oss-sec: by author
281 messages
starting Feb 02 21 and
ending Jan 21 21
Date index |
Thread index |
Author index
????
KASAN: use-after-free in con_scroll ???? (Feb 02)
Akira Ajisaka
[CVE-2020-9492] Apache Hadoop Potential privilege escalation Akira Ajisaka (Jan 26)
Aki Tuomi
CVE-2020-24386: Dovecot: IMAP hibernation allows accessing other peoples mail Aki Tuomi (Jan 04)
CVE-2020-25275: Dovecot: MIME parsing crash Aki Tuomi (Jan 04)
Alan Coopersmith
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Alan Coopersmith (Mar 23)
Aleksey Yeschenko
[CVE-2020-17516] Apache Cassandra internode encryption enforcement vulnerability Aleksey Yeschenko (Feb 01)
Alexander E. Patrakov
Re: [vs] Cinnamon lock screen bypass in multiple distributions Alexander E. Patrakov (Jan 15)
Alexander Popov
Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Feb 05)
Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Feb 04)
Alexandros Toptsoglou
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou (Feb 10)
Alex Gaynor
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Alex Gaynor (Feb 05)
Andreas Lehmkuehler
CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file Andreas Lehmkuehler (Mar 19)
CVE-2021-27906: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file Andreas Lehmkuehler (Mar 19)
Andrew Wesie
CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking Andrew Wesie (Jan 20)
Anthony Liguori
Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Jan 11)
Adding an additional Amazon Linux member to distros@ Anthony Liguori (Jan 15)
RE: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Jan 12)
A security vulnerability in linux kernel 5.8.10 Anthony Liguori (Jan 06)
Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Feb 02)
Bill Lucy
CVE-2021-26296: Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces Bill Lucy (Feb 18)
Brad Spengler
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Brad Spengler (Mar 17)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Brendan Burns
[Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client Brendan Burns (Jan 11)
Brian Demers
[CVE-2020-17523] Apache Shiro authentication bypass Brian Demers (Feb 01)
butt3rflyh4ck
Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck (Jan 28)
Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (Mar 28)
Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck (Jan 30)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001 Carlos Alberto Lopez Perez (Feb 15)
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 Carlos Alberto Lopez Perez (Mar 22)
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0003 Carlos Alberto Lopez Perez (Mar 29)
Carlton Gibson
Django security releases: CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()`` Carlton Gibson (Feb 19)
Chao Sun
CVE-2020-1926: Timing attack in Cookie signature verification Chao Sun (Mar 01)
Damien Miller
Announce: OpenSSH 8.5 released Damien Miller (Mar 02)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 24)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 18)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 30)
Vulnerability in Jenkins Daniel Beck (Jan 26)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jan 13)
Vulnerability in Jenkins Daniel Beck (Feb 19)
daniel gaspar
CVE-2021-27907: Apache Superset stored XSS on Dashboard markdown daniel gaspar (Mar 04)
Daniel Stenberg
[SECURITY ADVISORY] curl: TLS 1.3 session ticket proxy host mixup Daniel Stenberg (Mar 30)
[SECURITY ADVISORY] curl: Automatic referer leaks credentials Daniel Stenberg (Mar 30)
Daniel Walsh
Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest Daniel Walsh (Jan 22)
Dave Horsfall
Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Dave Horsfall (Jan 27)
David A. Wheeler
Re: Linux Kernel: local priv escalation via futexes David A. Wheeler (Jan 29)
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic David A. Wheeler (Jan 12)
David Disseldorp
CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
Dimitrios Glynos
CVE-2021-26911: Canary Mail with IMAP STARTTLS missing certificate validation Dimitrios Glynos (Feb 17)
Eddie Chapman
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Eddie Chapman (Mar 19)
Evgenii Shatokhin
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
Fabian Keil
Re: Two DoS issues fixed in Privoxy 3.0.31 stable Fabian Keil (Feb 04)
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Feb 03)
Multiple DoS issues fixed in Privoxy 3.0.32 stable Fabian Keil (Feb 28)
Re: Multiple DoS issues fixed in Privoxy 3.0.32 stable Fabian Keil (Mar 06)
Re: CVE request experience Fabian Keil (Jan 31)
Two DoS issues fixed in Privoxy 3.0.31 stable Fabian Keil (Jan 31)
