oss-sec: by thread
220 messages
starting Apr 02 22 and
ending Jun 30 22
Date index |
Thread index |
Author index
- Re: [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling Dan Carpenter (Apr 02)
- CVE-2022-1204: Linux kernel: UAF caused by binding operation when ax25 device is detaching 周多明 (Apr 02)
- CVE-2022-1198 kernel: use-after-free in drivers/net/hamradio/6pack.c 周多明 (Apr 02)
- CVE-2022-1205 kernel: Null pointer dereference and use-after-free in net/ax25/ax25_timer.c 周多明 (Apr 02)
- CVE-2022-1199 kernel: Null pointer dereference and use-after-free in ax25_release() 周多明 (Apr 02)
- Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls Xen . org security team (Apr 05)
- Xen Security Advisory 399 v2 (CVE-2022-26357) - race in VT-d domain ID cleanup Xen . org security team (Apr 05)
- Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361) - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues Xen . org security team (Apr 05)
- CVE-2022-23974: Apache Pinot: Pinot segment push endpoint has a vulnerability in unprotected environments Subbu Subramaniam (Apr 05)
- CVE-2022-28356: Linux kernel: refcount leak in llc_ui_bind and llc_ui_autobind Gianluca Gabrielli (Apr 06)
- CVE-2022-26850: Apache NiFi: Insufficiently protected credentials Nathan Gough (Apr 06)
- Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push kangel (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
- Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
- CVE-2022-26612: Apache Hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows Gautham Banasandra (Apr 07)
- zgrep, xzgrep: arbitrary-file-write vulnerability Jim Meyering (Apr 07)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Axel Beckert (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Levente Polyak (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)
- Announce: OpenSSH 9.0 released Damien Miller (Apr 07)
- CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region Qiuhao Li (Apr 08)
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 Carlos Alberto Lopez Perez (Apr 08)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
- Django: CVE-2022-28346: Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and ``extra()`` Mariusz Felisiak (Apr 11)
- Django: CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL Mariusz Felisiak (Apr 11)
- CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Felix Fu (Apr 11)
- Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Greg KH (Apr 11)
- Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Mike O'Connor (Apr 11)
- Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Greg KH (Apr 11)
- [SECURITY][ANNOUNCE] Apache Subversion 1.10.8 released markphip () gmail com (Apr 12)
- [SECURITY][ANNOUNCE] Apache Subversion 1.14.2 released markphip () gmail com (Apr 12)
- Linux kernel: A concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources Minh Yuan (Apr 12)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 12)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 17)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 30)
- CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. Yasser Zamani (Apr 12)
- git v2.35.2 and friends for CVE-2022-24765 Junio C Hamano (Apr 12)
- CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode butt3rflyh4ck (Apr 13)
- CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API Ville Brofeldt (Apr 13)
- Multiple vulnerabilities in swhkd hotkey helper for Wayland Matthias Gerstner (Apr 14)
- Re: Browser-mediated attacks on WebDriver servers Gabriel Corona (Apr 14)
- <Possible follow-ups>
- Re: Browser-mediated attacks on WebDriver servers Gabriel Corona (Apr 16)
- mutt 2.2.3 released - fixes CVE-2022-1328 Alan Coopersmith (Apr 14)
- CVE-2022-29266: Apache APISIX: apisix/jwt-auth may leak secrets in error response Zeping Bai (Apr 19)
- CVE-2022-1215 libinput format string vulnerability Peter Hutterer (Apr 19)
- tpm2-abrmd: possibly surprising security model for local users could result in a local DoS against TPM configuration and data Matthias Gerstner (Apr 20)
- CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Minh Yuan (Apr 21)
- Re: CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Greg KH (Apr 21)
- Re: CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Marcus Meissner (Apr 22)
- Re: CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Greg KH (Apr 21)
- Linux: UaF due to concurrency issue in io_uring timeouts David Bouman (Apr 22)
