oss-sec: by thread
236 messages
starting Apr 01 21 and
ending Jun 30 21
Date index |
Thread index |
Author index
- Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt (Apr 01)
- kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Jan Engelhardt (Apr 02)
- Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Robert Scheck (Apr 24)
- CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks Colm O hEigeartaigh (Apr 02)
- Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 05)
- Re: Risk of local privilege escalation in GNU Guix Henri Salo (Apr 05)
- Re: Risk of local privilege escalation in GNU Guix Jan Engelhardt (Apr 05)
- Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 05)
- Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 05)
- Re: Risk of local privilege escalation in GNU Guix Jan Engelhardt (Apr 05)
- Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 09)
- <Possible follow-ups>
- Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 10)
- Re: Risk of local privilege escalation in GNU Guix Henri Salo (Apr 05)
- Django: CVE-2021-28658: Potential directory-traversal via uploaded files Mariusz Felisiak (Apr 06)
- CVE-2021-29136: umoci: malicious layer with symlink entry for "/" allows overwriting of host files Aleksa Sarai (Apr 06)
- CVE-2021-3483: Linux kernel: a use-after-free bug in nosy driver 马哲宇 (Apr 07)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Apr 07)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 30)
- [CVE-2021-29154] Linux kernel incorrect computation of branch displacements in BPF JIT compiler can be abused to execute arbitrary code in Kernel mode Piotr Krysiuk (Apr 08)
- Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Apr 09)
- CVE-2021-29425 (Possible limited path traversal in Apache Commons IO 2.2 to 2.6) Jochen Wiedmann (Apr 12)
- CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections Mike Drob (Apr 12)
- CVE-2021-29262: Apache Solr: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings Mike Drob (Apr 12)
- CVE-2021-27905: Apache Solr: SSRF vulnerability with the Replication handler Mike Drob (Apr 12)
- X.Org server security advisory: April 13, 2021 Matthieu Herrb (Apr 13)
- [kubernetes] CVE-2021-25735: Validating Admission Webhook does not observe some previous fields Tim Allclair (Apr 14)
- CVE-2021-20288 Ceph: Unauthorized global_id reuse in cephx Ana McTaggart (Apr 14)
- CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195 Thiago H. de Paula Figueiredo (Apr 15)
- [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Steve Beattie (Apr 16)
- Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Salvatore Bonaccorso (Apr 16)
- Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Steve Beattie (Apr 16)
- Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Salvatore Bonaccorso (Apr 16)
- [CVE-2021-3492] Ubuntu shiftfs Linux kernel file system double free vulnerability Steve Beattie (Apr 16)
- QEMU: ESP security fixes Mauro Matteo Cascella (Apr 16)
- xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Érico Nogueira (Apr 18)
- Re: xscreensaver package caps gets raw socket Solar Designer (Apr 18)
- Re: xscreensaver package caps gets raw socket Alan Coopersmith (Apr 18)
- Re: xscreensaver package caps gets raw socket Simon McVittie (Apr 18)
- Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
- Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
- Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
- Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
- Re: xscreensaver package caps gets raw socket Eli Schwartz (Apr 19)
- Re: xscreensaver package caps gets raw socket Stuart Henderson (Apr 19)
- Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
- Re: xscreensaver package caps gets raw socket Solar Designer (Apr 19)
- Re: xscreensaver package caps gets raw socket Salvatore Bonaccorso (Apr 21)
- CVE-2021-23133: Linux kernel: race condition in sctp sockets Or Cohen (Apr 18)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- [CVE-2021-29155] Linux kernel protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory Piotr Krysiuk (Apr 18)
- Announce: OpenSSH 8.6 released Damien Miller (Apr 18)
- Re: Linux Kernel: out of bounds array access in dm-ioctl.c - Nop (Apr 19)
- Linux kernel: a heap buffer overflow in firedtv driver Luo Likang (Apr 20)
- DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 20)
- Re: DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 25)
- Vulnerability in Jenkins Daniel Beck (Apr 20)
- DNS rebinding vulnerability in pupnp Gabriel Corona (Apr 20)
- Exim security update ahead Heiko Schlittermann (Apr 21)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 21)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 11)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 25)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 10)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 16)
