Messages by Date
-
2024/08/06
[oss-security] Tracking down a lost CVE request (MITRE)
Michael Orlitzky
-
2024/08/06
[oss-security] Django CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005
Sarah Boyce
-
2024/08/06
[oss-security] feedback requested regarding deprecation of TLS 1.0/1.1
Neil Horman
-
2024/08/05
[oss-security] CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL)
Haonan Hou
-
2024/08/04
[oss-security] CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
Jarek Potiuk
-
2024/08/04
[oss-security] CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
Jacques Le Roux
-
2024/08/03
Re: [oss-security] Neat VNC Security Vulnerability
Salvatore Bonaccorso
-
2024/08/02
Re: [oss-security] Neat VNC Security Vulnerability
Andri Yngvason
-
2024/08/02
Re: [oss-security] Neat VNC Security Vulnerability
Solar Designer
-
2024/08/02
RE: [oss-security] Neat VNC Security Vulnerability
Dane Bouchie
-
2024/08/02
RE: [oss-security] Neat VNC Security Vulnerability
Dane Bouchie
-
2024/08/02
Re: [oss-security] Neat VNC Security Vulnerability
Solar Designer
-
2024/08/02
[oss-security] CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability
Charles Zhang
-
2024/08/02
[oss-security] CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
Heping Wang
-
2024/08/02
[oss-security] CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability
Heping Wang
-
2024/08/01
Re: [oss-security] CPython CVE-2024-6923: Email header injection due to unquoted newlines
Hanno Böck
-
2024/08/01
[oss-security] Neat VNC Security Vulnerability
Andri Yngvason
-
2024/08/01
[oss-security] CPython CVE-2024-6923: Email header injection due to unquoted newlines
Alan Coopersmith
-
2024/08/01
[oss-security] [vim-security] double-free in dialog_changed() in Vim < v9.1.0648
Christian Brabandt
-
2024/08/01
[oss-security] [vim-security] use-after-free in tagstack_clear_entry() in Vim < v9.1.0647
Christian Brabandt
-
2024/07/31
Re: [oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076)
Valtteri Vuorikoski
-
2024/07/31
[oss-security] [SECURITY ADVISORY] curl: CVE-2024-7264 ASN.1 date parser overread
Daniel Stenberg
-
2024/07/30
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
2024/07/30
[oss-security] CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass
Jun Gao
-
2024/07/29
[oss-security] Fwd: [Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
Alan Coopersmith
-
2024/07/29
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
2024/07/29
Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow
Florian Weimer
-
2024/07/28
Re: [oss-security] Announce: OpenSSH 9.8 released
Solar Designer
-
2024/07/28
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
2024/07/28
Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow
Solar Designer
-
2024/07/27
Re: [oss-security] linux kernel: virtio-net host dos
Salvatore Bonaccorso
-
2024/07/26
Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow
Alan Coopersmith
-
2024/07/26
Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow
Solar Designer
-
2024/07/26
[oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow
Alan Coopersmith
-
2024/07/25
[oss-security] CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode
David M. Johnson
-
2024/07/25
[oss-security] [ANNOUNCE] Apache Traffic Server is vulnerable to request smuggling and DoS
Masakazu Kitajo
-
2024/07/24
Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str
Demi Marie Obenour
-
2024/07/24
[oss-security] inux kernel: virtio-net host dos
John Haxby
-
2024/07/24
[oss-security] CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader
James Turton
-
2024/07/23
[oss-security] [SECURITY ADVISORY] curl: CVE-2024-6874: macidn punycode buffer overread
Daniel Stenberg
-
2024/07/23
[oss-security] [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str
Daniel Stenberg
-
2024/07/23
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Michel Lind
-
2024/07/23
[oss-security] CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information
Yupeng Fu
-
2024/07/23
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Solar Designer
-
2024/07/23
[oss-security] CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Andrew Lamb
-
2024/07/23
[oss-security] [OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767)
Jeremy Stanley
-
2024/07/23
[oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076)
Aram Sargsyan
-
2024/07/22
[oss-security] GNU C Library version 2.40 released with 5 CVE fixes
Alan Coopersmith
-
2024/07/22
[oss-security] CVE-2024-29070: Apache StreamPark: session not invalidated after logout
Huajie Wang
-
2024/07/22
