oss-sec: by author
RSS Feed
About List
All Lists
Previous period
279 messages
starting Nov 05 18 and
ending Oct 29 18
Date index |
Thread index |
Author index
Aaron Patterson
[CVE-2018-16471] Possible XSS vulnerability in Rack Aaron Patterson (Nov 05)
[CVE-2018-16470] Possible DoS vulnerability in Rack Aaron Patterson (Nov 05)
Agostino Sarubbo
Re: catdoc: out of bounds heap read and nullpointer / segfault Agostino Sarubbo (Nov 25)
Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array Agostino Sarubbo (Dec 18)
Re: Crashes and memory safety bugs in dcraw Agostino Sarubbo (Nov 23)
Akira Ajisaka
CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability Akira Ajisaka (Nov 22)
CVE-2018-11766: Apache Hadoop privilege escalation vulnerability Akira Ajisaka (Nov 27)
Alan Coopersmith
Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alan Coopersmith (Oct 10)
Alexander Bergmann
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)
Alex Gaynor
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alex Gaynor (Oct 09)
Re: Django security release issued: 2.1.2 Alex Gaynor (Oct 01)
Re: CVE-2018-16882 Kernel: KVM: nVMX: use after free in posted interrupt processing Alex Gaynor (Dec 18)
Amos Jeffries
Re: Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 28)
Re: Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 29)
Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 28)
Andrea Barisani
CVE-2018-18439, CVE-2018-18440 - U-Boot verified boot bypass vulnerabilities Andrea Barisani (Nov 02)
Andreas Lehmkuehler
[UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Andreas Lehmkuehler (Oct 06)
[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Andreas Lehmkuehler (Oct 05)
Andrew Sandoval
GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Andrew Sandoval (Oct 22)
Andrey Konovalov
Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Oct 30)
Billy Brumley
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 12)
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 02)
CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 01)
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 06)
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 09)
Bob Friesenhahn
Re: Multiple telnet.c overflows Bob Friesenhahn (Dec 12)
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
Re: Re: Crashes and memory safety bugs in dcraw Bob Friesenhahn (Nov 23)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Bob Friesenhahn (Oct 09)
Brad Spengler
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Brad Spengler (Dec 14)
Brandon Perry
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Brandon Perry (Oct 10)
Carlton Gibson
Django security release issued: 2.1.2 Carlton Gibson (Oct 01)
Cesar Pereida Garcia
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Cesar Pereida Garcia (Nov 06)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Oct 10)
Multiple vulnerabilities in Jenkins Daniel Beck (Dec 05)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Dec 09)
Re: Script sandbox bypass in multiple Jenkins plugins Daniel Beck (Dec 09)
Script sandbox bypass in multiple Jenkins plugins Daniel Beck (Oct 29)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Dec 09)
Daniel Borkmann
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Daniel Borkmann (Nov 23)
Daniel Dai
[SECURITY] CVE-2018-11777: Blocking local resource access in HiveServer2 Daniel Dai (Nov 08)
[SECURITY] CVE-2018-1314: Hive explain query not being authorized Daniel Dai (Nov 08)
Daniel Gruno
[NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail Daniel Gruno (Oct 04)
Daniel Kahn Gillmor
Re: Re: Travis CI MITM RCE Daniel Kahn Gillmor (Oct 29)
Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
Daniel Stenberg
[SECURITY ADVISORY] curl - use-after-free in handle close Daniel Stenberg (Oct 30)
[SECURITY ADVISORY] curl - SASL password overflow via integer overflow Daniel Stenberg (Oct 30)
[SECURITY ADVISORY] curl - warning message out-of-buffer read Daniel Stenberg (Oct 31)
Dave Hansen
Re: Linux kernel: "Meltdown leaks with Global kernel mapping" Dave Hansen (Oct 11)
Dhiraj Mishra
null-pointer dereference in poppler library Dhiraj Mishra (Nov 10)
