oss-sec: by author
RSS Feed
About List
All Lists
Previous period
176 messages
starting Dec 18 19 and
ending Dec 05 19
Date index |
Thread index |
Author index
Aaron Patterson
[CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Aaron Patterson (Dec 18)
Aditya Sirish Arunkumar Yelgundhalli
Re: Mitigating malicious packages in gnu/linux Aditya Sirish Arunkumar Yelgundhalli (Nov 20)
Akamai
Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions. Akamai (Oct 02)
Akira Ajisaka
CVE-2018-11768: Apache Hadoop HDFS FSImage Corruption Akira Ajisaka (Oct 04)
Aki Tuomi
Re: CVE-2019-19722: Critical vulnerability in Dovecot Aki Tuomi (Dec 13)
CVE-2019-19722: Critical vulnerability in Dovecot Aki Tuomi (Dec 13)
Alexander E. Patrakov
Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Alexander E. Patrakov (Dec 18)
Alex Murray
CVE-2019-18397 - Stack buffer overflow in GNU FriBidi >= 1.0.0 Alex Murray (Nov 08)
Andrey Konovalov
Linux kernel: multiple vulnerabilities in the USB subsystem x3 Andrey Konovalov (Dec 03)
Andy Lutomirski
Lots of bugs in 32-bit x86 Linux entry code Andy Lutomirski (Nov 25)
Anthony Liguori
Re: Contributing Back Anthony Liguori (Nov 06)
Arrigo Triulzi
Re: Authentication vulnerabilities in OpenBSD Arrigo Triulzi (Dec 05)
Bob Friesenhahn
Re: Mitigating malicious packages in gnu/linux Bob Friesenhahn (Nov 20)
Re: Mitigating malicious packages in gnu/linux Bob Friesenhahn (Nov 20)
bo Zhang
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow bo Zhang (Oct 09)
Brian Demers
[CVE-2019-12422] Apache Shiro weak cookie vulnerability Brian Demers (Nov 18)
butt3rflyh4ck
CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities butt3rflyh4ck (Dec 23)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006 Carlos Alberto Lopez Perez (Nov 08)
Carlton Gibson
Django 2.2.8 and 2.1.15: CVE-2019-19118: Privilege escalation in the Django admin. Carlton Gibson (Dec 02)
Cedric Buissart
CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys Cedric Buissart (Nov 15)
Colm MacCárthaigh
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Colm MacCárthaigh (Dec 05)
Colm O hEigeartaigh
[CVE-2019-12419] Apache CXF OpenId Connect token service does not properly validate the clientId Colm O hEigeartaigh (Nov 05)
[CVE-2019-12406] Apache CXF does not restrict the number of message attachments Colm O hEigeartaigh (Nov 05)
Damien Miller
Announce: OpenSSH 8.1 released Damien Miller (Oct 08)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 01)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 21)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Dec 17)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 16)
Daniel 'f0o' Preussker
[OSSA-2019-005] Octavia Amphora-Agent not requiring Client-Certificate (CVE-2019-17134) Daniel 'f0o' Preussker (Oct 08)
daniel gaspar
[CVE-2019-12413] Apache Incubator Superset meta data leak vulnerability daniel gaspar (Dec 16)
[CVE-2019-12414] Apache Incubator Superset medata data leak vulnerability daniel gaspar (Dec 16)
Erik Hatcher
[CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter Erik Hatcher (Dec 30)
Ferruh Yigit
DPDK security advisory: CVE-2019-14818 Ferruh Yigit (Nov 12)
Florian Weimer
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Florian Weimer (Nov 08)
Frank Morgner
OpenSC 0.20.0 released Frank Morgner (Dec 29)
Gage Hugo
[OSSA-2019-006] Keystone: Credentials API allows listing and retrieving of all users credentials (CVE-2019-19687) Gage Hugo (Dec 11)
GalyCannon
CVE requests: three vulnerabilities in ImageMagick GalyCannon (Dec 19)
Georgi Guninski
Re: Authentication vulnerabilities in OpenBSD Georgi Guninski (Dec 05)
Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Georgi Guninski (Nov 08)
Re: virtual consoles Georgi Guninski (Dec 03)
Mitigating malicious packages in gnu/linux Georgi Guninski (Nov 19)
Shell wildcards considered dangerous? Georgi Guninski (Dec 09)
Graham Christensen
