oss-sec: by thread
284 messages
starting Apr 04 23 and
ending Jun 29 23
Date index |
Thread index |
Author index
- PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable Otto Moerbeek (Apr 04)
- [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 Ilya Maximets (Apr 06)
- CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability Jarek Potiuk (Apr 07)
- CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution Jarek Potiuk (Apr 07)
- CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Jarek Potiuk (Apr 07)
- CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Heping Wang (Apr 10)
- Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Seth Arnold (Apr 17)
- CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue Heping Wang (Apr 10)
- CVE-2023-27987: Apache Linkis gateway module token authentication bypass Heping Wang (Apr 10)
- CVE-2023-29215: Apache Linkis JDBC EngineCon has a deserialization command execution Heping Wang (Apr 10)
- CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution Heping Wang (Apr 10)
- CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 10)
- Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold (Apr 17)
- Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 18)
- Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold (Apr 18)
- Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 19)
- Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 18)
- Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold (Apr 17)
- CVE-2017-11164 - stack exhaustion in PCRE Sevan Janiyan (Apr 11)
- Re: CVE-2017-11164 - stack exhaustion in PCRE Matthew Vernon (Apr 12)
- CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang (Apr 11)
- CVE-2023-1281, CVE-2023-1829: Linux kernel: Vulnerabilities in the tcindex classifier valis (Apr 11)
- CVE-2022-45064: Apache Sling Engine: Include-based XSS Angela Schreiber (Apr 12)
- Re: CVE-2022-45064: Apache Sling Engine: Include-based XSS Seth Arnold (Apr 17)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 12)
- Re: Multiple vulnerabilities in Jenkins plugins Demi Marie Obenour (Apr 13)
- Re: Multiple vulnerabilities in Jenkins plugins Henri Salo (Apr 13)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 16)
- Re: Multiple vulnerabilities in Jenkins plugins Demi Marie Obenour (Apr 13)
- Ghostscript CVE-2023-28879: "Shell in the Ghost" Alan Coopersmith (Apr 12)
- ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 12)
- Re: ncurses fixes upstream Sam James (Apr 13)
- Re: ncurses fixes upstream Georgi Guninski (Apr 15)
- Re: ncurses fixes upstream Solar Designer (Apr 15)
- Re: ncurses fixes upstream Georgi Guninski (Apr 15)
- Re: ncurses fixes upstream alice (Apr 13)
- Re: ncurses fixes upstream Mark Esler (Apr 13)
- Re: ncurses fixes upstream Tavis Ormandy (Apr 14)
- Re: ncurses fixes upstream Carlos López (Apr 19)
- RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 19)
- Re: ncurses fixes upstream Solar Designer (Apr 19)
- Re: ncurses fixes upstream Tavis Ormandy (Apr 20)
- Re: ncurses fixes upstream Sevan Janiyan (Apr 21)
- RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 19)
- Re: ncurses fixes upstream Sam James (Apr 13)
- CVE-2023-22946: Apache Spark proxy-user privilege escalation from malicious configuration class Sean R. Owen (Apr 15)
- CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Apr 16)
- CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Jialin Qiao (Apr 16)
- CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 16)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 16)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Jakub Wilk (Apr 16)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 17)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 17)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution nightmare . yeah27 (Apr 19)
- Re: Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 20)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Jakub Wilk (Apr 16)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
- Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 16)
- CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Daniel Gaspar (Apr 17)
- Re: CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Seth Arnold (Apr 17)
- CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role Daniel Gaspar (Apr 17)
- Re: CVE-2023-28158: Apache Archiva privilege escalation Seth Arnold (Apr 17)
- Re: CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Seth Arnold (Apr 17)
- Checking existence of firewalled web servers in Firefox via iframe.onload Georgi Guninski (Apr 18)
- Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Fader (Apr 18)
- Re: Checking existence of firewalled web servers in Firefox via iframe.onload Stefano Di Paola (Apr 20)
- Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Klopper (Apr 20)
- Re: Checking existence of firewalled web servers in Firefox via iframe.onload Stefano Di Paola (Apr 20)
- Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Klopper (Apr 20)
- Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Stig Palmquist (Apr 18)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Demi Marie Obenour (Apr 19)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 19)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Hanno Böck (Apr 19)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 20)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler (Apr 20)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 20)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Jeffrey Walton (Apr 20)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 20)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Matthew Fernandez (Apr 20)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 19)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Christian Heinrich (Apr 21)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Stig Palmquist (Apr 29)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Moritz Bechler (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Michael Orlitzky (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 04)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Sam Bull (May 04)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Alan Coopersmith (May 04)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Rainer Canavan (May 04)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler (May 04)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (May 04)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Jeffrey Walton (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules John Helmert III (May 07)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 03)
- Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Demi Marie Obenour (Apr 19)
- CVE-2023-2124: OOB access in the Linux kernel's XFS subsystem Kyle Zeng (Apr 18)
- [kubernetes] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password Vellore Rajakumar, Sri Saran Balaji (Apr 19)
- Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 19)
- Re: Checking existence of firewalled URLs via javascript's script.onload Peter Philip Pettersson (Apr 19)
- Re: Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 20)
- Re: Checking existence of firewalled URLs via javascript's script.onload Jeremy Stanley (Apr 20)
- Re: Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 20)
- Re: Checking existence of firewalled URLs via javascript's script.onload Peter Philip Pettersson (Apr 19)
- CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication Arnout Engelen (Apr 20)
- OpenSSL Security Advisory Tomas Mraz (Apr 20)
- <Possible follow-ups>
- OpenSSL Security Advisory Tomas Mraz (May 30)
- CVE-2022-45801: Apache StreamPark (incubating): LDAP Injection Vulnerability Huajie Wang (Apr 20)
- CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Huajie Wang (Apr 20)
- CVE-2022-46365: Apache StreamPark (incubating): Logic error causing any account reset Huajie Wang (Apr 20)
- PostgreSQL and CREATEROLE permission Jeffrey Walton (Apr 20)
- Re: PostgreSQL and CREATEROLE permission Bernd Zeimetz (Apr 20)
- Re: PostgreSQL and CREATEROLE permission Jeffrey Walton (Apr 20)
- Re: PostgreSQL and CREATEROLE permission Bernd Zeimetz (Apr 20)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003 Carlos Alberto Lopez Perez (Apr 21)
- Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Georgi Guninski (Apr 24)
- Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Solar Designer (May 14)
- CVE-2023-27524: Apache Superset: Session validation vulnerability when using provided default SECRET_KEY Daniel Gaspar (Apr 24)
- CVE-2023-30776: Apache Superset: Database connection password leak Daniel Gaspar (Apr 24)
- CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Andy Seaborne (Apr 24)
- Xen Security Advisory 430 v2 (CVE-2022-42335) - x86 shadow paging arbitrary pointer dereference Xen . org security team (Apr 25)
- [ANNOUNCE] Git v2.40.1 and friends Junio C Hamano (Apr 25)
- Warpinator: Remote file deletion vulnerability (CVE-2023-29380) Matthias Gerstner (Apr 26)
- CVE-2023-32007: Apache Spark: Shell command injection via Spark UI Arnout Engelen (May 02)
- CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes Nick Vatamaniuc (May 02)
- Fwd: Retired X.Org Packages Alan Coopersmith (May 02)
- Django: CVE-2023-31047 Potential bypass of validation when uploading multiple files using one form field Mariusz Felisiak (May 03)
- semi-public issues on (linux-)distros Solar Designer (May 03)
- Re: semi-public issues on (linux-)distros Johannes Segitz (May 04)
- Re: semi-public issues on (linux-)distros Solar Designer (May 14)
- Re: semi-public issues on (linux-)distros Johannes Segitz (May 04)
- CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions Madhan Neethiraj (May 04)
- CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani (May 04)
- CVE-2023-29247: Stored XSS on Apache Airflow Pierre Jeambrun (May 07)
- CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender Robert Middleton (May 07)
- CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution Wang Weibing (May 08)
- CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs Jarek Potiuk (May 08)
- Linux kernel io_uring out-of-bounds access to physical memory Tobias Holl (May 08)
- Re: Linux kernel io_uring out-of-bounds access to physical memory Solar Designer (May 09)
- Re: Linux kernel io_uring out-of-bounds access to physical memory Solar Designer (May 10)
- [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory Piotr Krysiuk (May 08)
- CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input Cathy Hu (May 09)
- New Linux kernel NetFilter flaw gives attackers root privileges Turritopsis Dohrnii Teo En Ming (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Piotr Krysiuk (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Thadeu Lima de Souza Cascardo (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Tobias Heider (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges David Leadbeater (May 11)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Florian Weimer (May 11)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Piotr Krysiuk (May 10)
- Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer (May 10)
- [OSSA-2023-003] cinder, glance_store, nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-2023-2088) Jeremy Stanley (May 10)
- Clarification on embargoed testing in a partner cloud Marc Deslauriers (May 11)
- Re: Clarification on embargoed testing in a partner cloud Marcus Meissner (May 11)
- Re: Clarification on embargoed testing in a partner cloud Moritz Mühlenhoff (May 24)
- Re: Clarification on embargoed testing in a partner cloud Solar Designer (May 24)
- Re: Clarification on embargoed testing in a partner cloud Anthony Liguori (May 24)
- Re: Clarification on embargoed testing in a partner cloud Jeremy Stanley (May 24)
- Re: Clarification on embargoed testing in a partner cloud Brian Behlendorf (May 24)
- Attestation, reproducible builds, and bootstrapping Ludovic Courtès (May 24)
- Re: Clarification on embargoed testing in a partner cloud Moritz Mühlenhoff (May 24)
- Re: Clarification on embargoed testing in a partner cloud Solar Designer (May 14)
- Re: Clarification on embargoed testing in a partner cloud Marc Deslauriers (May 16)
- Re: Clarification on embargoed testing in a partner cloud Marcus Meissner (May 11)
- CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash Maxim Solodovnik (May 11)
- CVE-2023-29032: Apache OpenMeetings: allows bypass authentication Maxim Solodovnik (May 11)
- CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection Maxim Solodovnik (May 11)
- linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition 蓝色的小羊 (May 15)
- Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Greg KH (May 15)
- Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Zheng Hacker (May 16)
- Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Greg KH (May 15)
- CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module Robert Munteanu (May 15)
- libcap-2.69 addresses 2 CVEs Andrew G. Morgan (May 15)
- Re: libcap-2.69 addresses 2 CVEs Solar Designer (May 16)
- Xen Security Advisory 431 v1 (CVE-2022-42336) - Mishandling of guest SSBD selection on AMD hardware Xen . org security team (May 16)
- curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check Daniel Stenberg (May 16)
- curl: CVE-2023-28320: siglongjmp race condition Daniel Stenberg (May 16)
- curl: CVE-2023-28321: IDN wildcard match Daniel Stenberg (May 16)
- curl: CVE-2023-28322: more POST-after-PUT confusion Daniel Stenberg (May 16)
- CVE-2023-24805: RCE in cups-filters, beh CUPS backend Till Kamppeter (May 17)
- IPv6 and Route of Death Jeffrey Walton (May 17)
- Re: IPv6 and Route of Death Barry Greene (May 17)
- Re: IPv6 and Route of Death Solar Designer (May 17)
- Re: IPv6 and Route of Death Erik Auerswald (May 17)
- Re: IPv6 and Route of Death Andrew Worsley (May 18)
- Re: IPv6 and Route of Death Dominique Martinet (May 19)
- Re: IPv6 and Route of Death Erik Auerswald (May 17)
- CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks Charles Zhang (May 21)
- CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong Charles Zhang (May 21)
- CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications Charles Zhang (May 21)
- CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong Charles Zhang (May 21)
- CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources Charles Zhang (May 21)
- CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong Charles Zhang (May 21)
- CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users Charles Zhang (May 21)
- CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster Charles Zhang (May 21)
- CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes Charles Zhang (May 21)
- CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription Charles Zhang (May 21)
- CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster Charles Zhang (May 21)
- CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Mark Thomas (May 22)
- c-ares multiple vulnerabilities: CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124 Brad House (May 22)
- CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configuration function Rongtong Jin (May 23)
- Fwd: Forthcoming OpenSSL Releases Solar Designer (May 24)
- CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins Juan Pablo Santos Rodríguez (May 25)
- [kubernetes] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs Monis Khan (May 25)
- CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration Elad Kalif (May 26)
- Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
- Re: Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
- Re: Stack overflow in imagemagick coders/tiff.c Salvatore Bonaccorso (Jun 13)
- Re: Stack overflow in imagemagick coders/tiff.c Bob Friesenhahn (Jun 14)
- CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs Marcus Eriksson (May 29)
- Update CVE-2021-3610: ImageMagick Bastien Roucariès (May 29)
- RE: Update CVE-2021-3610 cpe_dictionary (Jun 05)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004 Carlos Alberto Lopez Perez (May 30)
- [vs] CVE-2023-32324 heap buffer overflow in cupsd Zdenek Dohnal (Jun 01)
- [SECURITY] CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths Michael Jumper (Jun 06)
- [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
- Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour (Jun 06)
- LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 Qualys Security Advisory (Jun 06)
- Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 06)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 07)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 08)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Solar Designer (Jun 08)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 12)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 08)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Salvatore Bonaccorso (Jun 16)
- Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 07)
- Solar Designer talk about 15 years of oss-security at SSTIC conference Yves-Alexis Perez (Jun 10)
- Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Katherine Mcmillan (Jun 10)
- Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Georgi Guninski (Jun 13)
- Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Solar Designer (Jun 21)
- Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Katherine Mcmillan (Jun 10)
- CVE-2023-34212: Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components David Handermann (Jun 12)
- CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2 David Handermann (Jun 12)
- S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds Yasser Zamani (Jun 14)
- S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms Yasser Zamani (Jun 14)
- Fwd: Node.js security updates for all active release lines, June 2023 Rafael Silva (Jun 14)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 14)
- CVE-2023-34095: cpdb-libs: Buffer overflows via scanf Till Kamppeter (Jun 14)
- RCE in acme.sh < 3.0.6 Jan Schaumann (Jun 14)
- CVE-2023-1672: race condition in Tang exposes private keys to other processes Brian McDermott (Jun 15)
- Fwd: [ANNOUNCE] X.Org Security Advisory: Sub-object overflows in libX11 Alan Coopersmith (Jun 15)
- Re: distros list archive Solar Designer (Jun 15)
- Our learnings from 42 Linux kernel exploits, we are limiting io_uring Tamás Koczka (Jun 17)
- CVE-2023-35005: Apache Airflow: Information disclosure on configuration view Elad Kalif (Jun 18)
- The AI chatgpt writes insecure code Georgi Guninski (Jun 20)
- Re: The AI chatgpt writes insecure code Petr Štetiar (Jun 20)
- Re: The AI chatgpt writes insecure code Georgi Guninski (Jun 20)
- Re: The AI chatgpt writes insecure code Alan Coopersmith (Jun 20)
- Re: The AI chatgpt writes insecure code Travis Biehn (Jun 21)
- Re: The AI chatgpt writes insecure code Petr Štetiar (Jun 20)
- CVE-2023-34340: Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials Christopher Tubbs (Jun 20)
- CVE-2023-31975: memory leak in yasm Alan Coopersmith (Jun 20)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Steve Grubb (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Stuart Henderson (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Jakub Wilk (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Alan Coopersmith (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 21)
- Re: CVE-2023-31975: memory leak in yasm Smith, Stewart (Jun 22)
- Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Hanno Böck (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Marcus Meissner (Jun 23)
- Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
- PAM/Kerberos issue on NetBSD Alistair Crooks (Jun 21)
- Re: PAM/Kerberos issue on NetBSD Taylor R Campbell (Jun 21)
- Re: Re: PAM/Kerberos issue on NetBSD Russ Allbery (Jun 21)
- Re: PAM/Kerberos issue on NetBSD Taylor R Campbell (Jun 21)
- ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-2828, CVE-2023-2911) Michał Kępień (Jun 21)
- [kubernetes/kops] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode CJ Cullen (Jun 21)
- CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 22)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 26)
- Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)
- Open Source Tool | MPT: Pentest In Action! Jyoti Raval (Jun 22)
- Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
- Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
- Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
- CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user Dominik Riemer (Jun 22)
- Opinion: Governments don't want IT security, they want to have cyber weapons Georgi Guninski (Jun 23)
- Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer (Jun 23)
- Re: Opinion: Governments don't want IT security, they want to have cyber weapons David A. Wheeler (Jun 23)
- Re: Opinion: Governments don't want IT security, they want to have cyber weapons cbf0001 (Jun 24)
- Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer (Jun 24)
- Re: Opinion: Governments don't want IT security, they want to have cyber weapons David A. Wheeler (Jun 23)
- Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer (Jun 23)
- CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet Ornaghi Davide - Betrusted (Jun 24)
- Re: CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet Peter Philip Pettersson (Jun 24)
- CVE-2023-34395: Apache Airflow ODBC Provider: Remote code execution vulnerability Elad Kalif (Jun 26)
- CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability Elad Kalif (Jun 26)
- CVE-2023-35798: Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability Elad Kalif (Jun 26)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005 Carlos Alberto Lopez Perez (Jun 29)