oss-sec: by author
RSS Feed
About List
All Lists
Previous period
293 messages
starting Sep 02 24 and
ending Sep 26 24
Date index |
Thread index |
Author index
2639161967
Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() 2639161967 (Sep 02)
Abhishek Kumar
[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion Abhishek Kumar (Jul 19)
[ANNOUNCE] Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2 Abhishek Kumar (Jul 05)
Adrian Perez de Castro
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0004 Adrian Perez de Castro (Aug 16)
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005 Adrian Perez de Castro (Sep 25)
Aki Tuomi
Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message Aki Tuomi (Aug 15)
Dovecot CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive Aki Tuomi (Aug 15)
Alan Coopersmith
GNU C Library version 2.40 released with 5 CVE fixes Alan Coopersmith (Jul 22)
Go 1.23.1 and Go 1.22.7 released with 3 security fixes Alan Coopersmith (Sep 05)
CVE-2024-3596: RADIUS/UDP vulnerable to improved MD5 collision attack Alan Coopersmith (Jul 09)
CPython CVE-2024-6923: Email header injection due to unquoted newlines Alan Coopersmith (Aug 01)
Fwd: [Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection Alan Coopersmith (Jul 29)
libpcap 1.10.5 released with two security fixes Alan Coopersmith (Sep 06)
Unbound 1.21.0 released with multiple security fixes Alan Coopersmith (Aug 16)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Alan Coopersmith (Jul 10)
CPython: [CVE-2024-6232] Regular-expression DoS when parsing TarFile headers Alan Coopersmith (Sep 03)
CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Alan Coopersmith (Aug 22)
Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20 Alan Coopersmith (Sep 07)
Re: CUPS printing system vulnerabilities Alan Coopersmith (Sep 26)
Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Alan Coopersmith (Jul 26)
GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Alan Coopersmith (Jul 26)
Aleksa Sarai
CVE-2024-45310: runc can be tricked into creating empty files/directories on host Aleksa Sarai (Sep 02)
Re: CVE-2024-45310: runc can be tricked into creating empty files/directories on host Aleksa Sarai (Sep 04)
Alexander Patrakov
backtrace_symbols() misuse by Ceph and its supposedly-safe use Alexander Patrakov (Jul 12)
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Alexander Patrakov (Sep 27)
Alex Gaynor
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Alex Gaynor (Aug 06)
Alfredo Ortega
Re: AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) Alfredo Ortega (Aug 17)
Andreas Stieger
gh:facebook/rocksdb v9.5.2 - SupplyChainAttackPoC for Meta BB Andreas Stieger (Aug 22)
Andrew Lamb
CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Andrew Lamb (Jul 23)
Andrii Polkovnychenko [EXT]
Python Infrastructure Admin Token Leaked Through Docker Hub Andrii Polkovnychenko [EXT] (Jul 17)
Andri Yngvason
Neat VNC Security Vulnerability Andri Yngvason (Aug 01)
Re: Neat VNC Security Vulnerability Andri Yngvason (Aug 02)
Aram Sargsyan
ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076) Aram Sargsyan (Jul 23)
Arnout Engelen
CVE-2024-41909: Apache MINA SSHD: integrity check bypass Arnout Engelen (Aug 12)
Bob Friesenhahn
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Bob Friesenhahn (Aug 07)
Brian Rosmaita
[OSSA-2024-003] OpenStack Ironic: Unvalidated image data passed to qemu-img (CVE-2024-44082) Brian Rosmaita (Sep 04)
Chad Sheridan
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Chad Sheridan (Aug 07)
Chao Gong
CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml Chao Gong (Sep 21)
Charles Zhang
CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability Charles Zhang (Aug 02)
Christian Brabandt
[vim-security] heap-buffer-overflow in Vim > 9.1.0038 && < 9.1.0707 Christian Brabandt (Aug 31)
[vim-security] double-free in dialog_changed() in Vim < v9.1.0648 Christian Brabandt (Aug 01)
[vim-security] heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 Christian Brabandt (Aug 25)
[vim-security] use-after-free in alist_add() in Vim < v9.1.0678 Christian Brabandt (Aug 15)
[vim-security] use-after-free in tagstack_clear_entry() in Vim < v9.1.0647 Christian Brabandt (Aug 01)
[vim-security] heap-buffer-overflow in do_search() in Vim < 9.1.0689 Christian Brabandt (Aug 22)
Christian Fischer
Re: Announce: OpenSSH 9.8 released Christian Fischer (Jul 03)
Christian Hoffmann
CVE-2024-7012, CVE-2024-7923: Authentication bypass in Foreman & Pulpcore Christian Hoffmann (Sep 06)
Clemens Lang
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 08)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 06)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang (Aug 08)
Colm O hEigeartaigh
CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE Colm O hEigeartaigh (Jul 18)
CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients Colm O hEigeartaigh (Jul 18)
CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter Colm O hEigeartaigh (Jul 18)
Craig Ingram
