oss-sec: by author
RSS Feed
About List
All Lists
Previous period
219 messages
starting Apr 19 20 and
ending Apr 17 20
Date index |
Thread index |
Author index
Agostino Sarubbo
re2c: heap overflow in Scanner::fill (scanner.cc) Agostino Sarubbo (Apr 19)
Re: Requesting a CVE id for Trojitá, an e-mail client: Improper Certificate Validation Agostino Sarubbo (Jun 25)
re2c: infinite loop Agostino Sarubbo (Apr 27)
Re: re2c: infinite loop Agostino Sarubbo (May 14)
Aki Tuomi
Multiple vulnerabilities in Dovecot IMAP server Aki Tuomi (May 18)
Alan Coopersmith
Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect Alan Coopersmith (Apr 03)
Amin Vakil
Re: Pacman package manager - taking untrusted input Amin Vakil (Apr 21)
Amos Jeffries
[ADVISORY] SQUID-2020:4 Multiple issues in HTTP Digest authentication Amos Jeffries (Apr 23)
[ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing Amos Jeffries (Apr 23)
Andrea Cosentino
[SECURITY] New security advisory CVE-2020-11971 released for Apache Camel Andrea Cosentino (May 14)
[SECURITY] New security advisory CVE-2020-11973 released for Apache Camel Andrea Cosentino (May 14)
Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel Andrea Cosentino (May 14)
[SECURITY] New security advisory CVE-2020-11972 released for Apache Camel Andrea Cosentino (May 14)
Andrew Donnellan
CVE-2020-11669: Linux kernel 4.10 to 5.1: powerpc: guest can cause DoS on POWER9 KVM hosts Andrew Donnellan (Apr 15)
Arrigo Triulzi
Re: Short notes on qmail security guarantee Arrigo Triulzi (May 22)
Benjamin Gilbert
Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Benjamin Gilbert (May 07)
Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Benjamin Gilbert (May 27)
Brennan Ashton
[CVE-2020-1939] Apache NuttX optional/example ftpd program NULL pointer bug Brennan Ashton (May 11)
Brian Demers
[CVE-2020-11989] Apache Shiro authentication bypass vulnerability Brian Demers (Jun 22)
Brian May
Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Brian May (Apr 08)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005 Carlos Alberto Lopez Perez (Apr 27)
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004 Carlos Alberto Lopez Perez (Apr 16)
Carlton Gibson
Django security releases issued: 3.0.7, and 2.2.13 for CVE-2020-13254 & CVE-2020-13596. Carlton Gibson (Jun 03)
Chesnay Schepler
[CVE-2020-1960] Apache Flink JMX information disclosure vulnerability Chesnay Schepler (May 13)
CJ Cullen
CVE-2019-11254: Kubernetes: denial of service vulnerability from malicious YAML payloads CJ Cullen (Apr 01)
Claus Assmann
Re: spoofing of local email sender via a homoglyph attack Claus Assmann (Apr 23)
Colm O hEigeartaigh
CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack Colm O hEigeartaigh (Apr 01)
Daan Hoogland
CVE-2019-17562 buffer overflow in baremetal plugin. Daan Hoogland (May 14)
Damien Miller
Announce: OpenSSH 8.3 released Damien Miller (May 26)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 06)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 07)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 03)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 16)
Daniel Ruggeri
Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect Daniel Ruggeri (Apr 04)
CVE-2020-1934: mod_proxy_ftp use of uninitialized value Daniel Ruggeri (Apr 01)
CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect Daniel Ruggeri (Apr 01)
Daniel Stenberg
[SECURITY ADVISORY] curl: Partial password leak over DNS on HTTP redirect Daniel Stenberg (Jun 23)
[SECURITY ADVISORY] curl: overwrite local file with -J Daniel Stenberg (Jun 23)
Dawei Liu
[CVE-2020-1952] Apache IoTDB (incubating) Remote Code execution vulnerability Dawei Liu (Apr 27)
Dennis Goodlett
default behavior in unzip more dangerous then -^ Dennis Goodlett (Jun 30)
Eli Schwartz
Re: Pacman package manager - taking untrusted input Eli Schwartz (Apr 22)
Eric Biggers
Re: CVE-2020-10769 kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. Eric Biggers (Jun 23)
Fan Yang
CVE-2020-10757 Linux kernel: mremap hugepage mmaped DAX nvdimm may cause corrupted page table Fan Yang (Jun 04)
Ferruh Yigit
DPDK security advisory for multiple vhost related issues Ferruh Yigit (May 18)
