oss-sec: by date
RSS Feed
About List
All Lists
Previous period
211 messages
starting Jul 01 20 and
ending Sep 30 20
Date index |
Thread index |
Author index
Wednesday, 01 July
PowerDNS Recursor 4.3.2, 4.2.3. and 4.1.17 released fixing CVE-2020-14196: Access restriction,bypass Otto Moerbeek
CVE-2020-15469 QEMU: MMIO ops null pointer dereference may lead to DoS P J P
Thursday, 02 July
[SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels Mike Jumper
[SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling Mike Jumper
Contributing Back Zhang Xiao
Re: Contributing Back Francis Perron
Re: Contributing Back Daniel Stenberg
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Contributing Back Zhang Xiao
Monday, 06 July
CVE-2020-13640: WordPress Plugin wpDiscuz <= 5.3.5 SQL injection asterite
Tuesday, 07 July
veyon: Veyon uses fixed logfile paths in /tmp in versions prior v4.4.0 Matthias Gerstner
Xen Security Advisory 317 v3 (CVE-2020-15566) - Incorrect error handling in event channel port allocation Xen . org security team
Xen Security Advisory 319 v3 (CVE-2020-15563) - inverted code paths in x86 dirty VRAM tracking Xen . org security team
Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d Xen . org security team
Xen Security Advisory 327 v3 (CVE-2020-15564) - Missing alignment check in VCPUOP_register_vcpu_info Xen . org security team
Xen Security Advisory 328 v3 (CVE-2020-15567) - non-atomic modification of live EPT PTE Xen . org security team
Wednesday, 08 July
[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Joel Smith
Thursday, 09 July
SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql Larry W. Cashdollar
X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch X41 D-Sec GmbH Advisories
Friday, 10 July
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006 Carlos Alberto Lopez Perez
Saturday, 11 July
Re: Contributing Back Solar Designer
Monday, 13 July
Re: Contributing Back Zhang Xiao
Tuesday, 14 July
[SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability ShaoFeng Shi
[SECURITY][CVE-2020-13926] Apache Kylin SQL injection vulnerability ShaoFeng Shi
[SECURITY] CVE-2020-13935 Apache Tomcat WebSocket Denial of Service Mark Thomas
[SECURITY] CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service Mark Thomas
Flatcar membership on the linux-distros list Vincent Batts
Wednesday, 15 July
Re: Flatcar membership on the linux-distros list Randy Barlow
[CVE-2020-13923] IDOR in Apache OFBiz Jacques Le Roux
[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication Jacques Le Roux
CVE-2020-8557: Kubernetes: Node disk DOS by writing to container /etc/hosts Joel Smith
Multiple vulnerabilities in Jenkins and Jenkins plugins Wadeck Follonier
Kubernetes: CVE-2020-8559: Privilege escalation from compromised node to cluster Tim Allclair
Thursday, 16 July
Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Xen . org security team
Friday, 17 July
Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Mauro Matteo Cascella
Sunday, 19 July
CVE-2018-21036: Sails.js before v1.0.0-46 DoS ali . of . south
Monday, 20 July
Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton
Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Andrew Cooper
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Phil Pennock
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton
Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Marcus Meissner
Re: Re: lockdown bypass on mainline kernel for loading unsigned modules Marcus Meissner
CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin Gary Tully
Re: Flatcar membership on the linux-distros list Solar Designer
Re: Contributing Back Solar Designer
Tuesday, 21 July
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Casper . Dik
Xen Security Advisory 329 v3 (CVE-2020-15852) - Linux ioperm bitmap context switching issues Xen . org security team
CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets P J P
Wednesday, 22 July
CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c Mauro Matteo Cascella
Thursday, 23 July
Re: Contributing Back Mohammad Tausif Siddiqui
Re: Contributing Back Zhang Xiao
Re: Contributing Back Solar Designer
Re: Flatcar membership on the linux-distros list Vincent Batts
Re: Flatcar membership on the linux-distros list Solar Designer
Re: Flatcar membership on the linux-distros list Jeff Law
Re: Flatcar membership on the linux-distros list Solar Designer
Re: Flatcar membership on the linux-distros list Jeff Law
Friday, 24 July
Re: Flatcar membership on the linux-distros list Greg KH
Saturday, 25 July
Re: Flatcar membership on the linux-distros list Solar Designer
Tuesday, 28 July
Re: Contributing Back Zhang Xiao
[CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update 张云海
Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update Eric Biggers
Wednesday, 29 July
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007 Carlos Alberto Lopez Perez
Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update Solar Designer
multiple secure boot grub2 and linux kernel vulnerabilities John Haxby
Thursday, 30 July
Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update 张云海
UEFI SecureBoot bypass fixes rolled out to kernels below radar Jason A. Donenfeld
Re: UEFI SecureBoot bypass fixes rolled out to kernels below radar John Haxby
Alternative CET ABI Florian Weimer
Re: Alternative CET ABI Jann Horn
Re: Alternative CET ABI Florian Weimer
Re: Alternative CET ABI Szabolcs Nagy
