oss-security mailing list
Recent messages:
- 2021/09/24 #1:
CVE-2021-36749: Apache Druid: The HTTP inputSource allows
authenticated users to read data from other sources than intended (in… (Clint Wylie <cwylie@...che.org>)
- 2021/09/21 #3:
Re: Containers-optimized OS (COS) membership in the linux-distros list (Solar Designer <solar@...nwall.com>)
- 2021/09/21 #2:
CVE-2021-38153: Timing Attack Vulnerability for Apache Kafka
Connect and Clients (Randall Hauch <rhauch@...che.org>)
- 2021/09/21 #1:
Re: Containers-optimized OS (COS) membership in the
linux-distros list (Oleksandr Tymoshenko <gonzo@...ezbox.com>)
- 2021/09/20 #1:
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
- 2021/09/18 #2:
Linux Kernel: Exploitable vulnerability in io_uring (Valentina Palmiotti <chompie@...plsecurity.com>)
- 2021/09/18 #1:
Re: Containers-optimized OS (COS) membership in the
linux-distros list (Kees Cook <keescook@...omium.org>)
- 2021/09/17 #5:
Re: Oracle Solaris membership in the distros list (Solar Designer <solar@...nwall.com>)
- 2021/09/17 #4:
Re: Containers-optimized OS (COS) membership in the linux-distros list (Solar Designer <solar@...nwall.com>)
- 2021/09/17 #3:
CVE-2021-40690: Apache Santuario: Bypass of the secureValidation property (Colm O hEigeartaigh <coheigea@...che.org>)
- 2021/09/17 #2:
Containers-optimized OS (COS) membership in the linux-distros list (Oleksandr Tymoshenko <ovt@...gle.com>)
- 2021/09/17 #1:
CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro
with Spring Boot, a specially crafted HTTP request may cau… (Brian Demers <bdemers@...che.org>)
- 2021/09/16 #3:
CVE-2021-39239: Apache Jena: XML External Entity (XXE)
vulnerability (Andy Seaborne <andy@...che.org>)
- 2021/09/16 #2:
[kubernetes] CVE-2020-8561: Webhook redirect in kube-apiserver ("Hausler, Micah" <mhausler@...zon.com>)
- 2021/09/16 #1:
[kubernetes] CVE-2021-25741: Symlink Exchange Can Allow Host
Filesystem Access (CJ Cullen <cjcullen@...gle.com>)
- 2021/09/15 #6:
CVE-2021-41079: Apache Tomcat DoS with unexpected TLS packet (Mark Thomas <markt@...che.org>)
- 2021/09/15 #5:
[CVE-2021-38300] Linux kernel cBPF JIT compiler for MIPS emits
incorrect branches leading to execution of arbitrary Kernel co… (Piotr Krysiuk <piotras@...il.com>)
- 2021/09/15 #4:
CVE-2021-3752: Linux kernel: a uaf bug in bluetooth ("Luo Likang" <luolikang@...ocus.com>)
- 2021/09/15 #3:
[SECURITY ADVISORY] curl: STARTTLS protocol injection via MITM (Daniel Stenberg <daniel@...x.se>)
- 2021/09/15 #2:
[SECURITY ADVISORY] curl: Protocol downgrade required TLS bypassed (Daniel Stenberg <daniel@...x.se>)
- 2021/09/15 #1:
[SECURITY ADVISORY] curl: UAF and double-free in MQTT sending (Daniel Stenberg <daniel@...x.se>)
- 2021/09/14 #2:
Re: Oracle Solaris membership in the distros list (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2021/09/14 #1:
Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in
ccp_run_aes_gcm_cmd() (Marcus Meissner <meissner@...e.de>)
- 2021/09/11 #2:
CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in
Apache Any23 YAMLExtractor.java (lewis john mcgibbney <lewismc@...che.org>)
- 2021/09/11 #1:
CVE-2021-38555: An XML external entity (XXE) injection vulnerability
exists in Apache Any23 StreamUtils.java (lewis john mcgibbney <lewismc@...che.org>)
