oss-sec: by date
RSS Feed
About List
All Lists
Previous period
284 messages
starting Apr 04 23 and
ending Jun 29 23
Date index |
Thread index |
Author index
Tuesday, 04 April
PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable Otto Moerbeek
Thursday, 06 April
[ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 Ilya Maximets
Re: [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 Ilya Maximets
Friday, 07 April
CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability Jarek Potiuk
CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution Jarek Potiuk
CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Jarek Potiuk
Monday, 10 April
CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Heping Wang
CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue Heping Wang
CVE-2023-27987: Apache Linkis gateway module token authentication bypass Heping Wang
CVE-2023-29215: Apache Linkis JDBC EngineCon has a deserialization command execution Heping Wang
CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution Heping Wang
CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux
Tuesday, 11 April
CVE-2017-11164 - stack exhaustion in PCRE Sevan Janiyan
CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang
CVE-2023-1281, CVE-2023-1829: Linux kernel: Vulnerabilities in the tcindex classifier valis
Wednesday, 12 April
Re: CVE-2017-11164 - stack exhaustion in PCRE Matthew Vernon
CVE-2022-45064: Apache Sling Engine: Include-based XSS Angela Schreiber
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Ghostscript CVE-2023-28879: "Shell in the Ghost" Alan Coopersmith
ncurses fixes upstream Jonathan Bar Or (JBO)
Thursday, 13 April
Re: ncurses fixes upstream Sam James
Re: ncurses fixes upstream alice
Re: Multiple vulnerabilities in Jenkins plugins Demi Marie Obenour
Re: ncurses fixes upstream Mark Esler
Re: Multiple vulnerabilities in Jenkins plugins Henri Salo
Friday, 14 April
Re: ncurses fixes upstream Tavis Ormandy
Saturday, 15 April
Re: ncurses fixes upstream Georgi Guninski
Re: ncurses fixes upstream Solar Designer
CVE-2023-22946: Apache Spark proxy-user privilege escalation from malicious configuration class Sean R. Owen
Sunday, 16 April
CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao
CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Jialin Qiao
CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Jakub Wilk
Monday, 17 April
CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Daniel Gaspar
CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role Daniel Gaspar
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer
Re: CVE-2023-28158: Apache Archiva privilege escalation Seth Arnold
Re: CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Seth Arnold
Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Seth Arnold
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold
Re: CVE-2022-45064: Apache Sling Engine: Include-based XSS Seth Arnold
Re: CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Seth Arnold
Re: CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Seth Arnold
Tuesday, 18 April
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li
Checking existence of firewalled web servers in Firefox via iframe.onload Georgi Guninski
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer
Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Stig Palmquist
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Fader
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold
CVE-2023-2124: OOB access in the Linux kernel's XFS subsystem Kyle Zeng
Wednesday, 19 April
Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file peacewong
[kubernetes] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password Vellore Rajakumar, Sri Saran Balaji
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution nightmare . yeah27
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux
Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Demi Marie Obenour
Re: Checking existence of firewalled URLs via javascript's script.onload Peter Philip Pettersson
Re: ncurses fixes upstream Carlos López
RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO)
Re: ncurses fixes upstream Solar Designer
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Hanno Böck
Thursday, 20 April
Re: Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso
Re: ncurses fixes upstream Tavis Ormandy
Re: Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Stefano Di Paola
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Klopper
Re: Checking existence of firewalled URLs via javascript's script.onload Jeremy Stanley
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Stefano Di Paola
CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication Arnout Engelen
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Jeffrey Walton
OpenSSL Security Advisory Tomas Mraz
CVE-2022-45801: Apache StreamPark (incubating): LDAP Injection Vulnerability Huajie Wang
CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Huajie Wang
CVE-2022-46365: Apache StreamPark (incubating): Logic error causing any account reset Huajie Wang
PostgreSQL and CREATEROLE permission Jeffrey Walton
Re: PostgreSQL and CREATEROLE permission Bernd Zeimetz
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso
Re: PostgreSQL and CREATEROLE permission Jeffrey Walton
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Matthew Fernandez
Friday, 21 April
Re: ncurses fixes upstream Sevan Janiyan
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Christian Heinrich
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003 Carlos Alberto Lopez Perez
Monday, 24 April
Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Georgi Guninski
CVE-2023-27524: Apache Superset: Session validation vulnerability when using provided default SECRET_KEY Daniel Gaspar
CVE-2023-30776: Apache Superset: Database connection password leak Daniel Gaspar
CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Andy Seaborne
Tuesday, 25 April
Xen Security Advisory 430 v2 (CVE-2022-42335) - x86 shadow paging arbitrary pointer dereference Xen . org security team
[ANNOUNCE] Git v2.40.1 and friends Junio C Hamano
Wednesday, 26 April
Warpinator: Remote file deletion vulnerability (CVE-2023-29380) Matthias Gerstner
