oss-sec: by thread
212 messages
starting Jan 03 22 and
ending Mar 31 22
Date index |
Thread index |
Author index
- CVE-2021-34797: Apache Geode project log file redaction of sensitive information vulnerability Kirk Lund (Jan 03)
- CVE-2021-38542: Apache James vulnerable to STARTTLS command injection (IMAP and POP3) Benoit Tellier (Jan 03)
- CVE-2021-40110: Apache James IMAP vulnerable to a ReDoS Benoit Tellier (Jan 03)
- CVE-2021-40111: Apache James IMAP parsing Denial Of Service Benoit Tellier (Jan 03)
- CVE-2021-40525: Apache James: Sieve file storage vulnerable to path traversal attacks Benoit Tellier (Jan 03)
- Django security releases issued: 4.0.1, 3.2.11, and 2.2.26 (Multiple CVEs) Carlton Gibson (Jan 04)
- Fwd: Node.js security updates for all active release lines, January 2022 Bryan English (Jan 04)
- <Possible follow-ups>
- Fwd: Node.js security updates for all active release lines, January 2022 Bryan English (Jan 11)
- CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet Neil Griffin (Jan 05)
- CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet Neil Griffin (Jan 05)
- CVE-2021-36739: Apache Portals: XSS vulnerability in the MVCBean JSP portlet maven archetype Neil Griffin (Jan 05)
- CVE-2021-45456: Apache Kylin: Command injection Xiaoxiang Yu (Jan 06)
- CVE-2021-45457: Apache Kylin: Overly broad CORS configuration Xiaoxiang Yu (Jan 06)
- CVE-2021-45458: Apache Kylin: Hardcoded credentials Xiaoxiang Yu (Jan 06)
- CVE-2021-31522: Apache Kylin unsafe class loading Xiaoxiang Yu (Jan 06)
- CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE Xiaoxiang Yu (Jan 06)
- CVE-2021-27738: Apache Kylin: Improper Access Control to Streaming Coordinator & SSRF Xiaoxiang Yu (Jan 06)
- CVE-2021-43045: Apache Avro: Possible DOS vulnerabilities in C# Avro SDK Ryan Skraba (Jan 06)
- CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) Rohit Keshri (Jan 10)
- CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)
- CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 11)
- Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 18)
- CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Ana McTaggart (Jan 11)
- Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Jeffrey Walton (Jan 12)
- Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size John Helmert III (Jan 12)
- Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Sven Kieske (Jan 12)
- Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Ana McTaggart (Jan 12)
- Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Sven Kieske (Jan 12)
- [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections Mike Jumper (Jan 11)
- [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses Mike Jumper (Jan 11)
- CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS Ana Oprea (Jan 12)
- Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS John Helmert III (Jan 12)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Wadeck Follonier (Jan 12)
- Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 13)
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 14)
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 18)
- CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery Milan Broz (Jan 13)
- Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 18)
- Null pointer deref in unzip 6.0 Nils Bars (Jan 14)
- Re: 3 new CVE's in vim Alan Coopersmith (Jan 15)
- Fuzzy CVE's in GNU inetutils Alan Coopersmith (Jan 15)
- Re: Fuzzy CVE's in GNU inetutils Salvatore Bonaccorso (Jan 16)
- Re: Fuzzy CVE's in GNU inetutils Alan Coopersmith (Jan 16)
- Re: Fuzzy CVE's in GNU inetutils Salvatore Bonaccorso (Jan 16)
- wpa_supplicant/hostapd: SAE/EAP-pwd side-channel attack update 2 Jouni Malinen (Jan 16)
- Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c butt3rflyh4ck (Jan 16)
- CVE-2021-42357: DOM based XSS Vulnerability in Apache Knox Larry McCay (Jan 17)
- Expat 2.4.3 released, includes 8 security fixes Alan Coopersmith (Jan 17)
- CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x Ralph Goers (Jan 18)
- CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1 Ralph Goers (Jan 18)
- CVE-2022-23307: Apache Log4j 1.x: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. Ralph Goers (Jan 18)
- Linux kernel: Heap buffer overflow in fs_context.c since version 5.1 Will (Jan 18)
- Re: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1 John Haxby (Jan 18)
- CVE-2021-45230: Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver Kaxil Naik (Jan 19)
- Race condition in the Rust standard library (CVE-2022-21658) Pietro Albini (Jan 20)
