oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

273 messages starting Oct 03 22 and ending Dec 31 22
Date index | Thread index | Author index

Monday, 03 October

MySQL Cluster 8.0.30 overflow Evgeny Legerov
Re: MySQL Cluster 8.0.30 overflow Alex Gaynor
CreativeDream software arbitrary file upload Larry Cashdollar

Tuesday, 04 October

Announce: OpenSSH 9.1 released Damien Miller
Django CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs Carlton Gibson
CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated Jedidiah Cunningham

Wednesday, 05 October

ISC has disclosed two vulnerabilities in ISC DHCP (CVE-2022-2928, CVE-2022-2929) Peter Davies

Thursday, 06 October

dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Demi Marie Obenour
Re: dbus denial of service: CVE-2022-42010, -42011, -42012 Simon McVittie

Tuesday, 11 October

CVE-2022-24697: Apache Kylin: Command injection exists when the configuration overwrites function overwrites system parameters Xiaoxiang Yu
Xen Security Advisory 411 v3 (CVE-2022-33748) - lock order inversion in transitive grant copy handling Xen . org security team
Xen Security Advisory 410 v3 (CVE-2022-33746) - P2M pool freeing may take excessively long Xen . org security team
Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS Xen . org security team
Xen Security Advisory 409 v3 (CVE-2022-33747) - Arm: unbounded memory consumption for 2nd-level page tables Xen . org security team

Wednesday, 12 October

CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers
Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Alan Coopersmith
Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers

Thursday, 13 October

Various Linux Kernel WLAN security issues (RCE/DOS) found Marcus Meissner
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults Gary D. Gregory
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Sönke Huster
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Demi Marie Obenour
Re: Various Linux Kernel WLAN security issues (RCE/DOS) found Chris Down

Monday, 17 October

Re: CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults Alan Coopersmith

Tuesday, 18 October

Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Markus Koschany
CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass Albumen Kevin
CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo
Git 2.38.1 and others for CVE-2022-39253, and CVE-2022-39260 Taylor Blau

Wednesday, 19 October

ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. Dan Haywood
CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties. Dan Haywood
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: CVE-2022-2602 - Linux kernel io_uring UAF David Bouman

Saturday, 22 October

Linux kernel: net: mctp: A Use-After-Free bug in mctp_sk_unhash in net/mctp/af_mctp.c butt3rflyh4ck

Sunday, 23 October

CVE-2021-42010: Apache Heron (Incubating): CRLF log injection Josh Fischer

Monday, 24 October

Warpinator remote file creation / overwrite security issue (CVE-2022-42725) Matthias Gerstner
Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) Qualys Security Advisory
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith

Tuesday, 25 October

ceph: ceph-crash.service allows local ceph user to root exploit (CVE-2022-3650) Matthias Gerstner
[CVE-2022-41704] Apache Batik information disclosure vulnerability Simon Steiner
[CVE-2022-42890] Apache Batik information disclosure vulnerability Simon Steiner
Forthcoming OpenSSL Releases Ing. Martin Koci, MBA
android debug bridge (adb) reverse connection and directory traversal Imre Rad
Forthcoming OpenSSL Bug Fix Release Ing. Martin Koci, MBA
[SECURITY ADVISORY] CVE-2022-32221: POST following PUT confusion (curl) Daniel Stenberg
[SECURITY ADVISORY] CVE-2022-35260: .netrc parser out-of-bounds access (curl) Daniel Stenberg
[SECURITY ADVISORY] CVE-2022-42915: HTTP proxy double-free (curl) Daniel Stenberg
[SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl) Daniel Stenberg

Wednesday, 26 October

CVE-2022-39944: The Apache Linkis JDBC EngineConn module has a RCE Vulnerability peacewong
CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP Haonan Hou
RE: Forthcoming OpenSSL Bug Fix Release Matan Giladi
Re: Forthcoming OpenSSL Releases Shawn Webb

Thursday, 27 October

Re: Forthcoming OpenSSL Bug Fix Release Dr Paul Dale
Re: Forthcoming OpenSSL Releases Georgi Guninski
Re: CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo

Friday, 28 October

Re: Forthcoming OpenSSL Releases Roxana Bradescu
CVE-2022-26884: Apache DolphinScheduler exposes files without authentication ShunFeng Cai

Saturday, 29 October

CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Dokyung Song
Re: Forthcoming OpenSSL Releases Bob Beck
Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Demi Marie Obenour
Re: Forthcoming OpenSSL Releases Demi Marie Obenour

Sunday, 30 October

Re: Forthcoming OpenSSL Releases Christian Heinrich

Monday, 31 October

Is third party javascript on a login page considered dangerous? Georgi Guninski
OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0003 Rakesh Pandit
Re: Is third party javascript on a login page considered dangerous? Brandon Perry
Re: Forthcoming OpenSSL Releases Bob Beck
CVE-2022-42252: Apache Tomcat - Request Smuggling Mark Thomas

Tuesday, 01 November

Re: Is third party javascript on a login page considered dangerous? Jan Engelhardt
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC Weijie Wu
Xen Security Advisory 412 v2 (CVE-2022-42327) - x86: unintended memory sharing between guests Xen . org security team
Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored Xen . org security team
Xen Security Advisory 415 v2 (CVE-2022-42310) - Xenstore: Guests can create orphaned Xenstore nodes Xen . org security team
Xen Security Advisory 416 v2 (CVE-2022-42319) - Xenstore: Guests can cause Xenstore to not free temporary memory Xen . org security team
Xen Security Advisory 417 v2 (CVE-2022-42320) - Xenstore: Guests can get access to Xenstore nodes of deleted domains Xen . org security team
Xen Security Advisory 418 v2 (CVE-2022-42321) - Xenstore: Guests can crash xenstored via exhausting the stack Xen . org security team
Xen Security Advisory 419 v2 (CVE-2022-42322,CVE-2022-42323) - Xenstore: Cooperating guests can create arbitrary numbers of nodes Xen . org security team
Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31 bit integer truncation issues Xen . org security team
Xen Security Advisory 421 v2 (CVE-2022-42325,CVE-2022-42326) - Xenstore: Guests can create arbitrary number of nodes via transactions Xen . org security team
Re: Is third party javascript on a login page considered dangerous? Solar Designer
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal Jiajie Zhong
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript Sean R. Owen
OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Solar Designer
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Dave Horsfall
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Pavan Maddamsetti
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Erin Shepherd
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Jeffrey Walton
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham
CVE-2022-43985: Apache Airflow: Open Redirect Jedidiah Cunningham
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alex
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour

Wednesday, 02 November

Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path Daniel Klco
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor
Re: Fwd: Node.js security updates for all active release lines, November 2022 Jan Schaumann
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Hanno Böck
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier

Thursday, 03 November

Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) John Helmert III
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Neal H. Walfield
CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives Richard Eckart de Castilho
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Nicola Tuveri
CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack Michael Marshall
Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour

Friday, 04 November

CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Stefan Bodewig
CVE-2022-37866: Apache Ivy: Ivy Path traversal Stefan Bodewig
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010 Carlos Alberto Lopez Perez
Multiple vulnerabilities affecting UYUNI/SUSE Manager Paolo Perego
CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing Gary D. Gregory
Re: CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Demi Marie Obenour
Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing John Helmert III
Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com
Fwd: [ANNOUNCE] pixman release 0.42.2 now available Alan Coopersmith

Monday, 07 November

Re: CVE-2022-2602 - Linux kernel io_uring UAF John Smith
Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing John Helmert III

Tuesday, 08 November

Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues Xen . org security team
Re: CVE-2022-2602 - Linux kernel io_uring UAF Adam Reynolds

Thursday, 10 November

CVE-2022-45063: xterm <375 code execution via font ops David Leadbeater
Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues Xen . org security team
[kubernetes] CVE-2022-3162: Unauthorized read of Custom Resources Tim Allclair
[kubernetes] CVE-2022-3294: Node address isn't always verified when proxying Tim Allclair
Re: CVE-2022-45063: xterm <375 code execution via font ops Matthieu Herrb