Re: Alternative CET ABI H.J. Lu
Friday, 31 July
Fwd: X.Org security advisory: July 31, 2020: libX11 Matthieu Herrb
Fwd: X.Org security advisory: July 31, 2020: Xserver Matthieu Herrb
Monday, 03 August
ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Marco Benatto
Tuesday, 04 August
Re: [TrouSerS-tech] [oss-security] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb
Re: [TrouSerS-tech] [oss-security] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Marco Benatto
Wednesday, 05 August
Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld
Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld
[CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated. Sheng Wu
Thursday, 06 August
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jerry Snitselaar
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jonas Witschel
Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon James Bottomley
Friday, 07 August
CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri
CVE-2020-11985: Apache httpd: CWE-345: Insufficient verification of data authenticity Daniel Ruggeri
CVE-2020-11993: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header Daniel Ruggeri
CVE-2020-9490: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header Daniel Ruggeri
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold
Saturday, 08 August
[CVE-2020-9479] Directory traversal vulnerability in Apache AsterixDB Ian Maxon
Voiding CVE-2020-16248 Richard Hartmann
Re: Voiding CVE-2020-16248 Hanno Böck
Re: [prometheus-team] Voiding CVE-2020-16248 Bartłomiej Płotka
Re: Voiding CVE-2020-16248 Sylvain Beucler
Re: [prometheus-team] Voiding CVE-2020-16248 Julien Pivotto
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer
Re: Voiding CVE-2020-16248 Bastian Blank
Re: Voiding CVE-2020-16248 Jeffrey Walton
Sunday, 09 August
Re: Voiding CVE-2020-16248 Richard Hartmann
Re: Voiding CVE-2020-16248 Richard Hartmann
Monday, 10 August
CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella
Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev
Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella
[CVE-2020-11976] Apache Wicket information disclosure vulnerability svenmeier
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold
Wednesday, 12 August
CVE-2020-12100: Dovecot IMAP server: Receiving mail with deeply nested MIME parts leads to resource exhaustion Aki Tuomi
CVE-2020-12673: Dovecot IMAP server: Specially crafted NTLM package can crash auth service Aki Tuomi
CVE-2020-12674: Dovecot IMAP server: Specially crafted RPA authentication message crashes auth Aki Tuomi
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Thursday, 13 August
CVE-2020-16843: Firecracker v0.20.0, v0.21.0 and v0.21.1 network stack can freeze under heavy ingress traffic Iorga, Serban
Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) vpn-research
Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith
Friday, 14 August
Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb
Saturday, 15 August
[CVE-2020-13941] Apache Solr information disclosure vulnerability David Smiley
Monday, 17 August
Vulnerability in Jenkins Daniel Beck
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Joe Orton
[CVE-2020-13933] Apache Shiro Authentication Bypass Vulnerability Brian Demers
Wednesday, 19 August
[SECURITY ADVISORY] libcurl: wrong connect-only connection Daniel Stenberg
Linux Kernel 5.7.9 DRM Double Free zdi-disclosures () trendmicro com
Re: Linux Kernel 5.7.9 DRM Double Free Greg KH
Re: Linux Kernel 5.7.9 DRM Double Free Greg KH
Re: Linux Kernel 5.7.9 DRM Double Free Greg KH
Thursday, 20 August
Fossil-SCM patch fixes RCE in all historic versions Richard Hipp
Five vulnerabilities disclosed in BIND (CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, and CVE-2020-8624) Michael McNally
Friday, 21 August
chrony: CVE-2020-14367: unsafe pidfile creation allows privilege escalation from chrony user to root Matthias Gerstner
Monday, 24 August
CVE-2019-20794 kernel: task processes not being properly ended could lead to resource exhaustion Rohit Keshri
Xen Security Advisory 335 v2 (CVE-2020-14364) - QEMU: usb: out-of-bounds r/w access issue Xen . org security team
CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets P J P
Tuesday, 25 August
Re: Fossil-SCM patch fixes RCE in all historic versions Salvatore Bonaccorso
X.Org libX11 security advisory: August 25, 2020 Matthieu Herrb
X.Org server security advisory: August 25, 2020 Matthieu Herrb
[OSSA-2020-006] Nova: Live migration fails to update persistent domain XML (CVE-2020-17376) Jeremy Stanley
Re: X.Org server security advisory: August 25, 2020 Alan Coopersmith
Monday, 31 August
CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX Brandon Williams
Tuesday, 01 September
Kamailio vulnerable to header smuggling possible due to bypass of remove_hf Sandro Gauci
Django Security Releases for CVE-2020-24583 & CVE-2020-24584: permissions on intermediate-level directories on Python 3.7+ Carlton Gibson
Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Sam Tunnicliffe
Thursday, 03 September
Open Source Tool | vPrioritization | Risk Prioritization Framework Pramod Rana
Re: Contributing Back Solar Designer
CVE-2020-14386: Linux kernel: af_packet.c vulnerability Or Cohen
GNUPG released with AEAD sec fix CVE-2020-25125 Marcus Meissner
CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences Wolfgang Frisch
Re: Contributing Back Seth Arnold