- Re: Linux: UaF due to concurrency issue in io_uring timeouts Salvatore Bonaccorso (Apr 22)
- [kubernetes] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file CJ Cullen (Apr 22)
- [kubernetes] CVE-2021-25746: Ingress-nginx directive injection via annotations CJ Cullen (Apr 22)
- CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to execution vulnerability. Myers, Christopher (Apr 22)
- CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Jan Lehnardt (Apr 26)
- CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization 陈明雨 (Apr 26)
- [morningman () 163 com: [oss-security] CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization] Seth Arnold (Apr 26)
- [SECURITY ADVISORY] curl OAUTH2 bearer bypass in connection re-use Daniel Stenberg (Apr 26)
- [SECURITY ADVISORY] curl credential leak on redirect Daniel Stenberg (Apr 26)
- [SECURITY ADVISORY] curl bad local IPv6 connection reuse Daniel Stenberg (Apr 26)
- [SECURITY ADVISORY] curl auth/cookie leak on redirect Daniel Stenberg (Apr 26)
- CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter Marcus Meissner (Apr 27)
- Linux kernel: A concurrency use-after-free in floppy's raw_cmd Minh Yuan (Apr 28)
- CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
- Re: CVE-2022-21449 and version reporting Brian Behlendorf (Apr 28)
- Re: CVE-2022-21449 and version reporting Jeremy Stanley (Apr 28)
- Re: CVE-2022-21449 and version reporting Seth Arnold (Apr 28)
- Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)
- Re: CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
- Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
- Re: CVE-2022-21449 and version reporting John Helmert III (Apr 30)
- Re: CVE-2022-21449 and version reporting David A. Wheeler (Apr 30)
- Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
- Re: CVE-2022-21449 and version reporting John Helmert III (May 01)
- Re: CVE-2022-21449 and version reporting Christian Fischer (May 02)
- Re: CVE-2022-21449 and version reporting Iron-Bound (Apr 29)
- Re: CVE-2022-21449 and version reporting Jeremy Stanley (Apr 30)
- Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)
- CVE-2022-29265: Apache NiFi: Improper Restriction of XML External Entity References in Multiple Components David Handermann (Apr 29)
- CVE-2022-28890: Apache Jena: Processing external DTDs Andy Seaborne (May 04)
- DPDK CVE-2021-3839 Release Notice Jiang, Cheng1 (May 04)
- DPDK CVE-2022-0669 Release Notice Jiang, Cheng1 (May 04)
- CVE-2022-24903: rsyslog < 8.2204.1 heap buffer overrun Rainer Gerhards (May 05)
- Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version Minh Yuan (May 10)
- [SECURITY ADVISORY] curl: removes wrong file on error Daniel Stenberg (May 10)
- [SECURITY ADVISORY] curl: cookie for trailing dot TLD Daniel Stenberg (May 10)
- [SECURITY ADVISORY] curl: percent-encoded path separator in URL host Daniel Stenberg (May 10)
- [SECURITY ADVISORY] curl: CERTINFO never-ending busy-loop Daniel Stenberg (May 10)
- [SECURITY ADVISORY] curl: TLS and SSH connection too eager reuse Daniel Stenberg (May 10)
- [SECURITY ADVISORY] curl: HSTS bypass via trailing dot Daniel Stenberg (May 10)
- CVE-2022-29162: runc < 1.1.2 incorrect handling of inheritable capabilities in default configuration Aleksa Sarai (May 11)
- linux-distros list policy and Linux kernel Solar Designer (May 15)
- Re: linux-distros list policy and Linux kernel Igor Seletskiy (May 15)
- Re: linux-distros list policy and Linux kernel Anthony Liguori (May 15)
- Re: linux-distros list policy and Linux kernel Jason A. Donenfeld (May 16)
- Re: linux-distros list policy and Linux kernel Thadeu Lima de Souza Cascardo (May 16)
- Re: linux-distros list policy and Linux kernel Greg KH (May 16)
- Re: linux-distros list policy and Linux kernel Seth Arnold (May 16)
- Re: linux-distros list policy and Linux kernel Greg KH (May 16)
- Re: linux-distros list policy and Linux kernel Jason A. Donenfeld (May 17)
- Re: linux-distros list policy and Linux kernel Greg KH (May 17)
- Re: linux-distros list policy and Linux kernel Jeremy Stanley (May 17)
- Re: linux-distros list policy and Linux kernel Thadeu Lima de Souza Cascardo (May 17)
- Re: linux-distros list policy and Linux kernel Thadeu Lima de Souza Cascardo (May 16)
- Re: linux-distros list policy and Linux kernel Greg KH (May 16)
- Re: linux-distros list policy and Linux kernel Vegard Nossum (May 20)