- 2021/09/09 #2:
[OSSA-2021-006] Neutron: Routes middleware memory leak for
nonexistent controllers (CVE-2021-40797) (Jeremy Stanley <fungi@...goth.org>)
- 2021/09/09 #1:
CVE-2021-38540: Apache Airflow: Variable Import endpoint missed
authentication check (Kaxil Naik <kaxilnaik@...che.org>)
- 2021/09/08 #3:
CVE-2021-3773: Lack of port sanity checking in natd and
Netfilter leads to exploit of OpenVPN clients on Linux and FreeBSD platf… (Ben <ben@...akpointingbad.com>)
- 2021/09/08 #2:
Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in
XENMAPSPACE_grant_table handling (Xen.org security team <security@....org>)
- 2021/09/08 #1:
Re: CVE-2021-3715 Linux kernel: use-after-free in
route4_change() in net/sched/cls_route.c (Rohit Keshri <rkeshri@...hat.com>)
- 2021/09/07 #3:
Re: Pop!_OS Membership to linux-distros list ("Jeremy Soller" <jeremy@...tem76.com>)
- 2021/09/07 #2:
Re: CVE-2021-3715 Linux kernel: use-after-free in
route4_change() in net/sched/cls_route.c (Greg KH <greg@...ah.com>)
- 2021/09/07 #1:
CVE-2021-3715 Linux kernel: use-after-free in
route4_change() in net/sched/cls_route.c (Rohit Keshri <rkeshri@...hat.com>)
- 2021/09/06 #2:
Re: Possible memory leak on getspnam / getspnam_r (Solar Designer <solar@...nwall.com>)
- 2021/09/06 #1:
Re: Oracle Solaris membership in the distros list (Solar Designer <solar@...nwall.com>)
- 2021/09/02 #3:
CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown
interpreter (Jeff Zhang <zjffdu@...che.org>)
- 2021/09/02 #2:
CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass (Jeff Zhang <zjffdu@...che.org>)
- 2021/09/02 #1:
CVE-2019-10095: Apache Zeppelin: bash command injection in spark
interpreter (Jeff Zhang <zjffdu@...che.org>)
- 2021/09/01 #6:
Re: Xen Security Advisory 378 v3
(CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on
x86 (Andrew Cooper <andrew.cooper3@...rix.com>)
- 2021/09/01 #5:
Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696)
- IOMMU page mapping issues on x86 (Jason Andryuk <jandryuk@...il.com>)
- 2021/09/01 #4:
CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt
for latest Linux (Minh Yuan <yuanmingbuaa@...il.com>)
- 2021/09/01 #3:
Re: Linux kernel: fs/btrfs: null-ptr-dereference bug
in btrfs_rm_device in fs/btrfs/volumes.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/09/01 #2:
Xen Security Advisory 380 v3 (CVE-2021-28698) - long running
loops in grant table handling (Xen.org security team <security@....org>)
- 2021/09/01 #1:
Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696)
- IOMMU page mapping issues on x86 (Xen.org security team <security@....org>)
- 2021/08/31 #3:
Fwd: Node.js security updates for versions 12.x, and 14.x releases
lines, August 31 2021 (Daniel Bevenius <dbeveniu@...hat.com>)
- 2021/08/31 #2:
[OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via
extra_dhcp_opts (CVE-2021-40085) (Jeremy Stanley <fungi@...goth.org>)
- 2021/08/31 #1:
Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2021/08/30 #1:
NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of
NTFS-3G (Jussi Hietanen <jussi.hietanen@...era.com>)
- 2021/08/27 #4:
Fwd: Node.js security updates for versions 12.x, and 14.x releases
lines, August 31 2021 (Daniel Bevenius <dbeveniu@...hat.com>)
