oss-sec: by thread
287 messages
starting Jan 01 18 and
ending Mar 30 18
Date index |
Thread index |
Author index
- Apache OpenOffice 4.1.4 - fixes CVE-2017-3157 CVE-2017-9806 CVE-2017-12607 CVE-2017-12608 Andrea Pescetti (Jan 01)
- [CVE-2013-4317] Apache CloudStack information disclosure vulnerability Rafael Weingärtner (Jan 03)
- Xen Security Advisory 254 - Information leak via side effects of speculative execution Xen . org security team (Jan 03)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 03)
- <Possible follow-ups>
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 05)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 11)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 12)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 12)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 12)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 16)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 17)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 18)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Feb 23)
- Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Feb 23)
- Xen Security Advisory 253 - x86: memory leak with MSR emulation Xen . org security team (Jan 04)
- "[SECURITY] CVE-2017-15714 Apache OFBiz BIRT code vulnerability" Taher Alkhateeb (Jan 04)
- CVE-2017-18018: GNU chown and chgrp (coreutils) privilege escalation via recursive dereferences Michael Orlitzky (Jan 04)
- CVE-2017-15129: Linux kernel: net: double-free and memory corruption in get_net_ns_by_id() Vladis Dronov (Jan 05)
- [ANNOUNCE] Apache Sentry 1.7.1 released Colm O hEigeartaigh (Jan 05)
- CVE-2017-18021: predictably random password generation in third-party pass-compatible software, "QtPass" Jason A. Donenfeld (Jan 05)
- Re: Path traversal flaws in awstats 7.6 and earlier. Hanno Böck (Jan 06)
- Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Jan 06)
- Re: Path traversal flaws in awstats 7.6 and earlier. Stefan Pietsch (Jan 07)
- Irssi 1.0.6: CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207 Ailin Nemui (Jan 06)
- Xen Security Advisory 253 (CVE-2018-5244) - x86: memory leak with MSR emulation Xen . org security team (Jan 06)
- Xen Security Advisory 248 (CVE-2017-17566) - x86 PV guests may gain access to internally used pages Xen . org security team (Jan 06)
- Xen Security Advisory 249 (CVE-2017-17563) - broken x86 shadow mode refcount overflow check Xen . org security team (Jan 06)
- Xen Security Advisory 251 (CVE-2017-17565) - improper bug check in x86 log-dirty handling Xen . org security team (Jan 06)
- Xen Security Advisory 250 (CVE-2017-17564) - improper x86 shadow mode refcount error handling Xen . org security team (Jan 06)
- CVE-2012-3353: Apache Sling Content Loading Vulnerability Bertrand Delacretaz (Jan 08)
- Own on install. How grave it is? Georgi Guninski (Jan 09)
- Re: Own on install. How grave it is? Kurt Seifried (Jan 09)
- Re: Own on install. How grave it is? Simon McVittie (Jan 09)
- Re: Own on install. How grave it is? Kurt Seifried (Jan 09)
- Re: Own on install. How grave it is? Simon McVittie (Jan 09)
- Re: Own on install. How grave it is? Michal Hrušecký (Jan 09)
- Re: Own on install. How grave it is? Kurt Seifried (Jan 09)
- [SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability Anthony Baker (Jan 09)
- [SECURITY] CVE-2017-12622 Apache Geode gfsh authorization vulnerability Anthony Baker (Jan 09)
- [SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability Anthony Baker (Jan 09)
- CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass oststrom (public) (Jan 09)
- CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API Radu Cotescu (Jan 10)
- WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez (Jan 10)
- JSONRPC vulnerability in Electrum 2.6 to 3.0.4 Thomas Voegtlin (Jan 10)
- transmission: rpc session-id mechanism design flaw results in RCE Tavis Ormandy (Jan 11)
- Re: transmission: rpc session-id mechanism design flaw results in RCE Tavis Ormandy (Jan 11)
- Re: transmission: rpc session-id mechanism design flaw results in RCE Marcus Meissner (Jan 15)
- util-linux mount/unmount ASLR bypass via environment variable halfdog (Jan 11)
- OpenSSH sftp remote code execution in chroot mode in VERY RARE cases halfdog (Jan 11)
- Libc Realpath Buffer Underflow CVE-2018-1000001 halfdog (Jan 11)
- Re: Libc Realpath Buffer Underflow CVE-2018-1000001 Jakub Wilk (Jan 12)
- DBD::mysql and SSL/TLS Daniël van Eeden (Jan 12)