Path traversal in mozilla PDF.js [Unpatched] Dhiraj Mishra (Nov 24)
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Dhiraj Mishra (Dec 02)
libiec61850 stack based buffer overflow - CVE-2018-18957 Dhiraj Mishra (Nov 06)
Re: null-pointer dereference in poppler library Dhiraj Mishra (Nov 11)
Dmitri Shuralyov
Go security releases 1.11.3 and 1.10.6 Dmitri Shuralyov (Dec 14)
Dmitriy Pavlov
[ANNOUNCE] Apache Ignite 2.7.0 Vulnerable Dependecies Updates Dmitriy Pavlov (Dec 07)
Doran Moppert
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Doran Moppert (Oct 09)
Eddie Chapman
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
Emilio Pozuelo Monfort
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Emilio Pozuelo Monfort (Oct 11)
Florian Weimer
REJECT request filed for CVE-2018-11210 against tinyxml2 Florian Weimer (Nov 19)
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 22)
CVE-2018-19591: glibc if_nametoindex may not close descriptor Florian Weimer (Nov 27)
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 23)
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Florian Weimer (Oct 03)
Francesco Chicchiriccò
[SECURITY] CVE-2018-17186 Apache Syncope Francesco Chicchiriccò (Nov 06)
[SECURITY] CVE-2018-17184 Apache Syncope Francesco Chicchiriccò (Nov 06)
Gézapeti Cseh
[CVE-2018-11799] Apache Oozie security vulnerability Gézapeti Cseh (Dec 19)
Greg KH
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Greg KH (Nov 23)
Re: Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Greg KH (Oct 31)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Greg KH (Dec 13)
Hacker Fantastic
Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
Re: Multiple telnet.c overflows Hacker Fantastic (Dec 14)
Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
Multiple telnet.c overflows Hacker Fantastic (Dec 11)
Hanno Böck
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck (Nov 25)
memory safety bugs in bc Hanno Böck (Nov 28)
Enigmail XSA issue with WKD and HTTP authentication Hanno Böck (Dec 07)
Use after free in monit / _handleEvent Hanno Böck (Dec 23)
Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Hanno Böck (Oct 21)
Crashes and memory safety bugs in dcraw Hanno Böck (Nov 23)
Re: memory safety bugs in bc Hanno Böck (Nov 29)
PHP imap_open() script injection Hanno Böck (Nov 22)
Use after free in syslog-ng / affile_dw_reap() Hanno Böck (Dec 22)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 09)
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
Re: Squid Proxy multiple vulnerabilities Hanno Böck (Oct 28)
Re: catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck (Nov 25)
Re: Crashes and memory safety bugs in dcraw Hanno Böck (Nov 23)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
Henri Salo
Re: CVE Request - Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 (and certain versions of v2.1.3 - prior to June 3, 2015) Henri Salo (Oct 02)
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Henri Salo (Oct 02)
Ian Zimmerman
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Ian Zimmerman (Oct 10)
Re: Crashes and memory safety bugs in dcraw Ian Zimmerman (Nov 23)
ISC Security Officer
Additional context information about RedHat's announcement of CVE-2018-5742 ISC Security Officer (Dec 19)
Jakub Wilk
Re: Re: Travis CI MITM RCE Jakub Wilk (Oct 31)
Re: Travis CI MITM RCE Jakub Wilk (Oct 18)
Re: Travis CI MITM RCE Jakub Wilk (Oct 27)
Re: Using quilt on untrusted RPM spec files Jakub Wilk (Oct 22)
Re: Using quilt on untrusted RPM spec files Jakub Wilk (Oct 18)
Jan Lehnardt
Apache CouchDB CVE-2018-17188: Remote Privilege Escalations (Affects all versions < 2.3.0) Jan Lehnardt (Dec 17)
Jann Horn
Linux kernel: TLB flush happens too late on mremap (CVE-2018-18281; fixed in 4.9.135, 4.14.78, 4.18.16, 4.19) Jann Horn (Oct 29)
Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Jann Horn (Dec 12)
Linux kernel: broken uid/gid mapping for nested user namespaces with >5 ranges (CVE-2018-18955; since 4.15; fixed in 4.18.19 and 4.19.2) Jann Horn (Nov 15)
Linux kernel: BPF verifier bug leads to out-of-bounds access (CVE-2018-18445; 4.14.9-4.14.74; 4.15-4.18.12) Jann Horn (Oct 17)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Jann Horn (Dec 14)
