oss-security  

Messages by Date

• 2024/05/28 [oss-security] OpenSSL Security Advisory Matt Caswell
• 2024/05/27 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Charles Fol
• 2024/05/27 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
• 2024/05/27 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Solar Designer
• 2024/05/27 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Erik Auerswald
• 2024/05/27 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
• 2024/05/27 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Charles Fol
• 2024/05/26 [oss-security] path traversal in tar extract in intel cve-bin-tool houjingyi
• 2024/05/24 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
• 2024/05/24 [oss-security] gnome-remote-desktop: D-Bus system service in GNOME release 46 local information leaks (CVE-2024-5148) Matthias Gerstner
• 2024/05/23 [oss-security] Intel CPU Hardware Features and Behaviors Related to Speculative Execution Alan Coopersmith
• 2024/05/21 [oss-security] asterisk security releases 18.23.1, 20.8.1, & 21.3.1 Alan Coopersmith
• 2024/05/21 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0003 Adrian Perez de Castro
• 2024/05/20 Re: [oss-security] Article: State of Sandboxing in Linux Solar Designer
• 2024/05/20 [oss-security] Article: State of Sandboxing in Linux Ali Polatel
• 2024/05/17 Re: [oss-security] Linux: Disabling network namespaces Mickaël Salaün
• 2024/05/16 [oss-security] CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package Andrea Intilangelo
• 2024/05/16 [oss-security] OpenSSL Security Advisory [corrected CVE id] Tomas Mraz
• 2024/05/16 [oss-security] OpenSSL Security Advisory Tomas Mraz
• 2024/05/15 [oss-security] CVE-2024-21823: Intel DSA and Intel IAA advisory Alan Coopersmith
• 2024/05/14 [oss-security] git: 5 vulnerabilities fixed Johannes Schindelin
• 2024/05/14 [oss-security] CVE-2024-32077: Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Ephraim Anierobi
• 2024/05/13 Re: [oss-security] Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Jacob Bachmeyer
• 2024/05/13 Re: [oss-security] Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Jacob Bachmeyer
• 2024/05/13 [oss-security] PowerDNS Security Advisory 2024-03: Transfer requests received over DoH can lead to a denial of service in DNSdist Remi Gacogne
• 2024/05/11 [oss-security] Re: lsof "can't stat() fuse.${name} filesystem /run/user/1000/${dir}" Simon McVittie
• 2024/05/11 Re: [oss-security] Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Solar Designer
• 2024/05/11 [oss-security] Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Corey Lopez
• 2024/05/10 [oss-security] [vim-security] buffer-overlow in xxd with colored output < v9.1.0404 Christian Brabandt
• 2024/05/09 Re: [oss-security] New SMTP smuggling attack Erik Auerswald
• 2024/05/09 [oss-security] CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access Arnout Engelen
• 2024/05/09 [oss-security] [kubernetes] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs Rita Zhang
• 2024/05/09 Re: [oss-security] New SMTP smuggling attack Mark Esler
• 2024/05/09 [oss-security] CVE-2024-26579: Apache Inlong JDBC Vulnerability Charles Zhang
• 2024/05/09 [oss-security] CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE Jacques Le Roux
• 2024/05/08 [oss-security] Xen Security Advisory 457 v3 (CVE-2024-27393) - Linux/xen-netfront: Memory leak due to missing cleanup function Xen . org security team
• 2024/05/08 [oss-security] [security] Go 1.22.3 and Go 1.21.10 are released Alan Coopersmith
• 2024/05/08 Re: [oss-security] CVE-2024-26925: Linux: nf_tables: locking issue in the nf_tables_abort() function Salvatore Bonaccorso
• 2024/05/08 [oss-security] Xen Security Advisory 457 v2 - Linux/xen-netfront: Memory leak due to missing cleanup function Xen . org security team
• 2024/05/07 [oss-security] Xen Security Advisory 457 v1 - Linux/xen-netback: Memory leak due to missing cleanup function Xen . org security team
• 2024/05/07 [oss-security] Xen Security Advisory 456 v3 (CVE-2024-2201) - x86: Native Branch History Injection Xen . org security team
• 2024/05/07 [oss-security] CVE-2024-26925: Linux: nf_tables: locking issue in the nf_tables_abort() function HexRabbit Chen
• 2024/05/07 [oss-security] GLib (2.26.0+): GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing Philip Withnall
• 2024/05/07 [oss-security] Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard
• 2024/05/07 [oss-security] HNS-2024-07 - HN Security Advisory - Multiple vulnerabilities in RIOT OS Marco Ivaldi
• 2024/05/07 [oss-security] CVE-2024-28148: Apache Superset: Incorrect datasource authorization on explore REST API Daniel Gaspar
• 2024/05/07 [oss-security] CVE-2023-49606, CVE-2023-40533: memory safety vulnerabilities in tinyproxy <=1.11.1 Valtteri Vuorikoski
• 2024/05/06 [oss-security] Re: [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Peter Korsgaard
• 2024/05/06 [oss-security] The GNU C Library security advisories update for 2024-05-06 Carlos O'Donell
