oss-sec: by date
RSS Feed
About List
All Lists
Previous period
287 messages
starting Jan 01 18 and
ending Mar 30 18
Date index |
Thread index |
Author index
Monday, 01 January
Apache OpenOffice 4.1.4 - fixes CVE-2017-3157 CVE-2017-9806 CVE-2017-12607 CVE-2017-12608 Andrea Pescetti
Wednesday, 03 January
[CVE-2013-4317] Apache CloudStack information disclosure vulnerability Rafael Weingärtner
Xen Security Advisory 254 - Information leak via side effects of speculative execution Xen . org security team
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
Thursday, 04 January
Xen Security Advisory 253 - x86: memory leak with MSR emulation Xen . org security team
"[SECURITY] CVE-2017-15714 Apache OFBiz BIRT code vulnerability" Taher Alkhateeb
CVE-2017-18018: GNU chown and chgrp (coreutils) privilege escalation via recursive dereferences Michael Orlitzky
Friday, 05 January
CVE-2017-15129: Linux kernel: net: double-free and memory corruption in get_net_ns_by_id() Vladis Dronov
[ANNOUNCE] Apache Sentry 1.7.1 released Colm O hEigeartaigh
Re: [Xen-devel] Xen Security Advisory 254 - Information leak via side effects of speculative execution Doug Goldstein
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
CVE-2017-18021: predictably random password generation in third-party pass-compatible software, "QtPass" Jason A. Donenfeld
Saturday, 06 January
Re: Path traversal flaws in awstats 7.6 and earlier. Hanno Böck
Irssi 1.0.6: CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207 Ailin Nemui
Xen Security Advisory 253 (CVE-2018-5244) - x86: memory leak with MSR emulation Xen . org security team
Xen Security Advisory 248 (CVE-2017-17566) - x86 PV guests may gain access to internally used pages Xen . org security team
Xen Security Advisory 249 (CVE-2017-17563) - broken x86 shadow mode refcount overflow check Xen . org security team
Xen Security Advisory 251 (CVE-2017-17565) - improper bug check in x86 log-dirty handling Xen . org security team
Xen Security Advisory 250 (CVE-2017-17564) - improper x86 shadow mode refcount error handling Xen . org security team
Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey
Sunday, 07 January
Re: Path traversal flaws in awstats 7.6 and earlier. Stefan Pietsch
Monday, 08 January
CVE-2012-3353: Apache Sling Content Loading Vulnerability Bertrand Delacretaz
Tuesday, 09 January
Own on install. How grave it is? Georgi Guninski
Re: Own on install. How grave it is? Kurt Seifried
Re: Own on install. How grave it is? Michal Hrušecký
Re: Own on install. How grave it is? Simon McVittie
Re: Own on install. How grave it is? Kurt Seifried
[SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability Anthony Baker
[SECURITY] CVE-2017-12622 Apache Geode gfsh authorization vulnerability Anthony Baker
[SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability Anthony Baker
CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass oststrom (public)
Wednesday, 10 January
CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API Radu Cotescu
WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez
JSONRPC vulnerability in Electrum 2.6 to 3.0.4 Thomas Voegtlin
Thursday, 11 January
transmission: rpc session-id mechanism design flaw results in RCE Tavis Ormandy
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
util-linux mount/unmount ASLR bypass via environment variable halfdog
OpenSSH sftp remote code execution in chroot mode in VERY RARE cases halfdog
Libc Realpath Buffer Underflow CVE-2018-1000001 halfdog
Re: transmission: rpc session-id mechanism design flaw results in RCE Tavis Ormandy
Friday, 12 January
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
DBD::mysql and SSL/TLS Daniël van Eeden
On reading, thinking, copying halfdog
Re: Libc Realpath Buffer Underflow CVE-2018-1000001 Jakub Wilk
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
Sunday, 14 January
Re: [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana
Re: DBD::mysql and SSL/TLS Michiel Beijen
Monday, 15 January
Re: transmission: rpc session-id mechanism design flaw results in RCE Marcus Meissner
CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine P J P
CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine P J P
Tuesday, 16 January
sound driver Conditional competition luo
