oss-sec: by thread
237 messages
starting Apr 02 19 and
ending Jun 30 19
Date index |
Thread index |
Author index
- CVE-2019-0196: mod_http2, read-after-free on a string compare Daniel Ruggeri (Apr 02)
- CVE-2019-0197: mod_http2, possible crash on late upgrade Daniel Ruggeri (Apr 02)
- CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts Daniel Ruggeri (Apr 02)
- CVE-2019-0215: mod_ssl access control bypass Daniel Ruggeri (Apr 02)
- CVE-2019-0217: mod_auth_digest access control bypass Daniel Ruggeri (Apr 02)
- CVE-2019-0220: URL normalization inconsistincies Daniel Ruggeri (Apr 02)
- CVE-2019-3882: Linux kernel: DoS through vfio/type1 DMA mappings Vladis Dronov (Apr 03)
- CVE-2019-3837: RHEL6: memory leak in tcp_recvmsg() with NET_DMA Vladis Dronov (Apr 03)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 03)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 13)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 17)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 30)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 21)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 31)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 11)
- Linux kernel < 4.8 local generic ASLR bypass for setuid binaries Federico Manuel Bento (Apr 03)
- Re: Linux kernel < 4.8 local generic ASLR - CVE-ID Vladis Dronov (Apr 15)
- Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Vladis Dronov (Apr 18)
- Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Solar Designer (May 22)
- Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Vladis Dronov (Apr 18)
- Re: Linux kernel < 4.8 local generic ASLR - CVE-ID Vladis Dronov (Apr 15)
- XSS in roundup bug tracker 404 page Hanno Böck (Apr 05)
- Re: XSS in roundup bug tracker 404 page Henri Salo (Apr 07)
- CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS P J P (Apr 07)
- DLL injection in Go < 1.12.2 [CVE-2019-9634] Jason A. Donenfeld (Apr 08)
- [OSSA-2019-002] neutron-openvswitch-agent: Unable to install new flows on compute nodes when having broken security group rules (CVE-2019-10876) Gage Hugo (Apr 09)
- Multiple vulnerabilities in Jenkins Daniel Beck (Apr 10)
- wpa_supplicant/hostapd: SAE side-channel attacks Jouni Malinen (Apr 10)
- wpa_supplicant/hostapd: EAP-pwd side-channel attack Jouni Malinen (Apr 10)
- hostapd: SAE confirm missing state validation Jouni Malinen (Apr 10)
- wpa_supplicant/hostapd: EAP-pwd missing commit validation Jouni Malinen (Apr 10)
- CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component Ash Berlin-Taylor (Apr 10)
- WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 Michael Catanzaro (Apr 11)
- [CVE-2019-0231] MINA SSLFilter security Issue Emmanuel Lecharny (Apr 14)
- CVE-2019-3893: Foreman: Compute resource credentials exposed during deletion on API Tomer Brisker (Apr 14)
- kernel address leak in drivers/media/dvb-frontends/ascot2e.c - linux 4.14.111 LTS Fuqian Huang (Apr 16)
- Linux kernel address leaks Solar Designer (Apr 18)
- Re: Linux kernel address leaks Greg KH (Apr 18)
- Linux kernel address leaks Solar Designer (Apr 18)
- 3 pacemaker security flaws Huzaifa Sidhpurwala (Apr 17)
- Re: 3 pacemaker security flaws Jan Pokorný (Apr 18)
- urllib3: adds system certificates to ssl_context Havoc Pennington (Apr 17)
- Re: urllib3: adds system certificates to ssl_context Havoc Pennington (Apr 19)
- Announce: OpenSSH 8.0 released Damien Miller (Apr 17)
- CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Aki Tuomi (Apr 18)
- Security issues in snapcraft snap-confine set*id binary Matthias Gerstner (Apr 18)
- Re: Security issues in snapcraft snap-confine set*id binary Jamie Strandboge (Apr 25)
- wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment Jouni Malinen (Apr 18)
- Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment Salvatore Bonaccorso (Apr 26)
- Linux kernel < 4.14.111 drivers/media/dvb-frontends/cxd2841er.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/media/dvb-frontends/helene.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/media/dvb-frontends/horus3a.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/media/pci/saa7164/saa7164-core.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/message/fusion/mptbase.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/message/fusion/mptscsih.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/net/ethernet/netronome/nfp/nfp_net_debugfs.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/nfc/nfcmrvl/usb.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/scsi/cxgbi/cxgb3i/cxgb3i.c kernel address dumps to user space Fuqian Huang (Apr 18)
- Linux kernel < 4.14.111 drivers/scsi/cxgbi/cxgb4i/cxgb4i.c kernel address dumps to user space Fuqian Huang (Apr 18)
- [CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS Daniel Gruno (Apr 20)
- Nokogiri security update v1.10.3 Mike Dalessio (Apr 22)
- Re: Nokogiri security update v1.10.3 Florian Weimer (Apr 23)
- Re: Nokogiri security update v1.10.3 Mike Dalessio (Apr 23)
- Re: Nokogiri security update v1.10.3 Florian Weimer (Apr 23)
- Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328) Apache Security Team (Apr 23)
- fprintd: found storing user fingerprints without encryption Seong-Joong Kim (Apr 23)
- Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 07)
- Re: Re: fprintd: found storing user fingerprints without encryption Roman Drahtmueller (May 08)
- Re: Re: fprintd: found storing user fingerprints without encryption Noel Kuntze (May 08)
- Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 08)
- Re: Re: fprintd: found storing user fingerprints without encryption Noel Kuntze (May 08)
- Message not available
- Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 08)
