oss-sec: by author
257 messages
starting Aug 29 19 and
ending Sep 24 19
Date index |
Thread index |
Author index
Adrian Perez de Castro
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 Adrian Perez de Castro (Aug 29)
Adrien Nader
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Adrien Nader (Jul 01)
Ailin Nemui
Irssi 1.2.2:CVE-2019-15717 Ailin Nemui (Aug 29)
aki . tuomi
Re: Critical Dovecot and Pigeonhole vulnerability aki . tuomi (Aug 28)
Aki Tuomi
Critical Dovecot and Pigeonhole vulnerability Aki Tuomi (Aug 28)
akuster
Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. akuster (Sep 06)
Alan Coopersmith
Fwd: [ANNOUNCE] libICE 1.0.10 Alan Coopersmith (Jul 14)
Alexandros Toptsoglou
CVE-2019-10222: ceph: unauthenticated clients can crash RGW Alexandros Toptsoglou (Aug 28)
Alyssa Ross
Re: OpenDMARC buffer overflows Alyssa Ross (Sep 17)
Amos Jeffries
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Amos Jeffries (Jul 22)
Andrey Konovalov
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Andrey Konovalov (Jul 25)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Aug 22)
Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Aug 20)
Anthony Liguori
Re: Contributing Back Anthony Liguori (Jul 15)
Bartlomiej Zolnierkiewicz
Re: stack buffer overflow in fbdev Bartlomiej Zolnierkiewicz (Jul 22)
Ben Tasker
Re: Telegram privacy fails again. Ben Tasker (Sep 12)
Bob Friesenhahn
Re: Privileged File Access from Desktop Applications Bob Friesenhahn (Jul 11)
Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Bob Friesenhahn (Aug 12)
Brad Spengler
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Brad Spengler (Aug 22)
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Brad Spengler (Jul 25)
butt3rflyh4ck
CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy butt3rflyh4ck (Sep 25)
CVE-2019-16714: info leak in RDS rds6_inc_info_copy butt3rflyh4ck (Sep 24)
Carlos Eduardo
CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270 Carlos Eduardo (Aug 26)
Carlton Gibson
Django security releases issued: Multiple CVEs Carlton Gibson (Aug 01)
Cedric Buissart
ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart (Aug 12)
icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Cedric Buissart (Jul 31)
ghostscript: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and CVE-2019-14817 (.forceput exposed) Cedric Buissart (Aug 28)
Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart (Aug 13)
Chris Coulson
CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface Chris Coulson (Sep 03)
Colm O hEigeartaigh
[CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source Colm O hEigeartaigh (Aug 23)
Daniel Axtens
CVE-2019-13122: Patchwork: XSS via Message-ID Daniel Axtens (Jul 05)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 31)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 11)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 12)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Aug 28)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Sep 25)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Aug 07)
Daniel Ruggeri
CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown Daniel Ruggeri (Aug 15)
CVE-2019-10092: Limited cross-site scripting in mod_proxy Daniel Ruggeri (Aug 15)
CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect Daniel Ruggeri (Aug 15)
CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers Daniel Ruggeri (Aug 15)
CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference Daniel Ruggeri (Aug 15)
CVE-2019-10081: mod_http2, memory corruption on early pushes Daniel Ruggeri (Aug 15)
Daniel Stenberg
[SECURITY ADVISORY] curl: FTP-KRB double-free Daniel Stenberg (Sep 10)
[SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow Daniel Stenberg (Sep 10)
Daniel Vetter
Re: stack buffer overflow in fbdev Daniel Vetter (Jul 23)
Re: stack buffer overflow in fbdev Daniel Vetter (Jul 22)
Dave
[CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller Dave (Jul 12)
David A. Wheeler
Re: linux-distros membership application - Microsoft David A. Wheeler (Jul 08)
David Smiley
[CVE-2019-0193] Apache Solr, Remote Code Execution via DataImportHandler David Smiley (Jul 31)
David Tomaschik
CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry David Tomaschik (Aug 23)
Dhiraj Mishra
Telegram privacy fails again. Dhiraj Mishra (Sep 09)
Dominic Taylor
Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Dominic Taylor (Sep 28)
Doran Moppert
Re: [CVE-2019-0231] MINA SSLFilter security Issue Doran Moppert (Jul 07)
Douglas Bagnall
Security release pre-announcement messages Douglas Bagnall (Jul 24)
Eddie Chapman
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
Eric Biggers
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eric Biggers (Aug 21)
Eric Blake
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Eric Blake (Jul 22)
Eugene Kolo
Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin Eugene Kolo (Jul 21)