Saturday, 29 April
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Stig Palmquist
Tuesday, 02 May
CVE-2023-32007: Apache Spark: Shell command injection via Spark UI Arnout Engelen
CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes Nick Vatamaniuc
Fwd: Retired X.Org Packages Alan Coopersmith
Wednesday, 03 May
Django: CVE-2023-31047 Potential bypass of validation when uploading multiple files using one form field Mariusz Felisiak
semi-public issues on (linux-)distros Solar Designer
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Jeffrey Walton
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Moritz Bechler
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Michael Orlitzky
Thursday, 04 May
Re: semi-public issues on (linux-)distros Johannes Segitz
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Sam Bull
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Alan Coopersmith
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Rainer Canavan
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler
CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions Madhan Neethiraj
CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso
Sunday, 07 May
CVE-2023-29247: Stored XSS on Apache Airflow Pierre Jeambrun
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules John Helmert III
CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender Robert Middleton
Monday, 08 May
CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution Wang Weibing
CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs Jarek Potiuk
Linux kernel io_uring out-of-bounds access to physical memory Tobias Holl
[CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory Piotr Krysiuk
Tuesday, 09 May
CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input Cathy Hu
Re: Linux kernel io_uring out-of-bounds access to physical memory Solar Designer
Wednesday, 10 May
Re: CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input Cathy Hu
New Linux kernel NetFilter flaw gives attackers root privileges Turritopsis Dohrnii Teo En Ming
Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer
Re: Linux kernel io_uring out-of-bounds access to physical memory Solar Designer
[OSSA-2023-003] cinder, glance_store, nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-2023-2088) Jeremy Stanley
Re: New Linux kernel NetFilter flaw gives attackers root privileges Piotr Krysiuk
Re: New Linux kernel NetFilter flaw gives attackers root privileges Thadeu Lima de Souza Cascardo
Re: New Linux kernel NetFilter flaw gives attackers root privileges Tobias Heider
Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer
Thursday, 11 May
Clarification on embargoed testing in a partner cloud Marc Deslauriers
Re: Clarification on embargoed testing in a partner cloud Marcus Meissner
Re: New Linux kernel NetFilter flaw gives attackers root privileges David Leadbeater
Re: New Linux kernel NetFilter flaw gives attackers root privileges Florian Weimer
CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash Maxim Solodovnik
CVE-2023-29032: Apache OpenMeetings: allows bypass authentication Maxim Solodovnik
CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection Maxim Solodovnik
Sunday, 14 May
Re: semi-public issues on (linux-)distros Solar Designer
Re: Clarification on embargoed testing in a partner cloud Solar Designer
Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Solar Designer
Monday, 15 May
linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition 蓝色的小羊
CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module Robert Munteanu
Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Greg KH
libcap-2.69 addresses 2 CVEs Andrew G. Morgan
Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory Piotr Krysiuk
Tuesday, 16 May
Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Zheng Hacker
Re: libcap-2.69 addresses 2 CVEs Solar Designer
Re: Clarification on embargoed testing in a partner cloud Marc Deslauriers
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Xen Security Advisory 431 v1 (CVE-2022-42336) - Mishandling of guest SSBD selection on AMD hardware Xen . org security team
curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check Daniel Stenberg
curl: CVE-2023-28320: siglongjmp race condition Daniel Stenberg
curl: CVE-2023-28321: IDN wildcard match Daniel Stenberg
curl: CVE-2023-28322: more POST-after-PUT confusion Daniel Stenberg
Wednesday, 17 May
CVE-2023-24805: RCE in cups-filters, beh CUPS backend Till Kamppeter
IPv6 and Route of Death Jeffrey Walton
Re: IPv6 and Route of Death Barry Greene
Re: IPv6 and Route of Death Solar Designer
Re: IPv6 and Route of Death Erik Auerswald
Thursday, 18 May
Re: IPv6 and Route of Death Andrew Worsley
Friday, 19 May
Re: IPv6 and Route of Death Dominique Martinet
Sunday, 21 May
CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks Charles Zhang
CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong Charles Zhang
CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications Charles Zhang
CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong Charles Zhang
CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources Charles Zhang
CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong Charles Zhang
CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users Charles Zhang
CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster Charles Zhang
CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes Charles Zhang
CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription Charles Zhang
CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster Charles Zhang
Monday, 22 May
CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Mark Thomas
c-ares multiple vulnerabilities: CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124 Brad House
Tuesday, 23 May
CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configuration function Rongtong Jin
Wednesday, 24 May
Re: Clarification on embargoed testing in a partner cloud Moritz Mühlenhoff
Re: Clarification on embargoed testing in a partner cloud Solar Designer
Fwd: Forthcoming OpenSSL Releases Solar Designer
Re: Clarification on embargoed testing in a partner cloud Anthony Liguori