- CVE-2022-22733: Apache ShardingSphere ElasticJob-UI: Access-Token in ElasticJob UI causes password disclosure Haoran Meng (Jan 20)
- CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer overflow vulnerability in base64 functions Hannes von Haugwitz (Jan 20)
- usbview polkit policy local root exploit (CVE-2022-23220) Matthias Gerstner (Jan 21)
- Re: usbview polkit policy local root exploit (CVE-2022-23220) Greg KH (Jan 22)
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 21)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 23)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 24)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 24)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 29)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Sam James (Jan 30)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 24)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 31)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 23)
- CVE-2021-3996 and CVE-2021-3995 in util-linux's libmount Qualys Security Advisory (Jan 24)
- CVE-2022-23437: Infinite loop within Apache XercesJ xml parser Mukul Gandhi (Jan 24)
- CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd() Qualys Security Advisory (Jan 24)
- Multiple vulnerabilities in connman's dnsproxy component Matthias Gerstner (Jan 25)
- Xen Security Advisory 393 v2 (CVE-2022-23033) - arm: guest_physmap_remove_page not removing the p2m mappings Xen . org security team (Jan 25)
- Xen Security Advisory 394 v3 (CVE-2022-23034) - A PV guest could DoS Xen while unmapping a grant Xen . org security team (Jan 25)
- Xen Security Advisory 395 v2 (CVE-2022-23035) - Insufficient cleanup of passed-through device IRQs Xen . org security team (Jan 25)
- CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Zhang Yonglun (Jan 25)
- Re: CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Alan Coopersmith (Jan 25)
- CVE-2022-23945: Apache ShenYu missing authentication allows gateway registration Zhang Yonglun (Jan 25)
- CVE-2022-23223: Password leakage in Apache ShenYu Zhang Yonglun (Jan 25)
- CVE-2021-45029: Groovy Code Injection & SpEL Injection in Apache ShenYu 2.4.1 Zhang Yonglun (Jan 25)
- [SECURITY] New security advisory for CVE-2021-41766 released for Apache Karaf Jean-Baptiste Onofré (Jan 25)
- [SECURITY] New security advisory for CVE-2022-22932 Jean-Baptiste Onofré (Jan 25)
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Qualys Security Advisory (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Henri Salo (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Erik Auerswald (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Chris Boot (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Matthias Schmidt (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Kai Lüke (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Bastian Blank (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
- Linux kernel: Security sensitive bug in the i915 kernel driver (CVE-2022-0330) Tvrtko Ursulin (Jan 25)
- CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup Alejandro Guerrero (Jan 25)
- Bad signal handling in shell scripts leading to insecure use of /tmp Jakub Wilk (Jan 25)
- CVE-2021-45029: Apache ShenYu (incubating) Groovy Code Injection and SpEL Injection Zhang Yonglun (Jan 26)
- CVE-2022-23944: Apache ShenYu (incubating) Improper access control Zhang Yonglun (Jan 26)
- CVE-2022-23945: Apache ShenYu (incubating) missing authentication allows gateway registration Zhang Yonglun (Jan 26)
- CVE-2022-23223: Apache ShenYu (incubating) Password leakage Zhang Yonglun (Jan 26)
- CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
- Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
- Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Feb 03)
- Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
- Linux kernel: erroneous error handling after fd_install() Mathias Krause (Jan 27)
- keylime: Multiple Security Issues (including remote code execution in the Agent component) Matthias Gerstner (Jan 28)
- Linux kernel: use-after-free of user namespace on shm and mqueue destruction Mathias Krause (Jan 29)
- Re: Linux kernel: use-after-free of user namespace on shm and mqueue destruction Salvatore Bonaccorso (Jan 29)
- xterm buffer overflow via crafted sixel nick black (Jan 30)
- Re: xterm buffer overflow via crafted sixel Tavis Ormandy (Jan 30)
- Re: Re: xterm buffer overflow via crafted sixel Jakub Wilk (Jan 31)
- Re: xterm buffer overflow via crafted sixel Salvatore Bonaccorso (Jan 30)
