oss-security mailing list
Recent messages:
- 2022/12/02 #1:
CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows
RCE though deserialization of untrusted input (Arnout Engelen <engelen@...che.org>)
- 2022/12/01 #1:
Re: Race condition in snap-confine's must_mkdir_and_open_with_perms()
(CVE-2022-3328) (Qualys Security Advisory <qsa@...lys.com>)
- 2022/11/30 #2:
Race condition in snap-confine's must_mkdir_and_open_with_perms()
(CVE-2022-3328) (Qualys Security Advisory <qsa@...lys.com>)
- 2022/11/30 #1:
Security sensitive bug in the i915 kernel driver (CVE-2022-4139) (Andrzej Hajda <andrzej.hajda@...el.com>)
- 2022/11/29 #4:
Re: CVE-2022-46146 in Prometheus' exporter toolkit:
bypass basic authentication (Julien Pivotto <roidelapluie@...metheus.io>)
- 2022/11/29 #3:
CVE-2022-44635: Apache Fineract allowed an authenticated user to
perform remote code execution due to path traversal (Arnout Engelen <engelen@...che.org>)
- 2022/11/29 #2:
Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication (Solar Designer <solar@...nwall.com>)
- 2022/11/29 #1:
CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic
authentication (Julien Pivotto <roidelapluie@...metheus.io>)
- 2022/11/24 #1:
CVE-2022-26885: Apache DolphinScheduler config file read by task
risk (ShunFeng Cai <caishunfeng@...che.org>)
- 2022/11/23 #1:
CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have
command execution vulnerability (Jiajie Zhong <zhongjiajie@...che.org>)
- 2022/11/21 #7:
CVE-2022-41131: Apache Airflow Hive Provider vulnerability
(command injection via hive_cli connection) (Jarek Potiuk <potiuk@...che.org>)
- 2022/11/21 #6:
CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow:
Airflow 2.3.4 spark provider RCE that bypass restrictions to re… (Jarek Potiuk <potiuk@...che.org>)
- 2022/11/21 #5:
CVE-2022-40189: Apache Airlfow Pig Provider RCE (Jarek Potiuk <potiuk@...che.org>)
- 2022/11/21 #4:
CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow:
PinotAdminHook Command Injection (Jarek Potiuk <potiuk@...che.org>)
- 2022/11/21 #3:
Apache Solr is vulnerable to CVE-2022-39135 via /sql handler (David Smiley <dsmiley@...che.org>)
- 2022/11/21 #2:
Re: Linux kernel: staging: rtl8712: A
Use-after-Free/Double-Free bug in read_bbreg_hdl in
drivers/staging/rtl8712/rtl8… (Thadeu Lima de Souza Cascardo <cascardo…)
- 2022/11/21 #1:
CVE-2022-45470: Apache Hama allows XSS and information disclosure (Arnout Engelen <engelen@...che.org>)
- 2022/11/18 #1:
Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in
read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_c… (Zheng Hacker <hackerzheng666@...il.com>)
- 2022/11/16 #1:
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization
vulnerability (Thomas Wolf <twolf@...che.org>)
- 2022/11/15 #4:
Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2022/11/15 #3:
CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an
authenticated user to delete arbitrary directories (Olivier Lamy <olamy@...che.org>)
- 2022/11/15 #2:
CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the
anonymous user to read arbitrary files (Olivier Lamy <olamy@...che.org>)
- 2022/11/15 #1:
CVE-2022-45402: Apache Airflow: Open redirect during login (Jedidiah Cunningham <jedcunningham@...che.org>)
- 2022/11/14 #5:
CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB (Rob Vesse <rvesse@...che.org>)
- 2022/11/14 #4:
CVE-2022-45378: Apache SOAP allows unauthenticated users to
potentially invoke arbitrary code (Arnout Engelen <engelen@...che.org>)
- 2022/11/14 #3:
CVE-2022-27949: Apache Airflow: sensitive values in rendered
template (Jarek Potiuk <potiuk@...che.org>)
- 2022/11/14 #2:
CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example (Jarek Potiuk <potiuk@...che.org>)
- 2022/11/14 #1:
Re: Linux kernel: net: mctp: A Use-After-Free bug in
mctp_sk_unhash in net/mctp/af_mctp.c (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2022/11/10 #5:
Re: CVE-2022-45063: xterm <375 code execution via
font ops (Matthieu Herrb <matthieu@...rb.eu>)
- 2022/11/10 #4:
[kubernetes] CVE-2022-3294: Node address isn't always verified when proxying (Tim Allclair <timallclair@...il.com>)
- 2022/11/10 #3:
[kubernetes] CVE-2022-3162: Unauthorized read of Custom Resources (Tim Allclair <timallclair@...il.com>)
- 2022/11/10 #2:
Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple
speculative security issues (Xen.org security team <security@....org>)