• 2024/05/06 [oss-security] Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm Yann E. MORIN
• 2024/05/06 Re: [oss-security] Fwd: uriparser 0.9.8 released, includes security fixes Solar Designer
• 2024/05/06 [oss-security] Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings
• 2024/05/06 [oss-security] Fwd: uriparser 0.9.8 released, includes security fixes Sebastian Pipping
• 2024/05/03 [oss-security] CVE-2023-35701: Apache Hive: Arbitrary command execution via JDBC driver Stamatis Zampetakis
• 2024/05/03 Re: [oss-security] escaping terminal control characters (was Re: backdoor in upstream xz/liblzma leading to ssh server compromise) Steffen Nurpmeso
• 2024/05/03 Re: [oss-security] escaping terminal control characters (was Re: backdoor in upstream xz/liblzma leading to ssh server compromise) Steffen Nurpmeso
• 2024/05/02 Re: [oss-security] escaping terminal control characters (was Re: backdoor in upstream xz/liblzma leading to ssh server compromise) Sam James
• 2024/05/02 Re: [oss-security] New SMTP smuggling attack Solar Designer
• 2024/05/02 Re: [oss-security] New SMTP smuggling attack Steffen Nurpmeso
• 2024/05/02 [oss-security] CVE-2024-30251: DoS in aiohttp Sam Bull
• 2024/05/02 [oss-security] Multiple vulnerabilities in Jenkins plugins Daniel Beck
• 2024/05/02 [oss-security] CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling YuanSheng Wang
• 2024/05/02 Re: [oss-security] Re: CVEs issued by the Linux kernel CNA Greg KH
• 2024/05/01 [oss-security] Re: CVEs issued by the Linux kernel CNA Alan Coopersmith
• 2024/05/01 [oss-security] CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration Jean-Baptiste Onofré
• 2024/04/30 Re: [oss-security] New SMTP smuggling attack Steffen Nurpmeso
• 2024/04/30 Re: [oss-security] New SMTP smuggling attack Erik Auerswald
• 2024/04/30 [oss-security] Re: New SMTP smuggling attack nightmare . yeah27
• 2024/04/30 [oss-security] Re: Telegram Web app XSS / Session Hijacking 1-click Pedro Batista
• 2024/04/30 Re: [oss-security] New SMTP smuggling attack Mark Esler
• 2024/04/30 Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
• 2024/04/30 Re: [oss-security] libksieve (used by kmail/kontact) sent password as username Salvatore Bonaccorso
• 2024/04/29 Re: [oss-security] Update on the distro-backdoor-scanner effort Gabriel Ravier
• 2024/04/29 Re: [oss-security] Re: Linux: Disabling network namespaces John Johansen
• 2024/04/29 Re: [oss-security] Linux: Disabling network namespaces John Johansen
• 2024/04/29 [oss-security] CVE-2024-27322: Deserialization vulnerability in R before 4.4.0 Alan Coopersmith
• 2024/04/29 Re: [oss-security] Update on the distro-backdoor-scanner effort Vegard Nossum
• 2024/04/29 Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
• 2024/04/28 [oss-security] Telegram Web app XSS / Session Hijacking 1-click Pedro Batista
• 2024/04/28 [oss-security] Suspicious hook-loading mechanism in hyprland Sam James
• 2024/04/28 Re: [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• 2024/04/28 Re: [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• 2024/04/27 Re: [oss-security] Update on the distro-backdoor-scanner effort Morten Linderud
• 2024/04/27 Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
• 2024/04/26 Re: [oss-security] Update on the distro-backdoor-scanner effort Sam James
• 2024/04/26 Re: [oss-security] Update on the distro-backdoor-scanner effort Simon McVittie
• 2024/04/26 [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• 2024/04/25 [oss-security] libksieve (used by kmail/kontact) sent password as username Jonas Schäfer
• 2024/04/24 [oss-security] Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc) Paragon Initiative Enterprises Security Team
• 2024/04/24 [oss-security] CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy Oriol Castejón
• 2024/04/24 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
• 2024/04/24 [oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor Peter van Dijk
• 2024/04/23 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/23 [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Yash Patel
• 2024/04/23 [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Mark Esler
• 2024/04/23 [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Yash Patel
• 2024/04/23 [oss-security] 83 bogus CVEs assigned to Robot Operating System (ROS) Mark Esler
• 2024/04/23 Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• 2024/04/22 [oss-security] Re: Linux: Disabling network namespaces Priedhorsky, Reid
• 2024/04/22 Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
• 2024/04/22 [oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode Imba Jin
• 2024/04/22 [oss-security] CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin Imba Jin
• 2024/04/22 [oss-security] CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page Imba Jin
• 2024/04/22 [oss-security] Wordpress Responsive theme: arbitrary HTML content injection (CVE-2024-2848) Hanno Böck
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/21 Re: [oss-security] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass Jeffrey Walton