- Re: xterm buffer overflow via crafted sixel Tavis Ormandy (Jan 30)
- General authentication bypass in Atheme IRC services with InspIRCd 3 Ed Kellett (Jan 30)
- Plone: cache poisoning in image_view_fullscreen Maurits van Rees (Jan 31)
- CVE-2021-41571: Apache Pulsar: Pulsar Admin API allows access to data from other tenants using getMessageById API Enrico Olivelli (Jan 31)
- [SBA-ADV-20220127-01] CVE-2022-24129: Shibboleth Identity Provider OIDC OP Plugin 3.0.3 or below Server-Side Request Forgery SBA - Advisory (Jan 31)
- Samba 4.15.5, 4.14.12, 4.13.17 Security Releases John Helmert III (Jan 31)
- Django: CVE-2022-22818: Possible XSS via {% debug %} template tag Mariusz Felisiak (Feb 01)
- Django: CVE-2022-23833: Denial-of-service possibility in file uploads Mariusz Felisiak (Feb 01)
- CVE-2021-44451: Apache Superset: API sensitive information leak Daniel Gaspar (Feb 01)
- CVE-2021-36152: Apache Gobblin: Insecure TrustManager used in LDAP connections Abhishek Tiwari (Feb 03)
- CVE-2021-36151: Apache Gobblin: Local Credentials Disclosure Vulnerability Abhishek Tiwari (Feb 03)
- ARTEMIS-3593: CVE-2022-23913: Apache ActiveMQ Artemis DoS Justin Bertram (Feb 03)
- CVE-2022-0492: Linux kernel cgroups v1 missing capabilities check when setting release_agent Tabitha Sable (Feb 04)
- CVE-2022-23206: Apache Traffic Control: Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth Zach Hoffman (Feb 04)
- CVE-2022-22931: Path traversal in Apache James Benoit Tellier (Feb 07)
- [CVE-2022-24450] nats-server unconstrained account assumption by authenticated clients Phil Pennock (Feb 07)
- Browser-mediated attacks on WebDriver servers Gabriel Corona (Feb 07)
- Vulnerability in Jenkins Daniel Beck (Feb 09)
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0002 Carlos Alberto Lopez Perez (Feb 09)
- CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc) Samuel Page (Feb 10)
- CVE-2022-24289: Apache Cayenne: Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions Aristedes Maniatis (Feb 11)
- Linux kernel: Fix for KVM on s390, insufficient checks for ioctl Christian Borntraeger (Feb 11)
- CVE-2022-24112: Apache APISIX: apisix/batch-requests plugin allows overwriting the X-REAL-IP header Zexuan Luo (Feb 11)
- CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs Marcus Eriksson (Feb 11)
- [CVE-2022-23633] Possible exposure of information vulnerability in Action Pack Aaron Patterson (Feb 11)
- CVE-2021-44879: kernel:NULL pointer dereference in fs/f2fs/gc.c:move_data_page Wenqing Liu (Feb 11)
- Linux kernel: potential net namespace bug in IPv6 flow label management Liu, Congyu (Feb 13)
- Re: Linux kernel: potential net namespace bug in IPv6 flow label management Willem de Bruijn (Feb 13)
- Re: Linux kernel: potential net namespace bug in IPv6 flow label management Willem de Bruijn (Feb 13)
- Re: Linux kernel: potential net namespace bug in IPv6 flow label management Willem de Bruijn (Feb 13)
- CVE-2022-21698: HTTP method DOS; Prometheus client_golang <1.11.1 affected; Other web servers might be affected too Bartek Plotka (Feb 15)
- Multiple vulnerabilities in Jenkins plugins Wadeck Follonier (Feb 15)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 15)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 29)
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0003 Carlos Alberto Lopez Perez (Feb 17)
- CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Qualys Security Advisory (Feb 17)
- Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Wire Snark (Feb 23)
- Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Simon McVittie (Feb 23)
- Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Wire Snark (Feb 23)
- CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Devon Thompson (Feb 18)
- Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)
- Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)
- Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)
- CVE-2021-4120: Insufficient validation of snap content interface and layout paths Alex Murray (Feb 18)
- Multiple vulnerabilities affecting cobbler Paolo Perego (Feb 18)
- Expat 2.4.5 released, includes 5 security fixes Alan Coopersmith (Feb 19)
- CVE-2022-25375 : Linux RNDIS USB Gadget memory extraction via packet filter Szymon Heidrich (Feb 21)
- Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4 Nick Gregory (Feb 21)
- Re: Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4 Salvatore Bonaccorso (Feb 21)
- Announce: OpenSSH 8.9 released Damien Miller (Feb 23)
- Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906] Alan Coopersmith (Feb 23)
- fscrypt: Multiple File System Related Security Issues (CVE-2022-25326, CVE-2022-25327, CVE-2022-25328) Matthias Gerstner (Feb 24)
- CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham (Feb 24)
- CVE-2022-24288: Apache Airflow: RCE in example DAGs Jedidiah Cunningham (Feb 24)
- [CVE-2022-24947] Apache JSPWiki CSRF Account Takeover Juan Pablo Santos Rodríguez (Feb 25)
- [CVE-2022-24948] Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen Juan Pablo Santos Rodríguez (Feb 25)
- CVE-2022-24986: KCron: Insecure temporary file handling Carlos López (Feb 25)
- CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes Karp, Samuel (Mar 02)
- DNS rebinding on ReadyMedia/minidlna v1.3.0 and below Gabriel Corona (Mar 03)
- Re: DNS rebinding on ReadyMedia/minidlna v1.3.0 and below Gabriel Corona (Mar 06)
- CVE-2022-26336: poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception PJ Fanning (Mar 04)
- CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor lewis john mcgibbney (Mar 04)
- CVE-2022-0847: Linux kernel: overwriting read-only files Max Kellermann (Mar 07)
- Xen Security Advisory 398 v1 - Multiple speculative security issues Xen . org security team (Mar 08)
- CVE-2022-26652: nats-server arbitrary file write Phil Pennock (Mar 10)
- Xen Security Advisory 396 v3 (CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042) - Linux PV device frontends vulnerable to attacks by backends Xen . org security team (Mar 10)
- Grant Opportunities to Protect Open Source Deepesh Chaudhari (Mar 10)
- CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver Sönke Huster (Mar 11)
- Memory leak in Linux HID-elo driver Dongliang Mu (Mar 13)
- CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds Stefan Eissing (Mar 14)
- CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody Stefan Eissing (Mar 14)
- CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier Stefan Eissing (Mar 14)
- CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody Stefan Eissing (Mar 14)
- CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation Daan (Mar 15)
- CVE-2022-0742: Remote Denial of Service on Linux Kernel >=5.13 icmp6 sirdarckcat . (Mar 15)
- Fwd: Node.js security updates for all active release lines, March 2022 Joe Sepi (Mar 16)
- <Possible follow-ups>
- Fwd: Node.js security updates for all active release lines, March 2022 Joe Sepi (Mar 18)
- Four vulnerabilities disclosed in BIND (CVE-2021-25220, CVE-2022-0396, CVE-2022-0635 and CVE-2022-0667) Everett B. Fulton (Mar 16)
- Linux Kernel 5.15-rc-ksmbd-part2 is affected by: Buffer Overflow. The impact is: use-after-free (local). 王明义 (Mar 17)
- Xen Security Advisory 398 v2 - Multiple speculative security issues Xen . org security team (Mar 18)
- Lack of TLS certification chain validation in ZAP Proxy Gabriel Corona (Mar 23)
- Re: Lack of TLS certification chain validation in ZAP Proxy Gabriel Corona (Mar 24)
- zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 23)
- Re: zlib memory corruption on deflate (i.e. compress) Petr Štetiar (Mar 24)
- Re: zlib memory corruption on deflate (i.e. compress) Adler, Mark (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) Alan Coopersmith (Mar 29)
- Re: zlib memory corruption on deflate (i.e. compress) Adler, Mark (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) John Helmert III (Mar 25)
- Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 26)
- Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) ariel . byd (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 27)
- Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 28)
- Re: Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 28)
- Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 26)
- Re: zlib memory corruption on deflate (i.e. compress) Petr Štetiar (Mar 24)
- Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0 Otto Moerbeek (Mar 25)
- CVE-2022-25757: Apache APISIX: the body_schema check in request-validation plugin can be bypassed Zexuan Luo (Mar 28)
- Linux Kernel: Race Condition in snd_pcm_hw_free leading to use-after-free Hu Jiahui (Mar 28)
- Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak David Bouman (Mar 28)
- SpringShell and recent OpenJDK updates Jeffrey Walton (Mar 30)
- Re: SpringShell and recent OpenJDK updates Seth Arnold (Mar 30)
- Re: SpringShell and recent OpenJDK updates Alan Coopersmith (Mar 30)
- Re: SpringShell and recent OpenJDK updates Kevin Decherf (Mar 31)