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Mar 23)
fanningpj () apache org
CVE-2021-23926: XMLBeans XML Entity Expansion fanningpj () apache org (Jan 13)
Felix Kosterhon
Re: Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)
Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)
Ferruh Yigit
Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Ferruh Yigit (Jan 04)
Flavio Leitner
CVE-2020-35498: Open vSwitch: Packet parsing vulnerability Flavio Leitner (Feb 10)
Fuller, Abby
2021-01 stats Fuller, Abby (Feb 16)
Gary Tully
CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support Gary Tully (Jan 27)
CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind Gary Tully (Jan 27)
Gézapeti Cseh
CVE-2020-35451: Oozie local privilege escalation Gézapeti Cseh (Mar 09)
Gordon Tetlow
Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Gordon Tetlow (Mar 27)
Greg KH
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH (Jan 12)
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg KH (Mar 17)
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH (Jan 12)
Re: Use After Free and Double Free bugs in Linux Kernel mainline Greg KH (Mar 17)
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Greg KH (Feb 08)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
Re: KASAN: use-after-free in con_scroll Greg KH (Feb 02)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 19)
Greg Kroah-Hartman
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg Kroah-Hartman (Mar 17)
Hanno Böck
Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Hanno Böck (Jan 27)
MATE screensaver screen lock bypass with external monitor Hanno Böck (Jan 15)
Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Hanno Böck (Feb 19)
Harry Sintonen
Re: screen crash processing combining characters Harry Sintonen (Feb 09)
ISC Security Officer
BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination ISC Security Officer (Feb 19)
BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 ISC Security Officer (Feb 19)
BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 - REVISION ISC Security Officer (Feb 22)
Jacques Le Roux
[CVE-2021-26295] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI Jacques Le Roux (Mar 21)
Jakub Wilk
Re: charset.alias in pkexec/glib/gnulib Jakub Wilk (Feb 09)
Jan Engelhardt
kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt (Mar 19)
Jan Kara
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Jan Kara (Mar 17)
Jaroslav Tulach
[CVE-2020-17534] HTML/Java API 1.7: A race condition between deletion of the temporary file and creation of the temporary directory Jaroslav Tulach (Jan 11)
Jean-Baptiste Onofre
CVE-2020-13947 - XSS in Apache ActiveMQ WebConsole Jean-Baptiste Onofre (Feb 07)
Jens Geyer
CVE-2020-13949: Apache Thrift: potential DoS when processing untrusted payloads Jens Geyer (Feb 11)
Jeroen Roovers
Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Jeroen Roovers (Mar 28)
Jerry Shao
CVE-2021-26544: Apache Livy (Incubating) is vulnerable to cross site scripting Jerry Shao (Feb 19)
Jihoon Son
CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. Jihoon Son (Jan 29)
[CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems Jihoon Son (Mar 29)
Johannes Schindelin
git: malicious repositories can execute remote code while cloning Johannes Schindelin (Mar 09)
John Haxby
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic John Haxby (Jan 12)
Re: Use After Free and Double Free bugs in Linux Kernel mainline John Haxby (Mar 17)
Multiple GRUB2 vulnerabilities John Haxby (Mar 02)
Re: Linux Kernel: out of bounds array access in dm-ioctl.c John Haxby (Mar 29)
Jouni Malinen
wpa_supplicant P2P provision discovery processing vulnerability Jouni Malinen (Feb 25)
wpa_supplicant P2P group information processing vulnerability Jouni Malinen (Feb 03)
Kaxil Naik
CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check Kaxil Naik (Feb 17)
CVE-2021-26559: Apache Airflow 2.0.0: CWE-284 Improper Access Control on Configurations Endpoint for the Stable API Kaxil Naik (Feb 17)
Kurt H Maier
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier (Mar 18)
Leo Famulari
Risk of local privilege escalation in GNU Guix Leo Famulari (Mar 18)
lewis john mcgibbney
CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser lewis john mcgibbney (Jan 24)
lyl2019
Use After Free and Double Free bugs in Linux Kernel mainline lyl2019 (Mar 17)
Marc
Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804) Marc (Mar 01)
Marcus Meissner
Remote code execution in connman Marcus Meissner (Feb 08)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)
Linux iscsi security fixes Marcus Meissner (Mar 06)
Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
