oss-sec: by thread
273 messages
starting Oct 03 22 and
ending Dec 31 22
Date index |
Thread index |
Author index
- MySQL Cluster 8.0.30 overflow Evgeny Legerov (Oct 03)
- Re: MySQL Cluster 8.0.30 overflow Alex Gaynor (Oct 03)
- CreativeDream software arbitrary file upload Larry Cashdollar (Oct 03)
- Announce: OpenSSH 9.1 released Damien Miller (Oct 04)
- Django CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs Carlton Gibson (Oct 04)
- CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated Jedidiah Cunningham (Oct 04)
- ISC has disclosed two vulnerabilities in ISC DHCP (CVE-2022-2928, CVE-2022-2929) Peter Davies (Oct 05)
- dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie (Oct 06)
- Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour (Oct 06)
- CVE-2022-24697: Apache Kylin: Command injection exists when the configuration overwrites function overwrites system parameters Xiaoxiang Yu (Oct 11)
- Xen Security Advisory 411 v3 (CVE-2022-33748) - lock order inversion in transitive grant copy handling Xen . org security team (Oct 11)
- Xen Security Advisory 410 v3 (CVE-2022-33746) - P2M pool freeing may take excessively long Xen . org security team (Oct 11)
- Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS Xen . org security team (Oct 11)
- Xen Security Advisory 409 v3 (CVE-2022-33747) - Arm: unbounded memory consumption for 2nd-level page tables Xen . org security team (Oct 11)
- CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers (Oct 12)
- Various Linux Kernel WLAN security issues (RCE/DOS) found Marcus Meissner (Oct 13)
- Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster (Oct 13)
- Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster (Oct 13)
- Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Demi Marie Obenour (Oct 13)
- Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Chris Down (Oct 13)
- Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster (Oct 13)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Oct 13)
- CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults Gary D. Gregory (Oct 13)
- Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Markus Koschany (Oct 18)
- CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Oct 18)
- CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo (Oct 18)
- Re: CVE-2022-2602 - Linux kernel io_uring UAF David Bouman (Oct 19)
- Re: CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo (Oct 27)
- <Possible follow-ups>
- Re: CVE-2022-2602 - Linux kernel io_uring UAF John Smith (Nov 07)
- Re: CVE-2022-2602 - Linux kernel io_uring UAF Adam Reynolds (Nov 08)
- Git 2.38.1 and others for CVE-2022-39253, and CVE-2022-39260 Taylor Blau (Oct 18)
- ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. Dan Haywood (Oct 19)
- CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties. Dan Haywood (Oct 19)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 19)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 15)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Dec 07)
- Linux kernel: net: mctp: A Use-After-Free bug in mctp_sk_unhash in net/mctp/af_mctp.c butt3rflyh4ck (Oct 22)
- Re: Linux kernel: net: mctp: A Use-After-Free bug in mctp_sk_unhash in net/mctp/af_mctp.c butt3rflyh4ck (Nov 13)
- CVE-2021-42010: Apache Heron (Incubating): CRLF log injection Josh Fischer (Oct 23)
- Warpinator remote file creation / overwrite security issue (CVE-2022-42725) Matthias Gerstner (Oct 24)
- Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) Qualys Security Advisory (Oct 24)
- CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith (Oct 24)
- ceph: ceph-crash.service allows local ceph user to root exploit (CVE-2022-3650) Matthias Gerstner (Oct 25)
- [CVE-2022-41704] Apache Batik information disclosure vulnerability Simon Steiner (Oct 25)
- [CVE-2022-42890] Apache Batik information disclosure vulnerability Simon Steiner (Oct 25)
- Forthcoming OpenSSL Releases Ing. Martin Koci, MBA (Oct 25)
- Re: Forthcoming OpenSSL Releases Shawn Webb (Oct 26)
- Re: Forthcoming OpenSSL Releases Christian Heinrich (Oct 30)
- Re: Forthcoming OpenSSL Releases Georgi Guninski (Oct 27)
- Re: Forthcoming OpenSSL Releases Roxana Bradescu (Oct 28)
- Re: Forthcoming OpenSSL Releases Bob Beck (Oct 29)
- Re: Forthcoming OpenSSL Releases Demi Marie Obenour (Oct 29)
- Message not available
- Re: Forthcoming OpenSSL Releases Bob Beck (Oct 31)
- Re: Forthcoming OpenSSL Releases Roxana Bradescu (Oct 28)
- Re: Forthcoming OpenSSL Releases Shawn Webb (Oct 26)
- RE: Forthcoming OpenSSL Bug Fix Release Matan Giladi (Oct 26)
- Re: Forthcoming OpenSSL Bug Fix Release Dr Paul Dale (Oct 27)
- Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Demi Marie Obenour (Oct 29)
- Re: Is third party javascript on a login page considered dangerous? Brandon Perry (Oct 31)
- Re: Is third party javascript on a login page considered dangerous? Jan Engelhardt (Nov 01)
