oss-sec: by author
RSS Feed
About List
All Lists
Previous period
256 messages
starting May 01 18 and
ending Jun 25 18
Date index |
Thread index |
Author index
Akira Ajisaka
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (May 01)
Alan Coopersmith
Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Alan Coopersmith (Jun 15)
Alexander Popov
Re: Re: Linux Kernel Defence Map Alexander Popov (Apr 30)
Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
Linux Kernel Defence Map Alexander Popov (Apr 04)
Re: Linux Kernel Defence Map Alexander Popov (Apr 06)
Alexander Potapenko
CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko (Jun 08)
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko (Jun 26)
Alex Gaynor
Re: CVE for PyYAML RCE-factory API Alex Gaynor (Jun 27)
CVE for PyYAML RCE-factory API Alex Gaynor (Jun 26)
Alex Rudyy
[SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages exceed maximum size limit Alex Rudyy (Jun 18)
Amine Taouirsa
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 Amine Taouirsa (May 30)
Amos Jeffries
CVE-2018-1172 Squid Proxy Cache Denial of Service vulnerability Amos Jeffries (Apr 18)
Andreas Lehmkuehler
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler (Jun 29)
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler (Jun 29)
Andrey Gura
Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Andrey Gura (Jun 07)
Andrey Konovalov
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 23)
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
Andy LoPresto
[ANNOUNCE] CVE Announcement for Apache NiFi 1.0.0 - 1.5.0 Andy LoPresto (May 22)
Andy Lutomirski
CVE-2018-8897: #DB exceptions that are deferred by MOV SS or POP SS may cause unexpected behavior Andy Lutomirski (May 08)
CVE-2018-1000199: ptrace() incorrect error handling leads to corruption and DoS Andy Lutomirski (May 01)
CVE-2018-1087: KVM incorrectly handles #DB exceptions while deferred by MOV SS/POP SS Andy Lutomirski (May 08)
Anthony Baker
[SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability Anthony Baker (Jun 12)
Anthony Liguori
CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori (Jun 15)
Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori (Jun 15)
Re: Intel FP security issue Anthony Liguori (Jun 15)
Billy Brumley
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 16)
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 19)
Brian May
Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 15)
Bryan Pendleton
[ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 05)
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 26)
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 15)
Cedric Buissart
Re: CVE-2018-1089 389-ds-base: unauthenticated ns-slapd crash via large filter value in ldapsearch Cedric Buissart (May 07)
pcs: disclosure of CVE-2018-1079 and CVE-2018-1086 Cedric Buissart (Apr 09)
CVE-2018-1089 389-ds-base: unauthenticated ns-slapd crash via large filter value in ldapsearch Cedric Buissart (May 07)
Christian Brabandt
Re: PGP/MIME and S/MIME mail clients vulnerabilities Christian Brabandt (May 14)
Re: Terminal Control Chars Christian Brabandt (Apr 10)
Colm O hEigeartaigh
Apache CXF 3.2.6 and 3.1.16 are released Colm O hEigeartaigh (Jun 28)
Damien Miller
Announce: OpenSSH 7.7 released Damien Miller (Apr 02)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 16)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 25)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 05)
Re: Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 13)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 05)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 04)
Multiple vulnerabilities in Jenkins Daniel Beck (Apr 11)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (May 09)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 25)
Daniel Dai
[SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned Daniel Dai (Apr 04)
[SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files Daniel Dai (Apr 04)
[SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised Daniel Dai (Apr 04)