- 2021/08/27 #3:
ANNOUNCE: fetchmail security announcement 2021-02 (CVE-2021-39272) -
TLS bypass vulnerabilities ("NO STARTTLS") (Matthias Andree <matthias.andree@....de>)
- 2021/08/27 #2:
Re: Linux kernel: qrtr: another out-of-bound Read in
qrtr_endpoint_post in net/qrtr/qrtr.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/27 #1:
Re: Linux kernel: qrtr: another out-of-bound Read in
qrtr_endpoint_post in net/qrtr/qrtr.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/26 #6:
Re: Linux kernel: qrtr: another out-of-bound Read in
qrtr_endpoint_post in net/qrtr/qrtr.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/26 #5:
libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634) (Marco Benatto <mbenatto@...hat.com>)
- 2021/08/26 #4:
Re: Linux kernel: qrtr: another out-of-bound Read in
qrtr_endpoint_post in net/qrtr/qrtr.c (John Haxby <john.haxby@...cle.com>)
- 2021/08/26 #3:
Re: Linux kernel: fs/btrfs: null-ptr-dereference bug
in btrfs_rm_device in fs/btrfs/volumes.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/26 #2:
OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer
overruns processing ASN.1 strings (CVE-2021-3712) (Mark J Cox <mark@...nssl.org>)
- 2021/08/26 #1:
Re: Possible memory leak on getspnam / getspnam_r ("Jean D'Elboux" <j@....com.br>)
- 2021/08/25 #10:
Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem
layer (Qualys Security Advisory <qsa@...lys.com>)
- 2021/08/25 #9:
Re: Possible memory leak on getspnam / getspnam_r (Travis Finkenauer <tmfink@...iper.net>)
- 2021/08/25 #8:
Xen Security Advisory 378 v2 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696)
- IOMMU page mapping issues on x86 (Xen.org security team <security@....org>)
- 2021/08/25 #7:
Xen Security Advisory 380 v2 (CVE-2021-28698) - long running
loops in grant table handling (Xen.org security team <security@....org>)
- 2021/08/25 #6:
Xen Security Advisory 383 v2 (CVE-2021-28700) - xen/arm: No
memory limit for dom0less domUs (Xen.org security team <security@....org>)
- 2021/08/25 #5:
Xen Security Advisory 382 v2 (CVE-2021-28699) - inadequate
grant-v2 status frames array bounds check (Xen.org security team <security@....org>)
- 2021/08/25 #4:
Xen Security Advisory 379 v2 (CVE-2021-28697) - grant table v2
status pages may remain accessible after de-allocation (Xen.org security team <security@....org>)
- 2021/08/25 #3:
Linux kernel: fs/btrfs: null-ptr-dereference bug in
btrfs_rm_device in fs/btrfs/volumes.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/25 #2:
Linux kernel: qrtr: another out-of-bound Read in
qrtr_endpoint_post in net/qrtr/qrtr.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/25 #1:
Possible memory leak on getspnam / getspnam_r (Jean Diogo <j@....com.br>)
- 2021/08/24 #3:
Oracle Solaris membership in the distros list (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2021/08/24 #2:
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname (Mohammad Tausif Siddiqui <msiddiqu@...hat.com>)
- 2021/08/24 #1:
CVE-2021-33191: Apache NiFi - MiNiFi C++: MiNiFi CPP arbitrary
script execution is possible on the agent's host machine through t… (Arpad Boda <aboda@...che.org>)
- 2021/08/23 #1:
CVE-2021-35940: Apache Portable Runtime (APR): Regression of