- 2022/11/10 #1:
CVE-2022-45063: xterm <375 code execution via font ops (David Leadbeater <dgl@....cx>)
- 2022/11/08 #2:
Re: CVE-2022-2602 - Linux kernel io_uring UAF (Adam Reynolds <adamajreynolds@...il.com>)
- 2022/11/08 #1:
Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple
speculative security issues (Xen.org security team <security@....org>)
- 2022/11/07 #2:
Re: CVE-2022-42920: Apache Commons BCEL prior to
6.6.0 allows producing arbitrary bytecode via out-of-bounds writing (John Helmert III <ajak@...too.org>)
- 2022/11/07 #1:
Re: CVE-2022-2602 - Linux kernel io_uring UAF (John Smith <smitchj013@...look.com>)
- 2022/11/05 #1:
Fwd: [ANNOUNCE] pixman release 0.42.2 now available (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2022/11/04 #9:
Fwd: Node.js security updates for all active release lines,
November 2022 ("soyjuanarbol@...il.com" <soyjuanarbol@...il.com>)
- 2022/11/04 #8:
Re: CVE-2022-42920: Apache Commons BCEL prior to
6.6.0 allows producing arbitrary bytecode via out-of-bounds writing (John Helmert III <ajak@...too.org>)
- 2022/11/04 #7:
Re: CVE-2022-37865: Apache Ivy allow create/overwrite
any file on the system (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2022/11/04 #6:
CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows
producing arbitrary bytecode via out-of-bounds writing ("Gary D. Gregory" <ggregory@...che.org>)
- 2022/11/04 #5:
Multiple vulnerabilities affecting UYUNI/SUSE Manager (Paolo Perego <pperego@...e.de>)
- 2022/11/04 #4:
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
- 2022/11/04 #3:
CVE-2022-37866: Apache Ivy: Ivy Path traversal (Stefan Bodewig <bodewig@...che.org>)
- 2022/11/04 #2:
CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system (Stefan Bodewig <bodewig@...che.org>)
- 2022/11/04 #1:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Ove… (Demi Marie Obenour <demi@...isiblething…)
- 2022/11/03 #11:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow
(CVE-20… (Sam James <sam@...too.org>)
- 2022/11/03 #10:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow
(CVE-20… (Sam James <sam@...too.org>)
- 2022/11/03 #9:
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow … (Kurt H Maier <khm@...ops.net>)
- 2022/11/03 #8:
CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for
OAuth Client Credential Requests makes C++/Python Cl… (Michael Marshall <mmarshall@...che.org>)
- 2022/11/03 #7:
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overfl… (Nicola Tuveri <nic.tuv@...il.com>)
- 2022/11/03 #6:
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow … (Kurt H Maier <khm@...ops.net>)
- 2022/11/03 #5:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow
(… (Tavis Ormandy <taviso@...il.com>)
- 2022/11/03 #4:
CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal
vulnerability when extracting (PEAR) archives (Richard Eckart de Castilho <rec@...che.org>)
- 2022/11/03 #3:
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Ov… ("Neal H. Walfield" <neal@...field.org>)
- 2022/11/03 #2:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow… (John Helmert III <ajak@...too.org>)
- 2022/11/03 #1:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overfl… (Steffen Nurpmeso <steffen@...oden.eu>)
- 2022/11/02 #15:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow (CVE… (Kurt H Maier <khm@...ops.net>)
- 2022/11/02 #14:
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Over… (Alex Gaynor <alex.gaynor@...il.com>)
- 2022/11/02 #13:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow
(… (Tavis Ormandy <taviso@...il.com>)
- 2022/11/02 #12:
Re: Re: OpenSSL X.509 Email Address 4-byte
Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
O… (Steffen Nurpmeso <steffen@...oden.eu>)
- 2022/11/02 #11:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow (CVE… (Hanno Böck <hanno@...eck.de>)
- 2022/11/02 #10:
Re: Fwd: Node.js security updates for all active
release lines, November 2022 (Jan Schaumann <jschauma@...meister.org>)
- 2022/11/02 #9:
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Over… (Alex Gaynor <alex.gaynor@...il.com>)
- 2022/11/02 #8:
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App
Taxonomy Path (Daniel Klco <dklco@...che.org>)
- 2022/11/02 #7:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow
(… (Tavis Ormandy <taviso@...il.com>)
- 2022/11/02 #6:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow (CVE-202… ("alice" <alice@...ya.dev>)