Daniel Stenberg
[SECURITY AVISORY] curl: RTSP bad headers buffer over-read Daniel Stenberg (May 15)
[SECURITY AVISORY] curl: FTP shutdown response buffer overflow Daniel Stenberg (May 15)
David A. Wheeler
Re: Re: Terminal Control Chars David A. Wheeler (Apr 12)
Re: Re: Terminal Control Chars David A. Wheeler (Apr 12)
David Rientjes
CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes (Apr 24)
Re: CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes (May 14)
Denis Magda
[CVE-2018-1295]: Possible Execution of Arbitrary Code Within Deserialization Endpoints of Apache Ignite Denis Magda (Apr 02)
Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda (Jun 06)
[CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda (Jun 01)
Ed Cable
[SECURITY] CVE-2018-1291: Apache Fineract SQL Injection Vulnerability - Order by injection via Order Param Ed Cable (Apr 19)
[SECURITY] CVE-2018-1290: Apache Fineract SQL Injection Vulnerability - Single quotation escape caused by two continuous SQL parameters Ed Cable (Apr 19)
[SECURITY] CVE-2018-1289: Apache Fineract SQL Injection Vulnerability by orderBy and sortOrder parameters Ed Cable (Apr 19)
[SECURITY] CVE-2018-1292: Apache Fineract SQL Injection Vulnerability - Injection via reportName parameter Ed Cable (Apr 19)
Evgenii Shatokhin
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Evgenii Shatokhin (May 25)
Florian Weimer
Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer (May 15)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer (May 22)
Georgi Guninski
Re: Intel hyper-threading security issues Georgi Guninski (Jun 20)
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive) Georgi Guninski (Jun 30)
Re: Intel hyper-threading security issues Georgi Guninski (Jun 25)
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
Re: Intel hyper-threading security issues Georgi Guninski (Jun 21)
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 15)
Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 12)
Gordo Lowrey
Re: Terminal Control Chars Gordo Lowrey (Apr 10)
Gordon Tetlow
Re: Intel hyper-threading security issues Gordon Tetlow (Jun 21)
gremlin
Re: Singularity's Linux kernel vulnerability claim gremlin (May 03)
Hanno Böck
beep infoleak Hanno Böck (Apr 08)
squirrelmail XSS issues in bug tracker since 2016 Hanno Böck (Jun 27)
Privsec vuln in beep / Code execution in GNU patch Hanno Böck (Apr 05)
Re: squirrelmail XSS issues in bug tracker since 2016 Hanno Böck (Jun 27)
Re: squirrelmail XSS issues in bug tracker since 2016 Hanno Böck (Jun 27)
Harry Sintonen
GNU Wget Cookie Injection [CVE-2018-0494] Harry Sintonen (May 06)
Henri Salo
Re: Re: CVE request: rufus Henri Salo (Jun 01)
Huzaifa Sidhpurwala
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 24)
Ian Zimmerman
Re: Terminal Control Chars Ian Zimmerman (Apr 09)
Re: Terminal Control Chars Ian Zimmerman (Apr 12)
ISC Security Officer
ISC has announced CVE-2018-5738, a defect in some versions of BIND ISC Security Officer (Jun 12)
ISC has disclosed two vulnerabilities in BIND 9.12 (CVE-2018-5736, CVE-2018-5737) ISC Security Officer (May 18)
Jakub Wilk
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 14)
Re: Terminal Control Chars Jakub Wilk (Apr 10)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Jakub Wilk (May 14)
Re: Privsec vuln in beep / Code execution in GNU patch Jakub Wilk (Apr 06)
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 14)
Re: Terminal Control Chars Jakub Wilk (Apr 13)
Re: Re: Terminal Control Chars Jakub Wilk (Apr 10)
Re: Terminal Control Chars Jakub Wilk (Apr 12)
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 15)
Re: Re: Terminal Control Chars Jakub Wilk (Apr 16)
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 12)
James Sirota
CVE-2018-1273 fixed in Metron 0.5.0 James Sirota (Jun 26)
Jason A. Donenfeld
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jason A. Donenfeld (Jun 14)
Joey Hess
CVE-2018-10857 and CVE-2018-10859: git-annex private data exposure Joey Hess (Jun 26)
