oss-sec: by date
RSS Feed
About List
All Lists
Previous period
239 messages
starting Jul 02 22 and
ending Sep 28 22
Date index |
Thread index |
Author index
Saturday, 02 July
Re: GnuPG signature spoofing via status line injection Salvatore Bonaccorso
Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer
Sunday, 03 July
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Demi Marie Obenour
Linux kernel: UAF vulnerabilities in rose protocol duoming
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer
Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250? Keine Eile
Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250? Solar Designer
Monday, 04 July
Denial of service in GnuPG Demi Marie Obenour
Django: CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. Mariusz Felisiak
DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Peter van Dijk
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Jens-Wolfhard Schicke-Uffmann
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Noel Kuntze
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Peter van Dijk
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Jakub Wilk
Re: Denial of service in GnuPG Demi Marie Obenour
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Marcus Meissner
Tuesday, 05 July
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Dave Horsfall
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0006 Carlos Alberto Lopez Perez
Xen Security Advisory 406 v3 (CVE-2022-33744) - Arm guests can cause Dom0 DoS via PV devices Xen . org security team
Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs Xen . org security team
Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks Xen . org security team
Re: Linux kernel: UAF vulnerabilities in rose protocol duoming
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Kurt H Maier
Wednesday, 06 July
CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues Mark J. Cox
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Tavis Ormandy
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour
CVE-2021-37839: Apache Superset: Improper access to dataset metadata information Daniel Gaspar
CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults Matt Juntunen
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Alexander Burke
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Solar Designer
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used Aki Tuomi
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Solar Designer
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Grant Taylor
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Florian Weimer
Thursday, 07 July
CVE-2021-44791: Apache Druid: Reflected XSS on certain HTTP endpoints Abhishek Agarwal
CVE-2022-28889: Apache Druid: Clickjacking in the web console Abhishek Agarwal
Friday, 08 July
Re: CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used Aki Tuomi
Fwd: CVE-2022-2347 - Unchecked Download Size and Direction in U-Boot USB DFU Eduardo' Vela" <Nava>
Monday, 11 July
[kubernetes] CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass Hausler, Micah
Tuesday, 12 July
Fwd: X.Org Security Advisory: July 12, 2022 Povilas Kanapickas
Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Xen . org security team
[CVE-2022-31781] Apache Tapestry denial of service vulnerability Thiago H. de Paula Figueiredo
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso
Wednesday, 13 July
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Andrew Cooper
Git v2.37.1 and friends for CVE-2022-29187 Junio C Hamano
Friday, 15 July
[Security] CVE-2021-34538: Security vulnerability in Hive with UDFs Naveen Gangam
Sunday, 17 July
CVE-2022-33891: Apache Spark shell command injection vulnerability via Spark UI Sean Owen
Monday, 18 July
CVE-2022-36127: Apache SkyWalking NodeJS Agent: Service unavailability impact in NodeJS agent(version <= 0.5.0) Zhenxu Ke
[ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741) Rohit Yadav
snowflakedb security contacts Seth Arnold
Tuesday, 19 July
CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1) Weigang (Jimmy)
CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(<5.10.127) Weigang (Jimmy)
CVE-2022-21505: Kernel lockdown bypass bug John Haxby
CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Mark J. Cox
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets John Helmert III
Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741) Rohit Yadav
Wednesday, 20 July
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Roxana Bradescu
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Moritz Muehlenhoff
Grails Framework Remote Code Execution Vulnerability, CVE-2022-35912 Myers, Christopher
Saturday, 23 July
CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro
Re: CVE Request: heap buffer overflow in gdk-pixbuf John Helmert III
Sunday, 24 July
Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro
CVE-2022-24294: ReDoS in Apache MXNet RTC Module Sheng Zha
Re: snowflakedb security contacts Roxana Bradescu
Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro
Monday, 25 July
Re: snowflakedb security contacts Seth Arnold
Tuesday, 26 July
Re: snowflakedb security contacts Christian Heinrich
Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode Xen . org security team
Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode Xen . org security team
Wednesday, 27 July
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Thursday, 28 July
CVE-2022-36364: Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector Ruben Q L
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007 Carlos Alberto Lopez Perez
Tuesday, 02 August
CVE-2022-29154: Rsync client-side arbitrary file write vulnerability. EGE BALCI
Wednesday, 03 August
Django: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse. Carlton Gibson