[oss-security] CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields
Francesco Chicchiriccò
-
2024/07/22
[oss-security] CVE-2024-34457: Apache StreamPark IDOR Vulnerability
Huajie Wang
-
2024/07/22
[oss-security] CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data
Rongtong Jin
-
2024/07/19
Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2024
Yogesh Mittal
-
2024/07/19
[oss-security] CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion
Rohit Yadav
-
2024/07/19
[oss-security] [ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion
Abhishek Kumar
-
2024/07/18
[oss-security] CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients
Colm O hEigeartaigh
-
2024/07/18
[oss-security] CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE
Colm O hEigeartaigh
-
2024/07/18
[oss-security] CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Colm O hEigeartaigh
-
2024/07/18
[oss-security] CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability
Huajie Wang
-
2024/07/17
[oss-security] CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
Eric Covener
-
2024/07/17
[oss-security] CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
2024/07/17
[oss-security] Python Infrastructure Admin Token Leaked Through Docker Hub
Andrii Polkovnychenko [EXT]
-
2024/07/17
[oss-security] CVE-2024-29120: Apache StreamPark: Information leakage vulnerability
Huajie Wang
-
2024/07/17
[oss-security] [kubernetes] CVE-2024-5321: Incorrect permissions on Windows containers logs
Craig Ingram
-
2024/07/17
[oss-security] CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution
Huajie Wang
-
2024/07/17
[oss-security] CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
Huajie Wang
-
2024/07/16
[oss-security] CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process
Dominik Riemer
-
2024/07/16
[oss-security] CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload
Dominik Riemer
-
2024/07/16
[oss-security] CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts
Dominik Riemer
-
2024/07/16
[oss-security] Landlock news #4
Mickaël Salaün
-
2024/07/16
[oss-security] CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
Ephraim Anierobi
-
2024/07/16
[oss-security] CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability
Ephraim Anierobi
-
2024/07/16
[oss-security] CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
Daniel Gaspar
-
2024/07/16
[oss-security] Xen Security Advisory 459 v2 (CVE-2024-31144) - Xapi: Metadata injection attack against backup/restore functionality
Xen . org security team
-
2024/07/16
[oss-security] Xen Security Advisory 458 v2 (CVE-2024-31143) - double unlock in x86 guest IRQ handling
Xen . org security team
-
2024/07/15
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
2024/07/15
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
2024/07/15
[oss-security] CVE-2023-52290: Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability
Huajie Wang
-
2024/07/15
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Jonathan Wright
-
2024/07/14
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Jacob Bachmeyer
-
2024/07/14
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Demi Marie Obenour
-
2024/07/13
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
2024/07/13
[oss-security] CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in apache Linkis 1.4.0
Heping Wang
-
2024/07/13
[oss-security] CVE-2023-49566: Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability
Heping Wang
-
2024/07/13
[oss-security] CVE-2023-41916: Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading
Heping Wang
-
2024/07/13
Re: [oss-security] backtrace_symbols() misuse by Ceph and its supposedly-safe use
Simon McVittie
-
2024/07/13
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Jacob Bachmeyer
-
2024/07/13
Re: [oss-security] backtrace_symbols() misuse by Ceph and its supposedly-safe use
Jacob Bachmeyer
-
2024/07/12
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
2024/07/12
[oss-security] CVE-2024-36522: Apache Wicket: Remote code execution via XSLT injection
Martin Tzvetanov Grigorov
-
2024/07/12
[oss-security] backtrace_symbols() misuse by Ceph and its supposedly-safe use
Alexander Patrakov
-
2024/07/11
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
2024/07/11
Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2024
Solar Designer
-
2024/07/11
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
David A. Wheeler
-
2024/07/11
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
2024/07/11
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Neil Hanlon
-
2024/07/11
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Michel Lind
