oss-sec: by author
273 messages
starting Nov 08 22 and
ending Nov 18 22
Date index |
Thread index |
Author index
Adam Reynolds
Re: CVE-2022-2602 - Linux kernel io_uring UAF Adam Reynolds (Nov 08)
Alan Coopersmith
Fwd: [ANNOUNCE] pixman release 0.42.2 now available Alan Coopersmith (Nov 04)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Alan Coopersmith (Dec 29)
Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Alan Coopersmith (Oct 12)
Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults Alan Coopersmith (Oct 17)
Albumen Kevin
CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Oct 18)
Alejandro Colomar
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Alejandro Colomar (Dec 28)
alex
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alex (Nov 01)
Alexey Dobriyan
[patch] proc.5: tell how to parse /proc/*/stat correctly Alexey Dobriyan (Dec 22)
Alex Gaynor
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 01)
Re: MySQL Cluster 8.0.30 overflow Alex Gaynor (Oct 03)
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 02)
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 02)
alice
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice (Nov 02)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice (Nov 02)
Andrea Cosentino
CVE-2022-45046: Apache Camel: LDAP Injection in Camel-LDAP Andrea Cosentino (Dec 05)
Andrzej Hajda
Security sensitive bug in the i915 kernel driver (CVE-2022-4139) Andrzej Hajda (Nov 30)
Arnout Engelen
CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal Arnout Engelen (Nov 29)
CVE-2022-45470: Apache Hama allows XSS and information disclosure Arnout Engelen (Nov 21)
CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability Arnout Engelen (Dec 16)
CVE-2022-46870: Apache Zeppelin: Stored XSS in note permissions Arnout Engelen (Dec 16)
CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code Arnout Engelen (Nov 14)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)
CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input Arnout Engelen (Dec 02)
Bob Beck
Re: Forthcoming OpenSSL Releases Bob Beck (Oct 29)
Re: Forthcoming OpenSSL Releases Bob Beck (Oct 31)
Brandon Perry
Re: Is third party javascript on a login page considered dangerous? Brandon Perry (Oct 31)
Brian Demers
CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers (Oct 12)
Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers (Oct 12)
butt3rflyh4ck
Linux kernel: net: mctp: A Use-After-Free bug in mctp_sk_unhash in net/mctp/af_mctp.c butt3rflyh4ck (Oct 22)
Re: Linux kernel: net: mctp: A Use-After-Free bug in mctp_sk_unhash in net/mctp/af_mctp.c butt3rflyh4ck (Nov 13)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010 Carlos Alberto Lopez Perez (Nov 04)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011 Carlos Alberto Lopez Perez (Dec 26)
Carlton Gibson
Django CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs Carlton Gibson (Oct 04)
Charalampos Maraziaris
Multiple vulnerabilities in Snipe-IT Charalampos Maraziaris (Dec 23)
Chris Down
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Chris Down (Oct 13)
Christian Heinrich
Re: Forthcoming OpenSSL Releases Christian Heinrich (Oct 30)
Colm O hEigeartaigh
CVE-2022-46363: Apache CXF directory listing / code exfiltration Colm O hEigeartaigh (Dec 13)
CVE-2022-46364: Apache CXF SSRF Vulnerability Colm O hEigeartaigh (Dec 13)
Damien Miller
Announce: OpenSSH 9.1 released Damien Miller (Oct 04)
Dan Haywood
CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties. Dan Haywood (Oct 19)
ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. Dan Haywood (Oct 19)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 19)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 15)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Dec 07)
Daniel Klco
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path Daniel Klco (Nov 02)
Daniel Stenberg
[SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl) Daniel Stenberg (Oct 25)
[SECURITY ADVISORY] CVE-2022-35260: .netrc parser out-of-bounds access (curl) Daniel Stenberg (Oct 25)
curl: CVE-2022-43552: HTTP Proxy deny use-after-free Daniel Stenberg (Dec 20)
curl: CVE-2022-43551: Another HSTS bypass via IDN Daniel Stenberg (Dec 20)
[SECURITY ADVISORY] CVE-2022-42915: HTTP proxy double-free (curl) Daniel Stenberg (Oct 25)
[SECURITY ADVISORY] CVE-2022-32221: POST following PUT confusion (curl) Daniel Stenberg (Oct 25)
Dan Smith
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith (Oct 24)
