oss-sec: by thread
211 messages
starting Jul 01 20 and
ending Sep 30 20
Date index |
Thread index |
Author index
- PowerDNS Recursor 4.3.2, 4.2.3. and 4.1.17 released fixing CVE-2020-14196: Access restriction,bypass Otto Moerbeek (Jul 01)
- CVE-2020-15469 QEMU: MMIO ops null pointer dereference may lead to DoS P J P (Jul 01)
- [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels Mike Jumper (Jul 02)
- [SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling Mike Jumper (Jul 02)
- Contributing Back Zhang Xiao (Jul 02)
- Re: Contributing Back Francis Perron (Jul 02)
- Re: Contributing Back Daniel Stenberg (Jul 02)
- Re: Contributing Back Zhang Xiao (Jul 02)
- Re: Contributing Back Daniel Stenberg (Jul 02)
- Re: Contributing Back Solar Designer (Jul 11)
- Re: Contributing Back Zhang Xiao (Jul 13)
- Re: Contributing Back Solar Designer (Jul 20)
- Re: Contributing Back Mohammad Tausif Siddiqui (Jul 23)
- Re: Contributing Back Zhang Xiao (Jul 23)
- Re: Contributing Back Solar Designer (Jul 23)
- Re: Contributing Back Zhang Xiao (Jul 28)
- Re: Contributing Back Zhang Xiao (Jul 13)
- <Possible follow-ups>
- Re: Contributing Back Solar Designer (Sep 03)
- Re: Contributing Back Seth Arnold (Sep 03)
- Re: Contributing Back Vincent Batts (Sep 09)
- Re: Contributing Back Seth Arnold (Sep 03)
- Re: Contributing Back Francis Perron (Jul 02)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 02)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 01)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 16)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 23)
- CVE-2020-13640: WordPress Plugin wpDiscuz <= 5.3.5 SQL injection asterite (Jul 06)
- veyon: Veyon uses fixed logfile paths in /tmp in versions prior v4.4.0 Matthias Gerstner (Jul 07)
- Xen Security Advisory 317 v3 (CVE-2020-15566) - Incorrect error handling in event channel port allocation Xen . org security team (Jul 07)
- Xen Security Advisory 319 v3 (CVE-2020-15563) - inverted code paths in x86 dirty VRAM tracking Xen . org security team (Jul 07)
- Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d Xen . org security team (Jul 07)
- Xen Security Advisory 327 v3 (CVE-2020-15564) - Missing alignment check in VCPUOP_register_vcpu_info Xen . org security team (Jul 07)
- Xen Security Advisory 328 v3 (CVE-2020-15567) - non-atomic modification of live EPT PTE Xen . org security team (Jul 07)
- [Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Joel Smith (Jul 08)
- SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql Larry W. Cashdollar (Jul 09)
- X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch X41 D-Sec GmbH Advisories (Jul 09)
- WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006 Carlos Alberto Lopez Perez (Jul 10)
- [SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability ShaoFeng Shi (Jul 14)
- [SECURITY][CVE-2020-13926] Apache Kylin SQL injection vulnerability ShaoFeng Shi (Jul 14)
- [SECURITY] CVE-2020-13935 Apache Tomcat WebSocket Denial of Service Mark Thomas (Jul 14)
- [SECURITY] CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service Mark Thomas (Jul 14)
- Flatcar membership on the linux-distros list Vincent Batts (Jul 14)
- Re: Flatcar membership on the linux-distros list Randy Barlow (Jul 15)
- Re: Flatcar membership on the linux-distros list Solar Designer (Jul 20)
- Re: Flatcar membership on the linux-distros list Vincent Batts (Jul 23)
- Re: Flatcar membership on the linux-distros list Solar Designer (Jul 23)
- Re: Flatcar membership on the linux-distros list Jeff Law (Jul 23)
- Re: Flatcar membership on the linux-distros list Solar Designer (Jul 23)
- Re: Flatcar membership on the linux-distros list Jeff Law (Jul 23)
- Re: Flatcar membership on the linux-distros list Greg KH (Jul 24)
- Re: Flatcar membership on the linux-distros list Solar Designer (Jul 25)
- Re: Flatcar membership on the linux-distros list Vincent Batts (Jul 23)
- [CVE-2020-13923] IDOR in Apache OFBiz Jacques Le Roux (Jul 15)
- [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication Jacques Le Roux (Jul 15)
- CVE-2020-8557: Kubernetes: Node disk DOS by writing to container /etc/hosts Joel Smith (Jul 15)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Wadeck Follonier (Jul 15)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Aug 12)
- Kubernetes: CVE-2020-8559: Privilege escalation from compromised node to cluster Tim Allclair (Jul 15)
- Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Xen . org security team (Jul 16)
- Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Mauro Matteo Cascella (Jul 17)
- Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Andrew Cooper (Jul 20)
- Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Mauro Matteo Cascella (Jul 17)
- CVE-2018-21036: Sails.js before v1.0.0-46 DoS ali . of . south (Jul 19)
- Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
- Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
- Re: Perl 5.32.0 mishandling of rpath and runpath tokens Phil Pennock (Jul 20)
- Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
- Re: Perl 5.32.0 mishandling of rpath and runpath tokens Phil Pennock (Jul 20)
- Re: Perl 5.32.0 mishandling of rpath and runpath tokens Casper . Dik (Jul 21)
- Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
- Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Marcus Meissner (Jul 20)
- Re: Re: lockdown bypass on mainline kernel for loading unsigned modules Marcus Meissner (Jul 20)
- CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin Gary Tully (Jul 20)
- Xen Security Advisory 329 v3 (CVE-2020-15852) - Linux ioperm bitmap context switching issues Xen . org security team (Jul 21)
- CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets P J P (Jul 21)
- CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c Mauro Matteo Cascella (Jul 22)
- [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update 张云海 (Jul 28)
- Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update Eric Biggers (Jul 28)
- WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007 Carlos Alberto Lopez Perez (Jul 29)
- multiple secure boot grub2 and linux kernel vulnerabilities John Haxby (Jul 29)
- UEFI SecureBoot bypass fixes rolled out to kernels below radar Jason A. Donenfeld (Jul 30)
- Re: UEFI SecureBoot bypass fixes rolled out to kernels below radar John Haxby (Jul 30)
- Alternative CET ABI Florian Weimer (Jul 30)
- Re: Alternative CET ABI Jann Horn (Jul 30)
- Re: Alternative CET ABI Florian Weimer (Jul 30)
- Re: Alternative CET ABI H.J. Lu (Jul 30)
- Re: Alternative CET ABI Szabolcs Nagy (Jul 30)
- Re: Alternative CET ABI Florian Weimer (Jul 30)
- Re: Alternative CET ABI Jann Horn (Jul 30)
- Fwd: X.Org security advisory: July 31, 2020: libX11 Matthieu Herrb (Jul 31)
- Fwd: X.Org security advisory: July 31, 2020: Xserver Matthieu Herrb (Jul 31)
- ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 03)
- Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
- Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
- Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Marco Benatto (Aug 03)
- Re: [TrouSerS-tech] [oss-security] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 04)
- <Possible follow-ups>
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jerry Snitselaar (Aug 06)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jonas Witschel (Aug 06)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon James Bottomley (Aug 06)
- Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jonas Witschel (Aug 06)
- [CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated. Sheng Wu (Aug 05)
- Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 06)
- <Possible follow-ups>
- Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 14)
- CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Joe Orton (Aug 17)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 10)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
- CVE-2020-11985: Apache httpd: CWE-345: Insufficient verification of data authenticity Daniel Ruggeri (Aug 07)
- CVE-2020-11993: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header Daniel Ruggeri (Aug 07)
- CVE-2020-9490: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header Daniel Ruggeri (Aug 07)
- [CVE-2020-9479] Directory traversal vulnerability in Apache AsterixDB Ian Maxon (Aug 08)
- Voiding CVE-2020-16248 Richard Hartmann (Aug 08)
- Re: Voiding CVE-2020-16248 Hanno Böck (Aug 08)
- Re: [prometheus-team] Voiding CVE-2020-16248 Bartłomiej Płotka (Aug 08)
- Re: [prometheus-team] Voiding CVE-2020-16248 Julien Pivotto (Aug 08)
- Re: Voiding CVE-2020-16248 Sylvain Beucler (Aug 08)
- Re: Voiding CVE-2020-16248 Richard Hartmann (Aug 09)
- Re: Voiding CVE-2020-16248 Bastian Blank (Aug 08)
- Re: Voiding CVE-2020-16248 Jeffrey Walton (Aug 08)
- Re: Voiding CVE-2020-16248 Richard Hartmann (Aug 09)
- CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
- Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev (Aug 10)
- [CVE-2020-11976] Apache Wicket information disclosure vulnerability svenmeier (Aug 10)
- CVE-2020-12100: Dovecot IMAP server: Receiving mail with deeply nested MIME parts leads to resource exhaustion Aki Tuomi (Aug 12)
- CVE-2020-12673: Dovecot IMAP server: Specially crafted NTLM package can crash auth service Aki Tuomi (Aug 12)
- CVE-2020-12674: Dovecot IMAP server: Specially crafted RPA authentication message crashes auth Aki Tuomi (Aug 12)
- CVE-2020-16843: Firecracker v0.20.0, v0.21.0 and v0.21.1 network stack can freeze under heavy ingress traffic Iorga, Serban (Aug 13)
- Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) vpn-research (Aug 13)
- Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Aug 13)
- Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Sep 08)
- [CVE-2020-13941] Apache Solr information disclosure vulnerability David Smiley (Aug 15)
- Vulnerability in Jenkins Daniel Beck (Aug 17)
- [CVE-2020-13933] Apache Shiro Authentication Bypass Vulnerability Brian Demers (Aug 17)
- [SECURITY ADVISORY] libcurl: wrong connect-only connection Daniel Stenberg (Aug 19)
- Linux Kernel 5.7.9 DRM Double Free zdi-disclosures () trendmicro com (Aug 19)
- Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
- Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
- Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
- Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
- Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
- Fossil-SCM patch fixes RCE in all historic versions Richard Hipp (Aug 20)
- Re: Fossil-SCM patch fixes RCE in all historic versions Salvatore Bonaccorso (Aug 25)
- Five vulnerabilities disclosed in BIND (CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, and CVE-2020-8624) Michael McNally (Aug 20)
- chrony: CVE-2020-14367: unsafe pidfile creation allows privilege escalation from chrony user to root Matthias Gerstner (Aug 21)
- CVE-2019-20794 kernel: task processes not being properly ended could lead to resource exhaustion Rohit Keshri (Aug 24)
- Xen Security Advisory 335 v2 (CVE-2020-14364) - QEMU: usb: out-of-bounds r/w access issue Xen . org security team (Aug 24)
- CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets P J P (Aug 24)
- X.Org libX11 security advisory: August 25, 2020 Matthieu Herrb (Aug 25)
- X.Org server security advisory: August 25, 2020 Matthieu Herrb (Aug 25)
- Re: X.Org server security advisory: August 25, 2020 Alan Coopersmith (Aug 25)
- [OSSA-2020-006] Nova: Live migration fails to update persistent domain XML (CVE-2020-17376) Jeremy Stanley (Aug 25)
- CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX Brandon Williams (Aug 31)
- Kamailio vulnerable to header smuggling possible due to bypass of remove_hf Sandro Gauci (Sep 01)
- Django Security Releases for CVE-2020-24583 & CVE-2020-24584: permissions on intermediate-level directories on Python 3.7+ Carlton Gibson (Sep 01)
- CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Sam Tunnicliffe (Sep 01)
- Open Source Tool | vPrioritization | Risk Prioritization Framework Pramod Rana (Sep 03)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger (Sep 05)
- Risk and severity vectors (was: Open Source Tool | vPrioritization | Risk Prioritization Framework) Jeremy Stanley (Sep 05)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Pramod Rana (Sep 06)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Amos Jeffries (Sep 06)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Robert Watson (Sep 06)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger (Sep 07)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Jeffrey Walton (Sep 07)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Kurt H Maier (Sep 07)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Jeffrey Walton (Sep 08)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Alex Gaynor (Sep 08)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework The Doctor [412/724/301/703/415/510] (Sep 09)
- Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger (Sep 05)
- CVE-2020-14386: Linux kernel: af_packet.c vulnerability Or Cohen (Sep 03)
- Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Solar Designer (Sep 04)
- Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Kai Lüke (Sep 10)
- Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Solar Designer (Sep 04)
