oss-sec: by date
RSS Feed
About List
All Lists
Previous period
279 messages
starting Oct 01 18 and
ending Dec 31 18
Date index |
Thread index |
Author index
Monday, 01 October
Django security release issued: 2.1.2 Carlton Gibson
Re: Django security release issued: 2.1.2 Solar Designer
Re: Django security release issued: 2.1.2 Alex Gaynor
Tuesday, 02 October
Re: CVE Request - Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 (and certain versions of v2.1.3 - prior to June 3, 2015) Henri Salo
arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Will Deacon
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Henri Salo
Wednesday, 03 October
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Florian Weimer
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Marcus Meissner
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Seth Arnold
Thursday, 04 October
CVE-2018-14656: Linux kernel: arbitrary kernel memory dump into the dmesg log Vladis Dronov
[NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail Daniel Gruno
CVE update - fixed in Apache Ranger 1.2.0 Velmurugan Periasamy
Friday, 05 October
[SECURITY] CVE-2011-3600 Apache OFBiz XML-RPC XXE Vulnerability Taher Alkhateeb
[SECURITY] CVE-2018-8033 Apache OFBiz XXE Vulnerability in HttpEngine Taher Alkhateeb
[CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Andreas Lehmkuehler
CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo
Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability Solar Designer
Saturday, 06 October
Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo
[UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Andreas Lehmkuehler
CVE-2018-17456 Git RCE via .gitmodules joernchen
Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Salvatore Bonaccorso
Sunday, 07 October
Qemu: integer overflow issues P J P
Monday, 08 October
Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo
CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts Nick Roessler
net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann
Tuesday, 09 October
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso
Linux kernel: "Meltdown leaks with Global kernel mapping" Solar Designer
ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leonid Isaev
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy
[CVE-2018-11796] Apache Tika Denial of Service via XML Entity Expansion Vulnerability Tim Allison
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Bob Friesenhahn
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alex Gaynor
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Doran Moppert
Wednesday, 10 October
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck
Multiple vulnerabilities in Jenkins Daniel Beck
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alan Coopersmith
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Ian Zimmerman
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Brandon Perry
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leo Famulari
ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073) Tavis Ormandy
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger
Thursday, 11 October
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Emilio Pozuelo Monfort
jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability Larry W. Cashdollar
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy
Re: Linux kernel: "Meltdown leaks with Global kernel mapping" Dave Hansen
Saturday, 13 October
Re: jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability Larry W. Cashdollar
Tuesday, 16 October
CVE-2018-10933: libssh: authentication bypass in server code Marcus Meissner
ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker
Wednesday, 17 October
CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption P J P
CVE-2018-12617 Qemu: qemu-guest-agent: Integer overflow in qmp_guest_file_read may lead to crash P J P
Re: CVE-2018-10933: libssh: authentication bypass in server code Minh Tuan Luong
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn
Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker
Linux kernel: BPF verifier bug leads to out-of-bounds access (CVE-2018-18445; 4.14.9-4.14.74; 4.15-4.18.12) Jann Horn
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy
Thursday, 18 October
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy
Re: Using quilt on untrusted RPM spec files Jakub Wilk
Re: Travis CI MITM RCE Jakub Wilk
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover
Saturday, 20 October
Re: Travis CI MITM RCE zugtprgfwprz
Attempting to patch ghostscript-9.25 Ken Moffat
Re: Attempting to patch ghostscript-9.25 Jordan Glover
Re: Attempting to patch ghostscript-9.25 Ken Moffat
