oss-sec: by thread
257 messages
starting Jul 01 19 and
ending Sep 28 19
Date index |
Thread index |
Author index
- pari/gp arbitrary file write Georgi Guninski (Jul 01)
- Django: CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS Mariusz Felisiak (Jul 01)
- Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Adrien Nader (Jul 01)
- Re: linux-distros membership application - Microsoft Michael Ellerman (Jul 02)
- <Possible follow-ups>
- Re: linux-distros membership application - Microsoft Georgi Guninski (Jul 06)
- Re: linux-distros membership application - Microsoft Solar Designer (Jul 06)
- Re: linux-distros membership application - Microsoft Solar Designer (Jul 06)
- Re: linux-distros membership application - Microsoft Sasha Levin (Jul 06)
- Re: linux-distros membership application - Microsoft Moritz Muehlenhoff (Jul 07)
- Re: linux-distros membership application - Microsoft Sasha Levin (Jul 12)
- Re: linux-distros membership application - Microsoft Solar Designer (Jul 08)
- Re: linux-distros membership application - Microsoft Georgi Guninski (Jul 07)
- Re: linux-distros membership application - Microsoft Solar Designer (Jul 07)
- Re: linux-distros membership application - Microsoft David A. Wheeler (Jul 08)
- Re: linux-distros membership application - Microsoft Stuart D. Gathman (Jul 08)
- Re: linux-distros membership application - Microsoft Sasha Levin (Jul 06)
- Re: linux-distros membership application - Microsoft Kristian Fiskerstrand (Jul 11)
- Re: linux-distros membership application - Microsoft Sasha Levin (Aug 11)
- Re: linux-distros membership application - Microsoft Solar Designer (Aug 12)
- CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names P J P (Jul 02)
- CVE-2019-10183 virt-install: unattended option leaks password via command line argument P J P (Jul 02)
- deepin-clone: various symlink attacks Matthias Gerstner (Jul 04)
- CVE-2019-13122: Patchwork: XSS via Message-ID Daniel Axtens (Jul 05)
- Re: [CVE-2019-0231] MINA SSLFilter security Issue Doran Moppert (Jul 07)
- CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments P J P (Jul 08)
- CVE-2019-13132: zeromq/libzmq: denial of service via stack overflow with arbitrary data Luca Boccassi (Jul 08)
- Xen Security Advisory 300 v1 - Linux: No grant table and foreign mapping limits Xen . org security team (Jul 09)
- Data exfiltration with FPM servers (HHVM and rarely PHP) Hanno Böck (Jul 09)
- Privileged File Access from Desktop Applications Malte Kraus (Jul 09)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 10)
- Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Matthias Gerstner (Jul 11)
- Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Bob Friesenhahn (Jul 11)
- Re: Privileged File Access from Desktop Applications John Haxby (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
- Re: Privileged File Access from Desktop Applications Jordan Glover (Jul 12)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 12)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 12)
- Re: Privileged File Access from Desktop Applications Steffen Nurpmeso (Jul 12)
- Re: Privileged File Access from Desktop Applications Steffen Nurpmeso (Jul 11)
- Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
- Re: Privileged File Access from Desktop Applications Martin Steigerwald (Jul 11)
- Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)
- Contributing Back Joe McManus (Jul 09)
- Re: Contributing Back Solar Designer (Jul 14)
- Re: Contributing Back Joe McManus (Jul 15)
- Re: Contributing Back Anthony Liguori (Jul 15)
- Re: Contributing Back Solar Designer (Jul 15)
- Re: Contributing Back Joe McManus (Jul 15)
- Re: Contributing Back Solar Designer (Jul 14)
- CVE-2018-17196: Potential to bypass transaction/idempotent ACL checks in Apache Kafka Jason Gustafson (Jul 11)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 11)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 31)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Aug 07)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 12)
- [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller Dave (Jul 12)
- Knot Resolver 4.1.0 security release Vladimír Čunát (Jul 14)
- Fwd: [ANNOUNCE] libICE 1.0.10 Alan Coopersmith (Jul 14)
- CVE-2019-10198: Authorization bypass in Foreman tasks plugin Tomer Brisker (Jul 17)
- Multiple vulnerabilities in Jenkins Wadeck Follonier (Jul 17)