- 2022/11/02 #5:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow (CVE-202… ("alice" <alice@...ya.dev>)
- 2022/11/02 #4:
Fwd: Node.js security updates for all active release lines,
November 2022 ("soyjuanarbol@...il.com" <soyjuanarbol@...il.com>)
- 2022/11/02 #3:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Ove… (Demi Marie Obenour <demi@...isiblething…)
- 2022/11/02 #2:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow… (Alex Gaynor <alex.gaynor@...il.com>)
- 2022/11/02 #1:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Ove… (Demi Marie Obenour <demi@...isiblething…)
- 2022/11/01 #24:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Overflow (CVE-2022-3786) (alex@...xburke.ca)
- 2022/11/01 #23:
CVE-2022-43985: Apache Airflow: Open Redirect (Jedidiah Cunningham <jedcunningham@...che.org>)
- 2022/11/01 #22:
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query
Argument in URL (Jedidiah Cunningham <jedcunningham@...che.org>)
- 2022/11/01 #21:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow… (Jeffrey Walton <noloader@...il.com>)
- 2022/11/01 #20:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overf… ("Erin Shepherd" <erin.shepherd@....eu>)
- 2022/11/01 #19:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Ove… (Demi Marie Obenour <demi@...isiblething…)
- 2022/11/01 #18:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Over… (Pavan Maddamsetti <pavan.maddamsetti@gm…)
- 2022/11/01 #17:
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow
(CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow
… (Dave Horsfall <dave@...sfall.org>)
- 2022/11/01 #16:
Re: OpenSSL X.509 Email Address 4-byte Buffer
Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer
Ove… (Demi Marie Obenour <demi@...isiblething…)
- 2022/11/01 #15:
OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE… (Solar Designer <solar@...nwall.com>)
- 2022/11/01 #14:
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI
Javascript ("Sean R. Owen" <srowen@...che.org>)
- 2022/11/01 #13:
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path
traversal (Jiajie Zhong <zhongjiajie@...che.org>)
- 2022/11/01 #12:
Re: Is third party javascript on a login page considered dangerous? (Solar Designer <solar@...nwall.com>)
- 2022/11/01 #11:
Xen Security Advisory 421 v2 (CVE-2022-42325,CVE-2022-42326) -
Xenstore: Guests can create arbitrary number of nodes vi… (Xen.org security team <security@....org…)
- 2022/11/01 #10:
Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31
bit integer truncation issues (Xen.org security team <security@....org>)
- 2022/11/01 #9:
Xen Security Advisory 419 v2 (CVE-2022-42322,CVE-2022-42323) -
Xenstore: Cooperating guests can create arbitrary number… (Xen.org security team <security@....org…)
- 2022/11/01 #8:
Xen Security Advisory 418 v2 (CVE-2022-42321) - Xenstore: Guests
can crash xenstored via exhausting the stack (Xen.org security team <security@....org>)
- 2022/11/01 #7:
Xen Security Advisory 417 v2 (CVE-2022-42320) - Xenstore: Guests
can get access to Xenstore nodes of deleted domains (Xen.org security team <security@....org>)
- 2022/11/01 #6:
Xen Security Advisory 416 v2 (CVE-2022-42319) - Xenstore: Guests
can cause Xenstore to not free temporary memory (Xen.org security team <security@....org>)
- 2022/11/01 #5:
Xen Security Advisory 415 v2 (CVE-2022-42310) - Xenstore: Guests
can create orphaned Xenstore nodes (Xen.org security team <security@....org>)
- 2022/11/01 #4:
Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests
can crash xenstored (Xen.org security team <security@....org>)
- 2022/11/01 #3:
Xen Security Advisory 412 v2 (CVE-2022-42327) - x86: unintended
memory sharing between guests (Xen.org security team <security@....org>)
- 2022/11/01 #2:
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via
event trace data source JDBC (Weijie Wu <wuweijie@...che.org>)
- 2022/11/01 #1:
Re: Is third party javascript on a login page considered
dangerous? (Jan Engelhardt <jengelh@...i.de>)
- 2022/10/31 #5:
CVE-2022-42252: Apache Tomcat - Request Smuggling (Mark Thomas <markt@...che.org>)
- 2022/10/31 #4:
Re: Forthcoming OpenSSL Releases (Bob Beck <bbe@...omium.org>)
- 2022/10/31 #3:
Re: Is third party javascript on a login page
considered dangerous? (Brandon Perry <bperry.volatile@...il.com>)
28274 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