Dave Horsfall
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Dave Horsfall (Nov 01)
David A. Wheeler
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly David A. Wheeler (Dec 29)
David Bouman
Re: CVE-2022-2602 - Linux kernel io_uring UAF David Bouman (Oct 19)
David Laight
RE: [patch] proc.5: tell how to parse /proc/*/stat correctly David Laight (Dec 31)
David Leadbeater
CVE-2022-45063: xterm <375 code execution via font ops David Leadbeater (Nov 10)
CVE-2022-4170: rxvt-unicode code execution via background OSC David Leadbeater (Dec 05)
David Smiley
Apache Solr is vulnerable to CVE-2022-39135 via /sql handler David Smiley (Nov 21)
Demi Marie Obenour
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
Re: Forthcoming OpenSSL Releases Demi Marie Obenour (Oct 29)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
Re: [Linux] /proc/pid/stat parsing bugs Demi Marie Obenour (Dec 21)
Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Demi Marie Obenour (Oct 29)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour (Dec 29)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 03)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour (Dec 28)
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
Re: CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Demi Marie Obenour (Nov 04)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour (Dec 28)
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Demi Marie Obenour (Oct 13)
Dmitry Vyukov
[Linux] /proc/pid/stat parsing bugs Dmitry Vyukov (Dec 21)
Re: [Linux] /proc/pid/stat parsing bugs Dmitry Vyukov (Dec 21)
Dokyung Song
CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Dokyung Song (Oct 29)
Dominik Czarnota
Re: [Linux] /proc/pid/stat parsing bugs Dominik Czarnota (Dec 25)
Dominique Martinet
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Dominique Martinet (Dec 22)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Dominique Martinet (Dec 22)
Dr Paul Dale
Re: Forthcoming OpenSSL Bug Fix Release Dr Paul Dale (Oct 27)
Enrico Olivelli
CVE-2022-32531: Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification Enrico Olivelli (Dec 15)
Eric Biggers
Re: Details on this supposed Linux Kernel ksmbd RCE Eric Biggers (Dec 23)
Erin Shepherd
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Erin Shepherd (Nov 01)
Evgeny Legerov
MySQL Cluster 8.0.30 overflow Evgeny Legerov (Oct 03)
Gary D. Gregory
CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing Gary D. Gregory (Nov 04)
CVE-2021-37533: Apache Commons Net's FTP client trusts the host from PASV response by default Gary D. Gregory (Dec 03)
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults Gary D. Gregory (Oct 13)
Georgi Guninski
Re: Forthcoming OpenSSL Releases Georgi Guninski (Oct 27)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Oct 13)
Is third party javascript on a login page considered dangerous? Georgi Guninski (Oct 31)
Gerald Lee
Re: Linux Kernel: usb: A use-after-free Write in put_dev Gerald Lee (Dec 14)
Linux Kernel: usb: A use-after-free Write in put_dev Gerald Lee (Dec 13)
Greg KH
Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 23)
Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 22)
Hanno Böck
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Hanno Böck (Nov 02)
Directory traversal in sharutils/uudecode and python uu module Hanno Böck (Dec 21)
Haonan Hou
CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP Haonan Hou (Oct 26)
Ilya Maximets
Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets (Dec 20)
[ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets (Dec 20)
Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets (Dec 21)
Imre Rad
android debug bridge (adb) reverse connection and directory traversal Imre Rad (Oct 25)
Ing. Martin Koci, MBA
Forthcoming OpenSSL Releases Ing. Martin Koci, MBA (Oct 25)
Forthcoming OpenSSL Bug Fix Release Ing. Martin Koci, MBA (Oct 25)
Jakub Wilk
Re: [Linux] /proc/pid/stat parsing bugs Jakub Wilk (Dec 22)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jakub Wilk (Dec 30)
Jan Engelhardt
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jan Engelhardt (Dec 28)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jan Engelhardt (Dec 22)
Re: Is third party javascript on a login page considered dangerous? Jan Engelhardt (Nov 01)
Jan Schaumann
Re: Details on this supposed Linux Kernel ksmbd RCE Jan Schaumann (Dec 22)
Re: Fwd: Node.js security updates for all active release lines, November 2022 Jan Schaumann (Nov 02)