Sunday, 13 November

Re: Linux kernel: net: mctp: A Use-After-Free bug in mctp_sk_unhash in net/mctp/af_mctp.c butt3rflyh4ck

Monday, 14 November

CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example Jarek Potiuk
CVE-2022-27949: Apache Airflow: sensitive values in rendered template Jarek Potiuk
CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code Arnout Engelen
CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB Rob Vesse

Tuesday, 15 November

CVE-2022-45402: Apache Airflow: Open redirect during login Jedidiah Cunningham
CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files Olivier Lamy
CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories Olivier Lamy
Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability Thomas Wolf

Friday, 18 November

Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c Zheng Hacker

Monday, 21 November

CVE-2022-45470: Apache Hama allows XSS and information disclosure Arnout Engelen
Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c Thadeu Lima de Souza Cascardo
Apache Solr is vulnerable to CVE-2022-39135 via /sql handler David Smiley
CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection Jarek Potiuk
CVE-2022-40189: Apache Airlfow Pig Provider RCE Jarek Potiuk
CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files Jarek Potiuk
CVE-2022-41131: Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) Jarek Potiuk

Wednesday, 23 November

CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability Jiajie Zhong

Thursday, 24 November

CVE-2022-26885: Apache DolphinScheduler config file read by task risk ShunFeng Cai

Tuesday, 29 November

CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Julien Pivotto
Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Solar Designer
CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal Arnout Engelen
Re: CVE-2022-46146 in Prometheus' exporter toolkit: bypass basic authentication Julien Pivotto

Wednesday, 30 November

Security sensitive bug in the i915 kernel driver (CVE-2022-4139) Andrzej Hajda
Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) Qualys Security Advisory
Re: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) Qualys Security Advisory

Friday, 02 December

CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input Arnout Engelen

Saturday, 03 December

CVE-2021-37533: Apache Commons Net's FTP client trusts the host from PASV response by default Gary D. Gregory

Monday, 05 December

CVE-2022-4170: rxvt-unicode code execution via background OSC David Leadbeater
CVE-2022-45046: Apache Camel: LDAP Injection in Camel-LDAP Andrea Cosentino

Tuesday, 06 December

Xen Security Advisory 423 v1 (CVE-2022-3643) - Guests can trigger NIC interface reset/abort/crash via netback Xen . org security team
Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Xen . org security team
CVE-2022-45910: Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities Markus Schuch

Wednesday, 07 December

Multiple vulnerabilities in Jenkins plugins Daniel Beck
Xen Security Advisory 423 v2 (CVE-2022-3643) - Guests can trigger NIC interface reset/abort/crash via netback Xen . org security team

Thursday, 08 December

Re: CVE-2022-4170: rxvt-unicode code execution via background OSC John Helmert III
Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Pratyush Yadav
Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Juergen Gross

Friday, 09 December

CVE-2022-4378: Linux kernel stack-based buffer overflow Kyle Zeng
Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver Ross Lagerwall

Tuesday, 13 December

Linux Kernel: usb: A use-after-free Write in put_dev Gerald Lee
CVE-2022-46363: Apache CXF directory listing / code exfiltration Colm O hEigeartaigh
CVE-2022-46364: Apache CXF SSRF Vulnerability Colm O hEigeartaigh

Wednesday, 14 December

CVE-2022-34271: Apache Atlas: zip path traversal in import functionality Madhan Neethiraj
X.Org Security Advisory: multiple security issues in X server extensions Peter Hutterer
CVE-2022-4379: Linux kernel: use-after-free in __nfs42_ssc_open Xingyuan Mo
Re: X.Org Security Advisory: multiple security issues in X server extensions Marc Deslauriers
Re: Linux Kernel: usb: A use-after-free Write in put_dev Gerald Lee
Linux Kernel: Infoleak in Bluetooth L2CAP Handling Rafael Correa De Ysasi
Linux Kernel: UAF in Bluetooth L2CAP Handshake Rafael Correa De Ysasi
Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling Salvatore Bonaccorso
Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Salvatore Bonaccorso

Thursday, 15 December

CVE-2022-32531: Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification Enrico Olivelli
Re: Linux Kernel: Infoleak in Bluetooth L2CAP Handling Rafael Correa De Ysasi
Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake Rafael Correa De Ysasi
Re: Linux Kernel: UAF in Bluetooth L2CAP Handshake John Helmert III