Jeff Law
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jeff Law (Oct 23)
Jeffrey Walton
Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Dec 31)
Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Dec 31)
Jim Apple
Fwd: CVE-2018-11785 and CVE-2018-11792, was "[ANNOUNCE] Apache Impala 3.0.1 release" Jim Apple (Oct 24)
joernchen
CVE-2018-17456 Git RCE via .gitmodules joernchen (Oct 06)
Jordan Glover
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jordan Glover (Oct 24)
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
Re: Attempting to patch ghostscript-9.25 Jordan Glover (Oct 20)
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
Karol Babioch
Re: Squid Proxy multiple vulnerabilities Karol Babioch (Nov 09)
Re: Squid Proxy multiple vulnerabilities Karol Babioch (Oct 31)
Ken Moffat
Attempting to patch ghostscript-9.25 Ken Moffat (Oct 20)
Re: Attempting to patch ghostscript-9.25 Ken Moffat (Oct 20)
Larry W. Cashdollar
Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 Larry W. Cashdollar (Nov 20)
Re: jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability Larry W. Cashdollar (Oct 13)
jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability Larry W. Cashdollar (Oct 11)
Arbitrary file upload vulnerability in jQuery Upload File v4.0.2 Larry W. Cashdollar (Nov 20)
Arbitrary file upload vulnerability in jQuery-Picture-Cut v1.1beta Larry W. Cashdollar (Nov 20)
Leo Famulari
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leo Famulari (Oct 10)
Leonid Isaev
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leonid Isaev (Oct 09)
luo
Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo (Oct 06)
CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo (Oct 05)
Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo (Oct 08)
Magnus Klaaborg Stubman
net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 08)
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 10)
Marc Deslauriers
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers (Nov 09)
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers (Nov 12)
Marcus Meissner
CVE-2018-10933: libssh: authentication bypass in server code Marcus Meissner (Oct 16)
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Marcus Meissner (Oct 03)
Re: memory safety bugs in bc Marcus Meissner (Nov 29)
Re: Crashes and memory safety bugs in dcraw Marcus Meissner (Nov 27)
Re: UAF write in usb_audio_probe Marcus Meissner (Dec 04)
Re: Crashes and memory safety bugs in dcraw Marcus Meissner (Nov 23)
Mark Thomas
CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal Mark Thomas (Oct 31)
Mathias Payer
UAF write in usb_audio_probe Mathias Payer (Dec 03)
Matthew Fernandez
Re: mpg321: Out-of-bounds Write Matthew Fernandez (Dec 08)
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Matthew Fernandez (Oct 23)
Matthias Bläsing
[CVE-2018-17191] Apache NetBeans 9.0 Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE) Matthias Bläsing (Dec 30)
Matthias Gerstner
Singularity: CVE-2018-19295: local root exploit - unprivileged users can join arbitrary mnt, net, pid and ipc namespaces Matthias Gerstner (Dec 12)
Matthieu Herrb
X.Org security advisory: October 25, 2018 Matthieu Herrb (Oct 25)
Michael Catanzaro
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 Michael Catanzaro (Dec 13)
Invalid free in cairo_ft_apply_variations Michael Catanzaro (Dec 07)
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 Michael Catanzaro (Nov 22)
Michael Orlitzky
CVE-2018-6954: systemd-tmpfiles root privilege escalation by following non-terminal symlinks Michael Orlitzky (Dec 21)
Mike Dalessio
[CVE-2018-16468] Loofah XSS Vulnerability Mike Dalessio (Oct 30)
Mikhail Klementev
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Mikhail Klementev (Oct 23)
Minh Tuan Luong
Re: CVE-2018-10933: libssh: authentication bypass in server code Minh Tuan Luong (Oct 17)
Nicholas Luedtke
Re: Linux kernel: userfaultfd bypasses tmpfs file Nicholas Luedtke (Dec 13)
Nick Roessler
CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts Nick Roessler (Oct 08)