Jordan Glover
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover (Jun 12)
Josh Elser
CVE-2018-8025 on Apache HBase Josh Elser (Jun 22)
Karsten König
Re: Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König (Apr 25)
Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König (Apr 23)
Kash Pande
Re: beep infoleak Kash Pande (Apr 08)
Kashyap Thimmaraju
CVE-2018-1000155: Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow 1.0+ handshake Kashyap Thimmaraju (May 09)
Kees Cook
Re: Linux Kernel Defence Map Kees Cook (Apr 05)
Re: Linux Kernel Defence Map Kees Cook (Apr 04)
Re: Linux Kernel Defence Map Kees Cook (Apr 05)
Kristian Fiskerstrand
Updated distros statistics Kristian Fiskerstrand (Apr 12)
Kurt Seifried
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 23)
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 25)
Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
Larry W. Cashdollar
Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8 Larry W. Cashdollar (Apr 12)
Leo Gaspard
Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard (May 15)
Lets Secure
Third Party Code Signing Vulnerability in Squirrel & Sparkle Lets Secure (Jun 13)
Liguori, Anthony
Re: Re: Intel FP security issue Liguori, Anthony (Jun 15)
Lionel Debroux
Re: Re: CVE request: rufus Lionel Debroux (Jun 01)
Fun with DBM-type databases... Lionel Debroux (Jun 17)
Loganaden Velvindron
Re: Intel FP security issue Loganaden Velvindron (Jun 13)
Intel hyper-threading security issues Loganaden Velvindron (Jun 19)
Intel FP security issue Loganaden Velvindron (Jun 13)
Luciano Bello
Buffer Overflow in pppd EAP-TLS implementation Luciano Bello (Jun 11)
Lukas Odzioba
Re: Intel hyper-threading security issues Lukas Odzioba (Jun 21)
Re: Intel hyper-threading security issues Lukas Odzioba (Jun 21)
Re: Intel hyper-threading security issues Lukas Odzioba (Jun 21)
Luke Hinds
[opendaylight-security-note]: SDNInterfaceapp SQL injection Luke Hinds (May 18)
Marcus Brinkmann
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 15)
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 16)
CVE-2018-12020, CVE-2018-12019 in GnuPG, Enigmails, GPGTools, python-gnupg Marcus Brinkmann (Jun 13)
Re: CVE-2018-12020 in GnuPG Marcus Brinkmann (Jun 09)
CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 14)
Marcus Meissner
Re: Re: Intel FP security issue Marcus Meissner (Jun 15)
Re: Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 Marcus Meissner (Jun 25)
KVM L1 guest escape - CVE-2018-12904 Marcus Meissner (Jun 27)
Mark Cox
Change to ASF httpd vulnerability XML format Mark Cox (Apr 10)
Mark Thomas
[SECURITY] CVE-2018-8014 Insecure defaults for CORS filter Mark Thomas (May 16)
Marshall Schor
[ANNOUNCE] CVE-2017-15691: Apache UIMA XML external entity expansion (XXE) attack exposure Marshall Schor (Apr 26)
Martin Scott Nicklous
[ CVE-2018-1306 ] Apache Portals Pluto information disclosure vulnerability Martin Scott Nicklous (Jun 26)
Matthew Fernandez
Re: PGP/MIME and S/MIME mail clients vulnerabilities Matthew Fernandez (May 16)
Matthew Wild
[CVE-2018-10847] prosody: insufficient stream header validation Matthew Wild (May 31)
Matthias Gerstner
ktexteditor / Kate local privilege escalation Matthias Gerstner (Apr 24)
Re: cantata: cantata-mounter D-Bus service local privilege escalation and other security issues Matthias Gerstner (Jun 19)
Multiple local root vulnerabilities involving PackageKit CVE-2018-1106 Matthias Gerstner (Apr 23)
Re: ktexteditor / Kate local privilege escalation (CVE-2018-10361) Matthias Gerstner (Apr 25)
cantata: cantata-mounter D-Bus service local privilege escalation and other security issues Matthias Gerstner (Jun 18)
Michael Catanzaro
Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 Michael Catanzaro (Jun 14)
WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
WebKitGTK+ Security Advisory WSA-2018-0004 Michael Catanzaro (May 07)
Michael Ellerman
Re: Intel hyper-threading security issues Michael Ellerman (Jun 22)
Nate McCall
CVE-2018-8016 on Apache Cassandra Nate McCall (Jun 25)
nongiach nongiach
CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS nongiach nongiach (Apr 27)
Re: CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS nongiach nongiach (May 01)
Not Real
Re: Re: Terminal Control Chars Not Real (Apr 09)
nullbyte
Reptile: a LKM rootkit written for evil purposes nullbyte (May 20)
oss-security-list
rclone data exflitration / unauthorized API use oss-security-list (Jun 27)
oststrom (public)
CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal oststrom (public) (Jun 03)
Owen O'Malley
Apache ORC 1.5.0 and 1.4.4 Released Owen O'Malley (May 17)
Pali Rohár
CVE-2018-12558: DOS in perl module Email::Address Pali Rohár (Jun 19)
CVE-2018-2767: MySQL & MariaDB: Return of the BACKRONYM vulnerability (public disclosure) Pali Rohár (Apr 08)
Patrick Hunt
[CVE-2018-8012] Apache ZooKeeper Quorum Peer mutual authentication Patrick Hunt (May 21)
Patrick Uiterwijk
CVE-2018-1002150: koji: Dist Repo call missing authorization check allowing filesystem manipulation Patrick Uiterwijk (Apr 04)
Pete Batard
Re: CVE request: rufus Pete Batard (May 31)
Re: CVE request: rufus Pete Batard (May 31)
Peter Kjellström
Re: Intel hyper-threading security issues Peter Kjellström (Jun 23)
Petr Špaček
CVE-2018-1110: Knot Resolver <= 2.2.0 Improper Input Validation Petr Špaček (Apr 23)
P J P
CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams P J P (Jun 06)
Priedhorsky, Reid
Singularity's Linux kernel vulnerability claim Priedhorsky, Reid (May 03)
P. Taylor Goetz
[CVE-2018-1332] Apache Storm user impersonation vulnerability P. Taylor Goetz (Jun 05)
[CVE-2018-8008] Apache Storm arbitrary file write vulnerability P. Taylor Goetz (Jun 05)
Qinghao Tang
erc20 contract KoreaShow bug Qinghao Tang (May 10)
Qualys Security Advisory
Re: Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory (May 23)
Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory (May 17)
Rafael Mendonça França
[CVE-2018-3760] Path Traversal in Sprockets Rafael Mendonça França (Jun 19)
Rai, Harendra
RE: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Rai, Harendra (Jun 05)
Raphael Sanchez Prudencio
CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function Raphael Sanchez Prudencio (Apr 12)
Remi Gacogne
PowerDNS Security Advisory 2018-02 Remi Gacogne (May 09)
Russ Allbery
Re: Re: Terminal Control Chars Russ Allbery (Apr 12)
Re: Re: Terminal Control Chars Russ Allbery (Apr 12)
Salvatore Bonaccorso
Perl: CVE-2018-12015: Archive::Tar: directory traversal vulnerability Salvatore Bonaccorso (Jun 07)
Sebastian Krahmer
Re: Privsec vuln in beep / Code execution in GNU patch Sebastian Krahmer (Apr 06)
Secunia Research
Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Secunia Research (Jun 07)
Seth Arnold
Re: CVE for PyYAML RCE-factory API Seth Arnold (Jun 26)
Re: Updated distros statistics Seth Arnold (Apr 12)
Re: Intel hyper-threading security issues Seth Arnold (Jun 22)
Siddharth Sharma
CVE-2018-10841 glusterfs: access trusted peer group via remote-host command Siddharth Sharma (Jun 20)
CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled Siddharth Sharma (Apr 18)
Simon McVittie
Re: Re: Terminal Control Chars Simon McVittie (Apr 12)
Simon Steiner
[CVE-2018-8013] Apache Batik information disclosure vulnerability Simon Steiner (May 23)
Solar Designer
Re: Intel FP security issue Solar Designer (Jun 15)
Re: Intel hyper-threading security issues Solar Designer (Jun 22)
Re: Intel hyper-threading security issues Solar Designer (Jun 21)
Re: CVE request: rufus Solar Designer (May 31)
Re: rclone data exflitration / unauthorized API use Solar Designer (Jun 27)
Stefan Kanthak
Re: CVE request: rufus Stefan Kanthak (Jun 01)
CVE request: rufus Stefan Kanthak (May 31)
Re: CVE request: rufus Stefan Kanthak (May 31)
Stephen Farrell
Re: Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stephen Farrell (Jun 13)
Stiepan
Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 10)
Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 13)
Stuart Henderson
Re: Intel hyper-threading security issues Stuart Henderson (Jun 21)