Re: Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq Marcus Meissner (Jan 31)
Security issues in hawk2 and crmsh Marcus Meissner (Jan 12)
Re: Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
Mariusz Felisiak
Django: CVE-2021-3281: Potential directory-traversal via archive.extract() Mariusz Felisiak (Feb 01)
Mark J Cox
Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Mark J Cox (Mar 28)
Mark Thomas
[SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure Mark Thomas (Jan 14)
CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484 Mark Thomas (Mar 01)
CVE-2021-25122: Apache Tomcat h2c request mix-up Mark Thomas (Mar 01)
Martin Ortner
[CVE-2020-15693, CVE-2020-15694] Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation Martin Ortner (Feb 04)
[no-cve] Nim - Insecure SSL/TLS Defaults, MitM, and nimble shell command injection Martin Ortner (Feb 05)
[CVE-2020-15690] Nim - stdlib asyncftpd - Crlf Injection Martin Ortner (Feb 04)
[CVE-2020-15692] Nim - stdlib Browsers - `open` Argument Injection Martin Ortner (Feb 04)
Matthias Gerstner
Various security fixes in sudo 1.9.5 (CVE-2021-23239, CVE-2021-23240) Matthias Gerstner (Jan 11)
segv_handler junkcode snippet / openSUSE segv_handler package potential local root exploit Matthias Gerstner (Jan 19)
libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner (Jan 18)
Re: libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner (Jan 21)
Replay-Sorcery: CVE-2021-26936: Multiple security issues in with setuid-root program in versions 0.4.0 through 0.5.0 Matthias Gerstner (Feb 10)
CVE-2021-26720: avahi-daemon: 'avahi' to 'root' user privilege escalation through Debian specific if-up script avahi-daemon-check-dns.sh Matthias Gerstner (Feb 15)
Mauro Matteo Cascella
CVE-2021-20263 QEMU: virtiofsd: 'security.capabilities' is not dropped with xattrmap option Mauro Matteo Cascella (Mar 08)
Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Mauro Matteo Cascella (Jan 04)
CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure Mauro Matteo Cascella (Jan 13)
CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085 Mauro Matteo Cascella (Mar 09)
Re: DPDK security advisory for multiple vhost crypto issues Mauro Matteo Cascella (Jan 04)
Maxim Solodovnik
CVE-2021-27576: Apache OpenMeetings: bandwidth can be overloaded with public web service Maxim Solodovnik (Mar 13)
Michael McNally
One BIND vulnerability (CVE-2020-8625) has been publicly disclosed Michael McNally (Feb 17)
Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Michael McNally (Feb 19)
Mike Jumper
[SECURITY] CVE-2020-11997: Apache Guacamole: Inconsistent restriction of connection history visibility Mike Jumper (Jan 18)
Morten Linderud
Re: Re: [vs] Cinnamon lock screen bypass in multiple distributions Morten Linderud (Jan 15)
netblue30
[cve-pending] Firejail: root privilege escalation in OverlayFS code netblue30 (Feb 08)
- Nop
Linux Kernel: out of bounds array access in dm-ioctl.c - Nop (Mar 27)
ocket 8888
CVE-2020-17522: Traffic Control Mid Tier Cache Manipulation Attack ocket 8888 (Jan 25)
Ondřej Surý
Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Ondřej Surý (Feb 19)
ortmann
Re: Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz ortmann (Mar 30)
Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz ortmann (Mar 24)
Oswald Buddenhagen
CVE-2021-20247: isync/mbsync data leak/destruction vulnerability Oswald Buddenhagen (Feb 22)
Petr Matousek
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Petr Matousek (Mar 23)
Philip Pettersson
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Philip Pettersson (Jan 12)
Phil Pennock
[CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities Phil Pennock (Mar 16)
[CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities Phil Pennock (Mar 16)
Pietro Albini
CVE-2020-26297: mdBook XSS Pietro Albini (Jan 04)
Piotr Krysiuk
[CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory Piotr Krysiuk (Mar 18)
[CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory Piotr Krysiuk (Mar 18)
Re: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory Piotr Krysiuk (Mar 24)
Re: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory Piotr Krysiuk (Mar 24)
P J P
Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
CVE-2021-20255 QEMU: net: eepro100: stack overflow via infiniterecursion P J P (Feb 25)
CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
CVE-2021-20196 QEMU: block: fdc: null pointer dereference may lead to guest crash P J P (Jan 27)
CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands P J P (Jan 18)
CVE-2021-3416 QEMU: net: infinite loop in loopback mode may lead tostack overflow P J P (Feb 26)
CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit descriptors P J P (Feb 25)