Pavel Cheremushkin
RE: libvnc and tightvnc vulnerabilities Pavel Cheremushkin (Dec 10)
libvnc and tightvnc vulnerabilities Pavel Cheremushkin (Dec 10)
Perry E. Metzger
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 17)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 10)
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 09)
Philip Withnall
GLib (2.20.0+): GVariant, GDBus and GMarkup out of bounds reads, DoS and unbounded recursion Philip Withnall (Oct 23)
P J P
CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb P J P (Nov 06)
CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path P J P (Nov 20)
CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption P J P (Nov 29)
CVE-2018-12617 Qemu: qemu-guest-agent: Integer overflow in qmp_guest_file_read may lead to crash P J P (Oct 17)
CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference P J P (Dec 18)
CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) P J P (Dec 06)
CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug P J P (Dec 13)
CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files P J P (Nov 25)
CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv P J P (Dec 18)
CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp P J P (Dec 19)
CVE-2018-18849 Qemu: lsi53c895a: OOB msg buffer access leads to DoS P J P (Oct 31)
CVE-2018-16882 Kernel: KVM: nVMX: use after free in posted interrupt processing P J P (Dec 18)
Re: CVE-2018-16882 Kernel: KVM: nVMX: use after free in posted interrupt processing P J P (Dec 18)
CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption P J P (Oct 17)
CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) P J P (Dec 13)
CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations P J P (Nov 02)
Qemu: integer overflow issues P J P (Oct 07)
Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ P J P (Dec 18)
Rafael Mendonça França
[CVE-2018-16476] Broken Access Control vulnerability in Active Job Rafael Mendonça França (Nov 27)
[CVE-2018-16477] Bypass vulnerability in Active Storage Rafael Mendonça França (Nov 27)
Ramon de C Valle
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Ramon de C Valle (Oct 23)
Remi Gacogne
PowerDNS Security Advisories 2018-03, 2018-04, 2018-05, 2018-06 and 2018-07 Remi Gacogne (Nov 06)
PowerDNS Security Advisories for dnsdist 2018-08 Remi Gacogne (Nov 08)
PowerDNS Security Advisory 2018-09 Remi Gacogne (Nov 26)
Ren Kimura
Re: mpg321: Out-of-bounds Write Ren Kimura (Dec 10)
Re: mpg321: Out-of-bounds Write Ren Kimura (Dec 10)
mpg321: Out-of-bounds Write Ren Kimura (Dec 08)
Rich Felker
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 16)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 17)
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
Robbie Gemmell
[SECURITY] [CVE-2018-17187] Apache Qpid Proton-J transport TLS wrapper hostname verification mode not implemented Robbie Gemmell (Nov 12)
saar amar
Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)
Salva Peiró
CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salva Peiró (Dec 12)
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salva Peiró (Dec 13)
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salva Peiró (Dec 13)
Salvatore Bonaccorso
PolicyKit: CVE-2018-19788: Improper handling of user with uid > INT_MAX leading to authentication bypass Salvatore Bonaccorso (Dec 03)
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salvatore Bonaccorso (Dec 12)
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
sqlite: CVE-2018-20346: integer overflow (resulting in buffer overflow) for FTS3 queries Salvatore Bonaccorso (Dec 21)
Re: PHP imap_open() script injection Salvatore Bonaccorso (Nov 25)
Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Salvatore Bonaccorso (Oct 23)
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Salvatore Bonaccorso (Oct 06)
Sean Owen
CVE-2018-11804: Apache Spark build/mvn runs zinc, and can expose information from build machines Sean Owen (Oct 24)
CVE-2018-17190: Unsecured Apache Spark standalone executes user code Sean Owen (Nov 18)
Seth Arnold
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Seth Arnold (Oct 03)
