oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

256 messages starting Apr 02 18 and ending Jun 30 18
Date index | Thread index | Author index

Monday, 02 April

[CVE-2018-1295]: Possible Execution of Arbitrary Code Within Deserialization Endpoints of Apache Ignite Denis Magda
Announce: OpenSSH 7.7 released Damien Miller

Wednesday, 04 April

CVE-2018-1002150: koji: Dist Repo call missing authorization check allowing filesystem manipulation Patrick Uiterwijk
Linux Kernel Defence Map Alexander Popov
WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro
Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro
Re: Linux Kernel Defence Map Kees Cook
[SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files Daniel Dai
[SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned Daniel Dai
[SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised Daniel Dai
Re: Re: Linux Kernel Defence Map Kurt Seifried

Thursday, 05 April

Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Linux Kernel Defence Map Alexander Popov
Re: Linux Kernel Defence Map Kees Cook
Re: Linux Kernel Defence Map Alexander Popov
Re: Linux Kernel Defence Map Kees Cook
Privsec vuln in beep / Code execution in GNU patch Hanno Böck

Friday, 06 April

Re: Privsec vuln in beep / Code execution in GNU patch Sebastian Krahmer
Re: Privsec vuln in beep / Code execution in GNU patch Jakub Wilk
Re: Linux Kernel Defence Map Alexander Popov

Sunday, 08 April

beep infoleak Hanno Böck
CVE-2018-2767: MySQL & MariaDB: Return of the BACKRONYM vulnerability (public disclosure) Pali Rohár
[SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter Uwe Schindler
Re: beep infoleak Kash Pande

Monday, 09 April

pcs: disclosure of CVE-2018-1079 and CVE-2018-1086 Cedric Buissart
Re: Terminal Control Chars Ian Zimmerman
Re: Re: Terminal Control Chars Not Real

Tuesday, 10 April

Re: Terminal Control Chars Gordo Lowrey
CVE-2017-13220 / Android A-63527053: Linux kernel: Possible out-of-bound access in Bluetooth subsystem Vladis Dronov
Re: Re: Terminal Control Chars Jakub Wilk
CVE-2018-1097 Foreman: oVirt credentials exposed by host power API Tomer Brisker
Re: Terminal Control Chars Christian Brabandt
Change to ASF httpd vulnerability XML format Mark Cox
Re: Terminal Control Chars Jakub Wilk

Wednesday, 11 April

Multiple vulnerabilities in Jenkins Daniel Beck

Thursday, 12 April

Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8 Larry W. Cashdollar
CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function Raphael Sanchez Prudencio
Re: Terminal Control Chars Jakub Wilk
Re: CVE-2018-1000168: nghttp2: Denial of service due to NULL pointer dereference. Tatsuhiro Tsujikawa
Re: Terminal Control Chars Ian Zimmerman
Re: Re: Terminal Control Chars Russ Allbery
Re: Re: Terminal Control Chars David A. Wheeler
Re: Re: Terminal Control Chars Russ Allbery
Re: Re: Terminal Control Chars Simon McVittie
Re: Re: Terminal Control Chars David A. Wheeler
Updated distros statistics Kristian Fiskerstrand
Re: Updated distros statistics Seth Arnold

Friday, 13 April

Re: Terminal Control Chars Jakub Wilk

Monday, 16 April

Re: Re: Terminal Control Chars Jakub Wilk
Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala

Wednesday, 18 April

CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled Siddharth Sharma
CVE-2018-1172 Squid Proxy Cache Denial of Service vulnerability Amos Jeffries

Thursday, 19 April

[SECURITY] CVE-2018-1289: Apache Fineract SQL Injection Vulnerability by orderBy and sortOrder parameters Ed Cable
[SECURITY] CVE-2018-1290: Apache Fineract SQL Injection Vulnerability - Single quotation escape caused by two continuous SQL parameters Ed Cable
[SECURITY] CVE-2018-1291: Apache Fineract SQL Injection Vulnerability - Order by injection via Order Param Ed Cable
[SECURITY] CVE-2018-1292: Apache Fineract SQL Injection Vulnerability - Injection via reportName parameter Ed Cable
CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow Vítor Silva
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley

Friday, 20 April

Re: a number of CVEs for issues in the filesystem's code in the Linux kernel Vladis Dronov
[OSSA-2018-001] Raw underlying encrypted volume access (CVE-2017-18191) Tristan Cacqueray

Monday, 23 April

Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König
CVE-2018-1110: Knot Resolver <= 2.2.0 Improper Input Validation Petr Špaček
Multiple local root vulnerabilities involving PackageKit CVE-2018-1106 Matthias Gerstner

Tuesday, 24 April

ktexteditor / Kate local privilege escalation Matthias Gerstner
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley
CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala

Wednesday, 25 April

Re: ktexteditor / Kate local privilege escalation (CVE-2018-10361) Matthias Gerstner
Re: Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König
Xen Security Advisory 258 - Information leak via crafted user-supplied CDROM Xen . org security team
Xen Security Advisory 259 - x86: PV guest may crash Xen with XPTI Xen . org security team
[CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser Tim Allison
[CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser Tim Allison
[CVE-2018-1335] Command Injection Vulnerability in Apache Tika’s tika-server module Tim Allison

Thursday, 26 April

[ANNOUNCE] CVE-2017-15691: Apache UIMA XML external entity expansion (XXE) attack exposure Marshall Schor

Friday, 27 April

CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS nongiach nongiach

Monday, 30 April

Xen Security Advisory 258 (CVE-2018-10472) - Information leak via crafted user-supplied CDROM Xen . org security team
Xen Security Advisory 259 (CVE-2018-10471) - x86: PV guest may crash Xen with XPTI Xen . org security team
Re: Re: Linux Kernel Defence Map Alexander Popov

Tuesday, 01 May

Re: CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS nongiach nongiach
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka
CVE-2018-1000199: ptrace() incorrect error handling leads to corruption and DoS Andy Lutomirski

Thursday, 03 May

Singularity's Linux kernel vulnerability claim Priedhorsky, Reid
Re: Singularity's Linux kernel vulnerability claim gremlin

Saturday, 05 May

[ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton

Sunday, 06 May

GNU Wget Cookie Injection [CVE-2018-0494] Harry Sintonen

Monday, 07 May

WebKitGTK+ Security Advisory WSA-2018-0004 Michael Catanzaro
CVE-2018-1089 389-ds-base: unauthenticated ns-slapd crash via large filter value in ldapsearch Cedric Buissart
Re: CVE-2018-1089 389-ds-base: unauthenticated ns-slapd crash via large filter value in ldapsearch Cedric Buissart

Tuesday, 08 May

Xen Security Advisory 260 (CVE-2018-8897) - x86: mishandling of debug exceptions Xen . org security team
Xen Security Advisory 261 - x86 vHPET interrupt injection errors Xen . org security team
Xen Security Advisory 262 - qemu may drive Xen into unbounded loop Xen . org security team
CVE-2018-8897: #DB exceptions that are deferred by MOV SS or POP SS may cause unexpected behavior Andy Lutomirski
CVE-2018-1087: KVM incorrectly handles #DB exceptions while deferred by MOV SS/POP SS Andy Lutomirski
CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() Wade Mealing

Wednesday, 09 May

PowerDNS Security Advisory 2018-02 Remi Gacogne
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
CVE-2018-1000155: Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow 1.0+ handshake Kashyap Thimmaraju

Thursday, 10 May

CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Vladis Dronov
erc20 contract KoreaShow bug Qinghao Tang

Friday, 11 May

Xen Security Advisory 262 (CVE-2018-10981) - qemu may drive Xen into unbounded loop Xen . org security team
Xen Security Advisory 261 (CVE-2018-10982) - x86 vHPET interrupt injection errors Xen . org security team

Monday, 14 May

PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez
Re: PGP/MIME and S/MIME mail clients vulnerabilities Jakub Wilk
Re: PGP/MIME and S/MIME mail clients vulnerabilities Christian Brabandt
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger
Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez
Re: CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes

Tuesday, 15 May

Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May
Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton
Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard
Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer
[SECURITY AVISORY] curl: FTP shutdown response buffer overflow Daniel Stenberg
[SECURITY AVISORY] curl: RTSP bad headers buffer over-read Daniel Stenberg

Wednesday, 16 May

Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez
Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May
Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May
Re: PGP/MIME and S/MIME mail clients vulnerabilities Matthew Fernandez
[SECURITY] CVE-2018-8014 Insecure defaults for CORS filter Mark Thomas

Thursday, 17 May

Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory
Apache ORC 1.5.0 and 1.4.4 Released Owen O'Malley

Friday, 18 May

[opendaylight-security-note]: SDNInterfaceapp SQL injection Luke Hinds
ISC has disclosed two vulnerabilities in BIND 9.12 (CVE-2018-5736, CVE-2018-5737) ISC Security Officer

Sunday, 20 May

Reptile: a LKM rootkit written for evil purposes nullbyte
[CVE-2018-10094] Dolibarr SQL Injection vulnerability Sysdream Labs
[CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability Sysdream Labs
Dolibarr XSS Injection vulnerability Sysdream Labs

Monday, 21 May

[SECURITY] CVE-2018-8010: XXE vulnerability due to Apache Solr configset upload Uwe Schindler
Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger
[CVE-2018-8012] Apache ZooKeeper Quorum Peer mutual authentication Patrick Hunt

Tuesday, 22 May

[ANNOUNCE] CVE Announcement for Apache NiFi 1.0.0 - 1.5.0 Andy LoPresto
Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer

Wednesday, 23 May

[CVE-2018-8013] Apache Batik information disclosure vulnerability Simon Steiner
Re: Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried

Friday, 25 May

Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Evgenii Shatokhin
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov

Saturday, 26 May

Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton

Wednesday, 30 May

MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 Amine Taouirsa

Thursday, 31 May

CVE request: rufus Stefan Kanthak
[CVE-2018-10847] prosody: insufficient stream header validation Matthew Wild
Re: CVE request: rufus Pete Batard
Re: CVE request: rufus Stefan Kanthak
Re: CVE request: rufus Solar Designer
Re: CVE request: rufus Pete Batard

Friday, 01 June

Re: CVE request: rufus Stefan Kanthak
Re: Re: CVE request: rufus Henri Salo
[CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda
Re: Re: CVE request: rufus Lionel Debroux

Sunday, 03 June

CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal oststrom (public)

Monday, 04 June

Multiple vulnerabilities in Jenkins plugins Daniel Beck

Tuesday, 05 June

[CVE-2018-1332] Apache Storm user impersonation vulnerability P. Taylor Goetz
[CVE-2018-8008] Apache Storm arbitrary file write vulnerability P. Taylor Goetz
RE: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Rai, Harendra
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck

Wednesday, 06 June

Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Tomas Hoger
Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda
CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams P J P

Thursday, 07 June

Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Secunia Research
Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Andrey Gura
Perl: CVE-2018-12015: Archive::Tar: directory traversal vulnerability Salvatore Bonaccorso

Friday, 08 June

CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko
CVE-2018-12020 in GnuPG Yves-Alexis Perez

Saturday, 09 June

Re: CVE-2018-12020 in GnuPG Marcus Brinkmann

Sunday, 10 June

Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan
Re: Re : Re: [oss-security] CVE-2018-12020 in GnuPG Yves-Alexis Perez

Monday, 11 June

Buffer Overflow in pppd EAP-TLS implementation Luciano Bello

Tuesday, 12 June

Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Todd C. Miller
ISC has announced CVE-2018-5738, a defect in some versions of BIND ISC Security Officer
[SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability Anthony Baker

Wednesday, 13 June

Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski
Re: Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stephen Farrell
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski
Intel FP security issue Loganaden Velvindron
Third Party Code Signing Vulnerability in Squirrel & Sparkle Lets Secure
Re: Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
CVE-2018-12020, CVE-2018-12019 in GnuPG, Enigmails, GPGTools, python-gnupg Marcus Brinkmann
Re: Intel FP security issue Loganaden Velvindron
Xen Security Advisory 267 (CVE-2018-3665) - Speculative register leakage from lazy FPU context switching Xen . org security team