CVE-2017-12613 (Joe Orton <jorton@...che.org>)
- 2021/08/20 #2:
August BIND maintenance releases contain a defect affecting servers
using the map zone file format (was: A vulnerability in B… (Michael McNally <mcnally@....org>)
- 2021/08/20 #1:
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware (Aaron Patterson <aaron.patterson@...il.com>)
- 2021/08/18 #3:
ISC has disclosed a vulnerability in BIND (CVE-2021-25218) (Michael McNally <mcnally@....org>)
- 2021/08/18 #2:
Re: STARTTLS vulnerabilities (Eric Blake <eblake@...hat.com>)
- 2021/08/18 #1:
CVE-2021-33580: Apache Roller: regex injection leading to DoS (Dave <snoopdave@...il.com>)
- 2021/08/17 #6:
Re: [OSSA-2021-004] Neutron: Linuxbridge ARP filter
bypass on Netfilter platforms (CVE-2021-38598) (Jeremy Stanley <fungi@...goth.org>)
- 2021/08/17 #5:
Re: [OSSA-2021-004] Neutron: Linuxbridge ARP filter
bypass on Netfilter platforms (CVE-2021-38598) (Jan Engelhardt <jengelh@...i.de>)
- 2021/08/17 #4:
[OSSA-2021-004] Neutron: Linuxbridge ARP filter bypass on Netfilter
platforms (CVE-2021-38598) (Jeremy Stanley <fungi@...goth.org>)
- 2021/08/17 #3:
Re: Pop!_OS Membership to linux-distros list (Solar Designer <solar@...nwall.com>)
- 2021/08/17 #2:
Re: Linux kernel: nfc: null ptr dereference in
llcp_sock_getname (Salvatore Bonaccorso <carnil@...ian.org>)
- 2021/08/17 #1:
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2021/08/16 #2:
Re: STARTTLS vulnerabilities (Eric Blake <eblake@...hat.com>)
- 2021/08/16 #1:
[CVE-2021-3653, CVE-2021-3656] SVM nested
virtualization issues in KVM (Mauro Matteo Cascella <mcascell@...hat.com>)
- 2021/08/14 #2:
kopano-core 11.0.2.43: Remote authenticated DoS with unhandled
exception (Jan Engelhardt <jengelh@...i.de>)
- 2021/08/14 #1:
CVE-2021-35936: Apache Airflow: No Authentication on Logging
Server (Kaxil Naik <kaxilnaik@...che.org>)
- 2021/08/13 #1:
Re: Polipo: denial-of-service using range (John Helmert III <jchelmert3@...teo.net>)
- 2021/08/12 #1:
Re: CVE-2021-20314: Remote stack buffer overflow in
libspf2 (Sam James <sam@...ct.info>)
- 2021/08/11 #9:
[CVE-2021-37608] Arbitrary file upload vulnerability in OFBiz ("jleroux@...che.org" <jleroux@...che.org>)
- 2021/08/11 #8:
Re: STARTTLS vulnerabilities (Hanno Böck <hanno@...eck.de>)
- 2021/08/11 #7:
Re: STARTTLS vulnerabilities (Eric Blake <eblake@...hat.com>)
- 2021/08/11 #6:
CVE-2021-20314: Remote stack buffer overflow in libspf2 ("Philipp Jeitner (SIT)" <philipp.jeitner@....fraunhofer.de>)
- 2021/08/11 #5:
Re: STARTTLS vulnerabilities (Matthew Wild <mwild1@...il.com>)
- 2021/08/11 #4:
firebase/php-jwt Algorithm Confusion with Key IDs (Paragon Initiative Enterprises Security Team <security@...agonie.com>)
- 2021/08/11 #3:
Re: STARTTLS vulnerabilities (Hanno Böck <hanno@...eck.de>)
- 2021/08/11 #2:
Re: STARTTLS vulnerabilities (Matthew Wild <mwild1@...il.com>)
- 2021/08/11 #1:
Re: STARTTLS vulnerabilities (Hanno Böck <hanno@...eck.de>)
- 2021/08/10 #5:
[OSSA-2021-003] Keystone: Account name and UUID oracles in account
locking (CVE-2021-38155) (Jeremy Stanley <fungi@...goth.org>)
- 2021/08/10 #4:
Re: STARTTLS vulnerabilities (Guido Berhoerster <guido+openwall.com@...hoerster.name>)
27247 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