- Re: DBD::mysql and SSL/TLS Michiel Beijen (Jan 14)
- On reading, thinking, copying halfdog (Jan 12)
- Re: [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana (Jan 14)
- CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine P J P (Jan 15)
- CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine P J P (Jan 15)
- sound driver Conditional competition luo (Jan 16)
- Re: sound driver Conditional competition Marcus Meissner (Jan 16)
- Re: sound driver Conditional competition Kurt Seifried (Jan 16)
- Re: sound driver Conditional competition Marcus Meissner (Jan 16)
- opendaylight-advisory: Multiple "expired" flows consume the memory resource of CONFIG DS Luke Hinds (Jan 16)
- ISC has announced CVE-2017-3144, a defect in ISC DHCP Michael McNally (Jan 16)
- New vulnerability in ISC BIND announced (CVE-2017-3145) ISC Security Officer (Jan 16)
- CVE-2017-16933: Icinga2 root privilege escalation via init script and systemd service Michael Orlitzky (Jan 16)
- MySQL sha256_password authentication plugin DoS issues Tomas Hoger (Jan 17)
- How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Kurt Seifried (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Gynvael Coldwind (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Yves-Alexis Perez (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Ludovic Courtès (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Rich Felker (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? i (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Greg KH (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Igor Seletskiy (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Tavis Ormandy (Jan 20)
- Re: How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 20)
- Re: How to deal with reporters who don't want their bugs fixed? r . hering (Jan 22)
- Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 22)
- Re: How to deal with reporters who don't want their bugs fixed? Ian Zimmerman (Jan 22)
- Re: Re: How to deal with reporters who don't want their bugs fixed? Tristan Henning (Jan 22)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Michael Orlitzky (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Mike O'Connor (Jan 23)
- Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? halfdog (Jan 27)
- Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 27)
- Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 26)
- CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS P J P (Jan 19)
- CVE-2017-15105 Unbound: NSEC processing vulnerability (DNSSEC) Ralph Dolmans (Jan 19)
- CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe (Jan 19)
- CVE-2018-1049: systemd: automount: access to automounted volumes can lock up Vladis Dronov (Jan 19)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 22)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 25)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 05)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 05)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 26)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 28)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 26)
- SQUID-2018:1 Denial of Service issue in ESI Response processing Amos Jeffries (Jan 22)
- Re: SQUID-2018:1 Denial of Service issue in ESI Response processing Amos Jeffries (Jan 28)
- SQUID-2018:2 Denial of Service issue in HTTP Message processing Amos Jeffries (Jan 22)
- Re: SQUID-2018:2 Denial of Service issue in HTTP Message processing Amos Jeffries (Jan 28)
- [ANNOUNCE] CVE fixes in Apache NiFi 1.5.0 Andy LoPresto (Jan 23)
- CVE-2018-1000018: ovirt-engine-setup: root password disclosed in provisioning logs Doran Moppert (Jan 23)
- [SECURITY ADVISORY] curl: HTTP/2 trailer out-of-bounds read Daniel Stenberg (Jan 23)
- [SECURITY ADVISORY] curl: HTTP authentication leak in redirects Daniel Stenberg (Jan 23)
- CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka (Jan 24)
- WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez (Jan 24)
- Re: Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution Daniel Beck (Jan 25)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Jan 25)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins Daniel Beck (Feb 14)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Feb 28)
- CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. Aki Tuomi (Jan 25)
- Re: Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck (Jan 25)
- [ANNOUNCE] CVE advisory for Apache NiFi 1.0.0 - 1.3.0 Andy LoPresto (Jan 25)
- Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) VMware Security Response Center (Jan 26)
- CVE-2018-1294: Apache Commons Email vulnerability information disclosure Jochen Wiedmann (Jan 26)
- CVE-2017-12626 – Denial of Service Vulnerabilities in Apache POI < 3.17 Tim Allison (Jan 26)
- CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
- Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
- Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Florian Weimer (Jan 29)
- Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
- Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Florian Weimer (Jan 29)
- Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
- Re: Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P (Jan 31)
- report a vulnerability in sfcb software. XinleiHe (Jan 31)
- Re: report a vulnerability in sfcb software. Adam Maris (Feb 01)
- Secunia Research: Linux Kernel USB over IP Information Disclosure Vulnerability Secunia Research (Feb 02)
- Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Secunia Research (Feb 02)
- Anymail: CVE-2018-6596: timing attack on WEBHOOK_AUTHORIZATION secret Salvatore Bonaccorso (Feb 04)
- KDE Notification URI Loading Issues Jason A. Donenfeld (Feb 04)
- Re: KDE Notification URI Loading Issues Kurt H Maier (Feb 04)
- Re: KDE Notification URI Loading Issues Simon McVittie (Feb 05)
- [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability Dave Brondsema (Feb 06)
- Fw:Re: [scr459004] sfcb - 1.4.9 XinleiHe (Feb 06)
- Re: Fw:Re: [scr459004] sfcb - 1.4.9 Marcus Meissner (Feb 09)
- CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 07)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Ian Zimmerman (Feb 08)
- Re: Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 10)
- Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow) Heiko Schlittermann (Feb 10)
- Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
- SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip SEC Consult Vulnerability Lab (Feb 08)
- Re: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip Solar Designer (Feb 08)
- Re: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip Leo Famulari (Feb 12)
- [SECURITY][CVE-2018-1298] Apache Qpid Broker-J Denial of Service Vulnerability with PLAIN and XOAUTH2 SASL mechanisms Alex Rudyy (Feb 08)
- Re: bug in DNS resolvers - DNSSEC validation Petr Špaček (Feb 09)
- [Security] CVE-2018-1307 XML Entity Expansion in juddi-client v3.2 through 3.3.4 Alex O'Ree (Feb 09)
- CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode Philippe Mouawad (Feb 11)
- CVE-2018-1287: Apache JMeter binds RMI server to wildcard in distributed mode (based on RMI) Philippe Mouawad (Feb 11)
- qpdf: multiple vulnerabilities before 7.0.0 Hanno Böck (Feb 13)
- GNU patch out of bounds read, null pointer crash and double free Hanno Böck (Feb 13)
- [ANNOUNCE] CVE-2017-15709 - Information Leak Christopher Shannon (Feb 13)
- [SECURITY] CVE-2017-15699: Apache Qpid Dispatch Router Denial of Service Vulnerability when specially crafted frame is sent to the Router Ganesh Murthy (Feb 13)
- Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952) VMware Security Response Center (Feb 13)
- CVE-2017-18188: opentmpfiles root privilege escalation via recursive chown Michael Orlitzky (Feb 14)
- Irssi 1.1.1&1.0.7: CVE-2018-7054, CVE-2018-7053, CVE-2018-7050, CVE-2018-7052, CVE-2018-7051 Ailin Nemui (Feb 15)
- Re: clamav: Out of bounds read and segfault in xar parser Hanno Böck (Feb 15)
- [CVE-2017-15712] Apache Oozie Server vulnerability Rohini Palaniswamy (Feb 15)
- Quagga 1.2.3 release with BGP security issue fixes Paul Jakma (Feb 15)
- XSS vulnerability in Tiki < 18 chbi (Feb 16)
- Re: XSS vulnerability in Tiki < 18 chbi (Feb 16)
- LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Feb 18)
- Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Feb 18)
- Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Karol Babioch (Feb 19)
- Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Feb 22)
- Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Alexander Popov (Feb 20)
- Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Mohamed Ghannam (Feb 20)
- [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull (Feb 21)
- Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull (Feb 22)
- review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Solar Designer (Feb 22)
- [SECURITY] CVE-2017-15696 Apache Geode configuration request authorization vulnerability Anthony Baker (Feb 22)