Thursday, 14 June

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 Michael Catanzaro
Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk
CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jason A. Donenfeld

Friday, 15 June

Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski
Re: Re: Intel FP security issue Marcus Meissner
Re: Re: Intel FP security issue Liguori, Anthony
Re: Intel FP security issue Solar Designer
CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori
Re: Intel FP security issue Anthony Liguori
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann
Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk
Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Alan Coopersmith
Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori

Saturday, 16 June

Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann

Sunday, 17 June

Fun with DBM-type databases... Lionel Debroux

Monday, 18 June

cantata: cantata-mounter D-Bus service local privilege escalation and other security issues Matthias Gerstner
[SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages exceed maximum size limit Alex Rudyy

Tuesday, 19 June

Re: cantata: cantata-mounter D-Bus service local privilege escalation and other security issues Matthias Gerstner
[CVE-2018-3760] Path Traversal in Sprockets Rafael Mendonça França
CVE-2018-12558: DOS in perl module Email::Address Pali Rohár
Intel hyper-threading security issues Loganaden Velvindron

Wednesday, 20 June

CVE-2018-10841 glusterfs: access trusted peer group via remote-host command Siddharth Sharma
Re: Intel hyper-threading security issues Georgi Guninski

Thursday, 21 June

Re: Intel hyper-threading security issues Stuart Henderson
Re: Intel hyper-threading security issues Lukas Odzioba
Re: Intel hyper-threading security issues Lukas Odzioba
Re: Intel hyper-threading security issues Sven Schwedas
Re: Intel hyper-threading security issues Georgi Guninski
Re: Intel hyper-threading security issues Solar Designer
Re: Intel hyper-threading security issues Lukas Odzioba
Re: Intel hyper-threading security issues Gordon Tetlow

Friday, 22 June

Re: Intel hyper-threading security issues Michael Ellerman
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Vladis Dronov
CVE-2018-8025 on Apache HBase Josh Elser
Re: Intel hyper-threading security issues Solar Designer
Re: Intel hyper-threading security issues Seth Arnold

Saturday, 23 June

Re: Intel hyper-threading security issues Peter Kjellström

Monday, 25 June

Re: Intel hyper-threading security issues Georgi Guninski
Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 zrlw
Re: Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 Marcus Meissner
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2018-8016 on Apache Cassandra Nate McCall

Tuesday, 26 June

[ CVE-2018-1306 ] Apache Portals Pluto information disclosure vulnerability Martin Scott Nicklous
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko
CVE-2018-10857 and CVE-2018-10859: git-annex private data exposure Joey Hess
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Vladis Dronov
CVE-2018-1273 fixed in Metron 0.5.0 James Sirota
CVE for PyYAML RCE-factory API Alex Gaynor
Re: CVE for PyYAML RCE-factory API Seth Arnold

Wednesday, 27 June

rclone data exflitration / unauthorized API use oss-security-list
Re: rclone data exflitration / unauthorized API use Solar Designer
squirrelmail XSS issues in bug tracker since 2016 Hanno Böck
Re: squirrelmail XSS issues in bug tracker since 2016 Hanno Böck
KVM L1 guest escape - CVE-2018-12904 Marcus Meissner
Re: squirrelmail XSS issues in bug tracker since 2016 Hanno Böck
Re: CVE for PyYAML RCE-factory API Alex Gaynor
Xen Security Advisory 264 (CVE-2018-12891) - preemption checks bypassed in x86 PV MM handling Xen . org security team
Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest Xen . org security team
Xen Security Advisory 266 (CVE-2018-12892) - libxl fails to honour readonly flag on HVM emulated SCSI disks Xen . org security team

Thursday, 28 June

Apache CXF 3.2.6 and 3.1.16 are released Colm O hEigeartaigh

Friday, 29 June

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler
[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler

Saturday, 30 June

BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive) Georgi Guninski

Previous period

Next period