oss-sec: by thread
281 messages
starting Jan 04 21 and
ending Mar 30 21
Date index |
Thread index |
Author index
- Re: DPDK security advisory for multiple vhost crypto issues Mauro Matteo Cascella (Jan 04)
- Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Ferruh Yigit (Jan 04)
- Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Mauro Matteo Cascella (Jan 04)
- Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Ferruh Yigit (Jan 04)
- CVE-2020-25275: Dovecot: MIME parsing crash Aki Tuomi (Jan 04)
- CVE-2020-24386: Dovecot: IMAP hibernation allows accessing other peoples mail Aki Tuomi (Jan 04)
- CVE-2020-26297: mdBook XSS Pietro Albini (Jan 04)
- [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API Robert Metzger (Jan 05)
- [CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API Robert Metzger (Jan 05)
- A security vulnerability in linux kernel 5.8.10 Anthony Liguori (Jan 06)
- Trovent Security Advisory 2010-01 / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch (Jan 07)
- Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch (Jan 08)
- Re: distros list archive Solar Designer (Jan 10)
- Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Jan 10)
- <Possible follow-ups>
- Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Jan 10)
- Re: Gentoo's "contributing back" linux-distros tasks Thomas Deutschmann (Jan 11)
- Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Jan 12)
- RE: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Jan 12)
- Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Jan 11)
- Re: Gentoo's "contributing back" linux-distros tasks Thomas Deutschmann (Jan 11)
- Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Feb 02)
- Re: Gentoo's "contributing back" linux-distros tasks Solar Designer (Feb 02)
- [CVE-2020-17534] HTML/Java API 1.7: A race condition between deletion of the temporary file and creation of the temporary directory Jaroslav Tulach (Jan 11)
- Various security fixes in sudo 1.9.5 (CVE-2021-23239, CVE-2021-23240) Matthias Gerstner (Jan 11)
- Advisory: ES2021-01 - Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address Sandro Gauci (Jan 11)
- [Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client Brendan Burns (Jan 11)
- CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Wade Mealing (Jan 11)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic John Haxby (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic David A. Wheeler (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Sasha Levin (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Philip Pettersson (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Solar Designer (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic John Haxby (Jan 12)
- Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH (Jan 12)
- Security issues in hawk2 and crmsh Marcus Meissner (Jan 12)
- CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jan 13)
- CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure Mauro Matteo Cascella (Jan 13)
- CVE-2021-23926: XMLBeans XML Entity Expansion fanningpj () apache org (Jan 13)
- [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure Mark Thomas (Jan 14)
- Re: [vs] Cinnamon lock screen bypass in multiple distributions Alexander E. Patrakov (Jan 15)
- Re: Re: [vs] Cinnamon lock screen bypass in multiple distributions Morten Linderud (Jan 15)
- Adding an additional Amazon Linux member to distros@ Anthony Liguori (Jan 15)
- Re: Adding an additional Amazon Linux member to distros@ Solar Designer (Jan 17)
- MATE screensaver screen lock bypass with external monitor Hanno Böck (Jan 15)
- mutt recipient parsing memory leak Tavis Ormandy (Jan 17)
- Re: mutt recipient parsing memory leak Utkarsh Gupta (Jan 19)
- [SECURITY] CVE-2020-11997: Apache Guacamole: Inconsistent restriction of connection history visibility Mike Jumper (Jan 18)
- CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands P J P (Jan 18)
- libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner (Jan 18)
- Re: libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner (Jan 21)
- Multiple CVEs in dnsmasq fixed in version 2.83 Riccardo Schirone (Jan 19)
- segv_handler junkcode snippet / openSUSE segv_handler package potential local root exploit Matthias Gerstner (Jan 19)