CVE-2022-27166: Apache JSPWiki: XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2 Juan Pablo Santos Rodríguez
CVE-2022-28730: Apache JSPWiki Cross-site scripting vulnerability on AJAXPreview.jsp Juan Pablo Santos Rodríguez
CVE-2022-28731: Apache JSPWiki CSRF in UserPreferences.jsp Juan Pablo Santos Rodríguez
CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin Juan Pablo Santos Rodríguez
CVE-2022-34158: Apache JSPWiki: User Group Privilege Escalation Juan Pablo Santos Rodríguez
Thursday, 04 August
gromox: potential local privilege escalation (CVE-2022-37030) Filippo Bonazzi
Friday, 05 August
Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow Marko Lindqvist
zlib buffer overflow Evgeny Legerov
Saturday, 06 August
Exim 4.95 invalid free Evgeny Legerov
Re: Exim 4.95 invalid free John Helmert III
Re: Exim 4.95 invalid free Evgeny Legerov
Re: Exim 4.95 invalid free Solar Designer
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer
Re: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation Solar Designer
Re: Exim 4.95 invalid free Solar Designer
Exim < 4.95 heap overflow Evgeny Legerov
Sunday, 07 August
Re: Exim < 4.95 heap overflow John Helmert III
Re: Exim < 4.95 heap overflow Stuart Henderson
Re: Exim 4.95 invalid free Evgeny Legerov
Re: Exim < 4.95 heap overflow Roxana Bradescu
Monday, 08 August
CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Solar Designer
Re: Linux: UaF due to concurrency issue in io_uring timeouts Solar Designer
Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() Solar Designer
Re: Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() Florian Weimer
wolfSSL 5.4.0 fixes CVE-2022-34293 and other issues Fabian Keil
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Demi Marie Obenour
CVE-2022-35724: Apache Avro: Denial of service while reading data in Avro Rust SDK Ryan Skraba
CVE-2022-36124: Apache Avro: Memory overconsumption in Avro Rust SDK Ryan Skraba
CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK Ryan Skraba
Re: zlib buffer overflow Alan Coopersmith
Tuesday, 09 August
Apache mod_dav off-by-one Evgeny Legerov
Exim 4.96 overflow Evgeny Legerov
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand
CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo
CVE-2022-2588 - Linux kernel cls_route UAF Thadeu Lima de Souza Cascardo
CVE-2022-2585 - Linux kernel POSIX CPU timer UAF Thadeu Lima de Souza Cascardo
Re: CVE-2022-2588 - Linux kernel cls_route UAF Vegard Nossum
Wednesday, 10 August
Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Graeme Fowler
Re: Apache mod_dav off-by-one John Helmert III
Thursday, 11 August
Re: CVE-2022-20359 is not mentioned in linked bulletin Salvatore Bonaccorso
CVE-2022-20359 is not mentioned in linked bulletin Neil Williams
Friday, 12 August
Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Roxana Bradescu
CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password Carl B. Marcum
CVE-2022-37401: Apache OpenOffice Weak Master Keys Carl B. Marcum
Saturday, 13 August
Multiple DNS Cache poisoning vulnerabilities in dnrd DNS forwarder (CVE-2022-33993, CVE-2022-33992) Philipp Jeitner (SIT)
Fixed DNS UDP port in totd DNS forwarder (CVE-2022-34294) Philipp Jeitner (SIT)
Multiple DNS Cache poisoning vulnerabilities in dproxy and drpoxy-nexgen (CVE-2022-33988, CVE-2022-33989, CVE-2022-33990, CVE-2022-33991) Philipp Jeitner (SIT)
Monday, 15 August
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand
Tuesday, 16 August
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag Ash Berlin-Taylor
Wednesday, 17 August
Landlock news #2 Mickaël Salaün
Thursday, 18 August
Re: CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo
Re: CVE-2022-2588 - Linux kernel cls_route UAF Thadeu Lima de Souza Cascardo
Re: CVE-2022-2585 - Linux kernel POSIX CPU timer UAF Thadeu Lima de Souza Cascardo
CVE-2022-35278: Apache ActiveMQ Artemis: HTML Injection in ActiveMQ Artemis Web Console Justin Bertram
Linux kernel: stack-out-of-bounds in profile_pc 黄 晓
Re: Linux kernel: stack-out-of-bounds in profile_pc Greg KH
Saturday, 20 August
CVE-2022-34916: Apache Flume: Improper Input Validation (JNDI Injection) in JMSMessageConsumer Ralph Goers
Tuesday, 23 August
Security Advisory 2022-02 for PowerDNS Recursor up to and including 4.5.9, 4.6.2, 4.7.1 Otto Moerbeek
Multiple vulnerabilities in Jenkins plugins Wadeck Follonier
[SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676) VMware Security Response Center
Thursday, 25 August
Re: Linux Kernel use-after-free write in netfilter Solar Designer
Re: Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak Solar Designer
CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Joe Orton
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Alex Gaynor
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez
Linux kernel slab-out-of-bound read in bpf Hsin-Wei Hung
Friday, 26 August
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 John Helmert III
Re: Linux kernel slab-out-of-bound read in bpf Hsin-Wei Hung
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III
Monday, 29 August
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Demi Marie Obenour
CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability Thomas Monjalon
CVE-2022-2132: DPDK copy_desc_to_mbuf() Vhost header vulnerability Thomas Monjalon
N-day exploit for CVE-2022-2586: Linux kernel nft_object UAF Alejandro Guerrero
Tuesday, 30 August
CVE-2022-2663: Linux netfilter: nf_conntrack_irc message handling David Leadbeater
CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities Charles Fol
CVE-2022-37021: Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8. Kirk Lund
CVE-2022-37022: Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11 Kirk Lund
CVE-2022-37023: Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 Kirk Lund