Sunday, 21 October
Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Hanno Böck
Monday, 22 October
Re: Using quilt on untrusted RPM spec files Jakub Wilk
GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Andrew Sandoval
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer
Tuesday, 23 October
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Mikhail Klementev
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Ramon de C Valle
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Yann Droneaud
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Matthew Fernandez
GLib (2.20.0+): GVariant, GDBus and GMarkup out of bounds reads, DoS and unbounded recursion Philip Withnall
Re: Using quilt on untrusted RPM spec files Stuart D. Gathman
Re: Using quilt on untrusted RPM spec files Stuart D. Gathman
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Solar Designer
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jeff Law
Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Salvatore Bonaccorso
Wednesday, 24 October
Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jordan Glover
CVE-2018-11804: Apache Spark build/mvn runs zinc, and can expose information from build machines Sean Owen
Fwd: CVE-2018-11785 and CVE-2018-11792, was "[ANNOUNCE] Apache Impala 3.0.1 release" Jim Apple
Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled Xen . org security team
Thursday, 25 October
X.Org security advisory: October 25, 2018 Matthieu Herrb
Saturday, 27 October
Re: Travis CI MITM RCE Jakub Wilk
Sunday, 28 October
Squid Proxy multiple vulnerabilities Amos Jeffries
Re: Squid Proxy multiple vulnerabilities Amos Jeffries
Re: Squid Proxy multiple vulnerabilities Hanno Böck
Monday, 29 October
Re: Squid Proxy multiple vulnerabilities Amos Jeffries
Re: Squid Proxy multiple vulnerabilities 面和毅
Script sandbox bypass in multiple Jenkins plugins Daniel Beck
Re: Re: Travis CI MITM RCE Daniel Kahn Gillmor
Linux kernel: TLB flush happens too late on mremap (CVE-2018-18281; fixed in 4.9.135, 4.14.78, 4.18.16, 4.19) Jann Horn
Tuesday, 30 October
[CVE-2018-16468] Loofah XSS Vulnerability Mike Dalessio
Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov
[SECURITY ADVISORY] curl - SASL password overflow via integer overflow Daniel Stenberg
[SECURITY ADVISORY] curl - use-after-free in handle close Daniel Stenberg
Wednesday, 31 October
[SECURITY ADVISORY] curl - warning message out-of-buffer read Daniel Stenberg
Re: Squid Proxy multiple vulnerabilities Karol Babioch
glusterfs: multiple flaws Siddharth Sharma
Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Solar Designer
Re: Re: Travis CI MITM RCE Jakub Wilk
CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal Mark Thomas
Re: Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Greg KH
CVE-2018-18849 Qemu: lsi53c895a: OOB msg buffer access leads to DoS P J P
Thursday, 01 November
Xen Security Advisory 278 v2 (CVE-2018-18883) - x86: Nested VT-x usable even when disabled Xen . org security team
Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth Thomas B . Rücker
CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley
Friday, 02 November
CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations P J P
CVE-2018-18439, CVE-2018-18440 - U-Boot verified boot bypass vulnerabilities Andrea Barisani
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley
Monday, 05 November
[CVE-2018-16470] Possible DoS vulnerability in Rack Aaron Patterson
[CVE-2018-16471] Possible XSS vulnerability in Rack Aaron Patterson
Tuesday, 06 November
libiec61850 stack based buffer overflow - CVE-2018-18957 Dhiraj Mishra
[SECURITY] CVE-2018-17184 Apache Syncope Francesco Chicchiriccò
[SECURITY] CVE-2018-17186 Apache Syncope Francesco Chicchiriccò
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Cesar Pereida Garcia
Xen Security Advisory 282 v1 - guest use of HLE constructs may lock up host Xen . org security team
CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb P J P
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer
PowerDNS Security Advisories 2018-03, 2018-04, 2018-05, 2018-06 and 2018-07 Remi Gacogne
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley
Thursday, 08 November
[SECURITY] CVE-2018-1314: Hive explain query not being authorized Daniel Dai
[SECURITY] CVE-2018-11777: Blocking local resource access in HiveServer2 Daniel Dai
PowerDNS Security Advisories for dnsdist 2018-08 Remi Gacogne
Friday, 09 November
Re: Squid Proxy multiple vulnerabilities Karol Babioch
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley
Saturday, 10 November
null-pointer dereference in poppler library Dhiraj Mishra
