oss-sec: by thread
241 messages
starting Oct 01 20 and
ending Dec 29 20
Date index |
Thread index |
Author index
- [ANNOUNCE] Apache NiFi CVE-2020-9486, CVE-2020-9487, CVE-2020-9491, CVE-2020-13940 Andy LoPresto (Oct 01)
- CVE-2020-25637 libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c Mauro Matteo Cascella (Oct 02)
- the Bugtraq list archives before 2000 Georgi Guninski (Oct 04)
- Re: the Bugtraq list archives before 2000 Solar Designer (Oct 04)
- major changes if gnu/linux dominates the desktop and/or mobile market? Georgi Guninski (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Ian Zimmerman (Oct 05)
- Re: Re: major changes if gnu/linux dominates the desktop and/or mobile market? Stephen John Smoogen (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Georgi Guninski (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Brian May (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 07)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Georgi Guninski (Oct 07)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Ian Zimmerman (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Steve Grubb (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Simon McVittie (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Steve Grubb (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Stephen John Smoogen (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Grant Taylor (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Oct 19)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Ian Zimmerman (Oct 19)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Simon McVittie (Oct 19)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Daniel Sprouse (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Michael Ellerman (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Steve Grubb (Oct 05)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Eli Schwartz (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Simon McVittie (Oct 06)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 05)
- Re: CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Michael Ellerman (Oct 06)
- CVE-2020-14355 spice: multiple buffer overflow vulnerabilities in QUIC decoding code Mauro Matteo Cascella (Oct 06)
- Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. caveman رجل الكهف (Oct 07)
- Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Georgi Guninski (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeremy Stanley (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Noel Kuntze (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Solar Designer (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Kurt H Maier (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Russ Allbery (Oct 12)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Eli Schwartz (Oct 13)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Bob Friesenhahn (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Seth Arnold (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Bob Friesenhahn (Oct 08)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Seth Arnold (Oct 08)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Seth Arnold (Oct 07)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Giacomo Catenazzi (Oct 08)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Georgi Guninski (Oct 08)
- Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeremy Stanley (Oct 07)
- [CVE-2020-13956] Apache HttpClient incorrect handling of malformed URI authority component Oleg Kalnichevski (Oct 08)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 08)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 04)
- Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Oct 09)
- Re: Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Nov 23)
- Re: Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Dec 10)
- Re: Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Nov 23)
- [CVE-2020-13955] Apache Calcite Disabled HTTPS Hostname Verification Stamatis Zampetakis (Oct 09)
- CVE-2018-20243: Apache Fineract: password passed in URL, not via POST James Dailey (Oct 09)
- [SECURITY] CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up Mark Thomas (Oct 12)
- Gentoo's "contributing back" linux-distros tasks Solar Designer (Oct 12)
- Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Oct 12)
- Re: Gentoo's "contributing back" linux-distros tasks Yury German (Oct 12)
- Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey 尹亮 (Oct 12)
- Re: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey Mohammad Tausif Siddiqui (Nov 04)
- [CVE-2020-13957] The checks added to unauthenticated configset uploads in Apache Solr can be circumvented Tomas Fernandez Lobbe (Oct 12)
- Re: You are using an old email address "@stahl.de". Please note our new email addresses "@r-stahl.com" Jeffrey Walton (Oct 12)
- PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18 released fixing a cache pollution issue (CVE-2020-25829) Otto Moerbeek (Oct 13)
- kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Oct 13)
- Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Solar Designer (Oct 13)
- Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Oct 14)
- Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Nov 30)
- Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Solar Designer (Oct 13)
- CVE-2020-16120 - incorrect unprivileged overlayfs permission checking Steve Beattie (Oct 13)
- Re: CVE-2020-16120 - incorrect unprivileged overlayfs permission checking Jordan Glover (Oct 14)
- CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free Steve Beattie (Oct 13)
- CVE-2020-15157: containerd v1.2.x can be coerced into leaking credentials during image pull Karp, Samuel (Oct 15)
- CVE-2020-25656: Linux kernel concurrency UAF in vt_do_kdgkb_ioctl Minh Yuan (Oct 15)
- <Possible follow-ups>
- Re: CVE-2020-25656: Linux kernel concurrency UAF in vt_do_kdgkb_ioctl Jiri Slaby (Oct 16)
- Kubernetes: Multiple secret leaks when verbose logging is enabled Sam Fowler (Oct 15)
- [OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943) Pierre Riteau (Oct 16)
- [SECURITY][CVE-2020-13937] Unauthenticated Configuration Disclosure Xiaoxiang Yu (Oct 19)
- Xen Security Advisory 331 v2 - Race condition in Linux event handler may crash dom0 Xen . org security team (Oct 20)
- Xen Security Advisory 286 v4 - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team (Oct 20)
- Xen Security Advisory 332 v3 - Rogue guests can cause DoS of Dom0 via high frequency events Xen . org security team (Oct 20)
- Xen Security Advisory 345 v3 - x86: Race condition in Xen mapping code Xen . org security team (Oct 20)
- Xen Security Advisory 346 v2 - undue deferral of IOMMU TLB flushes Xen . org security team (Oct 20)
- Xen Security Advisory 347 v2 - unsafe AMD IOMMU page table updates Xen . org security team (Oct 20)
- CVE-2020-15999 fixed in FreeType 2.10.4 Alan Coopersmith (Oct 20)
- Re: CVE-2020-15999 fixed in FreeType 2.10.4 Werner LEMBERG (Oct 20)
- [CVE-2018-11764] Apache Hadoop Privilege escalation in web endpoint Akira Ajisaka (Oct 20)
- CVE-2019-16127, CVE-2019-16128 and CVE-2019-16129 for Microchip code Dimitrios Glynos (Oct 22)
- CVE-2020-27174: Firecracker serial console emulation may allocate an unbounded amount of memory Iordache, Alexandra (Oct 23)
- CVE-2020-25654 pacemaker: ACL restrictions bypass Huzaifa Sidhpurwala (Oct 27)
- CVE-2020-25668: Linux kernel concurrency use-after-free in vt Minh Yuan (Oct 30)
- Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt Minh Yuan (Nov 04)
- [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket 尹亮 (Nov 01)
- CVE-2020-27617 QEMU: net: an assert failure via eth_get_gso_type P J P (Nov 02)
- [CVE-2020-26521][CVE-2020-26892] NATS JWT vulnerabilities Phil Pennock (Nov 02)
- CVE-2020-27152 Kernel: KVM: host stack overflow via loop due to lazy update IOAPIC P J P (Nov 03)
- CVE-2020-27616 QEMU: ati-vga: potential crash via invalid x y parameter values P J P (Nov 03)
- Xen Security Advisory 286 v5 - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team (Nov 03)
- Security Issues in the spice-vdagentd daemon Matthias Gerstner (Nov 04)
- sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file Matthias Gerstner (Nov 04)
- [CVE-2020-17510] Apache Shiro Authentication Bypass Vulnerability Brian Demers (Nov 04)
- Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn Dawid Golunski (Nov 04)
- CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit - Nop (Nov 04)
- CVE-2020-27347: tmux buffer overflow in escape sequence parser snizovtsev (Nov 05)
- Advisory: ES2020-02 - Asterisk crash due to INVITE flood over TCP Sandro Gauci (Nov 06)
- [CVE-2020-25704] Linux kernel: perf_event_parse_addr_filter memory leak 尹亮 (Nov 09)
- Linux kernel slab-out-of-bounds Read in fbcon Minh Yuan (Nov 09)
- Re: Linux kernel slab-out-of-bounds Read in fbcon Srivatsa S. Bhat (Nov 24)
- The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 09)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Vladimir D. Seleznev (Nov 10)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 10)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Vladimir D. Seleznev (Nov 10)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 10)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Alan Coopersmith (Nov 10)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 10)
- Re: The importance of mutual authentication: Local Privilege Escalation in X11 Vladimir D. Seleznev (Nov 10)
- [CVE-2020-13927] - Insecure Default Configuration for Experimental API in Airflow < 1.10.11 Kaxil Naik (Nov 10)
- Xen Security Advisory 351 v1 - Information leak via power sidechannel Xen . org security team (Nov 10)
- CVE-2020-8694 RAPL power meter, Linux intel_powercap Len Brown (Nov 10)
- [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents Dave Fisher (Nov 10)
- Dash executes code when noexec ("-n") is specified Eric Pruitt (Nov 11)
- Re: Dash executes code when noexec ("-n") is specified Jakub Wilk (Nov 11)
- Re: Dash executes code when noexec ("-n") is specified Michael Orlitzky (Nov 11)
- Re: Dash executes code when noexec ("-n") is specified Michael Orlitzky (Nov 11)
- Re: Dash executes code when noexec ("-n") is specified Michael Orlitzky (Nov 11)
- Re: Dash executes code when noexec ("-n") is specified Jakub Wilk (Nov 11)
- CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath Colm O hEigeartaigh (Nov 12)
- CVE-2014-4508 John Haxby (Nov 12)