Re: CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities Moritz Mühlenhoff
Re: Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow Salvatore Bonaccorso
[SECURITY ADVISORY] CVE-2022-35252: control code in cookie denial of service (curl) Daniel Stenberg
Thursday, 01 September
Re: CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities Roxana Bradescu
Re: CVE-2022-2663: Linux netfilter: nf_conntrack_irc message handling David Leadbeater
CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management Zhang Yonglun
ClusterLabs/PCS: [CVE-2022-2735] Obtaining an authentication token for hacluster user leads to privilege escalation. Tej Rathi
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez
CVE-2022-38054: Apache Airflow: Session Fixation Jedidiah Cunningham
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Demi Marie Obenour
Friday, 02 September
CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons Jedidiah Cunningham
Apache OFBiz - Server-Side Template Injection (CVE-2022-25813) Jacques Le Roux
Apache OFBiz - Regular Expression Denial of Service (ReDoS) (CVE-2022-29158) Jacques Le Roux
Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063) Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux
Apache OFBiz - Unauth Stored XSS (CVE-2022-25370) Jacques Le Roux
Re: Linux Kernel use-after-free write in netfilter Solar Designer
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez
JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0 Art Manion
Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons Seth Arnold
Saturday, 03 September
Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux
Monday, 05 September
CVE-2022-38369: Apache IoTDB: Login check vulnerability by session Id Haonan Hou
CVE-2022-38370: Apache IoTDB: No authorization of DatabaseConnectController in grafana-connector. Haonan Hou
Tuesday, 06 September
sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
Re: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability Joey
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Michael Orlitzky
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Seth Arnold
Wednesday, 07 September
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery
Thursday, 08 September
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux
Friday, 09 September
Linux kernel: information disclosure in stex_queuecommand_lck Xingyuan Mo
Vulnerability in Jenkins Daniel Beck
Sunday, 11 September
CVE-2022-39135: Apache Calcite: potential XEE attacks Ruben Q L
Re: CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow Solar Designer
Tuesday, 13 September
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 John Helmert III
Wednesday, 14 September
insufficiently protected D-Bus interface in KDiskMark 3.0.0 (CVE-2022-40673) Matthias Gerstner
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
Thursday, 15 September
Fwd: Node.js security updates for all active release lines, Month Year Vladimir de Turckheim
[kubernetes] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Pushkar Joglekar
Friday, 16 September
[kubernetes] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) Monis Khan
Monday, 19 September
Re: Linux kernel: information disclosure in stex_queuecommand_lck Xingyuan Mo
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009 Carlos Alberto Lopez Perez
CVE-2022-34917: Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers Manikumar
Tuesday, 20 September
CVE-2022-28220: STARTTLS command injection in Apache JAMES Benoit Tellier
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009 Carlos Alberto Lopez Perez
CVE-2022-40604: Apache Airflow: Format String Vulnerability Jedidiah Cunningham
CVE-2022-40754: Apache Airflow: Open Redirect Jedidiah Cunningham
Wednesday, 21 September
big ints in python: CVE-2020-10735 Georgi Guninski
Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons Jed Cunningham
ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178) Michał Kępień
Re: big ints in python: CVE-2020-10735 Demi Marie Obenour
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Thursday, 22 September
CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP Arnout Engelen
[CVE-2022-38398] Apache Batik information disclosure vulnerability Simon Steiner
[CVE-2022-40146] Apache Batik information disclosure vulnerability Simon Steiner
[CVE-2022-38648] Apache Batik information disclosure vulnerability Simon Steiner
CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC Arnout Engelen
CVE-2022-24280: Apache Pulsar Proxy target broker address isn't validated Lari Hotari
CVE-2022-33681: Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM Michael Marshall
CVE-2022-33682: Apache Pulsar: Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack Michael Marshall
CVE-2022-33683: Apache Pulsar: Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack Michael Marshall
Fwd: [Postponed] Node.js security updates for all active release lines, September 2022 Vladimir de Turckheim
Fwd: [ADVISORY] SQUID-2022:1 Exposure of Sensitive Information in Cache Manager Amos Jeffries
Fwd: [ADVISORY] SQUID-2022:2 Buffer Over Read in SSPI and SMB Authentication Amos Jeffries
Friday, 23 September
Fwd: Node.js security updates for all active release lines, September 2022 Vladimir de Turckheim
CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev Hyunwoo Kim
Saturday, 24 September
[Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev Hyunwoo Kim
Re: [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev Hyunwoo Kim
Tuesday, 27 September
CVE-2022-1941: Protobuf C++, Python DoS Ana Oprea
[SBA-ADV-20220328-01] CVE-2022-38335: Vtiger CRM 7.4.0 or below Stored Cross-Site Scripting SBA - Advisory
Wednesday, 28 September
CVE-2021-43980: Apache Tomcat: Information disclosure Mark Thomas