opendaylight-advisory: Multiple "expired" flows consume the memory resource of CONFIG DS Luke Hinds
Re: sound driver Conditional competition Marcus Meissner
Re: sound driver Conditional competition Kurt Seifried
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
ISC has announced CVE-2017-3144, a defect in ISC DHCP Michael McNally
New vulnerability in ISC BIND announced (CVE-2017-3145) ISC Security Officer
CVE-2017-16933: Icinga2 root privilege escalation via init script and systemd service Michael Orlitzky
Wednesday, 17 January
MySQL sha256_password authentication plugin DoS issues Tomas Hoger
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
Thursday, 18 January
How to deal with reporters who don't want their bugs fixed? Florian Weimer
Re: How to deal with reporters who don't want their bugs fixed? Kurt Seifried
Re: How to deal with reporters who don't want their bugs fixed? Gynvael Coldwind
Re: How to deal with reporters who don't want their bugs fixed? Ludovic Courtès
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer
Re: How to deal with reporters who don't want their bugs fixed? Yves-Alexis Perez
Re: How to deal with reporters who don't want their bugs fixed? Rich Felker
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer
Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security)
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer
Re: How to deal with reporters who don't want their bugs fixed? Michael Orlitzky
Friday, 19 January
CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS P J P
Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke
CVE-2017-15105 Unbound: NSEC processing vulnerability (DNSSEC) Ralph Dolmans
Re: How to deal with reporters who don't want their bugs fixed? i
Re: How to deal with reporters who don't want their bugs fixed? Greg KH
Re: How to deal with reporters who don't want their bugs fixed? Igor Seletskiy
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe
CVE-2018-1049: systemd: automount: access to automounted volumes can lock up Vladis Dronov
Saturday, 20 January
Re: How to deal with reporters who don't want their bugs fixed? Tavis Ormandy
Re: How to deal with reporters who don't want their bugs fixed? Florian Weimer
Monday, 22 January
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: How to deal with reporters who don't want their bugs fixed? r . hering
SQUID-2018:1 Denial of Service issue in ESI Response processing Amos Jeffries
SQUID-2018:2 Denial of Service issue in HTTP Message processing Amos Jeffries
Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin
Re: How to deal with reporters who don't want their bugs fixed? Ian Zimmerman
Re: Re: How to deal with reporters who don't want their bugs fixed? Tristan Henning
Tuesday, 23 January
[ANNOUNCE] CVE fixes in Apache NiFi 1.5.0 Andy LoPresto
Re: How to deal with reporters who don't want their bugs fixed? Mike O'Connor
CVE-2018-1000018: ovirt-engine-setup: root password disclosed in provisioning logs Doran Moppert
[SECURITY ADVISORY] curl: HTTP/2 trailer out-of-bounds read Daniel Stenberg
[SECURITY ADVISORY] curl: HTTP authentication leak in redirects Daniel Stenberg
Wednesday, 24 January
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka
WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez
Thursday, 25 January
Re: Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution Daniel Beck
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. Aki Tuomi
Re: Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck
[ANNOUNCE] CVE advisory for Apache NiFi 1.0.0 - 1.3.0 Andy LoPresto
Friday, 26 January
Re: How to deal with reporters who don't want their bugs fixed? Stiepan
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer
Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) VMware Security Response Center
Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin
CVE-2018-1294: Apache Commons Email vulnerability information disclosure Jochen Wiedmann
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer
CVE-2017-12626 – Denial of Service Vulnerabilities in Apache POI < 3.17 Tim Allison
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer
Saturday, 27 January
Re: How to deal with reporters who don't want their bugs fixed? halfdog