- Xen Security Advisory 331 v3 (CVE-2020-27675) - Race condition in Linux event handler may crash dom0 Xen . org security team (Jan 19)
- Xen Security Advisory 355 v3 (CVE-2020-29040) - stack corruption from XSA-346 change Xen . org security team (Jan 19)
- Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team (Jan 19)
- Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events Xen . org security team (Jan 19)
- Xen Security Advisory 345 v4 (CVE-2020-27672) - x86: Race condition in Xen mapping code Xen . org security team (Jan 19)
- Xen Security Advisory 346 v3 (CVE-2020-27671) - undue deferral of IOMMU TLB flushes Xen . org security team (Jan 19)
- Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates Xen . org security team (Jan 19)
- CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking Andrew Wesie (Jan 20)
- CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability wjm wjm (Jan 21)
- Xen Security Advisory 360 v1 - IRQ vector leak on x86 Xen . org security team (Jan 21)
- CVE-2021-21261: Flatpak sandbox escape via spawn portal (aka GHSA-4ppf-fxf6-vxg2) Simon McVittie (Jan 21)
- CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
- CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser lewis john mcgibbney (Jan 24)
- CVE-2020-17522: Traffic Control Mid Tier Cache Manipulation Attack ocket 8888 (Jan 25)
- [CVE-2020-9492] Apache Hadoop Potential privilege escalation Akira Ajisaka (Jan 26)
- Vulnerability in Jenkins Daniel Beck (Jan 26)
- <Possible follow-ups>
- Vulnerability in Jenkins Daniel Beck (Feb 19)
- Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Qualys Security Advisory (Jan 26)
- Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Hanno Böck (Jan 27)
- Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Dave Horsfall (Jan 27)
- Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Hanno Böck (Jan 27)
- Xen Security Advisory 360 v2 (CVE-2021-3308) - IRQ vector leak on x86 Xen . org security team (Jan 26)
- glibc iconv crash with ISO-2022-JP-3 Tavis Ormandy (Jan 27)
- Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar (Jan 27)
- Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar (Jan 28)
- Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar (Jan 27)
- CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support Gary Tully (Jan 27)
- CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind Gary Tully (Jan 27)
- CVE-2021-20196 QEMU: block: fdc: null pointer dereference may lead to guest crash P J P (Jan 27)
- Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck (Jan 28)
- Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck (Jan 30)
- Re: Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq Marcus Meissner (Jan 31)
- Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck (Jan 30)
- Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Solar Designer (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes David A. Wheeler (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Solar Designer (Feb 01)
- Re: Linux Kernel: local priv escalation via futexes Marcus Meissner (Jan 29)
- Re: Linux Kernel: local priv escalation via futexes Solar Designer (Jan 29)
- X41 D-Sec GmbH Security Advisory X41-2021-001: Multiple Vulnerabilities in YARA X41 D-Sec GmbH Advisories (Jan 29)
- CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. Jihoon Son (Jan 29)
- sudo: Ineffective NO_ROOT_MAILER and Baron Samedit Roman Fiedler (Jan 30)
- Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit Roman Fiedler (Feb 15)
- Re: CVE request experience Fabian Keil (Jan 31)
- Two DoS issues fixed in Privoxy 3.0.31 stable Fabian Keil (Jan 31)
- Re: Two DoS issues fixed in Privoxy 3.0.31 stable Fabian Keil (Feb 04)
- Django: CVE-2021-3281: Potential directory-traversal via archive.extract() Mariusz Felisiak (Feb 01)
- [CVE-2020-17523] Apache Shiro authentication bypass Brian Demers (Feb 01)
- [CVE-2020-17516] Apache Cassandra internode encryption enforcement vulnerability Aleksey Yeschenko (Feb 01)
- KASAN: use-after-free in con_scroll ???? (Feb 02)
- Re: KASAN: use-after-free in con_scroll Greg KH (Feb 02)
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Feb 03)
- <Possible follow-ups>
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Alan Coopersmith (Mar 23)