Sunday, 11 November
Re: null-pointer dereference in poppler library Dhiraj Mishra
Monday, 12 November
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley
[SECURITY] [CVE-2018-17187] Apache Qpid Proton-J transport TLS wrapper hostname verification mode not implemented Robbie Gemmell
Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers
Thursday, 15 November
Linux kernel: broken uid/gid mapping for nested user namespaces with >5 ranges (CVE-2018-18955; since 4.15; fixed in 4.18.19 and 4.19.2) Jann Horn
Sunday, 18 November
CVE-2018-17190: Unsecured Apache Spark standalone executes user code Sean Owen
Monday, 19 November
REJECT request filed for CVE-2018-11210 against tinyxml2 Florian Weimer
Tuesday, 20 November
CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path P J P
Xen Security Advisory 275 v2 - insufficient TLB flushing / improper large page mappings with AMD IOMMUs Xen . org security team
Xen Security Advisory 279 v2 - x86: DoS from attempting to use INVPCID with a non-canonical addresses Xen . org security team
Xen Security Advisory 277 v2 - x86: incorrect error handling for guest p2m page removals Xen . org security team
Xen Security Advisory 276 v2 - resource accounting issues in x86 IOREQ server handling Xen . org security team
Xen Security Advisory 280 v2 - Fix for XSA-240 conflicts with shadow paging Xen . org security team
Arbitrary file upload vulnerability in jQuery-Picture-Cut v1.1beta Larry W. Cashdollar
Arbitrary file upload vulnerability in jQuery Upload File v4.0.2 Larry W. Cashdollar
Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 Larry W. Cashdollar
Thursday, 22 November
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 Michael Catanzaro
CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability Akira Ajisaka
PHP imap_open() script injection Hanno Böck
Friday, 23 November
Crashes and memory safety bugs in dcraw Hanno Böck
Re: Crashes and memory safety bugs in dcraw Agostino Sarubbo
Re: Crashes and memory safety bugs in dcraw Hanno Böck
Re: Crashes and memory safety bugs in dcraw Marcus Meissner
CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak Vladis Dronov
fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez
Re: Crashes and memory safety bugs in dcraw Ian Zimmerman
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Greg KH
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Daniel Borkmann
Re: Re: Crashes and memory safety bugs in dcraw Bob Friesenhahn
Saturday, 24 November
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez
Path traversal in mozilla PDF.js [Unpatched] Dhiraj Mishra
Sunday, 25 November
catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck
Re: catdoc: out of bounds heap read and nullpointer / segfault Agostino Sarubbo
Re: PHP imap_open() script injection Salvatore Bonaccorso
Re: catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck
CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files P J P
Monday, 26 November
PowerDNS Security Advisory 2018-09 Remi Gacogne
Tuesday, 27 November
Re: Crashes and memory safety bugs in dcraw Marcus Meissner
CVE-2018-11766: Apache Hadoop privilege escalation vulnerability Akira Ajisaka
CVE-2018-19591: glibc if_nametoindex may not close descriptor Florian Weimer
[CVE-2018-16476] Broken Access Control vulnerability in Active Job Rafael Mendonça França
[CVE-2018-16477] Bypass vulnerability in Active Storage Rafael Mendonça França
Wednesday, 28 November
memory safety bugs in bc Hanno Böck
Thursday, 29 November
CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption P J P
Re: memory safety bugs in bc Marcus Meissner
Re: memory safety bugs in bc Daniel Kahn Gillmor
Re: memory safety bugs in bc Hanno Böck
Re: memory safety bugs in bc Daniel Kahn Gillmor
Sunday, 02 December
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Dhiraj Mishra
Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Wei Wu
Monday, 03 December
UAF write in usb_audio_probe Mathias Payer
PolicyKit: CVE-2018-19788: Improper handling of user with uid > INT_MAX leading to authentication bypass Salvatore Bonaccorso
Tuesday, 04 December
Re: UAF write in usb_audio_probe Marcus Meissner
Wednesday, 05 December
Multiple vulnerabilities in Jenkins Daniel Beck
Re: PHP imap_open() script injection sjw
Thursday, 06 December
CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) P J P
Friday, 07 December
[ANNOUNCE] Apache Ignite 2.7.0 Vulnerable Dependecies Updates Dmitriy Pavlov
Enigmail XSA issue with WKD and HTTP authentication Hanno Böck
Invalid free in cairo_ft_apply_variations Michael Catanzaro
Saturday, 08 December
mpg321: Out-of-bounds Write Ren Kimura
Re: mpg321: Out-of-bounds Write Matthew Fernandez