Re: Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin Eugene Kolo (Jul 22)
Florian Weimer
Current CVE policy on missing-hardening bugs Florian Weimer (Aug 05)
Re: MITRE response time Florian Weimer (Sep 02)
Frank Morgner
pam_p11 0.3.1 released Frank Morgner (Sep 12)
Frederic Branczyk
[ANNOUNCE] Security release of kube-state-metrics v1.7.2 Frederic Branczyk (Aug 09)
Georgi Guninski
pari/gp arbitrary file write Georgi Guninski (Jul 01)
gnu/linux rediscovers macro malware Georgi Guninski (Aug 12)
Re: linux-distros membership application - Microsoft Georgi Guninski (Jul 07)
Re: linux-distros membership application - Microsoft Georgi Guninski (Jul 06)
Greg KH
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
Re: Security release pre-announcement messages Greg KH (Jul 26)
Re: Security release pre-announcement messages Greg KH (Jul 26)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 23)
Hanno Böck
OpenDMARC buffer overflows Hanno Böck (Sep 17)
Data exfiltration with FPM servers (HHVM and rarely PHP) Hanno Böck (Jul 09)
OpenDMARC signature bypass with multiple From addresses Hanno Böck (Sep 11)
clamav: denial of service through "better zip bomb" Hanno Böck (Aug 06)
Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck (Aug 28)
Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck (Aug 28)
RCE through open PHP-FPM ports Hanno Böck (Jul 27)
Hausler, Micah
[ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514 Hausler, Micah (Aug 19)
Heiko Schlittermann
CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 28)
CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 27)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
MITRE response time Heiko Schlittermann (Sep 02)
Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann (Sep 28)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 04)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 05)
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann (Sep 06)
Re: MITRE response time Heiko Schlittermann (Sep 02)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann (Sep 06)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
huangwen
Linux kernel: three heap overflow in the marvell wifi driver huangwen (Aug 28)
Ian Zimmerman
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Ian Zimmerman (Jul 22)
Ilya Matveychikov
Re: Telegram privacy fails again. Ilya Matveychikov (Sep 10)
Jacopo Cappellato
[CVE-2019-10073] Apache OFBiz XSS vulnerability in the "ecommerce" component Jacopo Cappellato (Sep 10)
[CVE-2019-0189] Apache OFBiz remote code execution and arbitrary file delete via Java deserialization Jacopo Cappellato (Sep 10)
[CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine Jacopo Cappellato (Sep 10)
[CVE-2019-10074] Apache OFBiz RCE (template injection) Jacopo Cappellato (Sep 10)
Jason Gustafson
CVE-2018-17196: Potential to bypass transaction/idempotent ACL checks in Apache Kafka Jason Gustafson (Jul 11)
jeny raval
New Tool - Phishing Simulation jeny raval (Aug 05)
Jeremy Stanley
[OSSA-2019-004] Ageing time of 0 disables linuxbridge MAC learning (CVE-2019-15753) Jeremy Stanley (Aug 29)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Jeremy Stanley (Aug 22)
[OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433) Jeremy Stanley (Aug 06)
Jiri 'Ghormoon' Novak
Re: Telegram privacy fails again. Jiri 'Ghormoon' Novak (Sep 16)
Joel Smith
Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249 Joel Smith (Aug 05)
Joe McManus
Contributing Back Joe McManus (Jul 09)
Re: Contributing Back Joe McManus (Jul 15)
Johannes Segitz
Re: MITRE response time Johannes Segitz (Sep 02)
John Haxby
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
Re: Privileged File Access from Desktop Applications John Haxby (Jul 11)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
Jordan Glover
Re: Privileged File Access from Desktop Applications Jordan Glover (Jul 12)
Josh Thompson
[CVE-2018-11773] Apache VCL improper form validation in block allocation management Josh Thompson (Jul 29)
[CVE-2018-11772] Apache VCL SQL injection attack in privilege management Josh Thompson (Jul 29)
[CVE-2018-11774] Apache VCL SQL injection attack in VM management Josh Thompson (Jul 29)
Jouni Malinen
hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass Jouni Malinen (Sep 11)
wpa_supplicant/hostapd: SAE/EAP-pwd side-channel attack update Jouni Malinen (Aug 07)
Juan Pablo Santos Rodríguez
[CVE-2019-10087] Apache JSPWiki Cross-site scripting vulnerability in Page Revision History Juan Pablo Santos Rodríguez (Sep 20)
[CVE-2019-10089] Apache JSPWiki Cross-site scripting vulnerability on WYSIWYG editor Juan Pablo Santos Rodríguez (Sep 20)
[CVE-2019-10090] Apache JSPWiki Cross-site scripting vulnerability on plain editor Juan Pablo Santos Rodríguez (Sep 20)
[CVE-2019-12404] Apache JSPWiki Cross-site scripting vulnerability on InfoContent.jsp Juan Pablo Santos Rodríguez (Sep 20)