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Mar 23)
- wpa_supplicant P2P group information processing vulnerability Jouni Malinen (Feb 03)
- Re: wpa_supplicant P2P group information processing vulnerability Salvatore Bonaccorso (Feb 06)
- [CVE-2020-15692] Nim - stdlib Browsers - `open` Argument Injection Martin Ortner (Feb 04)
- [CVE-2020-15693, CVE-2020-15694] Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation Martin Ortner (Feb 04)
- [CVE-2020-15690] Nim - stdlib asyncftpd - Crlf Injection Martin Ortner (Feb 04)
- Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Feb 04)
- Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Feb 05)
- CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field P J P (Feb 04)
- CVE-2021-3392 QEMU: scsi: mptsas: use-after-free while processing io requests P J P (Feb 04)
- [no-cve] Nim - Insecure SSL/TLS Defaults, MitM, and nimble shell command injection Martin Ortner (Feb 05)
- CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri (Feb 05)
- Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Alex Gaynor (Feb 05)
- Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri (Feb 08)
- Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Greg KH (Feb 08)
- Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri (Feb 08)
- Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Salvatore Bonaccorso (Feb 05)
- Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Alex Gaynor (Feb 05)
- [CVE-2020-13924] Apache Ambari Arbitrary File Download Vulnerability Szabolcs Beki (Feb 07)
- CVE-2020-13947 - XSS in Apache ActiveMQ WebConsole Jean-Baptiste Onofre (Feb 07)
- Remote code execution in connman Marcus Meissner (Feb 08)
- [cve-pending] Firejail: root privilege escalation in OverlayFS code netblue30 (Feb 08)
- Re: [cve-pending] Firejail: root privilege escalation in OverlayFS code Salvatore Bonaccorso (Feb 08)
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Feb 09)
- screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Harry Sintonen (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: Re: screen crash processing combining characters Utkarsh Gupta (Feb 10)
- Re: Re: screen crash processing combining characters Salvatore Bonaccorso (Feb 10)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Utkarsh Gupta (Feb 09)
- Re: charset.alias in pkexec/glib/gnulib Jakub Wilk (Feb 09)
- Re: charset.alias in pkexec/glib/gnulib Tavis Ormandy (Feb 09)
- Replay-Sorcery: CVE-2021-26936: Multiple security issues in with setuid-root program in versions 0.4.0 through 0.5.0 Matthias Gerstner (Feb 10)
- [SECURITY][ANNOUNCE] Apache Subversion 1.14.1 released Stefan Sperling (Feb 10)
- [SECURITY][ANNOUNCE] Apache Subversion 1.10.7 released Stefan Sperling (Feb 10)
- CVE-2020-35498: Open vSwitch: Packet parsing vulnerability Flavio Leitner (Feb 10)
- CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 10)
- Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou (Feb 10)
- CVE-2020-13949: Apache Thrift: potential DoS when processing untrusted payloads Jens Geyer (Feb 11)
- CVE-2021-26720: avahi-daemon: 'avahi' to 'root' user privilege escalation through Debian specific if-up script avahi-daemon-check-dns.sh Matthias Gerstner (Feb 15)
- WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001 Carlos Alberto Lopez Perez (Feb 15)
- 2021-01 stats Fuller, Abby (Feb 16)
- Re: 2021-01 stats Solar Designer (Feb 16)
- Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported Xen . org security team (Feb 16)
- Xen Security Advisory 361 v4 (CVE-2021-26932) - Linux: grant mapping error handling issues Xen . org security team (Feb 16)
- Xen Security Advisory 362 v3 (CVE-2021-26931) - Linux: backends treating grant mapping errors as bugs Xen . org security team (Feb 16)
- Xen Security Advisory 364 v3 (CVE-2021-26933) - arm: The cache may not be cleaned for newly allocated scrubbed pages Xen . org security team (Feb 16)
- Xen Security Advisory 365 v3 (CVE-2021-26930) - Linux: error handling issues in blkback's grant mapping Xen . org security team (Feb 16)
- CVE-2021-26559: Apache Airflow 2.0.0: CWE-284 Improper Access Control on Configurations Endpoint for the Stable API Kaxil Naik (Feb 17)
- CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check Kaxil Naik (Feb 17)