Friday, 16 December

CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability Arnout Engelen
CVE-2022-46870: Apache Zeppelin: Stored XSS in note permissions Arnout Engelen
CVE-2022-4543: KASLR Leakage Achievable even with KPTI through Prefetch Side-Channel Will
CVE-2022-47500: Apache Helix: Open redirect Junkai Xue

Tuesday, 20 December

CVE-2022-46421: Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params Jarek Potiuk
[ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets
Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) John Helmert III
Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets
curl: CVE-2022-43551: Another HSTS bypass via IDN Daniel Stenberg
curl: CVE-2022-43552: HTTP Proxy deny use-after-free Daniel Stenberg

Wednesday, 21 December

systemd-coredump: CVE-2022-4415: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting Matthias Gerstner
Re: [ADVISORY] LLDP underflow while parsing malformed Auto Attach TLV (Open vSwitch) Ilya Maximets
CVE-2022-40145: Apache Karaf: JDBC JAAS LDAP injection Jean-Baptiste Onofré
[Linux] /proc/pid/stat parsing bugs Dmitry Vyukov
Re: [Linux] /proc/pid/stat parsing bugs Demi Marie Obenour
Re: [Linux] /proc/pid/stat parsing bugs Yann Droneaud
Directory traversal in sharutils/uudecode and python uu module Hanno Böck
Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb
Re: [Linux] /proc/pid/stat parsing bugs Dmitry Vyukov

Thursday, 22 December

Linux kernel: use-after-free in io_sqpoll_wait_sq Xingyuan Mo
CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass Weijie Wu
Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb
Re: [Linux] /proc/pid/stat parsing bugs Jakub Wilk
Re: [Linux] /proc/pid/stat parsing bugs Shawn Webb
[patch] proc.5: tell how to parse /proc/*/stat correctly Alexey Dobriyan
Details on this supposed Linux Kernel ksmbd RCE Josh Bressers
Re: Details on this supposed Linux Kernel ksmbd RCE Jan Schaumann
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Dominique Martinet
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jan Engelhardt
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Dominique Martinet
Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH

Friday, 23 December

Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner
Re: Details on this supposed Linux Kernel ksmbd RCE Eric Biggers
Re: Details on this supposed Linux Kernel ksmbd RCE Sasha Levin
Re: Details on this supposed Linux Kernel ksmbd RCE Greg KH
Re: Details on this supposed Linux Kernel ksmbd RCE Jeffrey Walton
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner
Re: [Linux] /proc/pid/stat parsing bugs Simon McVittie
Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III
Re: Details on this supposed Linux Kernel ksmbd RCE John Helmert III
Multiple vulnerabilities in Snipe-IT Charalampos Maraziaris

Sunday, 25 December

Re: [Linux] /proc/pid/stat parsing bugs Dominik Czarnota

Monday, 26 December

WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011 Carlos Alberto Lopez Perez

Tuesday, 27 December

Re: Linux kernel: use-after-free in io_sqpoll_wait_sq Xingyuan Mo
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner

Wednesday, 28 December

Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Lyndon Nerenberg (VE7TFX/VE6BBM)
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jan Engelhardt
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly John Helmert III
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Shawn Webb
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Alejandro Colomar

Thursday, 29 December

Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Salvatore Bonaccorso
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Theodore Ts'o
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Demi Marie Obenour
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Alan Coopersmith
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly David A. Wheeler
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jeffrey Walton
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Steffen Nurpmeso

Friday, 30 December

CVE-2022-43396: Apache Kylin: Command injection by Useless configuration Xiaoxiang Yu
CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller Xiaoxiang Yu
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Jakub Wilk
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III

Saturday, 31 December

Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen
Re: Details on this supposed Linux Kernel ksmbd RCE Marcus Meissner
RE: [patch] proc.5: tell how to parse /proc/*/stat correctly David Laight
Re: [patch] proc.5: tell how to parse /proc/*/stat correctly Solar Designer
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III

Previous period

Next period