oss-sec: by date
RSS Feed
About List
All Lists
Previous period
284 messages
starting Jul 02 18 and
ending Sep 28 18
Date index |
Thread index |
Author index
Monday, 02 July
Re: Apache CXF 3.2.6 and 3.1.16 are released David Karlsen
accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner
cinnamon: possible symlink attack in cinnamon-settings-users.py Matthias Gerstner
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk
Re: cinnamon: possible symlink attack in cinnamon-settings-users.py Matthias Gerstner
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie
Tuesday, 03 July
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner
coverity scan of qmail -- 53 potential defects (with false positives) Georgi Guninski
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko
Wednesday, 04 July
Apache CXF Fediz 1.4.4 is released Colm O hEigeartaigh
[SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext) Uwe Schindler
Statistics for distros lists updated for Q2 Kristian Fiskerstrand
Re: [SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext) will martin
BIND Operational Notification: Extremely large zone transfers can result in corrupted journal files or server process termination Michael McNally
Friday, 06 July
mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Solar Designer
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw
Tuesday, 10 July
[OSSN-0084] Data retained after deletion of a ScaleIO volume Luke Hinds
[Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel Emmanuel Lecharny
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH
CVE-2018-1331: Apache Storm remote code execution vulnerability Bobby Evans
[SECURITY ADVISORY] curl SMTP send heap buffer overflow Daniel Stenberg
Wednesday, 11 July
polkit: CVE-2018-1116: polkitd trusting client-supplied UID allows spoofed authentication dialogs Matthias Gerstner
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw
Re: Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH
CVE-2018-8007: Apache CouchDB administrative privilege escalation Dave Cottlehuber
CVE-2018-10895: Remote code execution due to CSRF in qutebrowser Florian Bruhin
CVE-2018-5739: ISC Kea 1.4.0 failure to release memory may exhaust system resources Michael McNally
Thursday, 12 July
CVE-2018-1334 Apache Spark local privilege escalation vulnerability Sean Owen
CVE-2018-8024 Apache Spark XSS vulnerability in UI Sean Owen
Re: Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 halfdog
Friday, 13 July
Fastbin double free in MP4v2 2.0.0 Ruikai Liu
CVE-2018-13405: Linux kernel: fs/inode.c:inode_init_owner() function mishandled a file creation in setgid directories Vladis Dronov
Monday, 16 July
Integer underflow/overflow in MP4v2 2.0.0 Ruikai Liu
Tuesday, 17 July
Type confusion in MP4v2 2.0.0 Ruikai Liu
[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper Justin Bull
Wednesday, 18 July
CVE-2018-1333: Apache HTTP Server HTTP/2 DoS Mark Cox
CVE-2018-8011: Apache HTTP Server mod_md DoS Mark Cox
Out-of-bounds memory access in MP4v2 2.0.0 Ruikai Liu
CVE-2018-14055: privilege escalation in ZNC Alexey Sokolov
CVE-2018-14056: path traversal in ZNC Alexey Sokolov
CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out in Apache Ambari Robert Levas
Multiple vulnerabilities in Jenkins Daniel Beck
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Thursday, 19 July
[CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons Denis Magda
[CVE-2018-8018] Possible Execution of Arbitrary Code via Apache Ignite GridClientJdkMarshaller Denis Magda
Friday, 20 July
CVE request: Wesnoth arbitrary code execution/sandbox escape Iris Morelle
Re: CVE request: Wesnoth arbitrary code execution/sandbox escape Emilio Pozuelo Monfort
CVE-2018-10900: NetworkManager-vpnc-1.2.4 local privilege escalation Lubomir Rintel
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk
[CVE] CVE-2018-11756 PHP Runtime for Apache OpenWhisk Rodric Rabbah
[CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk Rodric Rabbah
Sunday, 22 July
Re: CVE request: Wesnoth arbitrary code execution/sandbox escape Iris Morelle
Monday, 23 July
CVE-2018-8031 Apache TomEE Webapp XSS Jonathan Gallimore
Tuesday, 24 July
[CVE-2018-10906] libfuse: restriction bypass of the "allow_other" option when SELinux is active Nikolaus Rath
Wednesday, 25 July
Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path Xen . org security team
[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432) Matthew Thode
Thursday, 26 July
Fw: New cabextract 1.7 and libmspack 0.7 release Hanno Böck
Squirrelmail XSS security fix Hanno Böck
CVE-2017-12610: Authenticated Kafka clients may impersonate other users Rajini Sivaram
CVE-2018-1288: Authenticated Kafka clients may interfere with data replication Rajini Sivaram
Re: Pointer misuse unziping files with busybox Salvatore Bonaccorso
Saturday, 28 July
Re: Fw: New cabextract 1.7 and libmspack 0.7 release Salvatore Bonaccorso
Sunday, 29 July
Re: Pointer misuse unziping files with busybox Justin Ferguson
Monday, 30 July
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Tuesday, 31 July
[SECURITY] New security advisory CVE-2018-8027 released for Apache Camel Andrea Cosentino
Xen Security Advisory 274 v2 (CVE-2018-14678) - Linux: Uninitialized state in x86 PV failsafe callback path Xen . org security team
blueman before version 2.0.6 is not enforcing authorization for polkit action org.blueman.network.setup Matthias Gerstner
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
Wednesday, 01 August
Django security releases issued: 1.11.15 and 2.0.8 Tim Graham
[SBA-ADV-20180425-01] CVE-2015-5243 rediscovered: phpWhois before 5.1.0 PHP Code Injection SBA Research Advisory
Thursday, 02 August
Stored XSS vulnerabilities in Tiki <= 18.1 chbi
Re: Stored XSS vulnerabilities in Tiki <= 18.1 chbi
Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov
Sunday, 05 August
Heap-based buffer overflow in zutils zcat Ben Hutchings
Monday, 06 August
Requesting CVE number for Qt Creator / Botan issue Thiago Macieira
CVE-2017-12614 XSS Vulnerability in Airflow < 1.9 Ash Berlin-Taylor
Re: Requesting CVE number for Qt Creator / Botan issue Henri Salo
CVE-2018-6556: lxc-user-nic allows for open() of arbitrary paths Stéphane Graber
Wednesday, 08 August
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 Michael Catanzaro
CVE-2018-11769: Apache CouchDB Remote Code Execution (affects versions 1.x and ≤2.1.2) Joan Touzet
Unauthenticated EAPOL-Key decryption in wpa_supplicant Jouni Malinen
Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jens Timmerman
Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett
Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jouni Malinen
CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named Michael McNally
Thursday, 09 August
Knot Resolver 2.4.1 security release Petr Špaček
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan
RE: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Reinis Rozitis
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer
Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov
Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Simon McVittie
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan
cobbler CVE-2018-10931: CobblerXMLRPCInterface exports internal only functions over XMLRPC Cedric Buissart
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) David T.
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Kurt H Maier
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Dave Horsfall
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Amos Jeffries
Monday, 13 August
CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication Sean Owen
Tuesday, 14 August
CVE-2018-14424: Use-after-free in GDM Chris Coulson
X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices X41 D-Sec GmbH Advisories
CVE-2018-14722: btrfsmaintenance: Code execution Marcus Meissner
Xen Security Advisory 273 v1 (CVE-2018-3620,CVE-2018-3646) - L1 Terminal Fault speculative side channel Xen . org security team
Xen Security Advisory 268 v2 - Use of v2 grant tables may cause crash on ARM Xen . org security team
Xen Security Advisory 269 v2 - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team
Xen Security Advisory 270 v2 - Linux netback driver OOB access in hash handling Xen . org security team
Xen Security Advisory 271 v2 (CVE-2018-14007) - XAPI HTTP directory traversal Xen . org security team
Xen Security Advisory 272 v2 - oxenstored does not apply quota-maxentity Xen . org security team
CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) Vladis Dronov
Wednesday, 15 August
Re: CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) David T.