Re: CVE-2019-17365: Nix per-user profile directory hijack Graham Christensen (Oct 09)
Guillaume Quéré
Multiple vulnerabilities in Centreon-Web and Centreon-VM Guillaume Quéré (Oct 08)
Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM Guillaume Quéré (Oct 08)
Heiko Schlittermann
Re: Shell wildcards considered dangerous? Heiko Schlittermann (Dec 09)
huangwen
Linux kernel: three buffer overflow in the marvell wifi driver huangwen (Nov 22)
Huzaifa Sidhpurwala
grub2-set-bootflag utility causes grubenv corruption rendering the system un-bootable Huzaifa Sidhpurwala (Nov 25)
ISC Security Officer
BIND9 CVE-2019-6477 ISC Security Officer (Nov 20)
BIND9 CVE-2019-6475 and CVE-2019-6476 ISC Security Officer (Oct 16)
Jakub Wilk
Re: Mitigating malicious packages in gnu/linux Jakub Wilk (Nov 19)
Ján Jančár
Minerva: ECDSA key recovery from bit-length leakage Ján Jančár (Oct 02)
Jens Geyer
CVE-2019-0205: Apache Thrift: potential DoS when processing untrusted Thrift payload Jens Geyer (Oct 17)
CVE-2019-0210: Apache Thrift: out-of-bounds read vulnerability Jens Geyer (Oct 17)
Jens Müller
PDFex: Security weakness in PDF encryption Jens Müller (Oct 01)
Jeremy Stanley
Re: Mitigating malicious packages in gnu/linux Jeremy Stanley (Nov 20)
Jesse
CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) Jesse (Nov 28)
Johannes Schindelin
Multiple vulnerabilities fixed in Git Johannes Schindelin (Dec 13)
John Haxby
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
Kees Cook
Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? Kees Cook (Nov 07)
Kevin A. McGrail
Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805 Kevin A. McGrail (Dec 12)
Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420 Kevin A. McGrail (Dec 12)
Kristian Fiskerstrand
Re: Statistics for distros lists updated for 2019Q3 Kristian Fiskerstrand (Oct 15)
Statistics for distros lists updated for 2019Q3 Kristian Fiskerstrand (Oct 13)
Larry W. Cashdollar
Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 Larry W. Cashdollar (Dec 23)
Arbitrary file upload vulnerability in upload-image-with-ajax v1.0 Larry W. Cashdollar (Dec 23)
Leonid Isaev
Re: Shell wildcards considered dangerous? Leonid Isaev (Dec 09)
Re: Shell wildcards considered dangerous? Leonid Isaev (Dec 09)
Re: virtual consoles Leonid Isaev (Dec 02)
Re: virtual consoles Leonid Isaev (Dec 02)
Re: Shell wildcards considered dangerous? Leonid Isaev (Dec 09)
Ludovic Courtès
Re: Mitigating malicious packages in gnu/linux Ludovic Courtès (Nov 19)
CVE-2019-18192: Insecure permissions on Guix profile directory Ludovic Courtès (Oct 17)
Madhan Neethiraj
[CVE-2019-10070] Apache Atlas Stored XSS Vulnerability Madhan Neethiraj (Nov 17)
Mariusz Felisiak
Django: CVE-2019-19844: Potential account hijack via password reset form Mariusz Felisiak (Dec 18)
Mark Hatle
Re: Mitigating malicious packages in gnu/linux Mark Hatle (Nov 20)
Matt Sicker
[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer Matt Sicker (Dec 19)
mibo
CVE-2019-17556: Olingo: Deserialization vulnerability mibo (Dec 04)
CVE-2019-17554: Olingo: XML External Entity resolution attack mibo (Dec 04)
CVE-2019-17555: Olingo: DoS via Retry-After header vulnerability mibo (Dec 04)
Micah Kornfield
[CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 Micah Kornfield (Nov 07)
Michael Ellerman
CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation Michael Ellerman (Nov 27)
Michael Orlitzky
Re: CVE-2019-17365: Nix per-user profile directory hijack Michael Orlitzky (Oct 10)
CVE-2019-17365: Nix per-user profile directory hijack Michael Orlitzky (Oct 09)
Mike Dalessio
Nokogiri security update v1.10.5 Mike Dalessio (Nov 17)
Re: [CVE-2019-15587] Loofah XSS Vulnerability Mike Dalessio (Oct 22)
[CVE-2019-15587] Loofah XSS Vulnerability Mike Dalessio (Oct 22)
Mohammad Tausif Siddiqui
Re: CVE requests: three vulnerabilities in ImageMagick Mohammad Tausif Siddiqui (Dec 20)
Morten Linderud