Friday, 04 September
Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Solar Designer
Saturday, 05 September
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger
Risk and severity vectors (was: Open Source Tool | vPrioritization | Risk Prioritization Framework) Jeremy Stanley
Sunday, 06 September
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Pramod Rana
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Amos Jeffries
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Robert Watson
Monday, 07 September
[CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediately Matthias Bläsing
CVE-2020-15166: zeromq/libzmq: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients Luca Boccassi
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Jeffrey Walton
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Kurt H Maier
Tuesday, 08 September
Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith
CVE Request: Linux kernel vsyscall page refcounting error Andy Lutomirski
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Jeffrey Walton
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Alex Gaynor
Wednesday, 09 September
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework The Doctor [412/724/301/703/415/510]
Re: Contributing Back Vincent Batts
[CVE-2020-13920] ActiveMQ JMX vulenarable to MITM attack Jean-Baptiste Onofre
Thursday, 10 September
Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Kai Lüke
[CVE-2020-11998] Apache ActiveMQ JMX remote client could execute arbitrary code Jean-Baptiste Onofre
Re: CVE Request: Linux kernel vsyscall page refcounting error Salvatore Bonaccorso
Friday, 11 September
[CVE-2020-11991] Apache Cocoon security vulnerability Cédric Damioli
Monday, 14 September
[CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition Francesco Chicchiriccò
Tuesday, 15 September
Fwd: [CVE-2020-13928 ] Apache Atlas Multiple XSS Vulnerability Keval Bhatt
CVE-2020-14390: Linux kernel: slab-out-of-bounds in fbcon Minh Yuan
[CVE-2020-13948] Apache Superset Remote Code Execution Vulnerability William Barrett
Wednesday, 16 September
Linux Kernel: out-of-bounds reading in vgacon_scrolldelta NopNop Nop
[CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12 Kaxil Naik
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: [CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12 Kaxil Naik
CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet P J P
CVE-2020-25085 QEMU: sdhci: out-of-bounds access issue while doing multi block SDMA P J P
Thursday, 17 September
CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while processing transfer descriptors P J P
Samba and CVE-2020-1472 ("Zerologon") Douglas Bagnall
Apache + PHP <= 7.4.10 open_basedir bypass Havijoori
Tuesday, 22 September
Xen Security Advisory 333 v3 (CVE-2020-25602) - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE Xen . org security team
Xen Security Advisory 336 v3 (CVE-2020-25604) - race when migrating timers between x86 HVM vCPU-s Xen . org security team
Xen Security Advisory 339 v3 (CVE-2020-25596) - x86 pv guest kernel DoS via SYSENTER Xen . org security team
Xen Security Advisory 334 v3 (CVE-2020-25598) - Missing unlock in XENMEM_acquire_resource error path Xen . org security team
Xen Security Advisory 338 v4 (CVE-2020-25597) - once valid event channels may not turn invalid Xen . org security team
Xen Security Advisory 337 v3 (CVE-2020-25595) - PCI passthrough code reading back hardware registers Xen . org security team
Xen Security Advisory 344 v4 (CVE-2020-25601) - lack of preemption in evtchn_reset() / evtchn_destroy() Xen . org security team
Xen Security Advisory 340 v3 (CVE-2020-25603) - Missing memory barriers when accessing/allocating an event channel Xen . org security team
Xen Security Advisory 342 v3 (CVE-2020-25600) - out of bounds event channels available to 32-bit x86 domains Xen . org security team
Xen Security Advisory 343 v4 (CVE-2020-25599) - races with evtchn_reset() Xen . org security team
[Fwd: [Pdns-announce] security advisories for Authoritative 4.3.1, 4.2.3, 4.1.14] Peter van Dijk
Wednesday, 23 September
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Saturday, 26 September
[CVE-2020-13953] Apache Tapestry WEB-INF file download vulnerability Thiago H. de Paula Figueiredo
Sunday, 27 September
CVE-2018-11765: Potential information disclosure in Hadoop Web interfaces Akira Ajisaka
Monday, 28 September
[ANNOUNCE] CVE-2020-13951 - Apache Openmeetings: DoS via public web service Maxim Solodovnik
DPDK security advisory for multiple vhost crypto issues Ferruh Yigit
Tuesday, 29 September
QEMU: NULL pointer derefrence issues P J P
libass ass_outline.c signed integer overflow Fstark
[CVE-2020-13952] Apache Superset Information Disclosure Vulnerability Will Barrett
CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Wade Mealing
Re: CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Greg KH
Wednesday, 30 September
[CVE-2020-26149] NATS project vulnerabilities: nats.js, (nats.ws, nats.deno) Phil Pennock
CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files Hardik Vyas
CVE-2020-10763 heketi: gluster-block volume password details available in logs Hardik Vyas
[CVE-2020-11979] Apache Ant insecure temporary file vulnerability Stefan Bodewig
[cve-request () mitre org: Re: [scr966354] oniguruma regular expression library - fixed in devel version cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0] Seth Arnold