- CVE-2021-26911: Canary Mail with IMAP STARTTLS missing certificate validation Dimitrios Glynos (Feb 17)
- One BIND vulnerability (CVE-2020-8625) has been publicly disclosed Michael McNally (Feb 17)
- Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)
- Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Feb 18)
- Re: Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)
- Re: Vulnerability in the Linux Audit Framework Auditd Salvatore Bonaccorso (Feb 25)
- Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Mar 02)
- Re: Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)
- Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Feb 18)
- Xen Security Advisory 366 v1 - missed flush in XSA-321 backport Xen . org security team (Feb 18)
- CVE-2021-26296: Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces Bill Lucy (Feb 18)
- BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination ISC Security Officer (Feb 19)
- Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Hanno Böck (Feb 19)
- Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Michael McNally (Feb 19)
- Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Ondřej Surý (Feb 19)
- Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Hanno Böck (Feb 19)
- Django security releases: CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()`` Carlton Gibson (Feb 19)
- CVE-2021-3411 kernel: broken KRETPROBES reports corruption of .text section while running a FTRACE stress tester Rohit Keshri (Feb 19)
- CVE-2021-26544: Apache Livy (Incubating) is vulnerable to cross site scripting Jerry Shao (Feb 19)
- BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 ISC Security Officer (Feb 19)
- CVE-2021-20247: isync/mbsync data leak/destruction vulnerability Oswald Buddenhagen (Feb 22)
- BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 - REVISION ISC Security Officer (Feb 22)
- Xen Security Advisory 366 v2 (CVE-2021-27379) - missed flush in XSA-321 backport Xen . org security team (Feb 23)
- [CVE-2020-11988] Apache XML Graphics Commons SSRF vulnerability Simon Steiner (Feb 24)
- [CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability Simon Steiner (Feb 24)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 24)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 18)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 30)
- CVE-2021-20255 QEMU: net: eepro100: stack overflow via infiniterecursion P J P (Feb 25)
- CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit descriptors P J P (Feb 25)
- wpa_supplicant P2P provision discovery processing vulnerability Jouni Malinen (Feb 25)
- Re: wpa_supplicant P2P provision discovery processing vulnerability Salvatore Bonaccorso (Feb 26)
- CVE-2021-3416 QEMU: net: infinite loop in loopback mode may lead tostack overflow P J P (Feb 26)
- Multiple DoS issues fixed in Privoxy 3.0.32 stable Fabian Keil (Feb 28)
- Re: Multiple DoS issues fixed in Privoxy 3.0.32 stable Fabian Keil (Mar 06)
- CVE-2021-25122: Apache Tomcat h2c request mix-up Mark Thomas (Mar 01)
- CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484 Mark Thomas (Mar 01)
- Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804) Marc (Mar 01)
- CVE-2020-1926: Timing attack in Cookie signature verification Chao Sun (Mar 01)
- CVE-2020-1936: Stored XSS in Apache Ambari Szabolcs Beki (Mar 02)
- Multiple GRUB2 vulnerabilities John Haxby (Mar 02)
- Announce: OpenSSH 8.5 released Damien Miller (Mar 02)
- Xen Security Advisory 367 v1 - Linux: netback fails to honor grant mapping errors Xen . org security team (Mar 04)
- Xen Security Advisory 369 v1 - Linux: special config may crash when trying to map foreign pages Xen . org security team (Mar 04)
- CVE-2021-27907: Apache Superset stored XSS on Dashboard markdown daniel gaspar (Mar 04)
- Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors Xen . org security team (Mar 05)
- Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages Xen . org security team (Mar 05)
- Linux iscsi security fixes Marcus Meissner (Mar 06)
- CVE-2021-20263 QEMU: virtiofsd: 'security.capabilities' is not dropped with xattrmap option Mauro Matteo Cascella (Mar 08)
- CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085 Mauro Matteo Cascella (Mar 09)
- CVE-2020-35451: Oozie local privilege escalation Gézapeti Cseh (Mar 09)