[kubernetes] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass Craig Ingram (Aug 16)
[kubernetes] CVE-2024-5321: Incorrect permissions on Windows containers logs Craig Ingram (Jul 17)
Damien Miller
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Damien Miller (Jul 09)
Announce: OpenSSH 9.8 released Damien Miller (Jul 01)
Re: Announce: OpenSSH 9.8 released (fwd) Damien Miller (Jul 01)
Dane Bouchie
RE: Neat VNC Security Vulnerability Dane Bouchie (Aug 02)
RE: Neat VNC Security Vulnerability Dane Bouchie (Aug 02)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Aug 07)
Daniel Gaspar
CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar (Jul 16)
Daniel Stenberg
[SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str Daniel Stenberg (Jul 23)
[SECURITY ADVISORY] curl: CVE-2024-8096: OCSP stapling bypass with GnuTLS Daniel Stenberg (Sep 10)
[SECURITY ADVISORY] curl: CVE-2024-6874: macidn punycode buffer overread Daniel Stenberg (Jul 23)
[SECURITY ADVISORY] curl: CVE-2024-7264 ASN.1 date parser overread Daniel Stenberg (Jul 31)
Dan Kegel
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Dan Kegel (Aug 07)
David A. Wheeler
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 08)
AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) David A. Wheeler (Aug 16)
Re: AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) David A. Wheeler (Aug 19)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 11)
David Gstir
CVE-2024-45751: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92 David Gstir (Sep 07)
David Handermann
CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description David Handermann (Jul 07)
David M. Johnson
CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode David M. Johnson (Jul 25)
Demi Marie Obenour
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 07)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 08)
Re: linux-distros application for CentOS Project's Hyperscale SIG Demi Marie Obenour (Jul 10)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 06)
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Demi Marie Obenour (Sep 25)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour (Aug 06)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Demi Marie Obenour (Jul 14)
Re: [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str Demi Marie Obenour (Jul 24)
Dimitrios Glynos
CVE-2024-6655 Library injection from CWD in GTK-2/GTK-3 Dimitrios Glynos (Sep 09)
Dominik Riemer
CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload Dominik Riemer (Jul 16)
CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process Dominik Riemer (Jul 16)
CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts Dominik Riemer (Jul 16)
Dominique Martinet
Re: Announce: OpenSSH 9.8 released Dominique Martinet (Jul 02)
Duncan Grisby
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Duncan Grisby (Aug 08)
Enxin Xie
CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use Enxin Xie (Aug 09)
CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link Enxin Xie (Aug 09)
CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Enxin Xie (Sep 25)
Ephraim Anierobi
CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes Ephraim Anierobi (Sep 06)
CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability Ephraim Anierobi (Jul 16)
CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler Ephraim Anierobi (Jul 16)
CVE-2024-45498: Apache Airflow: Command Injection in an example DAG Ephraim Anierobi (Sep 06)
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link Ephraim Anierobi (Aug 21)
Eric Covener
CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions Eric Covener (Aug 26)
CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution Eric Covener (Jul 01)
CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 Eric Covener (Jul 01)
CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request Eric Covener (Jul 01)
CVE-2024-38473: Apache HTTP Server proxy encoding problem Eric Covener (Jul 01)
CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener (Jul 03)
CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. Eric Covener (Jul 01)
CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect Eric Covener (Jul 01)
CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF Eric Covener (Jul 01)
CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences Eric Covener (Jul 01)
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows Eric Covener (Jul 17)
CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener (Jul 17)
Fabian Bäumer
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Fabian Bäumer (Sep 26)
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Fabian Bäumer (Sep 27)
Fay Stegerman
Re: CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Fay Stegerman (Aug 23)
Re: CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Fay Stegerman (Aug 23)
Re: CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Fay Stegerman (Aug 22)
Florian Weimer
Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Florian Weimer (Jul 29)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Florian Weimer (Jul 08)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Florian Weimer (Jul 08)
Francesco Chicchiriccò
CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields Francesco Chicchiriccò (Jul 22)
Goldberg, Adam
RE: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Goldberg, Adam (Sep 25)
Greg Kroah-Hartman
Re: List linux CVEs for a given stable release? Greg Kroah-Hartman (Sep 27)
Hanno Böck
Re: CPython CVE-2024-6923: Email header injection due to unquoted newlines Hanno Böck (Aug 01)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Hanno Böck (Aug 15)
Haonan Hou
CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL) Haonan Hou (Aug 05)
Heping Wang
CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in apache Linkis 1.4.0 Heping Wang (Jul 13)
CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability Heping Wang (Aug 02)
CVE-2023-49566: Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability Heping Wang (Jul 13)
CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability Heping Wang (Sep 24)
CVE-2023-41916: Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading Heping Wang (Jul 13)
CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability Heping Wang (Aug 02)
Huajie Wang
CVE-2023-52290: Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability Huajie Wang (Jul 15)
CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability Huajie Wang (Jul 18)
CVE-2024-29070: Apache StreamPark: session not invalidated after logout Huajie Wang (Jul 22)
CVE-2024-29120: Apache StreamPark: Information leakage vulnerability Huajie Wang (Jul 17)
CVE-2024-34457: Apache StreamPark IDOR Vulnerability Huajie Wang (Jul 22)
CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution Huajie Wang (Jul 17)
CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution Huajie Wang (Jul 17)
Jacob Bachmeyer
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Jacob Bachmeyer (Jul 04)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 14)
Re: backtrace_symbols() misuse by Ceph and its supposedly-safe use Jacob Bachmeyer (Jul 13)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 19)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 17)
Re: collision confounders (was: feedback requested regarding deprecation of TLS 1.0/1.1) Jacob Bachmeyer (Aug 16)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 15)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 16)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Jacob Bachmeyer (Jul 02)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 13)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 09)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer (Aug 20)
Jacques Le Roux
CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing) Jacques Le Roux (Sep 03)
CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code Jacques Le Roux (Aug 04)
CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE Jacques Le Roux (Sep 03)
James Turton
CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader James Turton (Jul 24)
Jan Engelhardt
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jan Engelhardt (Aug 06)
Jarek Potiuk
CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow Jarek Potiuk (Aug 04)
Jeffrey Walton
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton (Aug 07)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Jeffrey Walton (Jul 03)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton (Aug 08)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton (Aug 16)
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Jeffrey Walton (Sep 25)
Jens Timmerman
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Jens Timmerman (Aug 09)
Jeremy Stanley
[OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767) Jeremy Stanley (Jul 23)
[OSSA-2024-001] OpenStack Cinder, Glance, Nova: Arbitrary file access through custom QCOW2 external data (CVE-2024-32498) Jeremy Stanley (Jul 02)
Joel GUITTET
CVE-2024-42154: Linux kernel: tcp_metrics: validate source addr length Joel GUITTET (Sep 24)
John Haxby
inux kernel: virtio-net host dos John Haxby (Jul 24)
Jonathan Wright
Re: linux-distros application for CentOS Project's Hyperscale SIG Jonathan Wright (Jul 15)
Jun Gao
CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass Jun Gao (Jul 30)
CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability Jun Gao (Aug 21)
Junkai Xue
CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded secret in the express-session Junkai Xue (Aug 20)
jvoisin
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems jvoisin (Jul 01)
Karan Kumar
CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack Karan Kumar (Sep 17)
CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list Karan Kumar (Sep 17)
KoreLogic Disclosures
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal KoreLogic Disclosures (Aug 08)
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting KoreLogic Disclosures (Aug 08)
LinkinStar