[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter Juan Pablo Santos Rodríguez (Sep 20)
Julian Foad
[CVE-2018-11782, CVE-2019-0203] Apache Subversion svnserve vulnerabilities Julian Foad (Jul 31)
Justin Bull
[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3 Justin Bull (Aug 19)
Kristian Fiskerstrand
Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 26)
Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 25)
Re: linux-distros membership application - Microsoft Kristian Fiskerstrand (Jul 11)
Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 25)
Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand (Jul 27)
Kurt H Maier
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Kurt H Maier (Aug 22)
Larry Rosenman
Re: Critical Dovecot and Pigeonhole vulnerability Larry Rosenman (Aug 28)
Linus Torvalds
Re: stack buffer overflow in fbdev Linus Torvalds (Jul 21)
Re: stack buffer overflow in fbdev Linus Torvalds (Jul 22)
Re: stack buffer overflow in fbdev Linus Torvalds (Jul 23)
Luca Boccassi
CVE-2019-13132: zeromq/libzmq: denial of service via stack overflow with arbitrary data Luca Boccassi (Jul 08)
Malte Kraus
Privileged File Access from Desktop Applications Malte Kraus (Jul 09)
Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
Re: Privileged File Access from Desktop Applications Malte Kraus (Jul 11)
Marcus Meissner
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Marcus Meissner (Aug 22)
Mariusz Felisiak
Django: CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS Mariusz Felisiak (Jul 01)
Martin Steigerwald
Re: Privileged File Access from Desktop Applications Martin Steigerwald (Jul 11)
Mathias Payer
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer (Aug 22)
Matthias Gerstner
Re: Privileged File Access from Desktop Applications Matthias Gerstner (Jul 11)
deepin-clone: various symlink attacks Matthias Gerstner (Jul 04)
Security issues in various deepin D-Bus services and tools Matthias Gerstner (Aug 05)
Michael Ellerman
Re: linux-distros membership application - Microsoft Michael Ellerman (Jul 02)
Michael McNally
Three vulnerabilities in Kea DHCP disclosed by ISC, 28 August 2019 Michael McNally (Aug 29)
Michael Neuling
CVE-2019-15030: Linux kernel: powerpc: data leak with FP/VMX triggerable by unavailable exception in transaction Michael Neuling (Sep 10)
CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user Michael Neuling (Jul 30)
CVE-2019-15031: Linux kernel: powerpc: data leak with FP/VMX triggerable by interrupt in transaction Michael Neuling (Sep 10)
Mike Dalessio
Nokogiri security update v1.10.4 Mike Dalessio (Aug 11)
Mikhail Klementev
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
Moritz Muehlenhoff
Re: linux-distros membership application - Microsoft Moritz Muehlenhoff (Jul 07)
Re: CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Moritz Muehlenhoff (Aug 06)
notspam
Re: Telegram privacy fails again. notspam (Sep 16)
Re: Telegram privacy fails again. notspam (Sep 13)
Perry E. Metzger
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 10)
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 12)
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 11)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 12)
Re: Privileged File Access from Desktop Applications Perry E. Metzger (Jul 09)
Peter van Dijk
PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records Peter van Dijk (Jul 30)
Phil Pennock
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 06)
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock (Sep 09)
P J P
CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments P J P (Jul 08)
CVE-2019-10183 virt-install: unattended option leaks password via command line argument P J P (Jul 02)
CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly P J P (Sep 06)
CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names P J P (Jul 02)
CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly P J P (Aug 01)
CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer P J P (Sep 20)
Randy Barlow
3 CVEs in dino Randy Barlow (Sep 12)
Rawlin Peters
CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability Rawlin Peters (Sep 06)
Riccardo Schirone
CVE-2019-14822 ibus: missing authorization flaw Riccardo Schirone (Sep 13)
Rich Felker
Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 05)
Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 06)
CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker (Aug 05)
Rich Persaud
OSS platform security Rich Persaud (Sep 21)
(RS) Tyler Schroder
Re: MITRE response time (RS) Tyler Schroder (Sep 02)
Salvatore Bonaccorso
Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass Salvatore Bonaccorso (Sep 12)
Re: OpenDMARC signature bypass with multiple From addresses Salvatore Bonaccorso (Sep 17)
Sam Fowler
Re: [ANNOUNCE] Security release of kube-state-metrics v1.7.2 Sam Fowler (Aug 15)
Santiago Torres