- git: malicious repositories can execute remote code while cloning Johannes Schindelin (Mar 09)
- CVE-2020-13936: Velocity Sandbox Bypass Will Glass-Husain (Mar 10)
- CVE-2020-13959: Velocity Tools XSS Vulnerability Will Glass-Husain (Mar 10)
- CVE-2021-20261: kernel: panic in start_motor+0x21 when /dev/fd0 is read by multiple threads. Wade Mealing (Mar 10)
- CVE-2021-20269: kexec-tools: incorrect permissions on vmcore-dmesg.txt file Wade Mealing (Mar 10)
- CVE-2021-27576: Apache OpenMeetings: bandwidth can be overloaded with public web service Maxim Solodovnik (Mar 13)
- ES2021-02: VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages Sandro Gauci (Mar 15)
- ES2021-03: VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer Sandro Gauci (Mar 15)
- ES2021-04: VoIPmonitor static builds are compiled without any standard memory corruption protection Sandro Gauci (Mar 15)
- [CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities Phil Pennock (Mar 16)
- <Possible follow-ups>
- [CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities Phil Pennock (Mar 16)
- CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Rohit Keshri (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg KH (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Salvatore Bonaccorso (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg Kroah-Hartman (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Jan Kara (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Wolfgang Frisch (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Brad Spengler (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Salvatore Bonaccorso (Mar 17)
- Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg KH (Mar 17)
- Use After Free and Double Free bugs in Linux Kernel mainline lyl2019 (Mar 17)
- Re: Use After Free and Double Free bugs in Linux Kernel mainline John Haxby (Mar 17)
- Re: Use After Free and Double Free bugs in Linux Kernel mainline Greg KH (Mar 17)
- CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
- <Possible follow-ups>
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Eddie Chapman (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Petr Matousek (Mar 23)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)
- CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Rohit Keshri (Mar 17)
- Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Sasha Levin (Mar 17)
- Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Salvatore Bonaccorso (Mar 17)
- Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Sasha Levin (Mar 17)
- Xen Security Advisory 368 v2 - HVM soft-reset crashes toolstack Xen . org security team (Mar 18)
- Xen Security Advisory 368 v3 (CVE-2021-28687) - HVM soft-reset crashes toolstack Xen . org security team (Mar 18)
- Risk of local privilege escalation in GNU Guix Leo Famulari (Mar 18)
- [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory Piotr Krysiuk (Mar 18)
- [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory Piotr Krysiuk (Mar 18)
- Grafana 7.4.5, 7.3.10 and 6.7.6 released with security fixes for Grafana Enterprose Vardan Torosyan (Mar 19)
- kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt (Mar 19)
- Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Robert Scheck (Mar 21)
- CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file Andreas Lehmkuehler (Mar 19)
- CVE-2021-27906: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file Andreas Lehmkuehler (Mar 19)
- [CVE-2021-26295] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI Jacques Le Roux (Mar 21)
- WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 Carlos Alberto Lopez Perez (Mar 22)
- [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation Steve Beattie (Mar 23)
- Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz ortmann (Mar 24)
- Re: Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz ortmann (Mar 30)
- CVE-2020-1946: Apache SpamAssassin has an OS Command Injection vulnerability Sidney Markowitz (Mar 24)
- OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Solar Designer (Mar 27)
- Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Gordon Tetlow (Mar 27)
- Message not available
- Re: Linux Kernel: out of bounds array access in dm-ioctl.c John Haxby (Mar 29)