Re: How to deal with reporters who don't want their bugs fixed? Stiepan
Sunday, 28 January
Re: SQUID-2018:1 Denial of Service issue in ESI Response processing Amos Jeffries
Re: SQUID-2018:2 Denial of Service issue in HTTP Message processing Amos Jeffries
Monday, 29 January
CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky
Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky
Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Florian Weimer
Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky
Wednesday, 31 January
Re: CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. Aki Tuomi
Re: Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P
report a vulnerability in sfcb software. XinleiHe
Thursday, 01 February
Re: report a vulnerability in sfcb software. Adam Maris
Friday, 02 February
Secunia Research: Linux Kernel USB over IP Information Disclosure Vulnerability Secunia Research
Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Secunia Research
Sunday, 04 February
Anymail: CVE-2018-6596: timing attack on WEBHOOK_AUTHORIZATION secret Salvatore Bonaccorso
KDE Notification URI Loading Issues Jason A. Donenfeld
Re: KDE Notification URI Loading Issues Kurt H Maier
Monday, 05 February
Re: KDE Notification URI Loading Issues Simon McVittie
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
Tuesday, 06 February
[SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability Dave Brondsema
Fw:Re: [scr459004] sfcb - 1.4.9 XinleiHe
Wednesday, 07 February
CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann
Thursday, 08 February
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip SEC Consult Vulnerability Lab
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Ian Zimmerman
Re: Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann
Re: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip Solar Designer
[SECURITY][CVE-2018-1298] Apache Qpid Broker-J Denial of Service Vulnerability with PLAIN and XOAUTH2 SASL mechanisms Alex Rudyy
Friday, 09 February
Re: bug in DNS resolvers - DNSSEC validation Petr Špaček
Re: Fw:Re: [scr459004] sfcb - 1.4.9 Marcus Meissner
[Security] CVE-2018-1307 XML Entity Expansion in juddi-client v3.2 through 3.3.4 Alex O'Ree
Saturday, 10 February
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann
Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow) Heiko Schlittermann
Sunday, 11 February
CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode Philippe Mouawad
CVE-2018-1287: Apache JMeter binds RMI server to wildcard in distributed mode (based on RMI) Philippe Mouawad
Monday, 12 February
Re: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip Leo Famulari
Tuesday, 13 February
qpdf: multiple vulnerabilities before 7.0.0 Hanno Böck
GNU patch out of bounds read, null pointer crash and double free Hanno Böck
[ANNOUNCE] CVE-2017-15709 - Information Leak Christopher Shannon
[SECURITY] CVE-2017-15699: Apache Qpid Dispatch Router Denial of Service Vulnerability when specially crafted frame is sent to the Router Ganesh Murthy
Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952) VMware Security Response Center
Wednesday, 14 February
Multiple vulnerabilities in Jenkins Daniel Beck
CVE-2017-18188: opentmpfiles root privilege escalation via recursive chown Michael Orlitzky
Thursday, 15 February
Irssi 1.1.1&1.0.7: CVE-2018-7054, CVE-2018-7053, CVE-2018-7050, CVE-2018-7052, CVE-2018-7051 Ailin Nemui
Re: clamav: Out of bounds read and segfault in xar parser Hanno Böck
[CVE-2017-15712] Apache Oozie Server vulnerability Rohini Palaniswamy
Quagga 1.2.3 release with BGP security issue fixes Paul Jakma
Friday, 16 February
XSS vulnerability in Tiki < 18 chbi
Re: XSS vulnerability in Tiki < 18 chbi
Sunday, 18 February
LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Anthony Liguori
Monday, 19 February
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Karol Babioch
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Karol Babioch
Tuesday, 20 February
Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Alexander Popov
Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Mohamed Ghannam
Wednesday, 21 February
[CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull
Thursday, 22 February
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer
review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Solar Designer
[SECURITY] CVE-2017-15696 Apache Geode configuration request authorization vulnerability Anthony Baker
Fwd: [SECURITY] CVE-2018-1305 Security constraint annotations applied too late Mark Thomas
Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Mark Thomas
Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Doran Moppert
Friday, 23 February
Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Dominik Csapak
Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Mark Thomas
Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Solar Designer
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team
[SECURITY] CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer Anthony Baker
[SECURITY] CVE-2017-15693 Apache Geode unsafe deserialization of application objects Anthony Baker
Sunday, 25 February
[ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik
[ANNOUNCE] CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG Editor Sebastien Briquet
Monday, 26 February
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik
Tuesday, 27 February
CVE-2018-7492: Linux kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() Vladis Dronov
Xen Security Advisory 252 - DoS via non-preemptable L3/L4 pagetable freeing Xen . org security team
Xen Security Advisory 255 - grant table v2 -> v1 transition may crash Xen Xen . org security team
Xen Security Advisory 256 - x86 PVH guest without LAPIC may DoS the host Xen . org security team
New bypass and protection techniques for ASLR on Linux Ilya Smith
[ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660 Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with TLS handshake - CVE-2017-7671 Bryan Call
Wednesday, 28 February
Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 & CVE-2018-5733, BIND CVE-2018-5734) Michael McNally
Information on file, sqlite, libarchive, pcre issues for CVE IDs assigned by Apple? Moritz Muehlenhoff
Re: Information on file, sqlite, libarchive, pcre issues for CVE IDs assigned by Apple? Hanno Böck
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
Apache Xerces-C Security Advisory for versions < 3.2.1 [CVE-2017-12627] Cantor, Scott
Thursday, 01 March
Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability Aki Tuomi
Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS Aki Tuomi
Xen Security Advisory 252 (CVE-2018-7540) - DoS via non-preemptable L3/L4 pagetable freeing Xen . org security team
Xen Security Advisory 256 (CVE-2018-7542) - x86 PVH guest without LAPIC may DoS the host Xen . org security team
Xen Security Advisory 255 (CVE-2018-7541) - grant table v2 -> v1 transition may crash Xen Xen . org security team
Friday, 02 March
memcached UDP amplification attacks Hanno Böck
Re: memcached UDP amplification attacks Kurt Seifried
Re: memcached UDP amplification attacks Kurt Seifried
Sunday, 04 March
Linux kernel: CVE-2018-1065 - netfilter rule insertion may panic system. Wade Mealing
Monday, 05 March
Terminal Control Chars up201407890
CVE-2018-1066 : kernel - CIFS - Null pointer dereference in ntlmv2 response client crash. Wade Mealing
Remote DoS flaw in 389-ds-base Dhiru Kholia
Re: Terminal Control Chars Jesse Hertz
Tuesday, 06 March
Django security releases issued: 2.0.3, 1.11.11, and 1.8.19 Tim Graham
Authentication bypass mainwp-child < 3.4.5 Slavco Mihajloski
util-linux: CVE-2018-7738: code execution in bash-completion for umount Salvatore Bonaccorso
Wednesday, 07 March
Re: memcached UDP amplification attacks Tomas Hoger
Portus, missing certificate validation on proxified https traffic Raphael Geissert
And Harbor? (was: Portus, missing certificate validation on proxified https traffic) Raphael Geissert
Re: memcached UDP amplification attacks Kurt Seifried
Re: memcached UDP amplification attacks Seaman, Chad
Memcached remote DoS in older versions dormando
Thursday, 08 March
Re: memcached UDP amplification attacks Patrick Forsberg
Re: memcached UDP amplification attacks Seaman, Chad
CVE-2018-7550 Qemu: i386: multiboot OOB access while loading kernel image P J P
CVE-2018-7290: Stored XSS vulnerability in Tiki <= 18 chbi
Vulnerabilities and default credentials in Ilias e-learning software / German gov hack Hanno Böck
Re: Memcached remote DoS in older versions dormando