Re: Mitigating malicious packages in gnu/linux Morten Linderud (Nov 19)
Re: Mitigating malicious packages in gnu/linux Morten Linderud (Nov 19)
Nathan Gough
[CVE-2019-10083] Apache NiFi process group information disclosure Nathan Gough (Nov 19)
[CVE-2019-10080] Apache NiFi XXE information disclosure Nathan Gough (Nov 19)
[CVE-2019-12421] Apache NiFi 'Log out' button did not completely log user out Nathan Gough (Nov 19)
Noel Kuntze
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Noel Kuntze (Dec 08)
Re: Shell wildcards considered dangerous? Noel Kuntze (Dec 09)
Re: Shell wildcards considered dangerous? Noel Kuntze (Dec 09)
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Noel Kuntze (Dec 05)
Re: Shell wildcards considered dangerous? Noel Kuntze (Dec 09)
Patrick Uiterwijk
Koji CVE-2019-17109: koji hub allows arbitrary upload destinations Patrick Uiterwijk (Oct 09)
Pavel Cheremushkin
VNC vulnerabilities. TigerVNC security update Pavel Cheremushkin (Dec 20)
Pavel Heimlich
Re: Mitigating malicious packages in gnu/linux Pavel Heimlich (Nov 19)
Peter van Dijk
Re: Python-3.5.8.tar.xz does NOT contain the fix for bpo-38243 Peter van Dijk (Oct 31)
pgajdos
Re: CVE-2019-2201: libjpeg-turbo: code execution pgajdos (Nov 12)
Pietro Albini
CVE-2019-16760: Cargo prior to Rust 1.26.0 may download the wrong dependency Pietro Albini (Oct 08)
P J P
CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid P J P (Dec 15)
Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) P J P (Dec 10)
CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) P J P (Dec 10)
qize wang
Linux kernel: heap overflow in the marvell wifi driver qize wang (Nov 22)
Qualys Security Advisory
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) Qualys Security Advisory (Dec 11)
Authentication vulnerabilities in OpenBSD Qualys Security Advisory (Dec 04)
Ralph Dolmans
CVE-2019-18934 Unbound: Vulnerability in IPSEC module Ralph Dolmans (Nov 19)
Raphael Geissert
Multiple issues in lemonldap-ng Raphael Geissert (Nov 28)
Renaud Allard
Re: Authentication vulnerabilities in OpenBSD Renaud Allard (Dec 05)
Riccardo Schirone
Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability Riccardo Schirone (Dec 10)
Russ Allbery
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Russ Allbery (Nov 08)
Re: Mitigating malicious packages in gnu/linux Russ Allbery (Nov 20)
Salvatore Bonaccorso
Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid Salvatore Bonaccorso (Nov 04)
sandreim
CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow sandreim (Dec 10)
SBA Research Advisory
[SBA-ADV-20190913-02] CVE-2019-16521: WordPress Plugin - Broken Link Checker <= 1.11.8 - Reflected XSS SBA Research Advisory (Oct 16)
[SBA-ADV-20190913-03] CVE-2019-16523: WordPress Plugin - Events Manager <= 5.9.5 - Stored XSS SBA Research Advisory (Oct 16)
[SBA-ADV-20190913-01] CVE-2019-16522: WordPress Plugin - EU Cookie Law (GDPR) <= 3.0.6 and possibly upwards - Stored XSS SBA Research Advisory (Oct 16)
[SBA-ADV-20190913-04] CVE-2019-16520: WordPress Plugin - All in One SEO Pack <= 3.2.6 - Stored XSS SBA Research Advisory (Oct 16)
Seth Arnold
Re: Contributing Back Seth Arnold (Nov 05)
Simon McVittie
Re: Lots of bugs in 32-bit x86 Linux entry code Simon McVittie (Nov 25)
Re: virtual consoles Simon McVittie (Dec 03)
Solar Designer
Re: Contributing Back Solar Designer (Nov 05)
Re: virtual consoles Solar Designer (Dec 02)
Re: Linux kernel: heap overflow in the marvell wifi driver Solar Designer (Nov 25)
Re: independent volunteers on distros list Solar Designer (Nov 07)
Re: Mitigating malicious packages in gnu/linux Solar Designer (Nov 20)
Re: Membership application for linux-distros - VMware Solar Designer (Nov 06)
Re: Contributing Back Solar Designer (Nov 06)
Re: Authentication vulnerabilities in OpenBSD Solar Designer (Dec 04)
Re: Membership application for linux-distros - VMware Solar Designer (Nov 05)
Re: Mitigating malicious packages in gnu/linux Solar Designer (Nov 20)