- Re: Is third party javascript on a login page considered dangerous? Solar Designer (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Dave Horsfall (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Pavan Maddamsetti (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Jeffrey Walton (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 02)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 02)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 02)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 02)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Neal H. Walfield (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Erin Shepherd (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Dave Horsfall (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alex (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Hanno Böck (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) John Helmert III (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 03)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Nicola Tuveri (Nov 03)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 02)
- Re: Fwd: Node.js security updates for all active release lines, November 2022 Jan Schaumann (Nov 02)
- <Possible follow-ups>
- Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 04)
- Re: CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Demi Marie Obenour (Nov 04)
- Re: CVE-2022-45063: xterm <375 code execution via font ops Matthieu Herrb (Nov 10)
- Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c Thadeu Lima de Souza Cascardo (Nov 21)
- Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Solar Designer (Nov 29)
- Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Julien Pivotto (Nov 29)
- Re: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) Qualys Security Advisory (Nov 30)
- Re: CVE-2022-4170: rxvt-unicode code execution via background OSC John Helmert III (Dec 08)
- Re: Linux Kernel: usb: A use-after-free Write in put_dev Gerald Lee (Dec 14)
- Re: X.Org Security Advisory: multiple security issues in X server extensions Marc Deslauriers (Dec 14)
- Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling Salvatore Bonaccorso (Dec 14)
- Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling Rafael Correa De Ysasi (Dec 15)
- Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Salvatore Bonaccorso (Dec 14)
- Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Rafael Correa De Ysasi (Dec 15)
- Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake John Helmert III (Dec 15)
- Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Rafael Correa De Ysasi (Dec 15)
- Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) John Helmert III (Dec 20)
- Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets (Dec 20)
- Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets (Dec 21)
- Re: [Linux] /proc/pid/stat parsing bugs Demi Marie Obenour (Dec 21)
- Re: [Linux] /proc/pid/stat parsing bugs Yann Droneaud (Dec 21)
- Re: [Linux] /proc/pid/stat parsing bugs Dmitry Vyukov (Dec 21)
- Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 21)
- Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 22)
- Re: [Linux] /proc/pid/stat parsing bugs Jakub Wilk (Dec 22)
- Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 22)
- Re: [Linux] /proc/pid/stat parsing bugs Simon McVittie (Dec 23)
- Re: [Linux] /proc/pid/stat parsing bugs Dominik Czarnota (Dec 25)
- Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb (Dec 22)
- Re: Linux kernel: use-after-free in io_sqpoll_wait_sq Xingyuan Mo (Dec 27)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Dominique Martinet (Dec 22)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer (Dec 22)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Dominique Martinet (Dec 22)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jan Engelhardt (Dec 22)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Lyndon Nerenberg (VE7TFX/VE6BBM) (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jan Engelhardt (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly John Helmert III (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Alejandro Colomar (Dec 28)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Theodore Ts'o (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Alan Coopersmith (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly David A. Wheeler (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jeffrey Walton (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 29)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso (Dec 28)
- RE: [patch] proc.5: tell how to parse /proc/*/stat correctly David Laight (Dec 31)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer (Dec 31)
- Message not available
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jakub Wilk (Dec 30)
- Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Jan Schaumann (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 22)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Eric Biggers (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Jeffrey Walton (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Sasha Levin (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 27)
- Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 23)
- Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner (Dec 31)
- Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH (Dec 22)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 30)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)