Jarek Potiuk
CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection Jarek Potiuk (Nov 21)
CVE-2022-40189: Apache Airlfow Pig Provider RCE Jarek Potiuk (Nov 21)
CVE-2022-46421: Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params Jarek Potiuk (Dec 20)
CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example Jarek Potiuk (Nov 14)
CVE-2022-41131: Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) Jarek Potiuk (Nov 21)
CVE-2022-27949: Apache Airflow: sensitive values in rendered template Jarek Potiuk (Nov 14)
CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files Jarek Potiuk (Nov 21)
Jean-Baptiste Onofré
CVE-2022-40145: Apache Karaf: JDBC JAAS LDAP injection Jean-Baptiste Onofré (Dec 21)
Jedidiah Cunningham
CVE-2022-45402: Apache Airflow: Open redirect during login Jedidiah Cunningham (Nov 15)
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham (Nov 01)
CVE-2022-43985: Apache Airflow: Open Redirect Jedidiah Cunningham (Nov 01)
CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated Jedidiah Cunningham (Oct 04)
Jeffrey Walton
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jeffrey Walton (Dec 29)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Jeffrey Walton (Nov 01)
Re: Details on this supposed Linux Kernel ksmbd RCE Jeffrey Walton (Dec 23)
Jiajie Zhong
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal Jiajie Zhong (Nov 01)
CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability Jiajie Zhong (Nov 23)
John Helmert III
Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing John Helmert III (Nov 07)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) John Helmert III (Nov 03)
Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing John Helmert III (Nov 04)
Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake John Helmert III (Dec 15)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 30)
Re: CVE-2022-4170: rxvt-unicode code execution via background OSC John Helmert III (Dec 08)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 31)
Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) John Helmert III (Dec 20)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly John Helmert III (Dec 28)
John Smith
Re: CVE-2022-2602 - Linux kernel io_uring UAF John Smith (Nov 07)
Josh Bressers
Details on this supposed Linux Kernel ksmbd RCE Josh Bressers (Dec 22)
Josh Fischer
CVE-2021-42010: Apache Heron (Incubating): CRLF log injection Josh Fischer (Oct 23)
Juergen Gross
Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Juergen Gross (Dec 08)
Julien Pivotto
Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Julien Pivotto (Nov 29)
CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Julien Pivotto (Nov 29)
Junkai Xue
CVE-2022-47500: Apache Helix: Open redirect Junkai Xue (Dec 16)
Kurt H Maier
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 02)
Kyle Zeng
CVE-2022-4378: Linux kernel stack-based buffer overflow Kyle Zeng (Dec 09)
Larry Cashdollar
CreativeDream software arbitrary file upload Larry Cashdollar (Oct 03)
Lyndon Nerenberg (VE7TFX/VE6BBM)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Lyndon Nerenberg (VE7TFX/VE6BBM) (Dec 28)
Madhan Neethiraj
CVE-2022-34271: Apache Atlas: zip path traversal in import functionality Madhan Neethiraj (Dec 14)
Marc Deslauriers
Re: X.Org Security Advisory: multiple security issues in X server extensions Marc Deslauriers (Dec 14)
Marcus Meissner
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 31)
Various Linux Kernel WLAN security issues (RCE/DOS) found Marcus Meissner (Oct 13)
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
Mark Thomas
CVE-2022-42252: Apache Tomcat - Request Smuggling Mark Thomas (Oct 31)
Markus Koschany
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Markus Koschany (Oct 18)
Markus Schuch
CVE-2022-45910: Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities Markus Schuch (Dec 06)
Matan Giladi
RE: Forthcoming OpenSSL Bug Fix Release Matan Giladi (Oct 26)
Matthias Gerstner
systemd-coredump: CVE-2022-4415: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting Matthias Gerstner (Dec 21)
ceph: ceph-crash.service allows local ceph user to root exploit (CVE-2022-3650) Matthias Gerstner (Oct 25)
Warpinator remote file creation / overwrite security issue (CVE-2022-42725) Matthias Gerstner (Oct 24)
Matthieu Herrb
Re: CVE-2022-45063: xterm <375 code execution via font ops Matthieu Herrb (Nov 10)
Michael Marshall
CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack Michael Marshall (Nov 03)
Neal H. Walfield
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Neal H. Walfield (Nov 03)
Nicola Tuveri
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Nicola Tuveri (Nov 03)
Olivier Lamy
CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories Olivier Lamy (Nov 15)
CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files Olivier Lamy (Nov 15)
Paolo Perego
Multiple vulnerabilities affecting UYUNI/SUSE Manager Paolo Perego (Nov 04)
Pavan Maddamsetti
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Pavan Maddamsetti (Nov 01)
peacewong
CVE-2022-39944: The Apache Linkis JDBC EngineConn module has a RCE Vulnerability peacewong (Oct 26)
Peter Davies
ISC has disclosed two vulnerabilities in ISC DHCP (CVE-2022-2928, CVE-2022-2929) Peter Davies (Oct 05)
Peter Hutterer
X.Org Security Advisory: multiple security issues in X server extensions Peter Hutterer (Dec 14)
Pratyush Yadav
Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Pratyush Yadav (Dec 08)
Qualys Security Advisory
Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) Qualys Security Advisory (Oct 24)
Re: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) Qualys Security Advisory (Nov 30)
Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) Qualys Security Advisory (Nov 30)
Rafael Correa De Ysasi
Linux Kernel: UAF in Bluetooth L2CAP Handshake Rafael Correa De Ysasi (Dec 14)
Linux Kernel: Infoleak in Bluetooth L2CAP Handling Rafael Correa De Ysasi (Dec 14)
Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Rafael Correa De Ysasi (Dec 15)
Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling Rafael Correa De Ysasi (Dec 15)
Rakesh Pandit
OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0003 Rakesh Pandit (Oct 31)
Richard Eckart de Castilho
CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives Richard Eckart de Castilho (Nov 03)
Rob Vesse
CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB Rob Vesse (Nov 14)
Ross Lagerwall
Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Ross Lagerwall (Dec 09)
Roxana Bradescu
Re: Forthcoming OpenSSL Releases Roxana Bradescu (Oct 28)
Salvatore Bonaccorso
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Salvatore Bonaccorso (Dec 29)
Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Salvatore Bonaccorso (Dec 14)
Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling Salvatore Bonaccorso (Dec 14)
Sam James
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
Sasha Levin
Re: Details on this supposed Linux Kernel ksmbd RCE Sasha Levin (Dec 23)
Sean R. Owen
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript Sean R. Owen (Nov 01)
Shawn Webb
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 22)
Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 21)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
Re: Forthcoming OpenSSL Releases Shawn Webb (Oct 26)
Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 22)
ShunFeng Cai
CVE-2022-26885: Apache DolphinScheduler config file read by task risk ShunFeng Cai (Nov 24)
CVE-2022-26884: Apache DolphinScheduler exposes files without authentication ShunFeng Cai (Oct 28)
Simon McVittie
Re: [Linux] /proc/pid/stat parsing bugs Simon McVittie (Dec 23)
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
Simon Steiner
[CVE-2022-41704] Apache Batik information disclosure vulnerability Simon Steiner (Oct 25)
[CVE-2022-42890] Apache Batik information disclosure vulnerability Simon Steiner (Oct 25)
Solar Designer
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer (Dec 22)
Re: Is third party javascript on a login page considered dangerous? Solar Designer (Nov 01)
Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Solar Designer (Nov 29)
OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Solar Designer (Nov 01)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer (Dec 31)
Sönke Huster
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster (Oct 13)
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster (Oct 13)
soyjuanarbol () gmail com
Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 02)
Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 04)
Stefan Bodewig
CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Stefan Bodewig (Nov 04)
CVE-2022-37866: Apache Ivy: Ivy Path traversal Stefan Bodewig (Nov 04)
Steffen Nurpmeso
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 29)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 28)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 22)