Srivatsa S. Bhat
Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 04)
Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 04)
Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 06)
Stuart D. Gathman
Re: Lots of bugs in 32-bit x86 Linux entry code Stuart D. Gathman (Nov 25)
Re: Mitigating malicious packages in gnu/linux Stuart D. Gathman (Nov 19)
Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Stuart D. Gathman (Dec 19)
Tavis Ormandy
Re: virtual consoles Tavis Ormandy (Dec 03)
Re: virtual consoles Tavis Ormandy (Dec 02)
virtual consoles Tavis Ormandy (Dec 02)
Tim Allclair
Security release of kubernetes-csi sidecars - CVE-2019-11255 Tim Allclair (Nov 14)
Tim Armstrong
[CVE-2019-10084] privilege escalation by authenticated Apache Impala users Tim Armstrong (Nov 04)
Tim Kuijsten
Re: Mitigating malicious packages in gnu/linux Tim Kuijsten (Nov 19)
Tina Li
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li (Oct 03)
Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow Tina Li (Oct 09)
Todd C. Miller
Re: Sudo: CVE-2019-14287 Todd C. Miller (Oct 15)
Sudo: CVE-2019-14287 Todd C. Miller (Oct 14)
Tyler Hicks
Re: CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) Tyler Hicks (Dec 10)
ValdikSS
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ValdikSS (Dec 06)
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ValdikSS (Dec 06)
Vishwas Babu
Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0 Vishwas Babu (Oct 16)
Vladimír Čunát
[CVE-2019-19331] Knot Resolver 4.3.0 security release Vladimír Čunát (Dec 04)
VMware Security Response Center
CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center (Dec 05)
Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability VMware Security Response Center (Dec 11)
William J. Tolley
[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. William J. Tolley (Dec 04)
Wolfgang Frisch
CVE-2019-2201: libjpeg-turbo: code execution Wolfgang Frisch (Nov 11)
Xen . org security team
Xen Security Advisory 309 v3 (CVE-2019-19578) - Linear pagetable use / entry miscounts Xen . org security team (Dec 11)
Xen Security Advisory 305 v1 (CVE-2019-11135) - TSX Asynchronous Abort speculative side channel Xen . org security team (Nov 12)
Xen Security Advisory 296 v4 (CVE-2019-18420) - VCPUOP_initialise DoS Xen . org security team (Oct 31)
Xen Security Advisory 308 v3 (CVE-2019-19583) - VMX: VMentry failure with debug exceptions and blocked states Xen . org security team (Dec 11)
Xen Security Advisory 301 v3 (CVE-2019-18423) - add-to-physmap can be abused to DoS Arm hosts Xen . org security team (Oct 31)
Xen Security Advisory 307 v3 (CVE-2019-19581,CVE-2019-19582) - find_next_bit() issues Xen . org security team (Dec 11)
Xen Security Advisory 310 v3 (CVE-2019-19580) - Further issues with restartable PV type change operations Xen . org security team (Dec 11)
Xen Security Advisory 302 v5 (CVE-2019-18424) - passed through PCI devices may corrupt host memory after deassignment Xen . org security team (Oct 31)
Xen Security Advisory 303 v4 (CVE-2019-18422) - ARM: Interrupts are unconditionally unmasked in exception handlers Xen . org security team (Oct 31)
Xen Security Advisory 304 v1 (CVE-2018-12207) - x86: Machine Check Error on Page Size Change DoS Xen . org security team (Nov 12)
Xen Security Advisory 311 v4 (CVE-2019-19577) - Bugs in dynamic height handling for AMD IOMMU pagetables Xen . org security team (Dec 11)
Xen Security Advisory 306 v2 - Device quarantine for alternate pci assignment methods Xen . org security team (Nov 26)
Xen Security Advisory 299 v4 (CVE-2019-18421) - Issues with restartable PV type change operations Xen . org security team (Oct 31)
Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation Xen . org security team (Oct 31)
Xen Security Advisory 306 v3 (CVE-2019-19579) - Device quarantine for alternate pci assignment methods Xen . org security team (Dec 05)