- Fwd: [SECURITY] CVE-2018-1305 Security constraint annotations applied too late Mark Thomas (Feb 22)
- Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Mark Thomas (Feb 22)
- Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Doran Moppert (Feb 22)
- [SECURITY] CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer Anthony Baker (Feb 23)
- [SECURITY] CVE-2017-15693 Apache Geode unsafe deserialization of application objects Anthony Baker (Feb 23)
- [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 25)
- Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar (Feb 26)
- Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 26)
- Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar (Feb 26)
- Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 26)
- Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 26)
- Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar (Feb 26)
- [ANNOUNCE] CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG Editor Sebastien Briquet (Feb 25)
- CVE-2018-7492: Linux kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() Vladis Dronov (Feb 27)
- Xen Security Advisory 252 - DoS via non-preemptable L3/L4 pagetable freeing Xen . org security team (Feb 27)
- Xen Security Advisory 255 - grant table v2 -> v1 transition may crash Xen Xen . org security team (Feb 27)
- Xen Security Advisory 256 - x86 PVH guest without LAPIC may DoS the host Xen . org security team (Feb 27)
- New bypass and protection techniques for ASLR on Linux Ilya Smith (Feb 27)
- [ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660 Bryan Call (Feb 27)
- [ANNOUNCE] Apache Traffic Server vulnerability with TLS handshake - CVE-2017-7671 Bryan Call (Feb 27)
- Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 & CVE-2018-5733, BIND CVE-2018-5734) Michael McNally (Feb 28)
- Information on file, sqlite, libarchive, pcre issues for CVE IDs assigned by Apple? Moritz Muehlenhoff (Feb 28)
- Apache Xerces-C Security Advisory for versions < 3.2.1 [CVE-2017-12627] Cantor, Scott (Feb 28)
- Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability Aki Tuomi (Mar 01)
- Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS Aki Tuomi (Mar 01)
- Xen Security Advisory 252 (CVE-2018-7540) - DoS via non-preemptable L3/L4 pagetable freeing Xen . org security team (Mar 01)
- Xen Security Advisory 256 (CVE-2018-7542) - x86 PVH guest without LAPIC may DoS the host Xen . org security team (Mar 01)
- Xen Security Advisory 255 (CVE-2018-7541) - grant table v2 -> v1 transition may crash Xen Xen . org security team (Mar 01)
- memcached UDP amplification attacks Hanno Böck (Mar 02)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Re: memcached UDP amplification attacks Tomas Hoger (Mar 07)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 07)
- Re: memcached UDP amplification attacks Seaman, Chad (Mar 07)
- Re: memcached UDP amplification attacks Patrick Forsberg (Mar 08)
- Re: memcached UDP amplification attacks Seaman, Chad (Mar 08)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
- Linux kernel: CVE-2018-1065 - netfilter rule insertion may panic system. Wade Mealing (Mar 04)
- Terminal Control Chars up201407890 (Mar 05)
- Re: Terminal Control Chars Jesse Hertz (Mar 05)
- CVE-2018-1066 : kernel - CIFS - Null pointer dereference in ntlmv2 response client crash. Wade Mealing (Mar 05)
- Remote DoS flaw in 389-ds-base Dhiru Kholia (Mar 05)
- Django security releases issued: 2.0.3, 1.11.11, and 1.8.19 Tim Graham (Mar 06)
- Authentication bypass mainwp-child < 3.4.5 Slavco Mihajloski (Mar 06)
- util-linux: CVE-2018-7738: code execution in bash-completion for umount Salvatore Bonaccorso (Mar 06)
- Portus, missing certificate validation on proxified https traffic Raphael Geissert (Mar 07)
- Re: Portus, missing certificate validation on proxified https traffic Raphael Geissert (Mar 11)
- And Harbor? (was: Portus, missing certificate validation on proxified https traffic) Raphael Geissert (Mar 07)
- Memcached remote DoS in older versions dormando (Mar 07)
- Re: Memcached remote DoS in older versions dormando (Mar 08)
- CVE-2018-7550 Qemu: i386: multiboot OOB access while loading kernel image P J P (Mar 08)
- CVE-2018-7290: Stored XSS vulnerability in Tiki <= 18 chbi (Mar 08)
- Vulnerabilities and default credentials in Ilias e-learning software / German gov hack Hanno Böck (Mar 08)
- CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display P J P (Mar 09)
