oss-sec: by date
176 messages
starting Oct 01 19 and
ending Dec 30 19
Date index |
Thread index |
Author index
Tuesday, 01 October
PDFex: Security weakness in PDF encryption Jens Müller
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Wednesday, 02 October
Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions. Akamai
Minerva: ECDSA key recovery from bit-length leakage Ján Jančár
Thursday, 03 October
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li
Friday, 04 October
CVE-2018-11768: Apache Hadoop HDFS FSImage Corruption Akira Ajisaka
Tuesday, 08 October
Multiple vulnerabilities in Centreon-Web and Centreon-VM Guillaume Quéré
[OSSA-2019-005] Octavia Amphora-Agent not requiring Client-Certificate (CVE-2019-17134) Daniel 'f0o' Preussker
CVE-2019-16760: Cargo prior to Rust 1.26.0 may download the wrong dependency Pietro Albini
Announce: OpenSSH 8.1 released Damien Miller
Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM Guillaume Quéré
Wednesday, 09 October
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow bo Zhang
CVE-2019-17365: Nix per-user profile directory hijack Michael Orlitzky
Koji CVE-2019-17109: koji hub allows arbitrary upload destinations Patrick Uiterwijk
Re: CVE-2019-17365: Nix per-user profile directory hijack Graham Christensen
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li
Thursday, 10 October
Re: CVE-2019-17365: Nix per-user profile directory hijack Michael Orlitzky
Sunday, 13 October
Statistics for distros lists updated for 2019Q3 Kristian Fiskerstrand
Monday, 14 October
Sudo: CVE-2019-14287 Todd C. Miller
Tuesday, 15 October
Re: Statistics for distros lists updated for 2019Q3 Kristian Fiskerstrand
Re: Sudo: CVE-2019-14287 Todd C. Miller
Wednesday, 16 October
Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0 Vishwas Babu
[SBA-ADV-20190913-01] CVE-2019-16522: WordPress Plugin - EU Cookie Law (GDPR) <= 3.0.6 and possibly upwards - Stored XSS SBA Research Advisory
[SBA-ADV-20190913-02] CVE-2019-16521: WordPress Plugin - Broken Link Checker <= 1.11.8 - Reflected XSS SBA Research Advisory
[SBA-ADV-20190913-03] CVE-2019-16523: WordPress Plugin - Events Manager <= 5.9.5 - Stored XSS SBA Research Advisory
[SBA-ADV-20190913-04] CVE-2019-16520: WordPress Plugin - All in One SEO Pack <= 3.2.6 - Stored XSS SBA Research Advisory
Multiple vulnerabilities in Jenkins plugins Daniel Beck
BIND9 CVE-2019-6475 and CVE-2019-6476 ISC Security Officer
Thursday, 17 October
CVE-2019-0205: Apache Thrift: potential DoS when processing untrusted Thrift payload Jens Geyer
CVE-2019-0210: Apache Thrift: out-of-bounds read vulnerability Jens Geyer
CVE-2019-18192: Insecure permissions on Guix profile directory Ludovic Courtès
Tuesday, 22 October
[CVE-2019-15587] Loofah XSS Vulnerability Mike Dalessio
Re: [CVE-2019-15587] Loofah XSS Vulnerability Mike Dalessio
Thursday, 31 October
Xen Security Advisory 303 v4 (CVE-2019-18422) - ARM: Interrupts are unconditionally unmasked in exception handlers Xen . org security team
Xen Security Advisory 302 v5 (CVE-2019-18424) - passed through PCI devices may corrupt host memory after deassignment Xen . org security team
Xen Security Advisory 296 v4 (CVE-2019-18420) - VCPUOP_initialise DoS Xen . org security team
Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation Xen . org security team
Xen Security Advisory 299 v4 (CVE-2019-18421) - Issues with restartable PV type change operations Xen . org security team
Re: Python-3.5.8.tar.xz does NOT contain the fix for bpo-38243 Peter van Dijk
Xen Security Advisory 301 v3 (CVE-2019-18423) - add-to-physmap can be abused to DoS Arm hosts Xen . org security team
Monday, 04 November
[CVE-2019-10084] privilege escalation by authenticated Apache Impala users Tim Armstrong
Re: Membership application for linux-distros - VMware Srivatsa S. Bhat
Re: Membership application for linux-distros - VMware Srivatsa S. Bhat
Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid Salvatore Bonaccorso
Tuesday, 05 November
[CVE-2019-12406] Apache CXF does not restrict the number of message attachments Colm O hEigeartaigh
[CVE-2019-12419] Apache CXF OpenId Connect token service does not properly validate the clientId Colm O hEigeartaigh
Re: Membership application for linux-distros - VMware Solar Designer
Re: Contributing Back Solar Designer
Re: Contributing Back Seth Arnold
Wednesday, 06 November
Re: Membership application for linux-distros - VMware Srivatsa S. Bhat
Re: Contributing Back Anthony Liguori
Re: Contributing Back Solar Designer
Re: Membership application for linux-distros - VMware Solar Designer