Re: Irssi 1.2.2:CVE-2019-15717 Santiago Torres (Aug 29)
Sasha Levin
Re: linux-distros membership application - Microsoft Sasha Levin (Jul 06)
Re: linux-distros membership application - Microsoft Sasha Levin (Aug 11)
Re: linux-distros membership application - Microsoft Sasha Levin (Jul 12)
SBA Research Advisory
[SBA-ADV-20190911-01] CVE-2019-16524: Easy FancyBox Wordpress Plugin 1.8.17 or below Stored Cross-site Scripting (XSS) SBA Research Advisory (Sep 25)
Sebastian Nielsen
Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen (Sep 06)
Simon McVittie
Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
Re: Privileged File Access from Desktop Applications Simon McVittie (Jul 11)
Solar Designer
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 22)
Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 26)
Re: linux-distros membership application - Microsoft Solar Designer (Jul 06)
Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 26)
Re: linux-distros membership application - Microsoft Solar Designer (Aug 12)
Re: Telegram privacy fails again. Solar Designer (Sep 12)
Re: linux-distros membership application - Microsoft Solar Designer (Jul 08)
Re: Contributing Back Solar Designer (Jul 15)
Re: linux-distros membership application - Microsoft Solar Designer (Jul 07)
Re: linux-distros membership application - Microsoft Solar Designer (Jul 06)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 26)
Re: Statistics for distros lists updated for 2019Q2 Solar Designer (Jul 25)
Re: Contributing Back Solar Designer (Jul 14)
Stefan Bodewig
[CVE-2019-12402] Apache Commons Compress denial of service vulnerability Stefan Bodewig (Aug 27)
Steffen Nurpmeso
Re: Privileged File Access from Desktop Applications Steffen Nurpmeso (Jul 12)
Re: Privileged File Access from Desktop Applications Steffen Nurpmeso (Jul 11)
Stiepan
Re: Security release pre-announcement messages Stiepan (Jul 26)
Re: Security release pre-announcement messages Stiepan (Jul 26)
Stig Rohde Døssing
[CVE-2018-1320] Apache Storm vulnerable Thrift version Stig Rohde Døssing (Jul 24)
[CVE-2018-11779] Apache Storm UI Java deserialization vulnerability Stig Rohde Døssing (Jul 24)
[CVE-2019-0202] Apache Storm Logviewer file system access vulnerability Stig Rohde Døssing (Jul 24)
Stuart D. Gathman
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman (Aug 22)
Re: linux-distros membership application - Microsoft Stuart D. Gathman (Jul 08)
Stuart Henderson
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson (Jul 22)
Re: Telegram privacy fails again. Stuart Henderson (Sep 13)
Sylvain Beucler
Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Sylvain Beucler (Sep 08)
Tavis Ormandy
stack buffer overflow in fbdev Tavis Ormandy (Jul 19)
Thiago H. de Paula Figueiredo
CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability Thiago H. de Paula Figueiredo (Sep 13)
CVE-2019-10071: Apache Tapestry vulnerability disclosure Thiago H. de Paula Figueiredo (Sep 13)
[CVE-2019-0195] Apache Tapestry vulnerability disclosure Thiago H. de Paula Figueiredo (Sep 13)
Thomas Ward
Re: OpenDMARC buffer overflows Thomas Ward (Sep 17)
Tim Allclair
[ANNOUNCE] CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port Tim Allclair (Aug 06)
Tim Allison
[CVE-2019-10093] Denial of Service in Apache Tika's 2003ml and 2006ml Parsers Tim Allison (Aug 02)
[CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper Tim Allison (Aug 02)
[CVE-2019-10094] StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper Tim Allison (Aug 02)
Tomas Fernandez Lobbe
[SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0 Tomas Fernandez Lobbe (Sep 09)
Tomer Brisker
CVE-2019-10198: Authorization bypass in Foreman tasks plugin Tomer Brisker (Jul 17)
Tyler Hicks
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)
Velmurugan Periasamy
CVE update - fixed in Apache Ranger 2.0.0 Velmurugan Periasamy (Aug 08)
Vladimír Čunát
Knot Resolver 4.1.0 security release Vladimír Čunát (Jul 14)
Vladis Dronov
CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov (Jul 25)
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov (Jul 25)
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov (Aug 02)
Vogl, Todd
RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack Vogl, Todd (Aug 21)
Wadeck Follonier
Multiple vulnerabilities in Jenkins Wadeck Follonier (Jul 17)
Wade Mealing
CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation. Wade Mealing (Aug 14)
Xen . org security team
Xen Security Advisory 300 v1 - Linux: No grant table and foreign mapping limits Xen . org security team (Jul 09)
Xen Security Advisory 300 v2 - Linux: No grant table and foreign mapping limits Xen . org security team (Jul 19)
zugtprgfwprz
Re: New Tool - Phishing Simulation zugtprgfwprz (Aug 05)
张博
CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow 张博 (Sep 17)
皮罡
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow 皮罡 (Sep 24)