oss-sec: by thread
220 messages
starting Jan 02 23 and
ending Mar 31 23
Date index |
Thread index |
Author index
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Jan 02)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Salvatore Bonaccorso (Jan 02)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Jan 03)
- CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Mark Thomas (Jan 03)
- Linux kernel: Unauthenticated remote DOS in ksmbd NTLMv2 authentication Hrvoje Mišetić (Jan 04)
- Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations Gabriel Corona (Jan 05)
- CVE-2022-45787: Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider Benoit Tellier (Jan 05)
- CVE-2022-45935: Apache James server: Temporary File Information Disclosure Benoit Tellier (Jan 05)
- CVE-2022-46769: Apache Sling App CMS: XSS in CMS Site Group Detail Dan Klco (Jan 07)
- Type Confusion in Linux Kernel Kyle Zeng (Jan 10)
- Re: Type Confusion in Linux Kernel John Helmert III (Jan 10)
- Re: Type Confusion in Linux Kernel Kyle Zeng (Jan 10)
- Re: Type Confusion in Linux Kernel John Helmert III (Jan 10)
- CVE-2022-46176: Cargo does not check SSH host keys Pietro Albini (Jan 10)
- CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Tal Lossos (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe John Helmert III (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 13)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Salvatore Bonaccorso (Jan 18)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe John Helmert III (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 12)
- CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup Davide Ornaghi (Jan 13)
- Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup Solar Designer (Jan 13)
- Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup butt3rflyh4ck (Feb 23)
- CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request Brian Demers (Jan 13)
- CVE-2022-43717: Apache Superset: Cross-Site Scripting on dashboards Daniel Gaspar (Jan 16)
- CVE-2022-43718: Apache Superset: Cross-Site Scripting vulnerability on upload forms Daniel Gaspar (Jan 16)
- CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API Daniel Gaspar (Jan 16)
- CVE-2022-43720: Apache Superset: Improper rendering of user input Daniel Gaspar (Jan 16)
- CVE-2022-43721: Apache Superset: Open Redirect Vulnerability Daniel Gaspar (Jan 16)
- CVE-2022-45438: Apache Superset: Dashboard metadata information leak Daniel Gaspar (Jan 16)
- CVE-2022-41703: Apache Superset: SQL injection vulnerability in adhoc clauses Daniel Gaspar (Jan 16)
- CVE-2022-47630 Trusted Firmware-A - Out-of-bounds read in X.509 parser Sandrine Bailleux (Jan 16)
- [OSSA-2023-001] Swift: Arbitrary file access through custom S3 XML entities (CVE-2022-47950) Jeremy Stanley (Jan 17)
- Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 Alan Coopersmith (Jan 17)
- Re: Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 Alan Coopersmith (Feb 01)
- Linux Kernel: hid: type confusions on hid report_list entry Pietro Borrello (Jan 17)
- Git 2.39.1 and friends Junio C Hamano (Jan 17)
- CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte Eric Covener (Jan 17)
- CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling Eric Covener (Jan 17)
- CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting Eric Covener (Jan 17)
- null pointer dereference in Linux kernel Kyle Zeng (Jan 18)
- Re: null pointer dereference in Linux kernel Rohit Keshri (Jan 18)
- Linux Kernel: hid: NULL pointer dereference in hid_betopff_play() Pietro Borrello (Jan 18)
- CVE-2023-22809: Sudoedit can edit arbitrary files Matthieu Barjole (Jan 18)
- Security Advisory 2023-01 for PowerDNS Recursor 4.8.0 (CVE-2023-22617) Otto Moerbeek (Jan 20)
- CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow Jarek Potiuk (Jan 21)
- Linux Kernel: sctp: KASLR leak in inet_diag_msg_sctpasoc_fill() Pietro Borrello (Jan 23)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 24)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 15)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 21)
- [OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) Jeremy Stanley (Jan 24)
- Re: Directory traversal in sharutils/uudecode and python uu module Alan Coopersmith (Jan 24)
- Xen Security Advisory 425 v1 (CVE-2022-42330) - Guests can cause Xenstore crash via soft reset Xen . org security team (Jan 25)
- ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924) Michał Kępień (Jan 25)
- Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 25)
- Re: Data operand dependent timing on Intel and Arm CPUs Solar Designer (Jan 25)
- Re: Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 27)
- Re: Data operand dependent timing on Intel and Arm CPUs Mark Hack (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Demi Marie Obenour (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Mark Hack (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 27)
- Re: Data operand dependent timing on Intel and Arm CPUs John Runyon (Jan 30)
- Re: Data operand dependent timing on Intel and Arm CPUs Solar Designer (Jan 25)
- Linux Kernel: hid: Use-After-Free in bigben_set_led() Pietro Borrello (Jan 25)
- Re: Linux Kernel: hid: Use-After-Free in bigben_set_led() Thomas Leroy (Feb 02)
- CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Jan 30)
- CVE-2023-24830: Apache IoTDB: apache/iotdb-web-workbench: create a user without authorization Jialin Qiao (Jan 30)
- CVE-2022-44644: Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability Heping Wang (Jan 30)
- CVE-2022-44645: Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability Heping Wang (Jan 30)
- CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Eric Covener (Jan 31)
- CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions Eric Covener (Jan 31)
- CVE-2022-28331: Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function Eric Covener (Jan 31)
- pesign: Local privilege escalation on pesign systemd service Marco Benatto (Jan 31)
- Re: pesign: Local privilege escalation on pesign systemd service Matthias Gerstner (Feb 01)
- CVE-2023-24977: Apache InLong: Jdbc Connection causes arbitrary file reading in InLong Charles Zhang (Feb 01)
- CVE-2023-24997: Apache InLong: Jdbc Connection Security Bypass in InLong Charles Zhang (Feb 01)
- Django: CVE-2023-23969: Potential denial-of-service via Accept-Language headers. Mariusz Felisiak (Feb 01)
- double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Matthias Schmidt (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 13)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Demi Marie Obenour (Feb 22)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 23)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Georgi Guninski (Mar 06)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Mar 09)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
- Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)
- Announce: OpenSSH 9.2 released Damien Miller (Feb 02)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0001 Carlos Alberto Lopez Perez (Feb 02)
- CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rafael Correa De Ysasi (Feb 03)
- Re: CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rodrigo Branco (Feb 03)
- Re: CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rodrigo Branco (Feb 04)
- Re: CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rodrigo Branco (Feb 03)
- sox: patches for old vulnerabilities Helmut Grohne (Feb 03)
- Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Feb 04)
- Re: sox: patches for old vulnerabilities Helmut Grohne (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 30)
- Re: Re: sox: patches for old vulnerabilities Nam Nguyen (Mar 31)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 31)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- CVE-2023-22849: Apache Sling App CMS: XSS in CMS Reference / UI Components Dan Klco (Feb 04)
- CVE-2022-45786: Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection John Gemignani (Feb 04)
- <Possible follow-ups>
- CVE-2022-45786: Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection John Gemignani (Feb 04)
- Re: SEGV in `alloca(BIG)` and `long pl[BIG]` Florian Weimer (Feb 08)
- CVE-2023-22832: Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes David Handermann (Feb 09)
- CVE-2023-25139: glibc-2.37 sprintf buffer overflow Jan Schaumann (Feb 10)
- Django - CVE-2023-24580: Potential denial-of-service vulnerability in file uploads Carlton Gibson (Feb 14)
- CVE-2022-46397: FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV with AES-CBC mode Dave Wallace (Feb 14)
- CVE-2023-25141: JNDI injection into Apache sling-org-apache-sling-jcr-base Angela Schreiber (Feb 14)