- Re: linux-distros list policy and Linux kernel Solar Designer (May 22)
- Re: linux-distros list policy and Linux kernel Sam James (May 22)
- Re: linux-distros list policy and Linux kernel Greg KH (May 22)
- Re: linux-distros list policy and Linux kernel eduardo vela (May 23)
- Re: linux-distros list policy and Linux kernel Mickaël Salaün (May 24)
- Re: linux-distros list policy and Linux kernel Greg KH (May 24)
- Re: linux-distros list policy and Linux kernel Solar Designer (May 24)
- Re: linux-distros list policy and Linux kernel Solar Designer (May 24)
- Re: linux-distros list policy and Linux kernel Vegard Nossum (May 24)
- Re: linux-distros list policy and Linux kernel Solar Designer (May 22)
- Re: linux-distros list policy and Linux kernel Sam James (May 22)
- Re: linux-distros list policy and Linux kernel Vegard Nossum (May 20)
- <Possible follow-ups>
- Re: linux-distros list policy and Linux kernel Dan Carpenter (May 19)
- Re: linux-distros list policy and Linux kernel Alan Coopersmith (May 19)
- CVE-2022-30126: Apache Tika Regular Expression Denial of Service in Standards Extractor Tim Allison (May 16)
- CVE-2022-25169: Apache Tika BPGParser Memory Usage DoS Tim Allison (May 16)
- CVE-2022-26650: Apache ShenYu (incubating) Regular expression denial of service Zhang Yonglun (May 17)
- CVE-2022-30688: needrestart 0.8+ local privilege escalation Thomas Liske (May 17)
- ISC has disclosed a vulnerability in BIND (CVE-2022-1183) ISC Security Officer (May 18)
- CVE-2022-29581: Linux kernel cls_u32 UAF Kyle Zeng (May 18)
- CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 20)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Jeremy Stanley (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (Jun 30)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (Jun 30)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Philip Pettersson (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Mike O'Connor (May 27)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 28)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
- CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities Slawomir Jaranowski (May 23)
- CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 24)
- Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Solar Designer (May 24)
- Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 24)
- Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 28)
- Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 24)
- Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Solar Designer (May 24)
- CVE-2022-21499: trivial lockdown break John Haxby (May 24)
- Re: CVE-2022-21499: trivial lockdown break John Haxby (May 24)
- multiple vulnerabilities in radare2 Dimitrios Glynos (May 25)
- CVE-2022-1789: Linux Kernel: x86/kvm: NULL pointer dereference in kvm_mmu_invpcid_gva kangel (May 25)
- Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file Kamil Dudka (May 25)
- Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file Marc Deslauriers (May 25)
- OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0001 Jussi Hietanen (May 26)
- OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0002 Jussi Hietanen (May 26)
- CVE-2022-1462: Linux kernel: A race condition vulnerability in drivers/tty/tty_buffers.c 一只狗 (May 27)
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0005 Carlos Alberto Lopez Perez (May 30)
- Linux Kernel use-after-free write in netfilter EDG EDG (May 31)
- Re: Linux Kernel use-after-free write in netfilter Salvatore Bonaccorso (Jun 02)
- Re: Linux Kernel use-after-free write in netfilter Solar Designer (Jun 04)
- Re: Linux Kernel use-after-free write in netfilter Moritz Mühlenhoff (Jun 20)
- Re: Linux Kernel use-after-free write in netfilter Salvatore Bonaccorso (Jun 02)
- CVE-2022-30973: Apache Tika: Missing fix for CVE-2022-30126 in 1.28.2 Tim Allison (May 31)
- CVE-2022-1852: Linux Kernel: x86/kvm: NULL pointer dereference in x86_emulate_insn kangel (May 31)
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 01)
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 04)
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jun 07)
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 04)
- Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 01)
- Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 04)
- Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jun 07)
- Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 04)
- CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation 张子明(明程) (Jun 02)