CVE-2021-3392 QEMU: scsi: mptsas: use-after-free while processing io requests P J P (Feb 04)
CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field P J P (Feb 04)
Qualys Security Advisory
Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Qualys Security Advisory (Jan 26)
Riccardo Schirone
Multiple CVEs in dnsmasq fixed in version 2.83 Riccardo Schirone (Jan 19)
Robert Metzger
[CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API Robert Metzger (Jan 05)
[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API Robert Metzger (Jan 05)
Robert Scheck
Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Robert Scheck (Mar 21)
Rohit Keshri
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 18)
CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 17)
CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 10)
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri (Feb 08)
CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Rohit Keshri (Mar 17)
CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Rohit Keshri (Mar 17)
CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri (Feb 05)
CVE-2021-3411 kernel: broken KRETPROBES reports corruption of .text section while running a FTRACE stress tester Rohit Keshri (Feb 19)
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 19)
Roman Fiedler
Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit Roman Fiedler (Feb 15)
sudo: Ineffective NO_ROOT_MAILER and Baron Samedit Roman Fiedler (Jan 30)
Salvatore Bonaccorso
Re: wpa_supplicant P2P provision discovery processing vulnerability Salvatore Bonaccorso (Feb 26)
Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Salvatore Bonaccorso (Mar 17)
Re: wpa_supplicant P2P group information processing vulnerability Salvatore Bonaccorso (Feb 06)
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Salvatore Bonaccorso (Mar 17)
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Salvatore Bonaccorso (Feb 05)
Re: [cve-pending] Firejail: root privilege escalation in OverlayFS code Salvatore Bonaccorso (Feb 08)
Re: Re: screen crash processing combining characters Salvatore Bonaccorso (Feb 10)
Re: Vulnerability in the Linux Audit Framework Auditd Salvatore Bonaccorso (Feb 25)
Sandro Gauci
ES2021-04: VoIPmonitor static builds are compiled without any standard memory corruption protection Sandro Gauci (Mar 15)
ES2021-02: VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages Sandro Gauci (Mar 15)
ES2021-03: VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer Sandro Gauci (Mar 15)
Advisory: ES2021-01 - Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address Sandro Gauci (Jan 11)
Sasha Levin
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Sasha Levin (Mar 17)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Sasha Levin (Jan 12)
Siddhesh Poyarekar
Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar (Jan 28)
Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar (Jan 27)
Sidney Markowitz
CVE-2020-1946: Apache SpamAssassin has an OS Command Injection vulnerability Sidney Markowitz (Mar 24)
Simon McVittie
CVE-2021-21261: Flatpak sandbox escape via spawn portal (aka GHSA-4ppf-fxf6-vxg2) Simon McVittie (Jan 21)
Simon Steiner
[CVE-2020-11988] Apache XML Graphics Commons SSRF vulnerability Simon Steiner (Feb 24)
[CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability Simon Steiner (Feb 24)
Solar Designer
Re: Linux Kernel: local priv escalation via futexes Solar Designer (Feb 01)
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Jan 12)
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Jan 10)
Re: Adding an additional Amazon Linux member to distros@ Solar Designer (Jan 17)
Re: distros list archive Solar Designer (Jan 10)
OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Solar Designer (Mar 27)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Feb 09)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer (Mar 18)
Re: 2021-01 stats Solar Designer (Feb 16)
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Jan 10)
Re: Linux Kernel: local priv escalation via futexes Solar Designer (Jan 29)
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Solar Designer (Jan 12)
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Feb 02)
Stefan Pietsch
Trovent Security Advisory 2010-01 / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch (Jan 07)
Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch (Jan 13)
Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch (Jan 08)
Stefan Sperling
[SECURITY][ANNOUNCE] Apache Subversion 1.10.7 released Stefan Sperling (Feb 10)
[SECURITY][ANNOUNCE] Apache Subversion 1.14.1 released Stefan Sperling (Feb 10)
Steve Beattie
[CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation Steve Beattie (Mar 23)
Steve Grubb
Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Mar 02)
Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Feb 18)
Szabolcs Beki
CVE-2020-1936: Stored XSS in Apache Ambari Szabolcs Beki (Mar 02)
[CVE-2020-13924] Apache Ambari Arbitrary File Download Vulnerability Szabolcs Beki (Feb 07)
Tavis Ormandy
Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
screen crash processing combining characters Tavis Ormandy (Feb 09)
Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
Re: charset.alias in pkexec/glib/gnulib Tavis Ormandy (Feb 09)
glibc iconv crash with ISO-2022-JP-3 Tavis Ormandy (Jan 27)
mutt recipient parsing memory leak Tavis Ormandy (Jan 17)
Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
Thomas Deutschmann
Re: Gentoo's "contributing back" linux-distros tasks Thomas Deutschmann (Jan 11)
Tim Allison
CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser Tim Allison (Mar 30)
Utkarsh Gupta
Re: mutt recipient parsing memory leak Utkarsh Gupta (Jan 19)
Re: screen crash processing combining characters Utkarsh Gupta (Feb 09)
Re: Re: screen crash processing combining characters Utkarsh Gupta (Feb 10)
Vardan Torosyan
Grafana 7.4.5, 7.3.10 and 6.7.6 released with security fixes for Grafana Enterprose Vardan Torosyan (Mar 19)
Wade Mealing
CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Wade Mealing (Jan 11)
CVE-2021-20269: kexec-tools: incorrect permissions on vmcore-dmesg.txt file Wade Mealing (Mar 10)
CVE-2021-20261: kernel: panic in start_motor+0x21 when /dev/fd0 is read by multiple threads. Wade Mealing (Mar 10)
Will Glass-Husain
CVE-2020-13959: Velocity Tools XSS Vulnerability Will Glass-Husain (Mar 10)
CVE-2020-13936: Velocity Sandbox Bypass Will Glass-Husain (Mar 10)
wjm wjm
CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability wjm wjm (Jan 21)
Wolfgang Frisch
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Wolfgang Frisch (Mar 17)
X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2021-001: Multiple Vulnerabilities in YARA X41 D-Sec GmbH Advisories (Jan 29)
Xen . org security team
Xen Security Advisory 360 v2 (CVE-2021-3308) - IRQ vector leak on x86 Xen . org security team (Jan 26)
Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team (Jan 19)
Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors Xen . org security team (Mar 05)
Xen Security Advisory 364 v3 (CVE-2021-26933) - arm: The cache may not be cleaned for newly allocated scrubbed pages Xen . org security team (Feb 16)
Xen Security Advisory 368 v2 - HVM soft-reset crashes toolstack Xen . org security team (Mar 18)
Xen Security Advisory 362 v3 (CVE-2021-26931) - Linux: backends treating grant mapping errors as bugs Xen . org security team (Feb 16)
Xen Security Advisory 367 v1 - Linux: netback fails to honor grant mapping errors Xen . org security team (Mar 04)
Xen Security Advisory 369 v1 - Linux: special config may crash when trying to map foreign pages Xen . org security team (Mar 04)
Xen Security Advisory 368 v3 (CVE-2021-28687) - HVM soft-reset crashes toolstack Xen . org security team (Mar 18)
Xen Security Advisory 366 v1 - missed flush in XSA-321 backport Xen . org security team (Feb 18)
Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported Xen . org security team (Feb 16)
Xen Security Advisory 346 v3 (CVE-2020-27671) - undue deferral of IOMMU TLB flushes Xen . org security team (Jan 19)
Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages Xen . org security team (Mar 05)
Xen Security Advisory 355 v3 (CVE-2020-29040) - stack corruption from XSA-346 change Xen . org security team (Jan 19)
Xen Security Advisory 366 v2 (CVE-2021-27379) - missed flush in XSA-321 backport Xen . org security team (Feb 23)
Xen Security Advisory 331 v3 (CVE-2020-27675) - Race condition in Linux event handler may crash dom0 Xen . org security team (Jan 19)
Xen Security Advisory 361 v4 (CVE-2021-26932) - Linux: grant mapping error handling issues Xen . org security team (Feb 16)
Xen Security Advisory 365 v3 (CVE-2021-26930) - Linux: error handling issues in blkback's grant mapping Xen . org security team (Feb 16)
Xen Security Advisory 345 v4 (CVE-2020-27672) - x86: Race condition in Xen mapping code Xen . org security team (Jan 19)
Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events Xen . org security team (Jan 19)
Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates Xen . org security team (Jan 19)
Xen Security Advisory 371 v3 (CVE-2021-28688) - Linux: blkback driver may leak persistent grants Xen . org security team (Mar 30)
Xen Security Advisory 360 v1 - IRQ vector leak on x86 Xen . org security team (Jan 21)