- Malicious commits to Linux kernel as part of university study Peter Bex (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Albert Veli (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Peter Bex (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study David A. Wheeler (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Santiago Torres (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Ariadne Conill (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study r00t4dm (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Mark Steward (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Michael Orlitzky (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Francis Booth (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Eric Biggers (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Jan Engelhardt (Apr 23)
- Re: Malicious commits to Linux kernel as part of university study Kurt H Maier (Apr 23)
- Re: Malicious commits to Linux kernel as part of university study James Feister (Apr 23)
- Re: Malicious commits to Linux kernel as part of university study Greg KH (Apr 23)
- Re: Malicious commits to Linux kernel as part of university study Peter Bex (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study David H (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Marcus Meissner (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Marcus Meissner (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Silas (Apr 24)
- Re: Malicious commits to Linux kernel as part of university study Thomas Ward (Apr 24)
- Re: Malicious commits to Linux kernel as part of university study Marcus Meissner (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Ariadne Conill (Apr 22)
- Re: Malicious commits to Linux kernel as part of university study Albert Veli (Apr 22)
- CVE-2021-26291: Apache Maven: block repositories using http by default Brian Fox (Apr 23)
- virtualbox: CVE-2021-2264: vboxautostart-service.sh allows injection of parameters in 'su' invocation Matthias Gerstner (Apr 26)
- virtualbox: CVE-2021-25319: missing sticky bit in openSUSE packaging for /etc/box allows local root exploit for members of vboxusers group Matthias Gerstner (Apr 26)
- CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users Bharat Viswanadham (Apr 26)
- CVE-2021-28125: Apache Superset Open Redirect daniel gaspar (Apr 27)
- CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later Thiago H. de Paula Figueiredo (Apr 27)
- [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI jleroux () apache org (Apr 27)
- [CVE-2021-30128] Unsafe deserialization in OFBiz jleroux () apache org (Apr 27)
- ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Michael McNally (Apr 28)
- Nitro Enclaves kernel driver issue Paraschiv, Andra-Irina (Apr 29)
- [ANNOUNCE] klibc 2.0.9 Ben Hutchings (Apr 30)
- kopano-core 11.0.1.143: Remote DoS with resource exhaustion Jan Engelhardt (May 01)
- Exim 4.94.2 - security update released Heiko Schlittermann (May 04)
- [CVE-2021-31829] Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory Piotr Krysiuk (May 04)
- 21Nails: Multiple vulnerabilities in Exim Qualys Security Advisory (May 04)
- hivex CVE-2021-3504 Huzaifa Sidhpurwala (May 04)
- Xen Security Advisory 370 v2 (CVE-2021-28689) - x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests Xen . org security team (May 04)
- Multiple vulnerabilities in RPM Demi Marie Obenour (May 04)
- Django 3.2.1, 3.1.9, and 2.2.21: CVE-2021-31542: Potential directory-traversal via uploaded files Carlton Gibson (May 04)
- [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU Hausler, Micah (May 04)
- [CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch Aaron Patterson (May 05)
- [CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack Aaron Patterson (May 05)
- [CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack Aaron Patterson (May 05)
- [CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication Aaron Patterson (May 05)
- CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella (May 05)
- Re: CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella (May 07)
- Django: CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ Mariusz Felisiak (May 06)
- Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (May 07)
- Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (May 08)
- [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image William Bowling (May 09)
- Code execution through Thunar Gabriel Corona (May 09)
- Re: Code execution through Thunar Gabriel Corona (May 10)
- [Kubernetes] CVE-2021-25736: Windows kube-proxy LoadBalancer contention Swamy Shivaganga Nagaraju (May 10)