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses LinkinStar (Sep 26)
Marco Moock
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock (Aug 06)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock (Aug 06)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock (Aug 07)
Mark Esler
Re: linux-distros application for CentOS Project's Hyperscale SIG Mark Esler (Jul 10)
Re: CUPS printing system vulnerabilities Mark Esler (Sep 26)
Re: Tracking down a lost CVE request (MITRE) Mark Esler (Aug 14)
Mark Thomas
CVE-2024-46544: Apache Tomcat Connectors: mod_jk: local users can view and modify configuration Mark Thomas (Sep 23)
CVE-2024-38286: Apache Tomcat: Denial of Service Mark Thomas (Sep 23)
Martin Tzvetanov Grigorov
CVE-2024-36522: Apache Wicket: Remote code execution via XSLT injection Martin Tzvetanov Grigorov (Jul 12)
Martin Weinelt
CVE-2024-39844: ZNC modtcl RCE Martin Weinelt (Jul 03)
Masakazu Kitajo
[ANNOUNCE] Apache Traffic Server is vulnerable to request smuggling and DoS Masakazu Kitajo (Jul 25)
Mathias Krause
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Mathias Krause (Jul 01)
Matthias Gerstner
Performance Co-Pilot (PCP): pmcd network daemon security issues and review results (CVE-2024-45769), (CVE-2024-45770) Matthias Gerstner (Sep 20)
Maxim Suhanov
CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver Maxim Suhanov (Jul 03)
Michael Ellerman
Re: Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() Michael Ellerman (Sep 06)
Michael Orlitzky
Tracking down a lost CVE request (MITRE) Michael Orlitzky (Aug 06)
Re: Tracking down a lost CVE request (MITRE) Michael Orlitzky (Aug 14)
Michael Sweet
Re: CUPS printing system vulnerabilities Michael Sweet (Sep 26)
Michel Lind
Re: linux-distros application for CentOS Project's Hyperscale SIG Michel Lind (Jul 23)
Re: linux-distros application for CentOS Project's Hyperscale SIG Michel Lind (Jul 11)
linux-distros application for CentOS Project's Hyperscale SIG Michel Lind (Jul 10)
Mickaël Salaün
Landlock Houdini fix: CVE-2024-42318 Mickaël Salaün (Aug 17)
Landlock news #4 Mickaël Salaün (Jul 16)
Mike O'Connor
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Mike O'Connor (Aug 14)
Re: CVE-2024-45310: runc can be tricked into creating empty files/directories on host Mike O'Connor (Sep 03)
Min Ji
CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji (Sep 11)
Natalia Bidart
Django CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 Natalia Bidart (Jul 09)
Django CVE-2024-45230 and CVE-2024-45231 Natalia Bidart (Sep 03)
Neil Hanlon
Re: linux-distros application for CentOS Project's Hyperscale SIG Neil Hanlon (Jul 11)
Neil Horman
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman (Aug 07)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman (Aug 06)
feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman (Aug 06)
Nick Tait
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Nick Tait (Jul 10)
niekt0
Re: feedback requested regarding deprecation of TLS 1.0/1.1 niekt0 (Aug 07)
Pat Gunn
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn (Aug 14)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn (Aug 07)
Pete Allor
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Pete Allor (Jul 10)
Peter Gutmann
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann (Aug 18)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann (Aug 15)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann (Aug 09)
Pietro Albini
CVE-2024-43402: Rust before 1.81.0 didn't fully fix argument escaping for batch files Pietro Albini (Sep 04)
Qualys Security Advisory
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Qualys Security Advisory (Jul 03)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Qualys Security Advisory (Jul 03)
CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Qualys Security Advisory (Jul 01)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Qualys Security Advisory (Jul 03)
Robert Muir
CVE-2024-45772: Apache Lucene Replicator: Deserialization of Untrusted Data Robert Muir (Sep 28)
Rohit Yadav
CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access Rohit Yadav (Aug 06)
CVE-2024-42062: Apache CloudStack: User Key Exposure to Domain Admins Rohit Yadav (Aug 06)
CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion Rohit Yadav (Jul 19)
Rongtong Jin
CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data Rongtong Jin (Jul 22)
Salvatore Bonaccorso
Re: linux kernel: virtio-net host dos Salvatore Bonaccorso (Jul 27)
Re: Neat VNC Security Vulnerability Salvatore Bonaccorso (Aug 03)
Sam Bull
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Sam Bull (Sep 27)
Samuel Verschelde
Heads-up: there are two versions of Intel microcode update IPU 2024.3 Samuel Verschelde (Aug 16)
Sandipan Roy
Re: CVE-2024-42154: Linux kernel: tcp_metrics: validate source addr length Sandipan Roy (Sep 25)
Sarah Boyce
Django CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 Sarah Boyce (Aug 06)
Sergei G
Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05) Sergei G (Sep 04)
Shilun Fan
CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure Shilun Fan (Sep 24)
ShunFeng Cai
CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution Vulnerability ShunFeng Cai (Aug 20)
CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution ShunFeng Cai (Aug 09)
CVE-2024-30188: Apache DolphinScheduler: Resource File Read And Write Vulnerability ShunFeng Cai (Aug 09)
Simon McVittie
Re: backtrace_symbols() misuse by Ceph and its supposedly-safe use Simon McVittie (Jul 13)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Simon McVittie (Jul 08)
flatpak CVE-2024-42472: Access to files outside sandbox for apps using persistent= (--persist) Simon McVittie (Aug 14)
Slawomir Jaranowski
CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Slawomir Jaranowski (Sep 26)
Solar Designer
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Solar Designer (Aug 07)
Re: Announce: OpenSSH 9.8 released Solar Designer (Jul 28)
Re: CUPS printing system vulnerabilities Solar Designer (Sep 26)
Re: linux-distros application for CentOS Project's Hyperscale SIG Solar Designer (Jul 23)
Re: Fwd: Node.js security updates for all active release lines, July 2024 Solar Designer (Jul 11)
Re: CVE-2024-42154: Linux kernel: tcp_metrics: validate source addr length Solar Designer (Sep 24)
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Solar Designer (Sep 25)
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Solar Designer (Sep 26)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Solar Designer (Jul 28)
Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Solar Designer (Jul 26)
Re: Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() Solar Designer (Sep 02)
Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Solar Designer (Jul 28)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Solar Designer (Jul 03)
Re: Neat VNC Security Vulnerability Solar Designer (Aug 02)
Re: Neat VNC Security Vulnerability Solar Designer (Aug 02)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Solar Designer (Jul 08)
CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL Solar Designer (Aug 11)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Solar Designer (Jul 09)
CVE-2024-7347: nginx: ngx_http_mp4_module: Worker process crash by using a specially crafted mp4 file Solar Designer (Aug 14)
CUPS printing system vulnerabilities Solar Designer (Sep 26)
steffen
Re: feedback requested regarding deprecation of TLS 1.0/1.1 steffen (Aug 08)
Steffen Nurpmeso
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 13)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 10)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 08)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 12)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 08)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 15)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 07)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 07)
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso (Aug 20)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 15)
Stuart Henderson
Re: feedback requested regarding deprecation of TLS 1.0/1.1 Stuart Henderson (Aug 06)
Thomas Rinsma
Re: Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including CVE-2024-33871 arbitrary code execution Thomas Rinsma (Jul 03)
Tomas Mraz
CVE-2024-6119: OpenSSL: Possible denial of service in X.509 name checks Tomas Mraz (Sep 03)
Valtteri Vuorikoski
CVE-2024-42008 and more: XSS vulnerabilities in Roundcube webmail Valtteri Vuorikoski (Aug 12)
Re: ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076) Valtteri Vuorikoski (Jul 31)
Will Dormann
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 10)
ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
Re: CUPS printing system vulnerabilities Will Dormann (Sep 27)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 30)
Xen . org security team
Xen Security Advisory 461 v2 (CVE-2024-31146) - PCI device pass-through with shared resources Xen . org security team (Aug 14)
Xen Security Advisory 459 v2 (CVE-2024-31144) - Xapi: Metadata injection attack against backup/restore functionality Xen . org security team (Jul 16)
Xen Security Advisory 458 v2 (CVE-2024-31143) - double unlock in x86 guest IRQ handling Xen . org security team (Jul 16)
Xen Security Advisory 460 v2 (CVE-2024-31145) - error handling in x86 IOMMU identity mapping Xen . org security team (Aug 14)
Xen Security Advisory 462 v2 (CVE-2024-45817) - x86: Deadlock in vlapic_error() Xen . org security team (Sep 24)
Yogesh Mittal
Re: Fwd: Node.js security updates for all active release lines, July 2024 Yogesh Mittal (Jul 19)
Yupeng Fu
CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information Yupeng Fu (Jul 23)
Yves-Alexis Perez
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 29)
Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Yves-Alexis Perez (Jul 03)
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 10)
Zdenek Dohnal
Re: CUPS printing system vulnerabilities Zdenek Dohnal (Sep 26)