- Xen Security Advisory 300 v2 - Linux: No grant table and foreign mapping limits Xen . org security team (Jul 19)
- stack buffer overflow in fbdev Tavis Ormandy (Jul 19)
- Re: stack buffer overflow in fbdev Linus Torvalds (Jul 21)
- Re: stack buffer overflow in fbdev Daniel Vetter (Jul 22)
- Re: stack buffer overflow in fbdev Linus Torvalds (Jul 22)
- Re: stack buffer overflow in fbdev Bartlomiej Zolnierkiewicz (Jul 22)
- Re: stack buffer overflow in fbdev Daniel Vetter (Jul 23)
- Re: stack buffer overflow in fbdev Daniel Vetter (Jul 22)
- Re: stack buffer overflow in fbdev Linus Torvalds (Jul 23)
- Re: stack buffer overflow in fbdev Linus Torvalds (Jul 21)
- Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin Eugene Kolo (Jul 21)
- Re: Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin Eugene Kolo (Jul 22)
- CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Amos Jeffries (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Ian Zimmerman (Jul 22)
- Security release pre-announcement messages Douglas Bagnall (Jul 24)
- Re: Security release pre-announcement messages Stiepan (Jul 26)
- Re: Security release pre-announcement messages Greg KH (Jul 26)
- Re: Security release pre-announcement messages Greg KH (Jul 26)
- Re: Security release pre-announcement messages Stiepan (Jul 26)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Eric Blake (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson (Jul 22)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 26)
- Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
- [CVE-2019-0202] Apache Storm Logviewer file system access vulnerability Stig Rohde Døssing (Jul 24)
- [CVE-2018-1320] Apache Storm vulnerable Thrift version Stig Rohde Døssing (Jul 24)
- [CVE-2018-11779] Apache Storm UI Java deserialization vulnerability Stig Rohde Døssing (Jul 24)
- CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov (Jul 25)
- Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Andrey Konovalov (Jul 25)
- Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov (Aug 02)
- Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 25)
- Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 25)
- Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 25)
- Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 26)
- Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 26)
- Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 26)
- Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 27)
- Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 25)
- Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 25)
- RCE through open PHP-FPM ports Hanno Böck (Jul 27)
- [CVE-2018-11772] Apache VCL SQL injection attack in privilege management Josh Thompson (Jul 29)
- [CVE-2018-11773] Apache VCL improper form validation in block allocation management Josh Thompson (Jul 29)
- [CVE-2018-11774] Apache VCL SQL injection attack in VM management Josh Thompson (Jul 29)
- CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user Michael Neuling (Jul 30)
- PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records Peter van Dijk (Jul 30)
- icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Cedric Buissart (Jul 31)
- [CVE-2018-11782, CVE-2019-0203] Apache Subversion svnserve vulnerabilities Julian Foad (Jul 31)
- [CVE-2019-0193] Apache Solr, Remote Code Execution via DataImportHandler David Smiley (Jul 31)
- CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly P J P (Aug 01)
- Django security releases issued: Multiple CVEs Carlton Gibson (Aug 01)
- [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper Tim Allison (Aug 02)
- [CVE-2019-10093] Denial of Service in Apache Tika's 2003ml and 2006ml Parsers Tim Allison (Aug 02)
- [CVE-2019-10094] StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper Tim Allison (Aug 02)
- New Tool - Phishing Simulation jeny raval (Aug 05)
- Re: New Tool - Phishing Simulation zugtprgfwprz (Aug 05)
- Current CVE policy on missing-hardening bugs Florian Weimer (Aug 05)
- Security issues in various deepin D-Bus services and tools Matthias Gerstner (Aug 05)
- Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249 Joel Smith (Aug 05)
- CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 05)
- Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 05)
- Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 06)
- Re: CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Moritz Muehlenhoff (Aug 06)
- Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 05)