- CVE-2021-32399 Linux device detach race condition Lin Horse (May 10)
- CVE-2021-23134: Linux kernel: UAF in nfc sockets Nadav Markus (May 11)
- [CVE-2020-28018] Use-After-Free on Exim Question null p0int3r (May 11)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question Solar Designer (May 11)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory (May 11)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question null p0int3r (May 11)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory (May 11)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question harris.johnson.x (May 12)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory (May 12)
- Re: [CVE-2020-28018] Use-After-Free on Exim Question null p0int3r (May 11)
- Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Stefan Pietsch (May 11)
- Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Stefan Pietsch (May 11)
- CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation Thadeu Lima de Souza Cascardo (May 11)
- CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking Thadeu Lima de Souza Cascardo (May 11)
- various 802.11 security issues - fragattacks.com Johannes Berg (May 11)
- CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass Thadeu Lima de Souza Cascardo (May 11)
- Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek (May 11)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Salvatore Bonaccorso (May 11)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek (May 13)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Solar Designer (May 14)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Oliver Hartkopp (May 28)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Marc Kleine-Budde (May 28)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Greg Kroah-Hartman (May 29)
- Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 13)
- <Possible follow-ups>
- Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Robert G. (May 14)
- Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 14)
- CVE-2021-3509: Ceph: Cross Site Scripting via token Cookie Ana McTaggart (May 14)
- CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart (May 14)
- Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart (May 17)
- Open Source WAF testing tools Martin O'Neil (May 16)
- Re: Open Source WAF testing tools Brandon Perry (May 16)
- Re: Open Source WAF testing tools Ivan Novikov (May 16)
- rxvt terminal (+bash) remoteish code execution 0day def (May 17)
- Re: rxvt terminal (+bash) remoteish code execution 0day def (May 17)
- Re: rxvt terminal (+bash) remoteish code execution 0day Jakub Wilk (May 17)
- Re: rxvt terminal (+bash) remoteish code execution 0day Dan Yefihmov (May 17)
- Re: rxvt terminal (+bash) remoteish code execution 0day Jakub Wilk (May 17)
- Re: rxvt terminal (+bash) remoteish code execution 0day Priedhorsky, Reid (May 17)
- Re: rxvt terminal (+bash) remoteish code execution 0day def (May 17)
- please: CVE-2021-31153,CVE-2021-31154,CVE-2021-31155: local root exploit and further security issues in sudo-like utility Matthias Gerstner (May 18)
- libX11 security advisory: May 18, 2021 Matthieu Herrb (May 18)
- libx11 API Protocol Command Injection Unparalleled IT Security Research (May 18)
- [kubernetes] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack CJ Cullen (May 18)
- Prometheus 2.26.1-2.27.1 released to fix an Open Redirect security issue Julien Pivotto (May 19)
- CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack Aleksa Sarai (May 19)
- Plone security hotfix 20210518 Maurits van Rees (May 21)
- Re: Plone security hotfix 20210518 Maurits van Rees (May 22)
- CVE-2021-3564 Linux Bluetooth device initialization implementation bug Mart111n (May 25)
- CVE-2021-23937: Apache Wicket: DNS proxy and possible amplification attack Emond Papegaaij (May 25)
- CVE-2021-22160 Apache Pulsar Information Disclosure PengHui Li (May 25)
- X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability X41 D-Sec GmbH Advisories (May 25)
- [SECURITY ADVISORY] curl: TELNET stack contents disclosure Daniel Stenberg (May 25)
- [SECURITY ADVISORY] curl: TLS session caching disaster Daniel Stenberg (May 25)
- CVE-2021-22543 - /dev/kvm LPE Eduardo' Vela" <Nava> (May 26)
- Re: CVE-2021-22543 - /dev/kvm LPE Solar Designer (May 26)
- Re: CVE-2021-22543 - /dev/kvm LPE Paolo Bonzini (May 26)
- Re: CVE-2021-22543 - /dev/kvm LPE Eduardo' Vela" <Nava> (Jun 26)
- ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217) Michael McNally (May 26)
- [CVE-2021-33200] Linux kernel enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes in kernel memory Piotr Krysiuk (May 27)
- CVE-2020-17514: Apache Fineract: Disabled hostname verification for HTTPS James Dailey (May 27)