Sven Schwedas
Re: Intel hyper-threading security issues Sven Schwedas (Jun 21)
Sysdream Labs
[CVE-2018-10094] Dolibarr SQL Injection vulnerability Sysdream Labs (May 20)
[CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability Sysdream Labs (May 20)
Dolibarr XSS Injection vulnerability Sysdream Labs (May 20)
Tatsuhiro Tsujikawa
Re: CVE-2018-1000168: nghttp2: Denial of service due to NULL pointer dereference. Tatsuhiro Tsujikawa (Apr 12)
Tim Allison
[CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser Tim Allison (Apr 25)
[CVE-2018-1335] Command Injection Vulnerability in Apache Tika’s tika-server module Tim Allison (Apr 25)
[CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser Tim Allison (Apr 25)
Todd C. Miller
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Todd C. Miller (Jun 12)
Tomas Hoger
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger (May 21)
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger (May 14)
Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Tomas Hoger (Jun 06)
Tomer Brisker
CVE-2018-1097 Foreman: oVirt credentials exposed by host power API Tomer Brisker (Apr 10)
Tristan Cacqueray
[OSSA-2018-001] Raw underlying encrypted volume access (CVE-2017-18191) Tristan Cacqueray (Apr 20)
Uwe Schindler
[SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter Uwe Schindler (Apr 08)
[SECURITY] CVE-2018-8010: XXE vulnerability due to Apache Solr configset upload Uwe Schindler (May 21)
Vítor Silva
CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow Vítor Silva (Apr 19)
Vladis Dronov
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Vladis Dronov (Jun 26)
CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Vladis Dronov (May 10)
Re: a number of CVEs for issues in the filesystem's code in the Linux kernel Vladis Dronov (Apr 20)
CVE-2017-13220 / Android A-63527053: Linux kernel: Possible out-of-bound access in Bluetooth subsystem Vladis Dronov (Apr 10)
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Vladis Dronov (Jun 22)
Wade Mealing
CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() Wade Mealing (May 08)
Xen . org security team
Xen Security Advisory 259 - x86: PV guest may crash Xen with XPTI Xen . org security team (Apr 25)
Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest Xen . org security team (Jun 27)
Xen Security Advisory 259 (CVE-2018-10471) - x86: PV guest may crash Xen with XPTI Xen . org security team (Apr 30)
Xen Security Advisory 260 (CVE-2018-8897) - x86: mishandling of debug exceptions Xen . org security team (May 08)
Xen Security Advisory 261 (CVE-2018-10982) - x86 vHPET interrupt injection errors Xen . org security team (May 11)
Xen Security Advisory 258 (CVE-2018-10472) - Information leak via crafted user-supplied CDROM Xen . org security team (Apr 30)
Xen Security Advisory 262 - qemu may drive Xen into unbounded loop Xen . org security team (May 08)
Xen Security Advisory 261 - x86 vHPET interrupt injection errors Xen . org security team (May 08)
Xen Security Advisory 267 (CVE-2018-3665) - Speculative register leakage from lazy FPU context switching Xen . org security team (Jun 13)
Xen Security Advisory 264 (CVE-2018-12891) - preemption checks bypassed in x86 PV MM handling Xen . org security team (Jun 27)
Xen Security Advisory 258 - Information leak via crafted user-supplied CDROM Xen . org security team (Apr 25)
Xen Security Advisory 262 (CVE-2018-10981) - qemu may drive Xen into unbounded loop Xen . org security team (May 11)
Xen Security Advisory 266 (CVE-2018-12892) - libxl fails to honour readonly flag on HVM emulated SCSI disks Xen . org security team (Jun 27)
Yves-Alexis Perez
Re: Re : Re: [oss-security] CVE-2018-12020 in GnuPG Yves-Alexis Perez (Jun 10)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 15)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 16)
CVE-2018-12020 in GnuPG Yves-Alexis Perez (Jun 08)
Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
zrlw
Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 zrlw (Jun 25)