Siddharth Sharma
glusterfs: multiple flaws Siddharth Sharma (Oct 31)
sjw
Re: PHP imap_open() script injection sjw (Dec 05)
Solar Designer
Re: libvnc and tightvnc vulnerabilities Solar Designer (Dec 13)
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Solar Designer (Dec 12)
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 06)
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 02)
Re: Django security release issued: 2.1.2 Solar Designer (Oct 01)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
Re: libvnc and tightvnc vulnerabilities Solar Designer (Dec 10)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Solar Designer (Dec 13)
Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Solar Designer (Oct 31)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
Re: libvnc and tightvnc vulnerabilities Solar Designer (Dec 10)
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Solar Designer (Oct 23)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 12)
Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability Solar Designer (Oct 05)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
Linux kernel: "Meltdown leaks with Global kernel mapping" Solar Designer (Oct 09)
Stuart D. Gathman
Re: Using quilt on untrusted RPM spec files Stuart D. Gathman (Oct 23)
Re: Using quilt on untrusted RPM spec files Stuart D. Gathman (Oct 23)
Taher Alkhateeb
[SECURITY] CVE-2011-3600 Apache OFBiz XML-RPC XXE Vulnerability Taher Alkhateeb (Oct 05)
[SECURITY] CVE-2018-8033 Apache OFBiz XXE Vulnerability in HttpEngine Taher Alkhateeb (Oct 05)
Tavis Ormandy
Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073) Tavis Ormandy (Oct 10)
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 11)
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
Thomas B . Rücker
Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth Thomas B . Rücker (Nov 01)
Tim Allison
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser Tim Allison (Dec 22)
[CVE-2018-11796] Apache Tika Denial of Service via XML Entity Expansion Vulnerability Tim Allison (Oct 09)
Velmurugan Periasamy
CVE update - fixed in Apache Ranger 1.2.0 Velmurugan Periasamy (Oct 04)
Vincent Lefevre
Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Dec 31)
Vladis Dronov
CVE-2018-14656: Linux kernel: arbitrary kernel memory dump into the dmesg log Vladis Dronov (Oct 04)
CVE-2018-16884: Linux kernel: nfs: use-after-free in svc_process_common() Vladis Dronov (Dec 19)
CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak Vladis Dronov (Nov 23)
Wei Wu
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Wei Wu (Dec 02)
Will Deacon
arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Will Deacon (Oct 02)
Xen . org security team
Xen Security Advisory 282 v1 - guest use of HLE constructs may lock up host Xen . org security team (Nov 06)
Xen Security Advisory 277 v2 - x86: incorrect error handling for guest p2m page removals Xen . org security team (Nov 20)
Xen Security Advisory 280 v2 - Fix for XSA-240 conflicts with shadow paging Xen . org security team (Nov 20)
Xen Security Advisory 275 v2 - insufficient TLB flushing / improper large page mappings with AMD IOMMUs Xen . org security team (Nov 20)
Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled Xen . org security team (Oct 24)
Xen Security Advisory 278 v2 (CVE-2018-18883) - x86: Nested VT-x usable even when disabled Xen . org security team (Nov 01)
Xen Security Advisory 279 v2 - x86: DoS from attempting to use INVPCID with a non-canonical addresses Xen . org security team (Nov 20)
Xen Security Advisory 276 v2 - resource accounting issues in x86 IOREQ server handling Xen . org security team (Nov 20)
Yann Droneaud
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Yann Droneaud (Oct 23)
Yves-Alexis Perez
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 23)
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 24)
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Yves-Alexis Perez (Dec 13)
fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 23)
zugtprgfwprz
Re: Travis CI MITM RCE zugtprgfwprz (Oct 20)
面和毅
Re: Squid Proxy multiple vulnerabilities 面和毅 (Oct 29)