- GNUPG released with AEAD sec fix CVE-2020-25125 Marcus Meissner (Sep 03)
- CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences Wolfgang Frisch (Sep 03)
- [CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediately Matthias Bläsing (Sep 07)
- CVE-2020-15166: zeromq/libzmq: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients Luca Boccassi (Sep 07)
- CVE Request: Linux kernel vsyscall page refcounting error Andy Lutomirski (Sep 08)
- Re: CVE Request: Linux kernel vsyscall page refcounting error Salvatore Bonaccorso (Sep 10)
- [CVE-2020-13920] ActiveMQ JMX vulenarable to MITM attack Jean-Baptiste Onofre (Sep 09)
- [CVE-2020-11998] Apache ActiveMQ JMX remote client could execute arbitrary code Jean-Baptiste Onofre (Sep 10)
- [CVE-2020-11991] Apache Cocoon security vulnerability Cédric Damioli (Sep 11)
- [CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition Francesco Chicchiriccò (Sep 14)
- Fwd: [CVE-2020-13928 ] Apache Atlas Multiple XSS Vulnerability Keval Bhatt (Sep 15)
- CVE-2020-14390: Linux kernel: slab-out-of-bounds in fbcon Minh Yuan (Sep 15)
- [CVE-2020-13948] Apache Superset Remote Code Execution Vulnerability William Barrett (Sep 15)
- Linux Kernel: out-of-bounds reading in vgacon_scrolldelta NopNop Nop (Sep 16)
- [CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12 Kaxil Naik (Sep 16)
- CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet P J P (Sep 16)
- CVE-2020-25085 QEMU: sdhci: out-of-bounds access issue while doing multi block SDMA P J P (Sep 16)
- CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while processing transfer descriptors P J P (Sep 17)
- Samba and CVE-2020-1472 ("Zerologon") Douglas Bagnall (Sep 17)
- Apache + PHP <= 7.4.10 open_basedir bypass Havijoori (Sep 17)
- Xen Security Advisory 333 v3 (CVE-2020-25602) - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE Xen . org security team (Sep 22)
- Xen Security Advisory 336 v3 (CVE-2020-25604) - race when migrating timers between x86 HVM vCPU-s Xen . org security team (Sep 22)
- Xen Security Advisory 339 v3 (CVE-2020-25596) - x86 pv guest kernel DoS via SYSENTER Xen . org security team (Sep 22)
- Xen Security Advisory 334 v3 (CVE-2020-25598) - Missing unlock in XENMEM_acquire_resource error path Xen . org security team (Sep 22)
- Xen Security Advisory 338 v4 (CVE-2020-25597) - once valid event channels may not turn invalid Xen . org security team (Sep 22)
- Xen Security Advisory 337 v3 (CVE-2020-25595) - PCI passthrough code reading back hardware registers Xen . org security team (Sep 22)
- Xen Security Advisory 344 v4 (CVE-2020-25601) - lack of preemption in evtchn_reset() / evtchn_destroy() Xen . org security team (Sep 22)
- Xen Security Advisory 340 v3 (CVE-2020-25603) - Missing memory barriers when accessing/allocating an event channel Xen . org security team (Sep 22)
- Xen Security Advisory 342 v3 (CVE-2020-25600) - out of bounds event channels available to 32-bit x86 domains Xen . org security team (Sep 22)
- Xen Security Advisory 343 v4 (CVE-2020-25599) - races with evtchn_reset() Xen . org security team (Sep 22)
- [Fwd: [Pdns-announce] security advisories for Authoritative 4.3.1, 4.2.3, 4.1.14] Peter van Dijk (Sep 22)
- [CVE-2020-13953] Apache Tapestry WEB-INF file download vulnerability Thiago H. de Paula Figueiredo (Sep 26)
- CVE-2018-11765: Potential information disclosure in Hadoop Web interfaces Akira Ajisaka (Sep 27)
- [ANNOUNCE] CVE-2020-13951 - Apache Openmeetings: DoS via public web service Maxim Solodovnik (Sep 28)
- DPDK security advisory for multiple vhost crypto issues Ferruh Yigit (Sep 28)
- QEMU: NULL pointer derefrence issues P J P (Sep 29)
- libass ass_outline.c signed integer overflow Fstark (Sep 29)
- [CVE-2020-13952] Apache Superset Information Disclosure Vulnerability Will Barrett (Sep 29)
- CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Wade Mealing (Sep 29)
- [CVE-2020-26149] NATS project vulnerabilities: nats.js, (nats.ws, nats.deno) Phil Pennock (Sep 30)
- CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files Hardik Vyas (Sep 30)
- CVE-2020-10763 heketi: gluster-block volume password details available in logs Hardik Vyas (Sep 30)
- [CVE-2020-11979] Apache Ant insecure temporary file vulnerability Stefan Bodewig (Sep 30)
- [cve-request () mitre org: Re: [scr966354] oniguruma regular expression library - fixed in devel version cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0] Seth Arnold (Sep 30)