Sunday, 09 December
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Re: Script sandbox bypass in multiple Jenkins plugins Daniel Beck
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Monday, 10 December
Re: mpg321: Out-of-bounds Write Ren Kimura
libvnc and tightvnc vulnerabilities Pavel Cheremushkin
Re: libvnc and tightvnc vulnerabilities Solar Designer
RE: libvnc and tightvnc vulnerabilities Pavel Cheremushkin
Re: libvnc and tightvnc vulnerabilities Solar Designer
Re: mpg321: Out-of-bounds Write Ren Kimura
Tuesday, 11 December
Multiple telnet.c overflows Hacker Fantastic
Re: Multiple telnet.c overflows Alan Coopersmith
Wednesday, 12 December
Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Jann Horn
Singularity: CVE-2018-19295: local root exploit - unprivileged users can join arbitrary mnt, net, pid and ipc namespaces Matthias Gerstner
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer
CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salva Peiró
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Solar Designer
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salvatore Bonaccorso
Re: Multiple telnet.c overflows Tavis Ormandy
Re: Multiple telnet.c overflows Hacker Fantastic
Re: Multiple telnet.c overflows Tavis Ormandy
Re: Multiple telnet.c overflows Bob Friesenhahn
Re: Multiple telnet.c overflows Hacker Fantastic
Re: Multiple telnet.c overflows Tavis Ormandy
Re: Multiple telnet.c overflows Tavis Ormandy
Re: Multiple telnet.c overflows Tavis Ormandy
Thursday, 13 December
Re: Multiple telnet.c overflows Hacker Fantastic
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salva Peiró
CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug P J P
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Solar Designer
Re: libvnc and tightvnc vulnerabilities Solar Designer
Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salva Peiró
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Greg KH
Re: Multiple telnet.c overflows Hacker Fantastic
Re: Multiple telnet.c overflows Hacker Fantastic
CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) P J P
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Yves-Alexis Perez
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 Michael Catanzaro
Re: Linux kernel: userfaultfd bypasses tmpfs file Nicholas Luedtke
Friday, 14 December
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Brad Spengler
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Jann Horn
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer
Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer
Re: Multiple telnet.c overflows Hacker Fantastic
Go security releases 1.11.3 and 1.10.6 Dmitri Shuralyov
Monday, 17 December
Apache CouchDB CVE-2018-17188: Remote Privilege Escalations (Affects all versions < 2.3.0) Jan Lehnardt
Tuesday, 18 December
CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference P J P
CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P
Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar
Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array Agostino Sarubbo
Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P
CVE-2018-16882 Kernel: KVM: nVMX: use after free in posted interrupt processing P J P
Re: CVE-2018-16882 Kernel: KVM: nVMX: use after free in posted interrupt processing Alex Gaynor
Re: CVE-2018-16882 Kernel: KVM: nVMX: use after free in posted interrupt processing P J P
CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv P J P
CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ P J P
Wednesday, 19 December
CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp P J P
CVE-2018-16884: Linux kernel: nfs: use-after-free in svc_process_common() Vladis Dronov
Additional context information about RedHat's announcement of CVE-2018-5742 ISC Security Officer
[CVE-2018-11799] Apache Oozie security vulnerability Gézapeti Cseh
Friday, 21 December
sqlite: CVE-2018-20346: integer overflow (resulting in buffer overflow) for FTS3 queries Salvatore Bonaccorso
CVE-2018-6954: systemd-tmpfiles root privilege escalation by following non-terminal symlinks Michael Orlitzky
Saturday, 22 December
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser Tim Allison
Use after free in syslog-ng / affile_dw_reap() Hanno Böck
Sunday, 23 December
Use after free in monit / _handleEvent Hanno Böck
Sunday, 30 December
[CVE-2018-17191] Apache NetBeans 9.0 Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE) Matthias Bläsing
Monday, 31 December
Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton
Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre
Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton