Messages by Date
-
2025/01/24
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Greg KH
-
2025/01/24
Re: [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update
Solar Designer
-
2025/01/24
Re: [oss-security] issue with stuck Mitre CVE requests
Mark Esler
-
2025/01/24
[oss-security] 7-Zip Mark-of-the-Web Bypass Vulnerability on Windows platforms
Alan Coopersmith
-
2025/01/24
[oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Alan Coopersmith
-
2025/01/24
[oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update
Bruce Lowenthal
-
2025/01/24
[oss-security] dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222)
Matthias Gerstner
-
2025/01/23
Re: [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update
Douglas R. Reno
-
2025/01/23
Re: [oss-security] Oracle January 2025 Critical Patch Update
Solar Designer
-
2025/01/23
[oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update
Solar Designer
-
2025/01/23
Re: [oss-security] issue with stuck Mitre CVE requests
Pete Allor
-
2025/01/23
Re: [oss-security] Oracle January 2025 Critical Patch Update
Alan Coopersmith
-
2025/01/23
[oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update
Bruce Lowenthal
-
2025/01/23
Re: [oss-security] Oracle January 2025 Critical Patch Update
John Haxby
-
2025/01/23
Re: [oss-security] issue with stuck Mitre CVE requests
Matthias Gerstner
-
2025/01/23
[oss-security] Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
Qualys Security Advisory
-
2025/01/22
[oss-security] Oracle January 2025 Critical Patch Update
Solar Designer
-
2025/01/22
[oss-security] CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak
Pedro Henrique Oliveira dos Santos
-
2025/01/22
[oss-security] Re: Open Virtual Network egress access control list bypass.
Mark Michelson
-
2025/01/22
[oss-security] Multiple vulnerabilities in Jenkins plugins
Kevin Guerroudj
-
2025/01/22
Re: [oss-security] AMD Microcode Signature Verification Vulnerability
Tavis Ormandy
-
2025/01/22
Re: [oss-security] issue with stuck Mitre CVE requests
Pedro Sampaio
-
2025/01/22
Re: [oss-security] issue with stuck Mitre CVE requests
Johannes Segitz
-
2025/01/22
Re: [oss-security] AMD Microcode Signature Verification Vulnerability
Demi Marie Obenour
-
2025/01/22
[oss-security] Open Virtual Network egress access control list bypass.
Mark Michelson
-
2025/01/22
[oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
Qualys Security Advisory
-
2025/01/22
Re: [oss-security] issue with stuck Mitre CVE requests
Greg KH
-
2025/01/22
[oss-security] issue with stuck Mitre CVE requests
Matthias Gerstner
-
2025/01/21
[oss-security] AMD Microcode Signature Verification Vulnerability
Tavis Ormandy
-
2025/01/21
[oss-security] CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
Viraj Jasani
-
2025/01/21
[oss-security] CERT/CC VU#199397 - Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
Alan Coopersmith
-
2025/01/21
[oss-security] CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
Viraj Jasani
-
2025/01/21
[oss-security] CVE-2025-23195: Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
Viraj Jasani
-
2025/01/21
[oss-security] Fwd: Node.js security updates for all active release lines, January 2025
Rafael Gonzaga
-
2025/01/21
[oss-security] Node.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085
Jan Schaumann
-
2025/01/21
[oss-security] CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
Velmurugan Periasamy
-
2025/01/21
[oss-security] CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Velmurugan Periasamy
-
2025/01/21
Re: [oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043
Christian Brabandt
-
2025/01/20
Re: [oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043
Eli Schwartz
-
2025/01/20
[oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043
Christian Brabandt
-
2025/01/20
[oss-security] CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files
Colm O hEigeartaigh
-
2025/01/20
[oss-security] CVE-2024-13176: OpenSSL: Timing side-channel in ECDSA signature computation
Tomas Mraz
-
2025/01/20
[oss-security] fdroidserver AllowedAPKSigningKeys certificate pinning fundamentally unreliable
Fay Stegerman
-
2025/01/18
Re: [oss-security] git: 2 vulnerabilities fixed
Salvatore Bonaccorso
-
2025/01/18
[oss-security] WriteFreely exposes database credentials though insecure file permissions
Fay Stegerman
-
2025/01/17
[oss-security] Go 1.23.5 and Go 1.22.11 are released with 2 security fixes
Alan Coopersmith
-
2025/01/16
Re: [oss-security] Re: pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Russ Allbery
-
2025/01/16
Re: [oss-security] pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Steffen Nurpmeso
-
2025/01/16
[oss-security] Re: pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Matthias Gerstner
-
2025/01/15
[oss-security] Re: pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Jacob Bachmeyer
-
2025/01/15
[oss-security] [kubernetes] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API
Vellore Rajakumar, Sri Saran Balaji
-
2025/01/15
[oss-security] Session (a fork of the Signal private messaging app) is sus
Soatok Dreamseeker
-
2025/01/15
[oss-security] pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Matthias Gerstner
-
2025/01/14
Re: [oss-security] RSYNC: 6 vulnerabilities
Alan Coopersmith
-
2025/01/14
Re: [oss-security] RSYNC: 6 vulnerabilities
Jan Schaumann
-
2025/01/14
[oss-security] Fwd: Node.js security updates for all active release lines, January 2025
Rafael Gonzaga
-
2025/01/14
[oss-security] git: 2 vulnerabilities fixed
Johannes Schindelin
-
2025/01/14
[oss-security] RSYNC: 6 vulnerabilities
Nick Tait
-
2025/01/14
[oss-security] CVE-2024-56374: Django: Potential denial-of-service vulnerability in IPv6 validation
Natalia Bidart
-
2025/01/14
[oss-security] CVE-2024-45627: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability
Heping Wang
-
2025/01/13
[oss-security] CVE-2025-22828: Apache CloudStack: Unauthorised access to annotations
Nux
-
2025/01/11
[oss-security] [vim-security] heap-buffer-overflow in Vim < 9.1.1003
Christian Brabandt
-
2025/01/08
[oss-security] "/bin/sh: The Biggest Unix Security Loophole" paper from 1984
Alan Coopersmith
-
2025/01/08
[oss-security] CVE-2024-45033: Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli
Elad Kalif
-
2025/01/07
[oss-security] CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode
Maxim Solodovnik
-
2025/01/07
Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization
Solar Designer
-
2025/01/06
Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization
Demi Marie Obenour
-
2025/01/06
Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization
Greg KH
-
2025/01/04
Re: [oss-security] Xen Security Advisory 466 v3 (CVE-2024-53241) - Xen hypercall page unsafe against speculative attacks
Solar Designer
-
2025/01/04
[oss-security] Re: Xen Security Advisory 466 v3 (CVE-2024-53241) - Xen hypercall page unsafe against speculative attacks
Jürgen Groß
-
2025/01/03
[oss-security] Re: GStreamer 1.24.10 stable security bug-fix release
Alan Coopersmith
-
2025/01/03
[oss-security] iTerm2 < 3.5.11 logs input/ouput to /tmp/framer.txt on remote host
Jan Schaumann
-
2025/01/03
[oss-security] Another fdroidserver AllowedAPKSigningKeys certificate pinning bypass
Fay Stegerman
-
2024/12/27
[oss-security] CVE-2024-56512: Apache NiFi: Missing Complete Authorization for Parameter and Service References
David Handermann
-
2024/12/25
Re: [oss-security] CVE-2024-40896 Analysis: libxml2 XXE due to type confusion
Solar Designer
-
2024/12/25
Re: [oss-security] CVE-2024-40896 Analysis: libxml2 XXE due to type confusion
Demi Marie Obenour
-
2024/12/25
Re: [oss-security] CVE-2024-40896 Analysis: libxml2 XXE due to type confusion
Solar Designer
-
2024/12/25
[oss-security] CVE-2024-40896 Analysis: libxml2 XXE due to type confusion
Yair Mizrahi
-
2024/12/24
[oss-security] CVE-2024-52046: Apache MINA: MINA applications using unbounded deserialization may allow RCE
Emmanuel Lécharny
-
2024/12/24
[oss-security] CVE-2024-43441: Apache HugeGraph-Server: Fixed JWT Token(Secret)
Imba Jin
-
2024/12/24
Re: [oss-security] Re: Out-of-bounds read & write in the glibc's qsort()
Yuri Gribov
-
2024/12/23
Re: [oss-security] Re: Out-of-bounds read & write in the glibc's qsort()
Yuri Gribov
-
2024/12/23
Re: [oss-security] Re: Out-of-bounds read & write in the glibc's qsort()
Florian Weimer
-
2024/12/23
Re: [oss-security] Re: Out-of-bounds read & write in the glibc's qsort()
Florian Weimer
-
2024/12/23
[oss-security] CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments
Eric Friedrich
-
2024/12/23
[oss-security] CVE-2024-23945: Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
Stamatis Zampetakis
-
2024/12/23
[oss-security] Re: Xen Security Advisory 466 v3 (CVE-2024-53241) - Xen hypercall page unsafe against speculative attacks
David Woodhouse
-
2024/12/22
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008
Adrian Perez de Castro
-
2024/12/21
Re: [oss-security] Re: Out-of-bounds read & write in the glibc's qsort()
Jan Engelhardt
-
2024/12/21
[oss-security] Re: Out-of-bounds read & write in the glibc's qsort()
Yuri Gribov
-
2024/12/20
[oss-security] Fwd: Operational Notification: BIND 9.20 defect in QPzone implementation
Solar Designer
-
2024/12/20
[oss-security] CVE-2024-56337: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Mark Thomas
-
2024/12/19
[oss-security] SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs
Matthias Gerstner
-
2024/12/18
[oss-security] CVE-2024-56128: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Manikumar
-
2024/12/18
Re: [oss-security] CVE-2024-50379: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
Nick Boyce
-
2024/12/18
Re: [oss-security] CVE-2024-54677: Apache Tomcat: DoS in examples web application
Mark Thomas
-
2024/12/17
Re: [oss-security] CVE-2024-54677: Apache Tomcat: DoS in examples web application
Agostino Sarubbo
-
2024/12/17
[oss-security] CVE-2024-54677: Apache Tomcat: DoS in examples web application
Mark Thomas
-
2024/12/17
[oss-security] CVE-2024-50379: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
Mark Thomas
-
2024/12/17
[oss-security] CVE-2024-11614: DPDK Vhost Rx checksum vulnerability
Maxime Coquelin
-
2024/12/17
[oss-security] Xen Security Advisory 466 v3 (CVE-2024-53241) - Xen hypercall page unsafe against speculative attacks
Xen . org security team
-
2024/12/17
[oss-security] Xen Security Advisory 465 v3 (CVE-2024-53240) - Backend can crash Linux netfront
Xen . org security team
-
2024/12/13
[oss-security] GStreamer 1.24.10 stable security bug-fix release
Alan Coopersmith
-
2024/12/12
[oss-security] CVE-2024-55633: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
Daniel Gaspar
-
2024/12/11
[oss-security] Vulnerability in golang.org/x/crypto [CVE-2024-45337: misuse of ServerConfig.PublicKeyCallback may cause authorization bypass]
Jan Schaumann
-
2024/12/10
[oss-security] [SECURITY ADVISORY] curl: CVE-2024-11053: netrc and redirect credential leak
Daniel Stenberg
-
2024/12/09
[oss-security] CVE-2024-53949: Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
Daniel Gaspar
-
2024/12/09
[oss-security] CVE-2024-53948: Apache Superset: Error verbosity exposes metadata in analytics databases
Daniel Gaspar
-
2024/12/09
[oss-security] CVE-2024-53947: Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Daniel Gaspar
-
2024/12/08
[oss-security] [SECURITY][ANNOUNCE] Apache Subversion 1.14.5 released
Daniel Sahlberg
-
2024/12/06
[oss-security] Fwd: [Security-announce][CVE-2024-12254] Unbounded memory buffering in SelectorSocketTransport.writelines()
Alan Coopersmith
-
2024/12/04
[oss-security] Django CVE-2024-53907 and CVE-2024-53908
Sarah Boyce
-
2024/12/04
Re: [oss-security] Local Privilege Escalations in needrestart
Jakub Wilk
-
2024/12/04
[oss-security] CVE-2022-41137: Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
Stamatis Zampetakis
-
2024/12/03
[oss-security] [OSSA-2024-005] Neutron: Authorization bypassed when setting tags on Neutron networks (CVE-2024-53916)
Jay Faulkner
-
2024/12/02
[oss-security] CVE-2024-45106: Apache Ozone: Improper authentication when generating S3 secrets
Ethan Rose
-
2024/11/30
Re: [oss-security] Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
tianshu qiu
-
2024/11/30
Re: [oss-security] Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
Jeroen Roovers
-
2024/11/30
Re: [oss-security] Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
tianshu qiu
-
2024/11/30
Re: [oss-security] Local Privilege Escalations in needrestart
Salvatore Bonaccorso
-
2024/11/29
Re: [oss-security] Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
Solar Designer
-
2024/11/29
[oss-security] Re: Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
tianshu qiu
-
2024/11/29
[oss-security] Re: Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
Luiz Augusto von Dentz
-
2024/11/29
[oss-security] stalld: unpatched fixed temporary file use and other issues
Matthias Gerstner
-
2024/11/29
Re: [oss-security] tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337)
Matthias Gerstner
-
2024/11/28
[oss-security] Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()
Solar Designer
-
2024/11/28
[oss-security] CVE-2024-52338: Apache Arrow R package: Arbitrary code execution when loading a malicious data file
Dewey Dunnington
-
2024/11/28
Re: [oss-security] tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337)
Simon McVittie
-
2024/11/28
[oss-security] tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337)
Matthias Gerstner
-
2024/11/27
[oss-security] Multiple vulnerabilities in Jenkins and Jenkins plugins
Daniel Beck
-
2024/11/27
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0007
Adrian Perez de Castro
-
2024/11/27
[oss-security] authentik: remote timing attack in MetricsView HTTP Basic Auth (CVE-2024-52307)
Matthias Gerstner
-
2024/11/26
Re: [oss-security] Local Privilege Escalations in needrestart
Mark Esler
-
2024/11/26
[oss-security] CVE-2024-51569: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler
Szymon Janc
-
2024/11/26
[oss-security] CVE-2024-47250: Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
Szymon Janc
-
2024/11/26
[oss-security] CVE-2024-47249: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Szymon Janc
-
2024/11/26
[oss-security] CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
Szymon Janc
-
2024/11/25
Re: [oss-security] Article: State of Sandboxing in Linux
Ali Polatel
-
2024/11/25
Re: [oss-security] Article: State of Sandboxing in Linux
Evan Carroll
-
2024/11/25
Re: [oss-security] Article: State of Sandboxing in Linux
Ali Polatel
-
2024/11/25
Re: [oss-security] Article: State of Sandboxing in Linux
Ali Polatel
-
2024/11/25
Re: [oss-security] Article: State of Sandboxing in Linux
Eli Schwartz
-
2024/11/24
Re: [oss-security] Article: State of Sandboxing in Linux
Evan Carroll
-
2024/11/24
Re: [oss-security] Article: State of Sandboxing in Linux
Mickaël Salaün
-
2024/11/22
[oss-security] CVE-2024-45719: Apache Answer: Predictable Authorization Token Using UUIDv1
Enxin Xie
-
2024/11/20
[oss-security] CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
David Handermann
-
2024/11/20
[oss-security] [kubernetes] CVE-2024-10220: Arbitrary command execution through gitRepo volume
Craig Ingram
-
2024/11/19
[oss-security] Local Privilege Escalations in needrestart
Qualys Security Advisory
-
2024/11/18
[oss-security] Fwd: wget-1.25.0 released [fixes CVE-2024-10524]
Alan Coopersmith
-
2024/11/18
[oss-security] CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Greg Harris
-
2024/11/18
[oss-security] CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS
Mark Thomas
-
2024/11/18
[oss-security] CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2
Mark Thomas
-
2024/11/18
[oss-security] CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Mark Thomas
-
2024/11/17
Re: [oss-security] shell wildcard expansion (un)safety
Sean Whitton
-
2024/11/16
Re: [oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21
Solar Designer
-
2024/11/16
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21
Solar Designer
-
2024/11/16
[oss-security] CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability
Chao Gong
-
2024/11/16
[oss-security] CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string
Chao Gong
-
2024/11/16
[oss-security] CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities
Chao Gong
-
2024/11/16
[oss-security] CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE
Jacques Le Roux
-
2024/11/16
[oss-security] CVE-2024-48962: Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)
Jacques Le Roux
-
2024/11/15
Re: [oss-security] shell wildcard expansion (un)safety
Steffen Nurpmeso
-
2024/11/14
[oss-security] CVE-2024-45784: Apache Airflow: Sensitive configuration values are not masked in the logs by default
Ephraim Anierobi
-
2024/11/13
[oss-security] Multiple vulnerabilities in Jenkins plugins
Daniel Beck
-
2024/11/13
[oss-security] [ANNOUNCE] Apache Traffic Server is vulnerable to specific user inputs
Masakazu Kitajo
-
2024/11/12
[oss-security] CVE-2024-52533: Buffer overflow in socks proxy code in glib < 2.82.1
Alan Coopersmith
-
2024/11/12
Re: [oss-security] Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables
Demi Marie Obenour
-
2024/11/12
Re: [oss-security] shell wildcard expansion (un)safety
Ali Polatel
-
2024/11/12
Re: [oss-security] 4 recent security bugs in GNOME's libsoup
Alan Coopersmith
-
2024/11/12
Re: [oss-security] Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables
Andrew Cooper
-
2024/11/12
RE: [oss-security] CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets
Joel GUITTET
-
2024/11/12
Re: [oss-security] CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets
Clemens Lang
-
2024/11/12
Re: [oss-security] CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets
Solar Designer
-
2024/11/12
[oss-security] CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
Daniel Augusto Veronezi Salvador
-
2024/11/12
[oss-security] Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables
Xen . org security team
-
2024/11/10
Re: [oss-security] shell wildcard expansion (un)safety
Fay Stegerman
-
2024/11/10
Re: [oss-security] shell wildcard expansion (un)safety
Jeroen Roovers
-
2024/11/10
Re: [oss-security] shell wildcard expansion (un)safety
lists
-
2024/11/10
Re: [oss-security] shell wildcard expansion (un)safety
Eli Schwartz
-
2024/11/09
[oss-security] 4 recent security bugs in GNOME's libsoup
Alan Coopersmith
-
2024/11/08
Re: [oss-security] shell wildcard expansion (un)safety
Dominik Czarnota
-
2024/11/08
[oss-security] CVE-2024-50378: Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli
Ephraim Anierobi
-
2024/11/08
Re: [oss-security] shell wildcard expansion (un)safety
Georgi Guninski
-
2024/11/07
Re: [oss-security] CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Solar Designer
-
2024/11/07
Re: [oss-security] shell wildcard expansion (un)safety
Steffen Nurpmeso
-
2024/11/07
Re: [oss-security] shell wildcard expansion (un)safety
Solar Designer
-
2024/11/07
Re: [oss-security] shell wildcard expansion (un)safety
Mats Wichmann
-
2024/11/07
Re: [oss-security] shell wildcard expansion (un)safety
Steffen Nurpmeso
-
2024/11/07
Re: [oss-security] shell wildcard expansion (un)safety
Steffen Nurpmeso
-
2024/11/07
[oss-security] Re: shell wildcard expansion (un)safety
Max Nikulin
-
2024/11/07
Re: [oss-security] shell wildcard expansion (un)safety
Jakub Wilk
-
2024/11/06
Re: [oss-security] shell wildcard expansion (un)safety
Solar Designer
-
2024/11/06
Re: [oss-security] shell wildcard expansion (un)safety
Steffen Nurpmeso
-
2024/11/06
Re: [oss-security] shell wildcard expansion (un)safety
Fay Stegerman
-
2024/11/06
[oss-security] CVE-2024-51504: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
Andor Molnar
-
2024/11/06
Re: [oss-security] shell wildcard expansion (un)safety
Eli Schwartz
-
2024/11/06
Re: [oss-security] shell wildcard expansion (un)safety
David A. Wheeler
-
2024/11/05
[oss-security] [SECURITY ADVISTORY] curl: CVE-2024-9681 HSTS subdomain overwrites parent cache entry
Daniel Stenberg
-
2024/11/05
[oss-security] shell wildcard expansion (un)safety
Solar Designer
-
2024/11/03
[oss-security] CVE-2024-23590: Apache Kylin: Session fixation in web interface
Li Yang