- Xen Security Advisory 426 v1 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions Xen . org security team (Feb 14)
- [Announce] Git 2.39.2 and friends Junio C Hamano (Feb 14)
- curl: CVE-2023-23914: HSTS ignored on multiple requests Daniel Stenberg (Feb 14)
- curl: CVE-2023-23915: HSTS amnesia with --parallel Daniel Stenberg (Feb 14)
- curl: CVE-2023-23916: HTTP multi-header compression denial of service Daniel Stenberg (Feb 14)
- CVE-2022-42735: Apache ShenYu Admin ultra vires Zhang Yonglun (Feb 15)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0002 Carlos Alberto Lopez Perez (Feb 15)
- EternalTerminal: Review report and findings (predictable /tmp file paths and file permission issues, 3 CVEs) Matthias Gerstner (Feb 16)
- Xen Security Advisory 426 v2 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions Xen . org security team (Feb 16)
- CVE-2023-25613: LDAP Injection Vulnerability in Apache Kerby Colm O hEigeartaigh (Feb 20)
- CVE-2023-24998: Apache Commons FileUpload: FileUpload DoS with excessive parts Mark Thomas (Feb 20)
- CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas (Feb 20)
- CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way Carsten Ziegeler (Feb 23)
- CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution Jarek Potiuk (Feb 23)
- CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service Jarek Potiuk (Feb 23)
- CVE-2023-25693: Sqoop Apache Airflow Provider Remote Code Execution Vulnerability Jarek Potiuk (Feb 23)
- CVE-2023-25696: Apache Airflow Hive Provider Beeline RCE Jarek Potiuk (Feb 23)
- CVE-2023-25956: Apache Airflow AWS Provider: Arbitrary file read via AWS provider Jarek Potiuk (Feb 23)
- sudo: double free with per-command chroot sudoers rules Todd C. Miller (Feb 28)
- Re: sudo: double free with per-command chroot sudoers rules John Helmert III (Mar 01)
- Re: sudo: double free with per-command chroot sudoers rules Noryungi (Mar 01)
- Re: sudo: double free with per-command chroot sudoers rules Todd C. Miller (Mar 01)
- Re: sudo: double free with per-command chroot sudoers rules Marc Deslauriers (Mar 01)
- Re: sudo: double free with per-command chroot sudoers rules John Helmert III (Mar 01)
- CVE-2023-1079: Linux Kernel: Use-After-Free in asus_kbd_backlight_set() Pietro Borrello (Mar 01)
- CVE-2023-1076: Linux Kernel: Type Confusion hardcodes tuntap socket UID to root Pietro Borrello (Mar 01)
- CVE-2023-1075 - Linux Kernel: Type Confusion in tls_is_tx_ready() Pietro Borrello (Mar 01)
- CVE-2023-1077: Linux kernel: Type confusion in pick_next_rt_entity() Pietro Borrello (Mar 01)
- Linux kernel: CVE-2023-1118: UAF vulnerabilities in "drivers/media/rc" directory duoming (Mar 01)
- UAF in OpenSSL up to 3.0.7 Octavio Galland (Mar 03)
- CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Eric Covener (Mar 07)
- CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Eric Covener (Mar 07)
- CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Mar 08)
- Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Gabriel Corona (Mar 08)
- Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Salvatore Bonaccorso (Mar 08)
- Multiple vulnerabilities in Jenkins Daniel Beck (Mar 08)
- CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender Arnout Engelen (Mar 10)
- A USB-accessible slab-out-of-bounds read in Linux kernel driver Jisoo Jang (Mar 13)
- Re: A USB-accessible slab-out-of-bounds read in Linux kernel driver Jisoo Jang (Mar 14)
- CVE-2023-1032 - Linux kernel io_uring IORING_OP_SOCKET double free Thadeu Lima de Souza Cascardo (Mar 13)
- TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
- Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Shawn Webb (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Dave Horsfall (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Casper Dik (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Jan Engelhardt (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Ed Maste (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Security issue in Hotspot elevate_perf_privileges.sh (CVE-2023-28144) Matthias Gerstner (Mar 14)
- CVE-2023-25695: Information disclosure in Apache Airflow Jarek Potiuk (Mar 15)
- Minor stack-based buffer overflow in OpenBSD's libskey Qualys Security Advisory (Mar 15)
- Announce: OpenSSH 9.3 released Damien Miller (Mar 15)
- CVE-2023-24278 - Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint Giannis Christodoulakos (Mar 16)
- <Possible follow-ups>