- Re: Linux Kernel: Exploitable vulnerability in io_uring Solar Designer (Jun 04)
- CVE-2022-1974: Linux kernel: use-after-free caused by improper check device_is_registered() in nfc netlink related functions duoming (Jun 05)
- CVE-2022-1975: Linux kernel: sleep in atomic context bug when nfc firmware download timeout duoming (Jun 05)
- Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module duoming (Jun 05)
- Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module Salvatore Bonaccorso (Jun 05)
- Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module duoming (Jun 09)
- CVE-2022-31030: containerd CRI plugin: Host memory exhaustion through ExecSync Samuel Karp (Jun 07)
- UNPAR-2022-0 Multiple Vulnerabilities in ntfs-3g NTFS Mount Tool Roman Fiedler (Jun 07)
- [SECURITY PATCH 00/30] Multiple GRUB2 vulnerabilities - 2022/06/07 round John Haxby (Jun 07)
- CVE-2022-1973: Linux Kernel: fs/ntfs3: invalid free in log_replay Gerald Lee (Jun 07)
- CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling Stefan Eissing (Jun 08)
- CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi Stefan Eissing (Jun 08)
- CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite() Stefan Eissing (Jun 08)
- CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody Stefan Eissing (Jun 08)
- CVE-2022-30522: Apache HTTP Server: mod_sed denial of service Stefan Eissing (Jun 08)
- CVE-2022-30556: Apache HTTP Server: Information Disclosure in mod_lua with websockets Stefan Eissing (Jun 08)
- CVE-2022-31813: Apache HTTP Server: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism Stefan Eissing (Jun 08)
- CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match() Stefan Eissing (Jun 08)
- firejail: local root exploit reachable via --join logic (CVE-2022-31214) Matthias Gerstner (Jun 08)
- Re: firejail: local root exploit reachable via --join logic (CVE-2022-31214) Alex Murray (Jun 09)
- Xen Security Advisory 401 v2 (CVE-2022-26362) - x86 pv: Race condition in typeref acquisition Xen . org security team (Jun 09)
- Xen Security Advisory 402 v4 (CVE-2022-26363,CVE-2022-26364) - x86 pv: Insufficient care with non-coherent mappings Xen . org security team (Jun 09)
- [kubernetes] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character CJ Cullen (Jun 10)
- CVE-2022-25167 - Apache Flume JMSSource does not protect from malicious JNDI urls Ralph Goers (Jun 14)
- CVE-2022-1976: Linux Kernel: A use-after-free in __lock_acquire Gerald Lee (Jun 14)
- CVE-2022-32981: Linux kernel for powerpc 32-bit, buffer overflow in ptrace PEEKUSER/POKEUSER Michael Ellerman (Jun 14)
- Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities Xen . org security team (Jun 14)
- CVE-2022-33140: Apache NiFi, Apache NiFi Registry: Improper Neutralization of Command Elements in Shell User Group Provider David Handermann (Jun 15)
- CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (Jun 15)
- Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities Xen . org security team (Jun 16)
- Linux kernel: CVE-2022-1516: NULL pointer dereference in Linux kernel`s X.25 network protocol duoming (Jun 19)
- Multiple vulnerabilities affecting Uyuni / SUSE Manager Paolo Perego (Jun 21)
- Request for comment: kmod signing by AlmaLinux OS Foundation Igor Seletskiy (Jun 21)
- CVE-2022-2153: Linux Kernel: x86/kvm: NULL pointer dereference in kvm_irq_delivery_to_apic_fast kangel (Jun 22)
- CVE-2022-32549: Apache Sling: log injection in Sling logging Robert Munteanu (Jun 22)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 22)
- CVE-2022-34305: Apache Tomcat: XSS in examples web application Mark Thomas (Jun 23)
- [SECURITY ADVISORY] curl: CVE-2022-32205: Set-Cookie denial of service Daniel Stenberg (Jun 26)
- [SECURITY ADVISORY] curl: CVE-2022-32206: HTTP compression denial of service Daniel Stenberg (Jun 26)
- [SECURITY ADVISORY] curl: CVE-2022-32207: Unpreserved file permissions Daniel Stenberg (Jun 26)
- [SECURITY ADVISORY] curl: FTP-KRB bad message verification Daniel Stenberg (Jun 26)
- CVE-2022-33879: Apache Tika: Incomplete fix and new regex DoS in StandardsExtractingContentHandler Tim Allison (Jun 27)
- Fwd: Node.js security updates for all active release lines, July 2022 Matteo Collina (Jun 28)
- CVE-2022-32532: Apache Shiro: Authentication Bypass Vulnerability Brian Demers (Jun 28)
- GnuPG signature spoofing via status line injection Demi Marie Obenour (Jun 29)