- Buffer Overflow in raptor widely unfixed in Linux distros Hanno Böck (Nov 13)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 13)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Ian Zimmerman (Nov 18)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Marcus Meissner (Nov 14)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Stephen John Smoogen (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Sam James (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Marius Bakke (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Jeremy Stanley (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Sam James (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Seth Arnold (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Marcus Meissner (Nov 17)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Morten Linderud (Nov 17)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 16)
- Re: Buffer Overflow in raptor widely unfixed in Linux distros Salvatore Bonaccorso (Nov 16)
- Linux kernel: net/x25: a couple of overflows 尹亮 (Nov 15)
- CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost Ana McTaggart (Nov 17)
- Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost Ana McTaggart (Nov 17)
- CVE-2019-12412: libapreq2 null pointer dereference Joe Orton (Nov 17)
- Polipo: denial-of-service using range chinarulezzz (Nov 18)
- Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 18)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)
- Re: libass ass_outline.c signed integer overflow Moritz Mühlenhoff (Nov 19)
- Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 19)
- Re: Re: libass ass_outline.c signed integer overflow Salvatore Bonaccorso (Nov 19)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)
- Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close Shisong Qin (Nov 19)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close Marcus Meissner (Nov 19)
- Unpatched XSS in Redmine 4.1 sjw (Nov 19)
- CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Daniel Axtens (Nov 20)
- Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Daniel Axtens (Nov 22)
- CVE-2020-28928: musl libc: wcsnrtombs destination buffer overflow Rich Felker (Nov 20)
- WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 Carlos Alberto Lopez Perez (Nov 23)
- Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Xen . org security team (Nov 24)
- Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Mauro Matteo Cascella (Nov 30)
- Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Andrew Cooper (Nov 30)
- <Possible follow-ups>
- Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Roger Pau Monné (Nov 24)
- Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Mauro Matteo Cascella (Nov 30)
- Heads up: PAM 1.5.0 has a auth bypass under some conditions Marcus Meissner (Nov 24)
- Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions John Helmert III (Nov 24)
- Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions Érico Nogueira (Nov 24)
- Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions Dmitry V. Levin (Nov 24)
- Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions John Helmert III (Nov 24)
- OpenSC 0.21.0 released Frank Morgner (Nov 24)
- CVE-2020-13942: Remote Code Execution in Apache Unomi Serge Huber (Nov 24)
- Xen Security Advisory 351 v2 (CVE-2020-28368) - Information leak via power sidechannel Xen . org security team (Nov 26)
- CVE-2020-29129 CVE-2020-29130 QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets P J P (Nov 27)
- Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Nov 29)
- CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Fabian Keil (Dec 23)
- Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Nick Tait (Dec 23)
- Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Jeffrey Walton (Dec 25)
- CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Fabian Keil (Dec 23)
- WebKitGTK and WPE WebKit Security Advisory WSA-2020-0009 Carlos Alberto Lopez Perez (Nov 30)
- CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree butt3rflyh4ck (Nov 30)
- Re: CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree butt3rflyh4ck (Dec 28)
- CVE-2020-15257: containerd-shim API exposed to host network containers Karp, Samuel (Nov 30)
- Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1 butt3rflyh4ck (Nov 30)
- Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1 butt3rflyh4ck (Dec 03)
- CVE-2020-28916 QEMU: e1000e: infinite loop scenario in case of null packet descriptor P J P (Dec 01)
- X.Org server security advisory: December 1, 2020 Matthieu Herrb (Dec 01)
- Some mitigation for openssh CVE-2020-14145 Marcus Meissner (Dec 01)
- Multiple vulnerabilities in Jenkins Daniel Beck (Dec 03)
- [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up Mark Thomas (Dec 03)
- Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? Salvatore Bonaccorso (Dec 05)
- [CVE-2020-17521]: Apache Groovy Information Disclosure Paul King (Dec 06)
- Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 Shisong Qin (Dec 06)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 John Haxby (Dec 07)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 - Nop (Dec 07)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 Marcus Meissner (Dec 07)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 - Nop (Dec 08)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 - Nop (Dec 07)
- Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 John Haxby (Dec 07)
- [SECURITY] CVE-2020-13945: Apache APISIX's Admin API default access token vulnerability YuanSheng Wang (Dec 07)
- [kubernetes] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs Tim Allclair (Dec 07)
- [OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565) Gage Hugo (Dec 08)
- Apache Struts 2: CVE-2020-17530: Potential RCE when using forced evaluation Lukasz Lenart (Dec 08)
- Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? yersinia (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Eric Biggers (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Robert Watson (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Seth Arnold (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Douglas Bagnall (Dec 15)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Robert Watson (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Eric Biggers (Dec 08)
- [SECURITY ADVISORY] curl: trusting FTP PASV responses Daniel Stenberg (Dec 08)
- [SECURITY ADVISORY] libcurl: FTP wildcard stack overflow Daniel Stenberg (Dec 08)
- [SECURITY ADVISORY] curl: Inferior OCSP verification Daniel Stenberg (Dec 08)
- CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length Brennan Ashton (Dec 09)
- CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header Brennan Ashton (Dec 09)
- 2 kernel issues Marcus Meissner (Dec 10)
- CVE-2020-27825 kernel: use-after-free in the ftrace ring buffer resizing logic due to a race condition Rohit Keshri (Dec 11)
- CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter Kaxil Naik (Dec 11)
- CVE-2020-17511: Apache Airflow Admin password gets logged in plain text Kaxil Naik (Dec 11)
- CVE-2020-17513: Apache Airflow Server-Side Request Forgery (SSRF) in Charts & Query View Kaxil Naik (Dec 11)
- Xen Security Advisory 115 v4 (CVE-2020-29480) - xenstore watch notifications lacking permission checks Xen . org security team (Dec 15)
- Xen Security Advisory 322 v4 (CVE-2020-29481) - Xenstore: new domains inheriting existing node permissions Xen . org security team (Dec 15)
- Xen Security Advisory 325 v3 (CVE-2020-29483) - Xenstore: guests can disturb domain cleanup Xen . org security team (Dec 15)
- Xen Security Advisory 324 v3 (CVE-2020-29484) - Xenstore: guests can crash xenstored via watchs Xen . org security team (Dec 15)
- Xen Security Advisory 323 v3 (CVE-2020-29482) - Xenstore: wrong path length check Xen . org security team (Dec 15)
- Xen Security Advisory 330 v3 (CVE-2020-29485) - oxenstored memory leak in reset_watches Xen . org security team (Dec 15)
- Xen Security Advisory 348 v3 (CVE-2020-29566) - undue recursion in x86 HVM context switch code Xen . org security team (Dec 15)
- Xen Security Advisory 350 v4 (CVE-2020-29569) - Use after free triggered by block frontend in Linux blkback Xen . org security team (Dec 15)
- Xen Security Advisory 349 v3 (CVE-2020-29568) - Frontends can trigger OOM in Backends by update a watched path Xen . org security team (Dec 15)
- Xen Security Advisory 354 v4 (CVE-2020-29487) - XAPI: guest-triggered excessive memory usage Xen . org security team (Dec 15)
- Xen Security Advisory 352 v3 (CVE-2020-29486) - oxenstored: node ownership can be changed by unprivileged clients Xen . org security team (Dec 15)
- Xen Security Advisory 353 v4 (CVE-2020-29479) - oxenstored: permissions not checked on root node Xen . org security team (Dec 15)
- Xen Security Advisory 358 v4 (CVE-2020-29570) - FIFO event channels control block related ordering Xen . org security team (Dec 15)
- Xen Security Advisory 356 v3 (CVE-2020-29567) - infinite loop when cleaning up IRQ vectors Xen . org security team (Dec 15)
- Xen Security Advisory 359 v3 (CVE-2020-29571) - FIFO event channels control structure ordering Xen . org security team (Dec 15)
- [ANNOUNCE] qemu-security mailing list P J P (Dec 16)
- CVE-2020-13931 Apache TomEE - Incorrect config on JMS Resource Adapter can lead to JMX being enabled Jonathan Gallimore (Dec 16)
- Xen Security Advisory 322 v5 (CVE-2020-29481) - Xenstore: new domains inheriting existing node permissions Xen . org security team (Dec 16)
- Xen Security Advisory 358 v5 (CVE-2020-29570) - FIFO event channels control block related ordering Xen . org security team (Dec 16)
- Xen Security Advisory 343 v5 (CVE-2020-25599) - races with evtchn_reset() Xen . org security team (Dec 16)
- CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c Mauro Matteo Cascella (Dec 16)
- CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila Ana McTaggart (Dec 16)
- CVE-2020-17520 Apache Pulsar Manager Information Disclosure (bypass admin interceptor) Guangning E (Dec 17)
- CVE-2020-17526: Apache Airflow Incorrect Session Validation in Airflow Webserver with default config Kaxil Naik (Dec 21)
- CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c Mauro Matteo Cascella (Dec 22)
- More CVE request experience (Fwd: Automatic reply: [EXT] Need a CVE for Crypto++) Jeffrey Walton (Dec 25)
- CVE-2020-17533: Apache Accumulo Improper Handling of Insufficient Permissions Billie Rinaldi (Dec 29)