Friday, 09 March
CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display P J P
Sunday, 11 March
Re: Portus, missing certificate validation on proxified https traffic Raphael Geissert
Tuesday, 13 March
[SECURITY ADVISORY] curl: FTP path trickery leads to NIL byte out of bounds write Daniel Stenberg
[SECURITY ADVISORY] curl: LDAP NULL pointer dereference Daniel Stenberg
[SECURITY ADVISORY] curl: RTSP RTP buffer over-read Daniel Stenberg
Thursday, 15 March
[CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability Sydream Labs
CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver
[SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting Dave Brondsema
Friday, 16 March
CVE-2018-1068: Linux kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets Vladis Dronov
[CVE-2018-1324] Apache Commons Compress denial of service vulnerability Stefan Bodewig
Fwd: Firefox 52.7.2 (Fwd: Linux ARM ESR-52 builds need additional patch!) Julien Cristau
libvorbis/libtremor OOB write Daniel Veditz
[cve-request () mitre org: Re: [scr479280] sqlite3 - all; fix is in source control but not yet released] Seth Arnold
Saturday, 17 March
Squirrelmail directory traversal vulnerability allows exfiltrating files from server Hanno Böck
Re: Squirrelmail directory traversal vulnerability allows exfiltrating files from server Salvatore Bonaccorso
Re: CVE request: maliciously crafted notebook files in Jupyter Salvatore Bonaccorso
Sunday, 18 March
Re: CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver
Monday, 19 March
Re: CVE request: maliciously crafted notebook files in Jupyter Fernando Perez
[SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements Francesco Chicchiriccò
[SECURITY] CVE-2018-1322: Information disclosure via FIQL and ORDER BY sorting Francesco Chicchiriccò
Re: CVE request: maliciously crafted notebook files in Jupyter Ricter Zheng
[CVE-2018-8048] Loofah XSS Vulnerability Mike Dalessio
Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove
Tuesday, 20 March
Re: CVE request: maliciously crafted notebook files in Jupyter Gordo Lowrey
Re: Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove
ES2018-05 Kamailio heap overflow Sandro Gauci
OpenSSL: bug in modular exponentiation Guido Vranken
Thursday, 22 March
Re: OpenSSL: bug in modular exponentiation zugtprgfwprz
Re: OpenSSL: bug in modular exponentiation Guido Vranken
Denial of service and other vulnerabilities in Icinga 2.x before version 2.8.2 (CVE-2018-6532, CVE-2018-6534, CVE-2018-6535) Michael Hanselmann
[CVE-2018-3741] XSS vulnerability in rails-html-sanitizer Rafael Mendonça França
Friday, 23 March
CVE-2018-1000140 - rsyslog librelp X.509 parsing issue Kurt Seifried
Re: [SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements Daniel Kahn Gillmor
Saturday, 24 March
CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request Daniel Ruggeri
CVE-2018-1303: Possible out of bound read in mod_cache_socache Daniel Ruggeri
CVE-2018-1283: Tampering of mod_session data for CGI applications Daniel Ruggeri
CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown Daniel Ruggeri
CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name Daniel Ruggeri
CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest Daniel Ruggeri
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Daniel Ruggeri
Stack buffer overflow in WolfSSL before 3.13.0 Hanno Böck
Sunday, 25 March
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Marius Bakke
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer
Monday, 26 March
Re: Stack buffer overflow in WolfSSL before 3.13.0 Yves-Alexis Perez
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Tuesday, 27 March
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic
[ANN] A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin Lukasz Lenart
Linux kernel: syzkaller dashboard Andrey Konovalov
CVE-2018-1091: Linux kernel: a KVM guest kernel crash during core dump on POWER9 host Vladis Dronov
Wednesday, 28 March
Foreman 1.9+ SQL injection in dashboard page Tomer Brisker
Thursday, 29 March
a number of CVEs for issues in the filesystem's code in the Linux kernel Vladis Dronov
Friday, 30 March
Fwd: [scr485440] 5 Samsung CVEs flanker017
Re: Fwd: [scr485440] 5 Samsung CVEs Solar Designer