-
2024/07/10
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Alan Coopersmith
-
2024/07/10
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
2024/07/10
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
2024/07/10
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Mark Esler
-
2024/07/10
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
2024/07/10
Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Demi Marie Obenour
-
2024/07/10
[oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Michel Lind
-
2024/07/10
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Pete Allor
-
2024/07/10
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Nick Tait
-
2024/07/09
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
2024/07/09
[oss-security] CVE-2024-3596: RADIUS/UDP vulnerable to improved MD5 collision attack
Alan Coopersmith
-
2024/07/09
[oss-security] Django CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Natalia Bidart
-
2024/07/09
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Damien Miller
-
2024/07/08
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Florian Weimer
-
2024/07/08
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
David A. Wheeler
-
2024/07/08
[oss-security] Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
2024/07/08
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Simon McVittie
-
2024/07/08
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
2024/07/08
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Florian Weimer
-
2024/07/08
[oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
2024/07/08
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
2024/07/07
[oss-security] CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description
David Handermann
-
2024/07/05
[oss-security] [ANNOUNCE] Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2
Abhishek Kumar
-
2024/07/04
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Jacob Bachmeyer
-
2024/07/03
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
2024/07/03
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Yves-Alexis Perez
-
2024/07/03
[oss-security] CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
Maxim Suhanov
-
2024/07/03
[oss-security] CVE-2024-39844: ZNC modtcl RCE
Martin Weinelt
-
2024/07/03
[oss-security] CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
2024/07/03
[oss-security] Re: Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including CVE-2024-33871 arbitrary code execution
Thomas Rinsma
-
2024/07/03
Re: [oss-security] Announce: OpenSSH 9.8 released
Christian Fischer
-
2024/07/03
[oss-security] Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
2024/07/03
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
2024/07/03
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
2024/07/03
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Jeffrey Walton
-
2024/07/02
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Jacob Bachmeyer
-
2024/07/02
[oss-security] [OSSA-2024-001] OpenStack Cinder, Glance, Nova: Arbitrary file access through custom QCOW2 external data (CVE-2024-32498)
Jeremy Stanley
-
2024/07/02
Re: [oss-security] Announce: OpenSSH 9.8 released
Dominique Martinet
-
2024/07/01
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Mathias Krause
-
2024/07/01
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
jvoisin
-
2024/07/01
[oss-security] CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-38473: Apache HTTP Server proxy encoding problem
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Eric Covener
-
2024/07/01
[oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
2024/07/01
[oss-security] Re: Announce: OpenSSH 9.8 released (fwd)
Damien Miller
-
2024/07/01
[oss-security] Announce: OpenSSH 9.8 released
Damien Miller
-
2024/06/29
[oss-security] Linux non-security almost non-issue: stack-out-of-bounds Read in profile_pc
Solar Designer
-
2024/06/28
[oss-security] Kerberos 1.21.3 fixes vulnerabilities in GSS message token handling
Alan Coopersmith
-
2024/06/28
[oss-security] Fwd: [Security-announce][CVE-2024-5642] Buffer over-read in SSLContext.set_npn_protocols() for Python 3.9 and earlier
Alan Coopersmith
-
2024/06/28
Re: [oss-security] Fwd: [siren] Reputation Farming Using Closed Github Issues / PRs
Solar Designer
-
2024/06/27
[oss-security] Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including CVE-2024-33871 arbitrary code execution
Solar Designer
-
2024/06/27
[oss-security] Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor
Alan Coopersmith
-
2024/06/27
[oss-security] CVE-2024-5535: OpenSSL: SSL_select_next_proto buffer overread