Thursday, 07 November
Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? Kees Cook
Re: independent volunteers on distros list Solar Designer
[CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 Micah Kornfield
Friday, 08 November
Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Georgi Guninski
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby
CVE-2019-18397 - Stack buffer overflow in GNU FriBidi >= 1.0.0 Alex Murray
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006 Carlos Alberto Lopez Perez
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Russ Allbery
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Florian Weimer
Monday, 11 November
CVE-2019-2201: libjpeg-turbo: code execution Wolfgang Frisch
Tuesday, 12 November
Re: CVE-2019-2201: libjpeg-turbo: code execution pgajdos
DPDK security advisory: CVE-2019-14818 Ferruh Yigit
Xen Security Advisory 304 v1 (CVE-2018-12207) - x86: Machine Check Error on Page Size Change DoS Xen . org security team
Xen Security Advisory 305 v1 (CVE-2019-11135) - TSX Asynchronous Abort speculative side channel Xen . org security team
Thursday, 14 November
Security release of kubernetes-csi sidecars - CVE-2019-11255 Tim Allclair
Friday, 15 November
CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys Cedric Buissart
Sunday, 17 November
[CVE-2019-10070] Apache Atlas Stored XSS Vulnerability Madhan Neethiraj
Nokogiri security update v1.10.5 Mike Dalessio
Monday, 18 November
[CVE-2019-12422] Apache Shiro weak cookie vulnerability Brian Demers
Tuesday, 19 November
CVE-2019-18934 Unbound: Vulnerability in IPSEC module Ralph Dolmans
Mitigating malicious packages in gnu/linux Georgi Guninski
Re: Mitigating malicious packages in gnu/linux Morten Linderud
Re: Mitigating malicious packages in gnu/linux Pavel Heimlich
Re: Mitigating malicious packages in gnu/linux Stuart D. Gathman
Re: Mitigating malicious packages in gnu/linux Tim Kuijsten
Re: Mitigating malicious packages in gnu/linux Ludovic Courtès
Re: Mitigating malicious packages in gnu/linux Jakub Wilk
Re: Mitigating malicious packages in gnu/linux Morten Linderud
[CVE-2019-10083] Apache NiFi process group information disclosure Nathan Gough
[CVE-2019-12421] Apache NiFi 'Log out' button did not completely log user out Nathan Gough
[CVE-2019-10080] Apache NiFi XXE information disclosure Nathan Gough
Wednesday, 20 November
Re: Mitigating malicious packages in gnu/linux Solar Designer
Re: Mitigating malicious packages in gnu/linux Russ Allbery
Re: Mitigating malicious packages in gnu/linux Solar Designer
Re: Mitigating malicious packages in gnu/linux Aditya Sirish Arunkumar Yelgundhalli
Re: Mitigating malicious packages in gnu/linux Mark Hatle
Re: Mitigating malicious packages in gnu/linux Bob Friesenhahn
Re: Mitigating malicious packages in gnu/linux Jeremy Stanley
BIND9 CVE-2019-6477 ISC Security Officer
Re: Mitigating malicious packages in gnu/linux Bob Friesenhahn
Thursday, 21 November
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Friday, 22 November
Linux kernel: three buffer overflow in the marvell wifi driver huangwen
Linux kernel: heap overflow in the marvell wifi driver qize wang
Monday, 25 November
Re: Linux kernel: heap overflow in the marvell wifi driver Solar Designer
Lots of bugs in 32-bit x86 Linux entry code Andy Lutomirski
Re: Lots of bugs in 32-bit x86 Linux entry code Stuart D. Gathman
Re: Lots of bugs in 32-bit x86 Linux entry code Simon McVittie
grub2-set-bootflag utility causes grubenv corruption rendering the system un-bootable Huzaifa Sidhpurwala
Tuesday, 26 November
Xen Security Advisory 306 v2 - Device quarantine for alternate pci assignment methods Xen . org security team
Wednesday, 27 November
CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation Michael Ellerman
Thursday, 28 November
CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) Jesse
Multiple issues in lemonldap-ng Raphael Geissert
Monday, 02 December
Django 2.2.8 and 2.1.15: CVE-2019-19118: Privilege escalation in the Django admin. Carlton Gibson
virtual consoles Tavis Ormandy
Re: virtual consoles Solar Designer
Re: virtual consoles Tavis Ormandy
Re: virtual consoles Leonid Isaev
Re: virtual consoles Leonid Isaev
Tuesday, 03 December
Re: virtual consoles Georgi Guninski
Re: virtual consoles Simon McVittie
Re: virtual consoles Tavis Ormandy
Linux kernel: multiple vulnerabilities in the USB subsystem x3 Andrey Konovalov
Wednesday, 04 December
CVE-2019-17554: Olingo: XML External Entity resolution attack mibo
CVE-2019-17555: Olingo: DoS via Retry-After header vulnerability mibo
