oss-sec: by date

PreviousPrevious period
Next periodNext

257 messages starting Jul 01 19 and ending Sep 28 19
Date index | Thread index | Author index

Monday, 01 July

pari/gp arbitrary file write Georgi Guninski
Django: CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS Mariusz Felisiak
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Adrien Nader

Tuesday, 02 July

Re: linux-distros membership application - Microsoft Michael Ellerman
CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names P J P
CVE-2019-10183 virt-install: unattended option leaks password via command line argument P J P

Thursday, 04 July

deepin-clone: various symlink attacks Matthias Gerstner

Friday, 05 July

CVE-2019-13122: Patchwork: XSS via Message-ID Daniel Axtens

Saturday, 06 July

Re: linux-distros membership application - Microsoft Georgi Guninski
Re: linux-distros membership application - Microsoft Solar Designer
Re: linux-distros membership application - Microsoft Solar Designer
Re: linux-distros membership application - Microsoft Sasha Levin

Sunday, 07 July

Re: linux-distros membership application - Microsoft Moritz Muehlenhoff
Re: linux-distros membership application - Microsoft Georgi Guninski
Re: linux-distros membership application - Microsoft Solar Designer
Re: [CVE-2019-0231] MINA SSLFilter security Issue Doran Moppert

Monday, 08 July

Re: linux-distros membership application - Microsoft Stuart D. Gathman
CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments P J P
Re: linux-distros membership application - Microsoft Solar Designer
Re: linux-distros membership application - Microsoft David A. Wheeler
CVE-2019-13132: zeromq/libzmq: denial of service via stack overflow with arbitrary data Luca Boccassi

Tuesday, 09 July

Xen Security Advisory 300 v1 - Linux: No grant table and foreign mapping limits Xen . org security team
Data exfiltration with FPM servers (HHVM and rarely PHP) Hanno Böck
Privileged File Access from Desktop Applications Malte Kraus
Re: Privileged File Access from Desktop Applications Perry E. Metzger
Contributing Back Joe McManus

Wednesday, 10 July

Re: Privileged File Access from Desktop Applications Perry E. Metzger

Thursday, 11 July

CVE-2018-17196: Potential to bypass transaction/idempotent ACL checks in Apache Kafka Jason Gustafson
Re: Privileged File Access from Desktop Applications Malte Kraus
Re: Privileged File Access from Desktop Applications Perry E. Metzger
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Privileged File Access from Desktop Applications Matthias Gerstner
Re: Privileged File Access from Desktop Applications Malte Kraus
Re: Privileged File Access from Desktop Applications Perry E. Metzger
Re: Privileged File Access from Desktop Applications Simon McVittie
Re: Privileged File Access from Desktop Applications Bob Friesenhahn
Re: Privileged File Access from Desktop Applications John Haxby
Re: Privileged File Access from Desktop Applications Simon McVittie
Re: Privileged File Access from Desktop Applications Simon McVittie
Re: Privileged File Access from Desktop Applications Martin Steigerwald
Re: Privileged File Access from Desktop Applications Steffen Nurpmeso
Re: linux-distros membership application - Microsoft Kristian Fiskerstrand
Re: Privileged File Access from Desktop Applications Perry E. Metzger

Friday, 12 July

[CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller Dave
Re: linux-distros membership application - Microsoft Sasha Levin
Re: Privileged File Access from Desktop Applications Jordan Glover
Re: Privileged File Access from Desktop Applications Perry E. Metzger
Re: Privileged File Access from Desktop Applications Perry E. Metzger
Re: Privileged File Access from Desktop Applications Steffen Nurpmeso

Sunday, 14 July

Knot Resolver 4.1.0 security release Vladimír Čunát
Re: Contributing Back Solar Designer
Fwd: [ANNOUNCE] libICE 1.0.10 Alan Coopersmith

Monday, 15 July

Re: Contributing Back Joe McManus
Re: Contributing Back Anthony Liguori
Re: Contributing Back Solar Designer

Wednesday, 17 July

CVE-2019-10198: Authorization bypass in Foreman tasks plugin Tomer Brisker
Multiple vulnerabilities in Jenkins Wadeck Follonier

Friday, 19 July

Xen Security Advisory 300 v2 - Linux: No grant table and foreign mapping limits Xen . org security team
stack buffer overflow in fbdev Tavis Ormandy

Sunday, 21 July

Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin Eugene Kolo
Re: stack buffer overflow in fbdev Linus Torvalds

Monday, 22 July

Re: stack buffer overflow in fbdev Linus Torvalds
Re: stack buffer overflow in fbdev Daniel Vetter
CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Eric Blake
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Amos Jeffries
Re: stack buffer overflow in fbdev Bartlomiej Zolnierkiewicz
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Ian Zimmerman
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann
Re: Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin Eugene Kolo

Tuesday, 23 July

Re: stack buffer overflow in fbdev Daniel Vetter
Re: stack buffer overflow in fbdev Linus Torvalds

Wednesday, 24 July

Security release pre-announcement messages Douglas Bagnall
[CVE-2019-0202] Apache Storm Logviewer file system access vulnerability Stig Rohde Døssing
[CVE-2018-1320] Apache Storm vulnerable Thrift version Stig Rohde Døssing
[CVE-2018-11779] Apache Storm UI Java deserialization vulnerability Stig Rohde Døssing

Thursday, 25 July

CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Andrey Konovalov
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov
Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Brad Spengler
Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand
Re: Statistics for distros lists updated for 2019Q2 Solar Designer
Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand

Friday, 26 July

Re: Security release pre-announcement messages Stiepan
Re: Security release pre-announcement messages Greg KH
Re: Security release pre-announcement messages Greg KH
Re: Statistics for distros lists updated for 2019Q2 Solar Designer
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer
Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand
Re: Statistics for distros lists updated for 2019Q2 Solar Designer
Re: Security release pre-announcement messages Stiepan

Saturday, 27 July

RCE through open PHP-FPM ports Hanno Böck
Re: Statistics for distros lists updated for 2019Q2 Kristian Fiskerstrand

Monday, 29 July

[CVE-2018-11772] Apache VCL SQL injection attack in privilege management Josh Thompson
[CVE-2018-11773] Apache VCL improper form validation in block allocation management Josh Thompson
[CVE-2018-11774] Apache VCL SQL injection attack in VM management Josh Thompson

Tuesday, 30 July

CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user Michael Neuling
PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records Peter van Dijk

Wednesday, 31 July

Multiple vulnerabilities in Jenkins plugins Daniel Beck
icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Cedric Buissart
[CVE-2018-11782, CVE-2019-0203] Apache Subversion svnserve vulnerabilities Julian Foad
[CVE-2019-0193] Apache Solr, Remote Code Execution via DataImportHandler David Smiley

Thursday, 01 August

CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly P J P
Django security releases issued: Multiple CVEs Carlton Gibson

Friday, 02 August

Re: CVE-2019-10207: linux kernel: bluetooth: hci_uart: 0x0 address execution as nonprivileged user Vladis Dronov
[CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper Tim Allison
[CVE-2019-10093] Denial of Service in Apache Tika's 2003ml and 2006ml Parsers Tim Allison
[CVE-2019-10094] StackOverflow from Crafted Package/Compressed Files in Apache Tika's RecursiveParserWrapper Tim Allison

Monday, 05 August

New Tool - Phishing Simulation jeny raval
Current CVE policy on missing-hardening bugs Florian Weimer
Re: New Tool - Phishing Simulation zugtprgfwprz
Security issues in various deepin D-Bus services and tools Matthias Gerstner
Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249 Joel Smith
CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker
Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker

Tuesday, 06 August

Re: CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Moritz Muehlenhoff
clamav: denial of service through "better zip bomb" Hanno Böck
Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance Rich Felker
[ANNOUNCE] CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port Tim Allclair
[OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433) Jeremy Stanley

Wednesday, 07 August

Multiple vulnerabilities in Jenkins plugins Daniel Beck
wpa_supplicant/hostapd: SAE/EAP-pwd side-channel attack update Jouni Malinen

Thursday, 08 August

CVE update - fixed in Apache Ranger 2.0.0 Velmurugan Periasamy

Friday, 09 August

[ANNOUNCE] Security release of kube-state-metrics v1.7.2 Frederic Branczyk

Sunday, 11 August

Nokogiri security update v1.10.4 Mike Dalessio
Re: linux-distros membership application - Microsoft Sasha Levin

Monday, 12 August

gnu/linux rediscovers macro malware Georgi Guninski
Re: linux-distros membership application - Microsoft Solar Designer
ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart
Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Bob Friesenhahn

Tuesday, 13 August

Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 Cedric Buissart

Wednesday, 14 August

CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation. Wade Mealing

Thursday, 15 August

CVE-2019-10081: mod_http2, memory corruption on early pushes Daniel Ruggeri
CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown Daniel Ruggeri
CVE-2019-10092: Limited cross-site scripting in mod_proxy Daniel Ruggeri
CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference Daniel Ruggeri
CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect Daniel Ruggeri
CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers Daniel Ruggeri
Re: [ANNOUNCE] Security release of kube-state-metrics v1.7.2 Sam Fowler

Monday, 19 August

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3 Justin Bull
[ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514 Hausler, Micah

Tuesday, 20 August

Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov

Wednesday, 21 August

RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack Vogl, Todd
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eric Biggers

Thursday, 22 August

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Marcus Meissner
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Brad Spengler
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Jeremy Stanley
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Kurt H Maier
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman

Friday, 23 August

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH
[CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source Colm O hEigeartaigh
CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry David Tomaschik

Monday, 26 August

CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270 Carlos Eduardo

Tuesday, 27 August

[CVE-2019-12402] Apache Commons Compress denial of service vulnerability Stefan Bodewig

Wednesday, 28 August

Linux kernel: three heap overflow in the marvell wifi driver huangwen
ghostscript: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and CVE-2019-14817 (.forceput exposed) Cedric Buissart
Critical Dovecot and Pigeonhole vulnerability Aki Tuomi
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck
Re: Critical Dovecot and Pigeonhole vulnerability Hanno Böck
Re: Critical Dovecot and Pigeonhole vulnerability aki . tuomi
Re: Critical Dovecot and Pigeonhole vulnerability Larry Rosenman
CVE-2019-10222: ceph: unauthenticated clients can crash RGW Alexandros Toptsoglou

Thursday, 29 August

Three vulnerabilities in Kea DHCP disclosed by ISC, 28 August 2019 Michael McNally
[OSSA-2019-004] Ageing time of 0 disables linuxbridge MAC learning (CVE-2019-15753) Jeremy Stanley
Irssi 1.2.2:CVE-2019-15717 Ailin Nemui
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 Adrian Perez de Castro
Re: Irssi 1.2.2:CVE-2019-15717 Santiago Torres

Monday, 02 September

MITRE response time Heiko Schlittermann
Re: MITRE response time (RS) Tyler Schroder
Re: MITRE response time Johannes Segitz
Re: MITRE response time Florian Weimer
Re: MITRE response time Heiko Schlittermann

Tuesday, 03 September

CVE-2019-15718: Missing access controls on systemd-resolved's D-Bus interface Chris Coulson

Wednesday, 04 September

CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann

Thursday, 05 September

Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann

Friday, 06 September

Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann
CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly P J P
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann
Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Heiko Schlittermann
Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Sebastian Nielsen
CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability Rawlin Peters
Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. akuster
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Heiko Schlittermann
Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock

Sunday, 08 September

Re: Re: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges. Sylvain Beucler

Monday, 09 September

Re: Sv: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges Phil Pennock
Telegram privacy fails again. Dhiraj Mishra
[SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0 Tomas Fernandez Lobbe

Tuesday, 10 September

Re: Telegram privacy fails again. Ilya Matveychikov
CVE-2019-15030: Linux kernel: powerpc: data leak with FP/VMX triggerable by unavailable exception in transaction Michael Neuling
CVE-2019-15031: Linux kernel: powerpc: data leak with FP/VMX triggerable by interrupt in transaction Michael Neuling
[CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine Jacopo Cappellato
[CVE-2019-0189] Apache OFBiz remote code execution and arbitrary file delete via Java deserialization Jacopo Cappellato
[CVE-2019-10073] Apache OFBiz XSS vulnerability in the "ecommerce" component Jacopo Cappellato
[CVE-2019-10074] Apache OFBiz RCE (template injection) Jacopo Cappellato
[SECURITY ADVISORY] curl: FTP-KRB double-free Daniel Stenberg
[SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow Daniel Stenberg

Wednesday, 11 September

hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass Jouni Malinen
OpenDMARC signature bypass with multiple From addresses Hanno Böck

Thursday, 12 September

pam_p11 0.3.1 released Frank Morgner
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Telegram privacy fails again. Solar Designer
Re: Telegram privacy fails again. Ben Tasker
3 CVEs in dino Randy Barlow
Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass Salvatore Bonaccorso

Friday, 13 September

CVE-2019-14822 ibus: missing authorization flaw Riccardo Schirone
Re: Telegram privacy fails again. notspam
Re: Telegram privacy fails again. Stuart Henderson
[CVE-2019-0195] Apache Tapestry vulnerability disclosure Thiago H. de Paula Figueiredo
CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability Thiago H. de Paula Figueiredo
CVE-2019-10071: Apache Tapestry vulnerability disclosure Thiago H. de Paula Figueiredo

Monday, 16 September

Re: Telegram privacy fails again. Jiri 'Ghormoon' Novak
Re: Telegram privacy fails again. notspam

Tuesday, 17 September

CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow 张博
Re: OpenDMARC signature bypass with multiple From addresses Salvatore Bonaccorso
OpenDMARC buffer overflows Hanno Böck
Re: OpenDMARC buffer overflows Alyssa Ross
Re: OpenDMARC buffer overflows Thomas Ward

Friday, 20 September

CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer P J P
[CVE-2019-10087] Apache JSPWiki Cross-site scripting vulnerability in Page Revision History Juan Pablo Santos Rodríguez
[CVE-2019-10089] Apache JSPWiki Cross-site scripting vulnerability on WYSIWYG editor Juan Pablo Santos Rodríguez
[CVE-2019-10090] Apache JSPWiki Cross-site scripting vulnerability on plain editor Juan Pablo Santos Rodríguez
[CVE-2019-12404] Apache JSPWiki Cross-site scripting vulnerability on InfoContent.jsp Juan Pablo Santos Rodríguez
[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter Juan Pablo Santos Rodríguez

Saturday, 21 September

OSS platform security Rich Persaud

Tuesday, 24 September

Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow 皮罡
CVE-2019-16714: info leak in RDS rds6_inc_info_copy butt3rflyh4ck

Wednesday, 25 September

CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy butt3rflyh4ck
[SBA-ADV-20190911-01] CVE-2019-16524: Easy FancyBox Wordpress Plugin 1.8.17 or below Stored Cross-site Scripting (XSS) SBA Research Advisory
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck

Friday, 27 September

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks
Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann

Saturday, 28 September

Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Dominic Taylor
Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann
Re: Exim CVE-2019-16928 RCE using a heap-based buffer overflow Heiko Schlittermann
PreviousPrevious period
Next periodNext