- [SECURITY ADVISORY] curl: FTP path trickery leads to NIL byte out of bounds write Daniel Stenberg (Mar 13)
- [SECURITY ADVISORY] curl: LDAP NULL pointer dereference Daniel Stenberg (Mar 13)
- [SECURITY ADVISORY] curl: RTSP RTP buffer over-read Daniel Stenberg (Mar 13)
- [CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability Sydream Labs (Mar 15)
- CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver (Mar 15)
- Re: CVE request: maliciously crafted notebook files in Jupyter Salvatore Bonaccorso (Mar 17)
- Re: CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver (Mar 18)
- Re: CVE request: maliciously crafted notebook files in Jupyter Fernando Perez (Mar 19)
- Re: CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver (Mar 18)
- Re: CVE request: maliciously crafted notebook files in Jupyter Ricter Zheng (Mar 19)
- Re: CVE request: maliciously crafted notebook files in Jupyter Gordo Lowrey (Mar 20)
- Re: CVE request: maliciously crafted notebook files in Jupyter Salvatore Bonaccorso (Mar 17)
- [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting Dave Brondsema (Mar 15)
- CVE-2018-1068: Linux kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets Vladis Dronov (Mar 16)
- [CVE-2018-1324] Apache Commons Compress denial of service vulnerability Stefan Bodewig (Mar 16)
- Fwd: Firefox 52.7.2 (Fwd: Linux ARM ESR-52 builds need additional patch!) Julien Cristau (Mar 16)
- libvorbis/libtremor OOB write Daniel Veditz (Mar 16)
- [cve-request () mitre org: Re: [scr479280] sqlite3 - all; fix is in source control but not yet released] Seth Arnold (Mar 16)
- Squirrelmail directory traversal vulnerability allows exfiltrating files from server Hanno Böck (Mar 17)
- Re: Squirrelmail directory traversal vulnerability allows exfiltrating files from server Salvatore Bonaccorso (Mar 17)
- [SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements Francesco Chicchiriccò (Mar 19)
- Re: [SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements Daniel Kahn Gillmor (Mar 23)
- [SECURITY] CVE-2018-1322: Information disclosure via FIQL and ORDER BY sorting Francesco Chicchiriccò (Mar 19)
- [CVE-2018-8048] Loofah XSS Vulnerability Mike Dalessio (Mar 19)
- Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove (Mar 19)
- Re: Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove (Mar 20)
- ES2018-05 Kamailio heap overflow Sandro Gauci (Mar 20)
- OpenSSL: bug in modular exponentiation Guido Vranken (Mar 20)
- Re: OpenSSL: bug in modular exponentiation zugtprgfwprz (Mar 22)
- Re: OpenSSL: bug in modular exponentiation Guido Vranken (Mar 22)
- Re: OpenSSL: bug in modular exponentiation zugtprgfwprz (Mar 22)
- Denial of service and other vulnerabilities in Icinga 2.x before version 2.8.2 (CVE-2018-6532, CVE-2018-6534, CVE-2018-6535) Michael Hanselmann (Mar 22)
- [CVE-2018-3741] XSS vulnerability in rails-html-sanitizer Rafael Mendonça França (Mar 22)
- CVE-2018-1000140 - rsyslog librelp X.509 parsing issue Kurt Seifried (Mar 23)
- CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request Daniel Ruggeri (Mar 24)
- CVE-2018-1303: Possible out of bound read in mod_cache_socache Daniel Ruggeri (Mar 24)
- CVE-2018-1283: Tampering of mod_session data for CGI applications Daniel Ruggeri (Mar 24)
- CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown Daniel Ruggeri (Mar 24)
- CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name Daniel Ruggeri (Mar 24)
- CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest Daniel Ruggeri (Mar 24)
- CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Daniel Ruggeri (Mar 24)
- Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Marius Bakke (Mar 25)
- <Possible follow-ups>
- Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 27)
- Stack buffer overflow in WolfSSL before 3.13.0 Hanno Böck (Mar 24)
- Re: Stack buffer overflow in WolfSSL before 3.13.0 Yves-Alexis Perez (Mar 26)
- [ANN] A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin Lukasz Lenart (Mar 27)
- Linux kernel: syzkaller dashboard Andrey Konovalov (Mar 27)
- CVE-2018-1091: Linux kernel: a KVM guest kernel crash during core dump on POWER9 host Vladis Dronov (Mar 27)
- Foreman 1.9+ SQL injection in dashboard page Tomer Brisker (Mar 28)
- a number of CVEs for issues in the filesystem's code in the Linux kernel Vladis Dronov (Mar 29)
- Fwd: [scr485440] 5 Samsung CVEs flanker017 (Mar 30)
- Re: Fwd: [scr485440] 5 Samsung CVEs Solar Designer (Mar 30)