Re: Clarification on embargoed testing in a partner cloud Jeremy Stanley
Re: Clarification on embargoed testing in a partner cloud Brian Behlendorf
Attestation, reproducible builds, and bootstrapping Ludovic Courtès
Thursday, 25 May
CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins Juan Pablo Santos Rodríguez
[kubernetes] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs Monis Khan
Friday, 26 May
CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration Elad Kalif
Monday, 29 May
Stack overflow in imagemagick coders/tiff.c Bastien Roucariès
CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs Marcus Eriksson
Re: Stack overflow in imagemagick coders/tiff.c Bastien Roucariès
Update CVE-2021-3610: ImageMagick Bastien Roucariès
Tuesday, 30 May
OpenSSL Security Advisory Tomas Mraz
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004 Carlos Alberto Lopez Perez
Thursday, 01 June
[vs] CVE-2023-32324 heap buffer overflow in cupsd Zdenek Dohnal
Monday, 05 June
RE: Update CVE-2021-3610 cpe_dictionary
Tuesday, 06 June
[SECURITY] CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths Michael Jumper
[SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper
LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 Qualys Security Advisory
Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour
Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper
Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua
Wednesday, 07 June
Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua
Thursday, 08 June
Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua
Re: Linux kernel: off-by-one in fl_set_geneve_opt Solar Designer
Saturday, 10 June
Solar Designer talk about 15 years of oss-security at SSTIC conference Yves-Alexis Perez
Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Katherine Mcmillan
Monday, 12 June
Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua
CVE-2023-34212: Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components David Handermann
CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2 David Handermann
Tuesday, 13 June
Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Georgi Guninski
Re: Stack overflow in imagemagick coders/tiff.c Salvatore Bonaccorso
Wednesday, 14 June
S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds Yasser Zamani
S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms Yasser Zamani
Fwd: Node.js security updates for all active release lines, June 2023 Rafael Silva
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Re: Stack overflow in imagemagick coders/tiff.c Bob Friesenhahn
CVE-2023-34095: cpdb-libs: Buffer overflows via scanf Till Kamppeter
RCE in acme.sh < 3.0.6 Jan Schaumann
Thursday, 15 June
CVE-2023-1672: race condition in Tang exposes private keys to other processes Brian McDermott
Fwd: [ANNOUNCE] X.Org Security Advisory: Sub-object overflows in libX11 Alan Coopersmith
Re: distros list archive Solar Designer
Friday, 16 June
Re: Linux kernel: off-by-one in fl_set_geneve_opt Salvatore Bonaccorso
Saturday, 17 June
Our learnings from 42 Linux kernel exploits, we are limiting io_uring Tamás Koczka
Sunday, 18 June
CVE-2023-35005: Apache Airflow: Information disclosure on configuration view Elad Kalif
Tuesday, 20 June
The AI chatgpt writes insecure code Georgi Guninski
Re: The AI chatgpt writes insecure code Petr Štetiar
Re: The AI chatgpt writes insecure code Georgi Guninski
CVE-2023-34340: Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials Christopher Tubbs
Re: The AI chatgpt writes insecure code Alan Coopersmith
CVE-2023-31975: memory leak in yasm Alan Coopersmith
Wednesday, 21 June
Re: The AI chatgpt writes insecure code Travis Biehn
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton
PAM/Kerberos issue on NetBSD Alistair Crooks
Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Solar Designer
Re: CVE-2023-31975: memory leak in yasm Dave Horsfall
ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-2828, CVE-2023-2911) Michał Kępień
Re: CVE-2023-31975: memory leak in yasm Alan Coopersmith
Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton
[kubernetes/kops] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode CJ Cullen
Re: PAM/Kerberos issue on NetBSD Taylor R Campbell
Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour
Re: CVE-2023-31975: memory leak in yasm Steve Grubb
Re: Re: PAM/Kerberos issue on NetBSD Russ Allbery
Thursday, 22 June
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton
CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal
Open Source Tool | MPT: Pentest In Action! Jyoti Raval
Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user Dominik Riemer
Re: CVE-2023-31975: memory leak in yasm Smith, Stewart
Friday, 23 June
Re: CVE-2023-31975: memory leak in yasm Stuart Henderson
Opinion: Governments don't want IT security, they want to have cyber weapons Georgi Guninski
Re: CVE-2023-31975: memory leak in yasm Hanno Böck
Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer
Re: Open Source Tool | MPT: Pentest In Action! Solar Designer
Re: Open Source Tool | MPT: Pentest In Action! Solar Designer
Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar
Re: CVE-2023-31975: memory leak in yasm Marcus Meissner
Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer
Re: Opinion: Governments don't want IT security, they want to have cyber weapons David A. Wheeler
Re: CVE-2023-31975: memory leak in yasm Jakub Wilk
Saturday, 24 June
Re: Opinion: Governments don't want IT security, they want to have cyber weapons cbf0001
CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet Ornaghi Davide - Betrusted
Re: CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet Peter Philip Pettersson
Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer
Monday, 26 June
Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal
CVE-2023-34395: Apache Airflow ODBC Provider: Remote code execution vulnerability Elad Kalif
CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability Elad Kalif
CVE-2023-35798: Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability Elad Kalif
Thursday, 29 June
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005 Carlos Alberto Lopez Perez