding deprecation
of TLS 1.0/1.1 (steffen <steffen@...oden.eu>)
- 2024/08/08 #9:
Re: feedback requested regarding deprecation
of TLS 1.0/1.1 (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/08/08 #8:
Re: feedback requested regarding deprecation
of TLS 1.0/1.1 (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/08/08 #7:
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal (KoreLogic Disclosures <disclosures@...elogic.com>)
- 2024/08/08 #6:
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting (KoreLogic Disclosures <disclosures@...elogic.com>)
- 2024/08/08 #5:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Clemens Lang <cllang@...hat.com>)
- 2024/08/08 #4:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Clemens Lang <cllang@...hat.com>)
- 2024/08/08 #3:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Duncan Grisby <duncan@...sby.org>)
- 2024/08/08 #2:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/08/08 #1:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Jeffrey Walton <noloader@...il.com>)
- 2024/08/07 #14:
Re: feedback requested regarding deprecation
of TLS 1.0/1.1 (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/08/07 #13:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Marco Moock <mm@...fdsl.de>)
- 2024/08/07 #12:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Pat Gunn <pgunn01@...il.com>)
- 2024/08/07 #11:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Solar Designer <solar@...nwall.com>)
- 2024/08/07 #10:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/08/07 #9:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (niekt0 <niekt0@...eria.cz>)
- 2024/08/07 #8:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Dan Kegel <dank@...el.com>)
- 2024/08/07 #7:
Re: feedback requested regarding deprecation
of TLS 1.0/1.1 (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/08/07 #6:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Jeffrey Walton <noloader@...il.com>)
- 2024/08/07 #5:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Chad Sheridan <chadapsheridan@...il.com>)
- 2024/08/07 #4:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Neil Horman <nhorman@...nssl.org>)
- 2024/08/07 #3:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Bob Friesenhahn <bobjfriesenhahn@...il.com>)
- 2024/08/07 #2:
Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
- 2024/08/07 #1:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Jan Engelhardt <jengelh@...i.de>)
- 2024/08/06 #13:
Re: feedback requested regarding deprecation of TLS 1.0/1.1 (Alex Gaynor <alex.gaynor@...il.com>)
- 2024/08/06 #12:
Re: feedback requested regarding deprecation of TLS
1.0/1.1 (Demi Marie Obenour <demi@...isiblethingslab.com>)
30479 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.