- clamav: denial of service through "better zip bomb" Hanno Böck (Aug 06)
- [ANNOUNCE] CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port Tim Allclair (Aug 06)
- [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433) Jeremy Stanley (Aug 06)
- wpa_supplicant/hostapd: SAE/EAP-pwd side-channel attack update Jouni Malinen (Aug 07)
- CVE update - fixed in Apache Ranger 2.0.0 Velmurugan Periasamy (Aug 08)
- [ANNOUNCE] Security release of kube-state-metrics v1.7.2 Frederic Branczyk (Aug 09)
- Re: [ANNOUNCE] Security release of kube-state-metrics v1.7.2 Sam Fowler (Aug 15)
- Nokogiri security update v1.10.4 Mike Dalessio (Aug 11)
- gnu/linux rediscovers macro malware Georgi Guninski (Aug 12)
- ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart (Aug 12)
- Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Bob Friesenhahn (Aug 12)
- Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart (Aug 13)
- Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Bob Friesenhahn (Aug 12)
- CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation. Wade Mealing (Aug 14)
- CVE-2019-10081: mod_http2, memory corruption on early pushes Daniel Ruggeri (Aug 15)
- CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown Daniel Ruggeri (Aug 15)
- CVE-2019-10092: Limited cross-site scripting in mod_proxy Daniel Ruggeri (Aug 15)
- CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference Daniel Ruggeri (Aug 15)
- CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect Daniel Ruggeri (Aug 15)
- CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers Daniel Ruggeri (Aug 15)
- [CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3 Justin Bull (Aug 19)
- [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514 Hausler, Micah (Aug 19)
- Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Aug 20)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eric Biggers (Aug 21)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Marcus Meissner (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Brad Spengler (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Jeremy Stanley (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Kurt H Maier (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 23)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Marcus Meissner (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
- RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack Vogl, Todd (Aug 21)
- [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source Colm O hEigeartaigh (Aug 23)
- CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry David Tomaschik (Aug 23)
- CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270 Carlos Eduardo (Aug 26)
- [CVE-2019-12402] Apache Commons Compress denial of service vulnerability Stefan Bodewig (Aug 27)
- Linux kernel: three heap overflow in the marvell wifi driver huangwen (Aug 28)
- ghostscript: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and CVE-2019-14817 (.forceput exposed) Cedric Buissart (Aug 28)
- Critical Dovecot and Pigeonhole vulnerability Aki Tuomi (Aug 28)
- Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck (Aug 28)
- Message not available
- Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck (Aug 28)
- Re: Critical Dovecot and Pigeonhole vulnerability aki . tuomi (Aug 28)
- Re: Critical Dovecot and Pigeonhole vulnerability Larry Rosenman (Aug 28)
- Message not available
- Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck (Aug 28)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Aug 28)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Sep 25)
- CVE-2019-10222: ceph: unauthenticated clients can crash RGW Alexandros Toptsoglou (Aug 28)
- Three vulnerabilities in Kea DHCP disclosed by ISC, 28 August 2019 Michael McNally (Aug 29)
- [OSSA-2019-004] Ageing time of 0 disables linuxbridge MAC learning (CVE-2019-15753) Jeremy Stanley (Aug 29)
- Irssi 1.2.2:CVE-2019-15717 Ailin Nemui (Aug 29)
- Re: Irssi 1.2.2:CVE-2019-15717 Santiago Torres (Aug 29)
- WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 Adrian Perez de Castro (Aug 29)
- MITRE response time Heiko Schlittermann (Sep 02)
- Re: MITRE response time (RS) Tyler Schroder (Sep 02)
- Re: MITRE response time Johannes Segitz (Sep 02)
- Re: MITRE response time Florian Weimer (Sep 02)
- Re: MITRE response time Heiko Schlittermann (Sep 02)
- Re: MITRE response time Florian Weimer (Sep 02)
- CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface Chris Coulson (Sep 03)
- CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann (Sep 06)
- Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 09)
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
- <Possible follow-ups>
- Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 05)
- CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly P J P (Sep 06)
- CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability Rawlin Peters (Sep 06)
- Telegram privacy fails again. Dhiraj Mishra (Sep 09)
- Re: Telegram privacy fails again. Ilya Matveychikov (Sep 10)
- Re: Telegram privacy fails again. Solar Designer (Sep 12)
- Re: Telegram privacy fails again. Ben Tasker (Sep 12)
- Re: Telegram privacy fails again. notspam (Sep 13)
- Re: Telegram privacy fails again. Stuart Henderson (Sep 13)
- Re: Telegram privacy fails again. Jiri 'Ghormoon' Novak (Sep 16)
- Re: Telegram privacy fails again. notspam (Sep 16)
- Re: Telegram privacy fails again. Ben Tasker (Sep 12)
- [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0 Tomas Fernandez Lobbe (Sep 09)
- CVE-2019-15030: Linux kernel: powerpc: data leak with FP/VMX triggerable by unavailable exception in transaction Michael Neuling (Sep 10)
- CVE-2019-15031: Linux kernel: powerpc: data leak with FP/VMX triggerable by interrupt in transaction Michael Neuling (Sep 10)
- [CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine Jacopo Cappellato (Sep 10)
- [CVE-2019-0189] Apache OFBiz remote code execution and arbitrary file delete via Java deserialization Jacopo Cappellato (Sep 10)
- [CVE-2019-10073] Apache OFBiz XSS vulnerability in the "ecommerce" component Jacopo Cappellato (Sep 10)
- [CVE-2019-10074] Apache OFBiz RCE (template injection) Jacopo Cappellato (Sep 10)
- [SECURITY ADVISORY] curl: FTP-KRB double-free Daniel Stenberg (Sep 10)
- [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow Daniel Stenberg (Sep 10)
- hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass Jouni Malinen (Sep 11)
- Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass Salvatore Bonaccorso (Sep 12)
- OpenDMARC signature bypass with multiple From addresses Hanno Böck (Sep 11)
- Re: OpenDMARC signature bypass with multiple From addresses Salvatore Bonaccorso (Sep 17)
- pam_p11 0.3.1 released Frank Morgner (Sep 12)
- 3 CVEs in dino Randy Barlow (Sep 12)
- CVE-2019-14822 ibus: missing authorization flaw Riccardo Schirone (Sep 13)
- [CVE-2019-0195] Apache Tapestry vulnerability disclosure Thiago H. de Paula Figueiredo (Sep 13)
- CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability Thiago H. de Paula Figueiredo (Sep 13)
- CVE-2019-10071: Apache Tapestry vulnerability disclosure Thiago H. de Paula Figueiredo (Sep 13)
- CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow 张博 (Sep 17)
- <Possible follow-ups>
- Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow 皮罡 (Sep 24)
- OpenDMARC buffer overflows Hanno Böck (Sep 17)
- Re: OpenDMARC buffer overflows Alyssa Ross (Sep 17)
- Re: OpenDMARC buffer overflows Thomas Ward (Sep 17)
- Re: OpenDMARC buffer overflows Alyssa Ross (Sep 17)
- CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer P J P (Sep 20)
- [CVE-2019-10087] Apache JSPWiki Cross-site scripting vulnerability in Page Revision History Juan Pablo Santos Rodríguez (Sep 20)
- [CVE-2019-10089] Apache JSPWiki Cross-site scripting vulnerability on WYSIWYG editor Juan Pablo Santos Rodríguez (Sep 20)
- [CVE-2019-10090] Apache JSPWiki Cross-site scripting vulnerability on plain editor Juan Pablo Santos Rodríguez (Sep 20)
- [CVE-2019-12404] Apache JSPWiki Cross-site scripting vulnerability on InfoContent.jsp Juan Pablo Santos Rodríguez (Sep 20)
- [CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter Juan Pablo Santos Rodríguez (Sep 20)
- OSS platform security Rich Persaud (Sep 21)
- CVE-2019-16714: info leak in RDS rds6_inc_info_copy butt3rflyh4ck (Sep 24)
- CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy butt3rflyh4ck (Sep 25)
- [SBA-ADV-20190911-01] CVE-2019-16524: Easy FancyBox Wordpress Plugin 1.8.17 or below Stored Cross-site Scripting (XSS) SBA Research Advisory (Sep 25)
- Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 27)
- Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Dominic Taylor (Sep 28)
- Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 28)
- Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 28)
- Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Dominic Taylor (Sep 28)