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/20 [oss-security] [Update] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass Fay Stegerman
• 2024/04/20 Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
• 2024/04/20 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/19 [oss-security] Re: Linux: Disabling network namespaces nightmare . yeah27
• 2024/04/19 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/19 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/19 [oss-security] CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context Elad Kalif
• 2024/04/19 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer
• 2024/04/19 [oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website Enxin Xie
• 2024/04/18 [oss-security] flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal and CWE-88 Simon McVittie
• 2024/04/18 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Solar Designer
• 2024/04/18 Re: [oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config Jacob Bachmeyer
• 2024/04/18 [oss-security] libreswan: IKEv1 default AH/ESP responder can crash and restart David Morel
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Matt Johnston
• 2024/04/17 [oss-security] CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Ephraim Anierobi
• 2024/04/17 [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Adhemerval Zanella Netto
• 2024/04/17 [oss-security] Terrapin vulnerability in Jenkins CLI client Daniel Beck
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk
• 2024/04/17 Re: [oss-security] Linux: Disabling network namespaces Georgia Garcia
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer
• 2024/04/17 [oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config Vegard Nossum
• 2024/04/17 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• 2024/04/16 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Greg KH
• 2024/04/16 Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• 2024/04/16 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer
• 2024/04/16 [oss-security] [kubernetes] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Rita Zhang
• 2024/04/16 Re: [oss-security] Linux: Disabling network namespaces Philippe Cerfon
• 2024/04/16 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer
• 2024/04/16 Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
• 2024/04/15 [oss-security] CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client Fabian Bäumer
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• 2024/04/15 [oss-security] Re: less(1) with LESSOPEN mishandles \n in paths Jakub Wilk
• 2024/04/14 [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/13 [oss-security] Re: less(1) with LESSOPEN mishandles \n in paths Tobias Powalowski
• 2024/04/13 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• 2024/04/12 [oss-security] PHP security releases 8.1.28, 8.2.18, & 8.3.6 Alan Coopersmith
• 2024/04/12 [oss-security] Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 Alan Coopersmith
• 2024/04/12 Re: [oss-security] Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk
• 2024/04/12 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar
• 2024/04/12 [oss-security] CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials Jason Gerlowski
• 2024/04/12 Re: [oss-security] less(1) with LESSOPEN mishandles \n in paths Sam James
• 2024/04/12 [oss-security] less(1) with LESSOPEN mishandles \n in paths Jakub Wilk
• 2024/04/12 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• 2024/04/11 [oss-security] CVE-2024-27309: Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Colin McCabe
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng
• 2024/04/11 [oss-security] Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN
• 2024/04/11 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar
• 2024/04/11 [oss-security] Buildroot: incorrect permissons on /dev/shm Ben Hutchings
• 2024/04/11 [oss-security] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• 2024/04/11 [oss-security] Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Donald Buczek
• 2024/04/11 [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin
• 2024/04/11 Re: [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton
• 2024/04/11 [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton
• 2024/04/11 [oss-security] Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap
• 2024/04/11 [oss-security] Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Tianyu Chen
• 2024/04/11 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• 2024/04/11 ezmlm response oss-security-help
• 2024/04/11 WELCOME to oss-security@lists.openwall.com oss-security-help
• 2024/04/11 confirm subscribe to oss-security@lists.openwall.com oss-security-help
• 2023/09/17 confirm subscribe to oss-security@lists.openwall.com oss-security-help
• 2023/08/17 confirm subscribe to oss-security@lists.openwall.com oss-security-help
• 2015/11/29 ezmlm response oss-security-help
• 2014/09/24 confirm subscribe to oss-security@lists.openwall.com oss-security-help

• Later messages