- Re: Re: fprintd: found storing user fingerprints without encryption Roman Drahtmueller (May 08)
- Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 08)
- Re: Re: fprintd: found storing user fingerprints without encryption halfdog (May 10)
- Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 10)
- Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 11)
- Re: fprintd: found storing user fingerprints without encryption halfdog (May 14)
- Re: fprintd: found storing user fingerprints without encryption halfdog (May 14)
- Re: Re: fprintd: found storing user fingerprints without encryption Roman Drahtmueller (May 08)
- Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 07)
- Re: CVE-2018-11802: Apache Solr authorization bug vulnerability disclosure Ishan Chattopadhyaya (Apr 24)
- Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments Jamie Strandboge (Apr 24)
- Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments Jamie Strandboge (Apr 25)
- Re: Linux kernel: no permission check during open() time of /proc/[pid]/maps in kernels < 3.18 Solar Designer (Apr 25)
- Re: Linux kernel: multiple issues Salvatore Bonaccorso (Apr 29)
- Re: Linux kernel: multiple issues Salvatore Bonaccorso (Apr 30)
- Re: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel Greg KH (May 05)
- Re: XSS via EXIF tag in Serendipity blog Henri Salo (May 10)
- Re: Potential DoS vulnerability in CGit Wire Snark (May 19)
- Re: Potential DoS vulnerability in CGit Jason A. Donenfeld (May 19)
- Re: Marvell Wifi Driver mwifiex_uap_parse_tail_ies Heap Overflow Solar Designer (Jun 04)
- Re: Crash / fix in bzip2 Thomas Deutschmann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Simon McVittie (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Solar Designer (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 05)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 05)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Qualys Security Advisory (Jun 05)
- Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Qualys Security Advisory (Jun 06)
- Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird Brandon Perry (Jun 14)
- Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird zugtprgfwprz (Jun 14)
- Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird Stuart D. Gathman (Jun 14)
- Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird zugtprgfwprz (Jun 14)
- Re: Apache::Session's use of md5 and more Solar Designer (Jun 15)
- Re: Apache::Session's use of md5 and more Raphael Geissert (Jun 17)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Moritz Muehlenhoff (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Ian Zimmerman (Jun 21)
- Re: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Hanno Böck (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz David A. Wheeler (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alan Coopersmith (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Solar Designer (Jun 16)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 16)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Solar Designer (Jun 16)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 16)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Robert Watson (Jun 17)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 17)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jakub Wilk (Jun 23)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Marcus Meissner (Jun 17)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Dmitry Vyukov (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Stuart D. Gathman (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Matthew Fernandez (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz David A. Wheeler (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Seth Arnold (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Matthew Fernandez (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeff Law (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Pascal Cuoq (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeff Law (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeffrey Walton (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Florian Weimer (Jun 25)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Martin Carpenter (Jun 26)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz John Haxby (Jun 24)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Dmitry Vyukov (Jun 24)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Greg KH (Jun 17)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Loganaden Velvindron (Jun 17)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Nicholas Luedtke (Jun 18)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Loganaden Velvindron (Jun 17)
- Re: curl: Windows OpenSSL engine code injection Jakub Wilk (Jun 23)
- Re: linux-distros membership application - Microsoft Greg KH (Jun 27)
- Re: linux-distros membership application - Microsoft Solar Designer (Jun 27)
- Re: linux-distros membership application - Microsoft Greg KH (Jun 27)
- Re: linux-distros membership application - Microsoft Tyler Hicks (Jun 27)
- Re: linux-distros membership application - Microsoft Greg KH (Jun 27)
- Re: linux-distros membership application - Microsoft Anthony Liguori (Jun 27)
- Re: linux-distros membership application - Microsoft Tyler Hicks (Jun 27)
- Re: linux-distros membership application - Microsoft John Haxby (Jun 27)
- Re: linux-distros membership application - Microsoft Sasha Levin (Jun 27)
- Re: linux-distros membership application - Microsoft Solar Designer (Jun 28)
- Re: linux-distros membership application - Microsoft Sasha Levin (Jun 28)
- Re: linux-distros membership application - Microsoft Simon Lees (Jun 30)
- Re: linux-distros membership application - Microsoft Greg KH (Jun 27)