CVE-2019-17556: Olingo: Deserialization vulnerability mibo
[CVE-2019-19331] Knot Resolver 4.3.0 security release Vladimír Čunát
Authentication vulnerabilities in OpenBSD Qualys Security Advisory
Re: Authentication vulnerabilities in OpenBSD Solar Designer
[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. William J. Tolley
Thursday, 05 December
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Noel Kuntze
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Colm MacCárthaigh
Re: Authentication vulnerabilities in OpenBSD Georgi Guninski
Re: Authentication vulnerabilities in OpenBSD Renaud Allard
Re: Authentication vulnerabilities in OpenBSD Arrigo Triulzi
Xen Security Advisory 306 v3 (CVE-2019-19579) - Device quarantine for alternate pci assignment methods Xen . org security team
CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center
Friday, 06 December
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ValdikSS
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ValdikSS
Sunday, 08 December
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Noel Kuntze
Monday, 09 December
Shell wildcards considered dangerous? Georgi Guninski
Re: Shell wildcards considered dangerous? Noel Kuntze
Re: Shell wildcards considered dangerous? Heiko Schlittermann
Re: Shell wildcards considered dangerous? Leonid Isaev
Re: Shell wildcards considered dangerous? Noel Kuntze
Re: Shell wildcards considered dangerous? Leonid Isaev
Re: Shell wildcards considered dangerous? Noel Kuntze
Re: Shell wildcards considered dangerous? Leonid Isaev
Tuesday, 10 December
CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow sandreim
Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability Riccardo Schirone
CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) P J P
Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) Tyler Hicks
Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) P J P
Wednesday, 11 December
Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center
Xen Security Advisory 307 v3 (CVE-2019-19581,CVE-2019-19582) - find_next_bit() issues Xen . org security team
Xen Security Advisory 309 v3 (CVE-2019-19578) - Linear pagetable use / entry miscounts Xen . org security team
Xen Security Advisory 310 v3 (CVE-2019-19580) - Further issues with restartable PV type change operations Xen . org security team
Xen Security Advisory 311 v4 (CVE-2019-19577) - Bugs in dynamic height handling for AMD IOMMU pagetables Xen . org security team
Xen Security Advisory 308 v3 (CVE-2019-19583) - VMX: VMentry failure with debug exceptions and blocked states Xen . org security team
[OSSA-2019-006] Keystone: Credentials API allows listing and retrieving of all users credentials (CVE-2019-19687) Gage Hugo
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) Qualys Security Advisory
Thursday, 12 December
Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805 Kevin A. McGrail
Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420 Kevin A. McGrail
Friday, 13 December
Multiple vulnerabilities fixed in Git Johannes Schindelin
CVE-2019-19722: Critical vulnerability in Dovecot Aki Tuomi
Re: CVE-2019-19722: Critical vulnerability in Dovecot Aki Tuomi
Sunday, 15 December
CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid P J P
Monday, 16 December
[CVE-2019-12414] Apache Incubator Superset medata data leak vulnerability daniel gaspar
[CVE-2019-12413] Apache Incubator Superset meta data leak vulnerability daniel gaspar
Tuesday, 17 December
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Wednesday, 18 December
Django: CVE-2019-19844: Potential account hijack via password reset form Mariusz Felisiak
[CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Aaron Patterson
Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Alexander E. Patrakov
Thursday, 19 December
CVE requests: three vulnerabilities in ImageMagick GalyCannon
[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer Matt Sicker
Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Stuart D. Gathman
Friday, 20 December
Re: CVE requests: three vulnerabilities in ImageMagick Mohammad Tausif Siddiqui
VNC vulnerabilities. TigerVNC security update Pavel Cheremushkin
Monday, 23 December
Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 Larry W. Cashdollar
Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 Larry W. Cashdollar
CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities butt3rflyh4ck
Sunday, 29 December
OpenSC 0.20.0 released Frank Morgner
Monday, 30 December
[CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter Erik Hatcher