- CVE-2023-24278 - Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint Giannis Christodoulakos (Mar 16)
- flatpak: CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console Simon McVittie (Mar 17)
- flatpak: CVE-2023-28101: escape characters in metadata can hide app permissions in terminal Simon McVittie (Mar 17)
- First result on google promotes insecure coding (XSS) Georgi Guninski (Mar 19)
- Re: First result on google promotes insecure coding (XSS) Solar Designer (Mar 19)
- Re: First result on google promotes insecure coding (XSS) Georgi Guninski (Mar 19)
- Re: First result on google promotes insecure coding (XSS) Solar Designer (Mar 19)
- [SECURITY ADVISORY] curl: CVE-2023-27533: TELNET option IAC injection Daniel Stenberg (Mar 20)
- [SECURITY ADVISORY] curl: CVE-2023-27534: SFTP path ~ resolving discrepancy Daniel Stenberg (Mar 20)
- [SECURITY ADVISORY] curl: CVE-2023-27535: FTP too eager connection reuse Daniel Stenberg (Mar 20)
- [SECURITY ADVISORY] curl: CVE-2023-27536: GSS delegation too eager connection re-use Daniel Stenberg (Mar 20)
- [SECURITY ADVISORY] curl: CVE-2023-27537: HSTS double-free Daniel Stenberg (Mar 20)
- [SECURITY ADVISORY] curl: CVE-2023-27538: SSH connection too eager reuse still Daniel Stenberg (Mar 20)
- CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS Radu Cotescu (Mar 20)
- Xen Security Advisory 427 v2 (CVE-2022-42332) - x86 shadow plus log-dirty mode use-after-free Xen . org security team (Mar 21)
- Xen Security Advisory 428 v3 (CVE-2022-42333,CVE-2022-42334) - x86/HVM pinned cache attributes mis-handling Xen . org security team (Mar 21)
- Xen Security Advisory 429 v3 (CVE-2022-42331) - x86: speculative vulnerability in 32bit SYSCALL path Xen . org security team (Mar 21)
- CVE-2023-28708: Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations Mark Thomas (Mar 22)
- CVE-2023-0464: OpenSSL: Excessive Resource Usage Verifying X.509 Policy Constraints Solar Designer (Mar 22)
- [CVE-2023-28686] Insufficient message sender validation in Dino Dino Team (Mar 23)
- New distros list statistics Anthony Liguori (Mar 24)
- Re: New distros list statistics Solar Designer (Mar 27)
- Re: New distros list statistics Anthony Liguori (Mar 27)
- Re: New distros list statistics Solar Designer (Mar 27)
- CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path Marcus Lange (Mar 24)
- CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution Marcus Lange (Mar 24)
- CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability in InLong Charles Zhang (Mar 27)
- CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users James Dailey (Mar 27)
- CVE-2023-25196: Apache Fineract: SQL injection vulnerability James Dailey (Mar 27)
- CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls James Dailey (Mar 27)
- CVE-2023-28326: Apache OpenMeetings: allows user impersonation Maxim Solodovnik (Mar 28)
- CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Zhenghan Wang (Mar 28)
- Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Solar Designer (Mar 28)
- Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Seth Arnold (Mar 28)
- Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Solar Designer (Mar 28)
- Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Seth Arnold (Mar 28)
- Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Seth Arnold (Mar 28)
- Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Solar Designer (Mar 28)
- OpenSSL Security Advisory Tomas Mraz (Mar 28)
- Fwd: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Olivier Fourdan (Mar 29)
- CVE-2023-28158: Apache Archiva privilege escalation Olivier Lamy (Mar 29)
- polkitd service user privilege separation Johannes Segitz (Mar 29)
- Re: polkitd service user privilege separation Simon McVittie (Mar 29)
- Re: polkitd service user privilege separation Johannes Segitz (Mar 30)
- Re: polkitd service user privilege separation Jordan Glover (Mar 30)
- Re: polkitd service user privilege separation Johannes Segitz (Mar 31)
- Re: polkitd service user privilege separation Simon McVittie (Mar 29)
- CVE-2023-28935: Apache UIMA DUCC: DUCC (EOL) allows RCE Arnout Engelen (Mar 30)
- Irssi SA-2023-03 / Use after free in printing routine Ailin Nemui (Mar 30)
- Re: CVE-2023-29132: Irssi SA-2023-03 / Use after free in printing routine Ailin Nemui (Mar 31)
- CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Benoit Tellier (Mar 31)