- QEMU: security issues in vhost-user-gpu Mauro Matteo Cascella (May 31)
- Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 01)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 06)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Wade Mealing (Jun 07)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 08)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 06)
- Django security releases 3.2.4, 3.1.12, and 2.2.24 for CVE-2021-33203 and CVE-2021-33571 Carlton Gibson (Jun 02)
- CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() Cedric Buissart (Jun 03)
- XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli (Jun 10)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 10)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli (Jun 11)
- Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 10)
- CVE-2021-3578: possible remote code execution in isync/mbsync Oswald Buddenhagen (Jun 07)
- [CVE-2021-33896] Path traversal in Dino file transfers Dino Team (Jun 07)
- CVE-2021-3573: UAF in hci_sock_bound_ioctl() function Lin Horse (Jun 08)
- CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control JunXu Chen (Jun 08)
- Xen Security Advisory 372 v3 (CVE-2021-28693) - xen/arm: Boot modules are not scrubbed Xen . org security team (Jun 08)
- Xen Security Advisory 374 v2 (CVE-2021-28691) - Guest triggered use-after-free in Linux xen-netback Xen . org security team (Jun 08)
- Xen Security Advisory 375 v2 (CVE-2021-0089) - Speculative Code Store Bypass Xen . org security team (Jun 08)
- Xen Security Advisory 377 v2 (CVE-2021-28690) - x86: TSX Async Abort protections not restored after S3 Xen . org security team (Jun 08)
- Xen Security Advisory 373 v2 (CVE-2021-28692) - inappropriate x86 IOMMU timeout detection / handling Xen . org security team (Jun 08)
- connman stack buffer overflow in dnsproxy CVE-2021-33833 Marcus Meissner (Jun 09)
- Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Xen . org security team (Jun 09)
- Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Xen . org security team (Jun 10)
- CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections Christophe JAILLET (Jun 10)
- CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges Christophe JAILLET (Jun 10)
- CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference Christophe JAILLET (Jun 10)
- CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte Christophe JAILLET (Jun 10)
- CVE-2021-26690: Apache httpd: mod_session NULL pointer dereference Christophe JAILLET (Jun 10)
- CVE-2021-26691: Apache httpd: mod_session response handling heap overflow Christophe JAILLET (Jun 10)
- CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF' Christophe JAILLET (Jun 10)
- CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request Christophe JAILLET (Jun 10)
- Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request John Helmert III (Jun 10)
- Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request Christophe JAILLET (Jun 10)
- Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request John Helmert III (Jun 10)
- CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file Andreas Lehmkuehler (Jun 12)
- CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file Andreas Lehmkuehler (Jun 12)
- xscreensaver: filename command injection in vidwhacker screensaver Hanno Böck (Jun 14)
- CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel Norbert Slusarek (Jun 15)
- CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw Robert Middleton (Jun 15)
- CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter Colm O hEigeartaigh (Jun 16)
- New Open-Source Forensic Tool for SQLite Data Recovery Andrew Zayine (Jun 17)
- Vulnerability in Jenkins Generic Webhook Trigger Plugin Daniel Beck (Jun 18)
- CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation Norbert Slusarek (Jun 19)
- Re: CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation Thadeu Lima de Souza Cascardo (Jun 19)
- [CVE-2021-33624] Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory Adam Morrison (Jun 21)
- CVE-2021-26461: Apache NuttX (incubating): malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds Brennan Ashton (Jun 21)
- CVE-2021-3600 - Linux kernel eBPF 32-bit source register truncation on div/mod Thadeu Lima de Souza Cascardo (Jun 23)
- FW: An out-of-bound read/write in fsi driver Luo Likang (Jun 25)
- CVE-2021-29157: Dovecot oauth2 JWT local validation path traversal Aki Tuomi (Jun 28)
- CVE-2021-33515: Dovecot SMTP Submission service STARTTLS injection. Aki Tuomi (Jun 28)
- CVE-2020-28200: Dovecot Pigeonhole Sieve excessive resource usage Aki Tuomi (Jun 28)
- Plone: stored XSS in folder contents Maurits van Rees (Jun 30)