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso (Nov 02)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso (Nov 03)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 29)
Tavis Ormandy
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 03)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 02)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 02)
Taylor Blau
Git 2.38.1 and others for CVE-2022-39253, and CVE-2022-39260 Taylor Blau (Oct 18)
Thadeu Lima de Souza Cascardo
Re: CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo (Oct 27)
CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo (Oct 18)
Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c Thadeu Lima de Souza Cascardo (Nov 21)
Theodore Ts'o
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Theodore Ts'o (Dec 29)
Thomas Wolf
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability Thomas Wolf (Nov 15)
Tim Allclair
[kubernetes] CVE-2022-3294: Node address isn't always verified when proxying Tim Allclair (Nov 10)
[kubernetes] CVE-2022-3162: Unauthorized read of Custom Resources Tim Allclair (Nov 10)
Weijie Wu
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC Weijie Wu (Nov 01)
CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass Weijie Wu (Dec 22)
Will
CVE-2022-4543: KASLR Leakage Achievable even with KPTI through Prefetch Side-Channel Will (Dec 16)
Xen . org security team
Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues Xen . org security team (Nov 10)
Xen Security Advisory 411 v3 (CVE-2022-33748) - lock order inversion in transitive grant copy handling Xen . org security team (Oct 11)
Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues Xen . org security team (Nov 08)
Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31 bit integer truncation issues Xen . org security team (Nov 01)
Xen Security Advisory 421 v2 (CVE-2022-42325,CVE-2022-42326) - Xenstore: Guests can create arbitrary number of nodes via transactions Xen . org security team (Nov 01)
Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS Xen . org security team (Oct 11)
Xen Security Advisory 417 v2 (CVE-2022-42320) - Xenstore: Guests can get access to Xenstore nodes of deleted domains Xen . org security team (Nov 01)
Xen Security Advisory 410 v3 (CVE-2022-33746) - P2M pool freeing may take excessively long Xen . org security team (Oct 11)
Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Xen . org security team (Dec 06)
Xen Security Advisory 415 v2 (CVE-2022-42310) - Xenstore: Guests can create orphaned Xenstore nodes Xen . org security team (Nov 01)
Xen Security Advisory 412 v2 (CVE-2022-42327) - x86: unintended memory sharing between guests Xen . org security team (Nov 01)
Xen Security Advisory 419 v2 (CVE-2022-42322,CVE-2022-42323) - Xenstore: Cooperating guests can create arbitrary numbers of nodes Xen . org security team (Nov 01)
Xen Security Advisory 416 v2 (CVE-2022-42319) - Xenstore: Guests can cause Xenstore to not free temporary memory Xen . org security team (Nov 01)
Xen Security Advisory 423 v1 (CVE-2022-3643) - Guests can trigger NIC interface reset/abort/crash via netback Xen . org security team (Dec 06)
Xen Security Advisory 409 v3 (CVE-2022-33747) - Arm: unbounded memory consumption for 2nd-level page tables Xen . org security team (Oct 11)
Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored Xen . org security team (Nov 01)
Xen Security Advisory 423 v2 (CVE-2022-3643) - Guests can trigger NIC interface reset/abort/crash via netback Xen . org security team (Dec 07)
Xen Security Advisory 418 v2 (CVE-2022-42321) - Xenstore: Guests can crash xenstored via exhausting the stack Xen . org security team (Nov 01)
Xiaoxiang Yu
CVE-2022-43396: Apache Kylin: Command injection by Useless configuration Xiaoxiang Yu (Dec 30)
CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller Xiaoxiang Yu (Dec 30)
CVE-2022-24697: Apache Kylin: Command injection exists when the configuration overwrites function overwrites system parameters Xiaoxiang Yu (Oct 11)
Xingyuan Mo
Re: Linux kernel: use-after-free in io_sqpoll_wait_sq Xingyuan Mo (Dec 27)
CVE-2022-4379: Linux kernel: use-after-free in __nfs42_ssc_open Xingyuan Mo (Dec 14)
Linux kernel: use-after-free in io_sqpoll_wait_sq Xingyuan Mo (Dec 22)
Yann Droneaud
Re: [Linux] /proc/pid/stat parsing bugs Yann Droneaud (Dec 21)
Zheng Hacker
Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c Zheng Hacker (Nov 18)