Solar Designer
-
2024/06/26
[oss-security] Multiple vulnerabilities in Jenkins plugins
Daniel Beck
-
2024/06/25
Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2024
Solar Designer
-
2024/06/25
[oss-security] Fwd: [siren] Reputation Farming Using Closed Github Issues / PRs
Alan Coopersmith
-
2024/06/25
[oss-security] Fwd: Node.js security updates for all active release lines, July 2024
Rafael Gonzaga
-
2024/06/25
Re: [oss-security] Out-of-bounds read & write in the glibc's qsort()
Qualys Security Advisory
-
2024/06/24
Re: [oss-security] Out-of-bounds read & write in the glibc's qsort()
Douglas Bagnall
-
2024/06/24
Re: [oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)
Russ Allbery
-
2024/06/24
Re: [oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)
Florian Weimer
-
2024/06/23
[oss-security] CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page
Juan Pablo Santos Rodríguez
-
2024/06/23
Re: [oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)
Russ Allbery
-
2024/06/23
[oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)
Ihor Radchenko
-
2024/06/22
[oss-security] CVE-2024-29868: Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Dominik Riemer
-
2024/06/21
[oss-security] CVE-2024-38379: Apache Allura: Stored authenticated XSS
David Philip Brondsema
-
2024/06/20
[oss-security] CVE-2024-34693: Apache Superset: Server arbitrary file read
Daniel Gaspar
-
2024/06/17
[oss-security] Fwd: [Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges
Alan Coopersmith
-
2024/06/17
[oss-security] Fwd: [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate store methods
Alan Coopersmith
-
2024/06/17
[oss-security] Re: iTerm2 3.5.x title reporting bug
David Leadbeater
-
2024/06/15
[oss-security] iTerm2 3.5.x title reporting bug
David Leadbeater
-
2024/06/14
Re: [oss-security] Security vulnerability in fprintd
Mark Esler
-
2024/06/14
Re: [oss-security] Security vulnerability in fprintd
Benjamin Cance
-
2024/06/14
Re: [oss-security] Security vulnerability in fprintd
Yaron Shahrabani
-
2024/06/13
Re: [oss-security] Security vulnerability in fprintd
Mark Esler
-
2024/06/13
Re: [oss-security] Security vulnerability in fprintd
Marco Trevisan
-
2024/06/13
[oss-security] CVE-2024-25142: Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
Jarek Potiuk
-
2024/06/12
Re: [oss-security] Re: CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Matthew Fernandez
-
2024/06/12
[oss-security] Re: CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Tavis Ormandy
-
2024/06/12
[oss-security] CVE-2024-36265: Apache Submarine Server Core: authorization bypass
Arnout Engelen
-
2024/06/12
[oss-security] CVE-2024-36264: Apache Submarine Commons Utils: default secret
Arnout Engelen
-
2024/06/12
[oss-security] CVE-2024-36263: Apache Submarine Server Core: SQL injection
Arnout Engelen
-
2024/06/11
[oss-security] CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Zdenek Dohnal
-
2024/06/10
[oss-security] CVE-2024-36471: Apache Allura: sensitive information exposure via DNS rebinding
David Philip Brondsema
-
2024/06/09
Re: [oss-security] vte 0.76.3 released with fix for CVE-2024-37535
Solar Designer
-
2024/06/09
[oss-security] vte 0.76.3 released with fix for CVE-2024-37535
Alan Coopersmith
-
2024/06/06
[oss-security] PHP security releases 8.3.8, 8.2.20, and 8.1.29
Alan Coopersmith
-
2024/06/06
[oss-security] [SBA-ADV-20240202-02] CVE-2024-5658: CraftCMS Plugin - Two-Factor Authentication through 3.3.3 - TOTP Token Stays Valid After Use
SBA Research Security Advisory
-
2024/06/06
[oss-security] [SBA-ADV-20240202-01] CVE-2024-5657: CraftCMS Plugin - Two-Factor Authentication 3.3.1 to 3.3.3 - Password Hash Disclosure
SBA Research Security Advisory
-
2024/06/05
[oss-security] Re: libarchive 3.7.4 released with 2 security fixes
Tavis Ormandy
-
2024/06/04
[oss-security] libarchive 3.7.4 released with 2 security fixes
Alan Coopersmith
-
2024/06/04
[oss-security] Go 1.22.4 and Go 1.21.11 released with 2 security fixes (CVE-2024-24789, CVE-2024-24790)
Alan Coopersmith
-
2024/06/03
[oss-security] CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE
Jacques Le Roux
-
2024/05/30
[oss-security] Security vulnerability in fprintd
Yaron Shahrabani
-
2024/05/30
Re: [oss-security] List linux CVEs for a given stable release?
Greg Kroah-Hartman
-
2024/05/30
Re: [oss-security] List linux CVEs for a given stable release?
Dominique Martinet
-
2024/05/29
Re: [oss-security] List linux CVEs for a given stable release?
Greg Kroah-Hartman
-
2024/05/28
[oss-security] List linux CVEs for a given stable release?
Dominique Martinet