Re: CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) Marcus Meissner
Multiple vulnerabilities in Jenkins Daniel Beck
Xen Security Advisory 274 v3 (CVE-2018-14678) - Linux: Uninitialized state in x86 PV failsafe callback path Xen . org security team
OpenSSH Username Enumeration Qualys Security Advisory
Thursday, 16 August
Re: OpenSSH Username Enumeration Matthew Daley
[CVE-2018-11771] Apache Commons Compress 1.7 to 1.17 denial of service vulnerability Stefan Bodewig
spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Doran Moppert
Friday, 17 August
Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Florian Weimer
Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Frediano Ziglio
Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Jeffrey Walton
Rule for releasing fixes for embargoed bugs Dominique Martinet
Re: Rule for releasing fixes for embargoed bugs Marcus Meissner
Re: Rule for releasing fixes for embargoed bugs Dominique Martinet
Re: OpenSSH Username Enumeration Salvatore Bonaccorso
Re: Rule for releasing fixes for embargoed bugs Amos Jeffries
Re: OpenSSH Username Enumeration Dariusz Tytko
Monday, 20 August
Xen Security Advisory 269 v3 (CVE-2018-15468) - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team
Xen Security Advisory 268 v3 (CVE-2018-15469) - Use of v2 grant tables may cause crash on ARM Xen . org security team
Xen Security Advisory 272 v3 (CVE-2018-15470) - oxenstored does not apply quota-maxentity Xen . org security team
Xen Security Advisory 270 v3 (CVE-2018-15471) - Linux netback driver OOB access in hash handling Xen . org security team
CVE-2018-10902 - linux kernel - double free in midi subsystem Wade Mealing
Tuesday, 21 August
More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Alex Gaynor
X.Org security advisory: August 21, 2018 Matthieu Herrb
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Wednesday, 22 August
[ANN] CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Yasser Zamani
Re: Heap-based buffer overflow in zutils zcat Ben Hutchings
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? AmitB
CVE-2018-11758: Apache Cayenne XXE Vulnerability in CayenneModeler GUI tool Andrus Adamchik
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn
Fwd: X.Org security advisory: August 22, 2018 Alan Coopersmith
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Florian Weimer
Thursday, 23 August
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari
Re: Heap-based buffer overflow in zutils zcat Antonio Diaz Diaz
Re: OpenSSH Username Enumeration Dariusz Tytko
Re: OpenSSH Username Enumeration Solar Designer
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Mateusz Lenik
Re: OpenSSH Username Enumeration Qualys Security Advisory
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn
[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive Sergio Peña
Friday, 24 August
About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer
Saturday, 25 August
Re: Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer
Travis CI MITM RCE Jakub Wilk
Sunday, 26 August
Re: Travis CI MITM RCE Phil Pennock
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer
Re: Travis CI MITM RCE Jeremy Stanley
Monday, 27 August
CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS Vladis Dronov
Another OpenSSH "user enumeration" Qualys Security Advisory
Another "user enumeration" in Dropbear sjw
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger
Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Wade Mealing
Tuesday, 28 August
Re: Another OpenSSH "user enumeration" Marcus Meissner
Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down 张洪睿
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner
Re: Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down Xiami
CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads P J P
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH
Re: CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS Greg KH
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Florian Weimer
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH
Re: Travis CI MITM RCE Daniel Kahn Gillmor
Wednesday, 29 August
[ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022 Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with header variable access in the ESI plugin - CVE-2018-8040 Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318 Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with multi-range requests - CVE-2018-8005 Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with multiple HTTP smuggling and cache poisoning attacks - CVE-2018-8004 Bryan Call
Re: [ANNOUNCE] Apache Traffic Server vulnerability with header variable access in the ESI plugin - CVE-2018-8040 Bryan Call
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Thursday, 30 August
Re: Travis CI MITM RCE zugtprgfwprz
Friday, 31 August
Re: Travis CI MITM RCE vines
Re: Travis CI MITM RCE Daniel Kahn Gillmor
Saturday, 01 September
Re: Travis CI MITM RCE zugtprgfwprz
Re: Travis CI MITM RCE zugtprgfwprz
Sunday, 02 September
CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write P J P
Monday, 03 September
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Wade Mealing
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner
Tuesday, 04 September
glusterfs: multiple flaws Siddharth Sharma
CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free Tyler Hicks
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Brandon Perry
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
[SECURITY ADVISORY] curl: NTLM password overflow via integer overflow Daniel Stenberg
Wednesday, 05 September
Re: CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free Vladis Dronov
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Stuart Gathman
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger
Thursday, 06 September
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Jakub Wilk
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev
Friday, 07 September
perl Crypt::JWT vulnerability Jeremy Choi
Sunday, 09 September
Re: Ghostscript 9.24 issues Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy
Monday, 10 September
[ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon
Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon
Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Solar Designer
Re: Re: Ghostscript 9.24 issues Marcus Meissner
Tuesday, 11 September
Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Larry W. Cashdollar
tdesktop leaks user IP address Dhiraj Mishra
Wednesday, 12 September
[SECURITY] New security advisory CVE-2018-8041 released for Apache Camel Andrea Cosentino
Re: tdesktop leaks user IP address Daniel Kahn Gillmor
Thursday, 13 September
Cleartext passwords external services in Squash TM's web interface Guillaume Quéré
OpenSC release 0.19.0 Frank Morgner
CVE-2018-1330: Libprocess might crash when decoding malformed HTTP requests or malformed JSON payload. Alex R
Saturday, 15 September
haskell-tls: Inconsistencies in answers to RSA errors (possiby Bleichenbacher/ROBOT attack) Hanno Böck
Sunday, 16 September
[SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Kevin A. McGrail
Monday, 17 September
Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Reindl Harald
Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Kevin A. McGrail
Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Reindl Harald
[SBA-ADV-20180420-01] CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal SBA Research Advisory
Re: Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Leo Famulari
Tuesday, 18 September
CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() Vladis Dronov
[SECURITY] New security advisory for CVE-2018-11786 released for Apache Karaf Jean-Baptiste Onofré
[SECURITY] New security advisory for CVE-2018-11787 released for Apache Karaf Jean-Baptiste Onofré
Linux kernel: potential local priviledge escalation bug in vmacache code Davidlohr Bueso
Wednesday, 19 September
Re: Linux kernel: potential local priviledge escalation bug in vmacache code Vladis Dronov
Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso
Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso
[CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability Tim Allison
[CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app Tim Allison
[CVE-2018-8017] Apache Tika Denial of Service Vulnerability -- Potential Infinite Loop in IptcAnpaParser Tim Allison
CVE-2018-12642: Incorrect Access Control of tickets in Froxlor <= 0.9.39.5 chbi
tdesktop 1.3.14: index out of range Dhiraj Mishra
Re: tdesktop 1.3.14: index out of range Stuart D. Gathman
Re: tdesktop 1.3.14: index out of range Solar Designer
ISC has issued new patch releases of BIND Michael McNally
X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty X41 D-Sec GmbH Advisories
Thursday, 20 September
Re: ISC has issued new patch releases of BIND Solar Designer
CVE-2018-5740 BIND (named vuln) and bad OVAL dict file maintenance scrumpyjack
Friday, 21 September
CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Alex R
Saturday, 22 September
Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Ariel Zelivansky
Sunday, 23 September
Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Terry Chia
Monday, 24 September
CVE-2018-14633: Linux kernel: security flaw in iscsi target code Vladis Dronov
Tuesday, 25 September
bounties Justin Ferguson
Re: bounties Solar Designer
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Integer overflow in Linux's create_elf_tables() (CVE-2018-14634) Qualys Security Advisory
Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Ariel Zelivansky
Re: bounties Jeremy Stanley
Wednesday, 26 September
Re: bounties Justin Ferguson
Re: bounties Solar Designer
Apache Ignite: CVE-2018-8018, CVE-2018-1273, CVE-2018-1274: Notification on available mitigation Alexander Gerus
Thursday, 27 September
Telegram uses SOCKS5 to share user/creds Dhiraj Mishra
Using quilt on untrusted RPM spec files Matthias Gerstner
Friday, 28 September
Re: Using quilt on untrusted RPM spec files Randy Barlow
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 Michael Catanzaro