Florian Weimer
Incentives for pre-release reporting Florian Weimer (May 08)
Francesco Chicchiriccò
[CVE-2020-1961] Apache Syncope: Server-Side Template Injection on mail templates Francesco Chicchiriccò (May 02)
[CVE-2020-1959] Apache Syncope: Multiple Remote Code Execution Vulnerabilities Francesco Chicchiriccò (May 02)
[CVE-2019-17557] Enduser UI XSS Francesco Chicchiriccò (May 02)
Gage Hugo
[OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING) Gage Hugo (May 06)
[OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING) Gage Hugo (May 06)
[OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING) Gage Hugo (May 06)
Re: [OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING) Gage Hugo (May 07)
Re: [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING) Gage Hugo (May 07)
Re: [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING) Gage Hugo (May 07)
George Ni
[CVE-2020-1956] Apache Kylin command injection vulnerability George Ni (May 19)
Georgi Guninski
Re: Exploitability of the integer overflows in djbdns 1.05? Georgi Guninski (Jun 03)
Re: Remote Code Execution in qmail (CVE-2005-1513) Georgi Guninski (May 20)
Exploitability of the integer overflows in djbdns 1.05? Georgi Guninski (Jun 01)
Short notes on qmail security guarantee Georgi Guninski (May 21)
Re: Short notes on qmail security guarantee Georgi Guninski (May 22)
Re: Exploitability of the integer overflows in djbdns 1.05? Georgi Guninski (Jun 02)
Gollub, Daniel
CVE-2020-13881: pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if configured with debug parameter Gollub, Daniel (Jun 08)
Greg KH
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)
Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Greg KH (Apr 17)
Hanno Böck
XSS in BigBlueButton < 2.2.6 Hanno Böck (May 14)
Hypermail XSS via attachment Hanno Böck (May 14)
Squirrelmail: Use of unserialize() on user data Hanno Böck (Jun 20)
Hardik Vyas
CVE-2020-1760 ceph: header-splitting in RGW GetObject has a possible XSS Hardik Vyas (Apr 07)
CVE-2020-10736 ceph: authorization bypass in monitor and manager daemons Hardik Vyas (May 19)
CVE-2020-1759 ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions Hardik Vyas (Apr 07)
Henri Salo
Re: Incentives for pre-release reporting Henri Salo (May 08)
Re: re2c: heap overflow in Scanner::fill (scanner.cc) Henri Salo (Apr 19)
Re: re2c: heap overflow in Scanner::fill (scanner.cc) Henri Salo (Apr 21)
Huzaifa Sidhpurwala
libssh - CVE-2020-1730 Huzaifa Sidhpurwala (Apr 09)
Ian Jackson
adns (dns resolver library) multiple vulns Ian Jackson (Jun 11)
Igor Seletskiy
Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Igor Seletskiy (May 06)
ISC Security Officer
Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617) ISC Security Officer (May 19)
Jacques Le Roux
[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities Jacques Le Roux (Apr 30)
[CVE-2019-12425] Apache OFBiz Host Header Injection Jacques Le Roux (Apr 30)
Jan Kundrát
Requesting a CVE id for Trojitá, an e-mail client: Improper Certificate Validation Jan Kundrát (Jun 25)
Jan Lehnardt
[CVE-2020-1955] Apache CouchDB Remote Privilege Escalation Jan Lehnardt (May 19)
Jann Horn
Re: lockdown bypass on mainline kernel for loading unsigned modules Jann Horn (Jun 15)
Jason A. Donenfeld
lockdown bypass on mainline kernel for loading unsigned modules Jason A. Donenfeld (Jun 15)
lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Jason A. Donenfeld (Jun 13)
Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Jason A. Donenfeld (Jun 15)
Re: lockdown bypass on mainline kernel for loading unsigned modules Jason A. Donenfeld (Jun 15)
Re: lockdown bypass on mainline kernel for loading unsigned modules Jason A. Donenfeld (Jun 15)
Jason Bishop
Re: pam-krb5 security advisory (4.9 and earlier) Jason Bishop (Apr 01)
Jasper Lievisse Adriaanse
Exuberant Ctags and x2vpn format string vulnerabilities Jasper Lievisse Adriaanse (Apr 23)
Jean-Baptiste Onofre
[CVE-2020-1941] XSS in ActiveMQ WebConsole Jean-Baptiste Onofre (May 13)
[CVE-2020-11980] A remote client could create MBeans from arbitrary URLs Jean-Baptiste Onofre (Jun 12)
Jeffrey Walton
Re: Short notes on qmail security guarantee Jeffrey Walton (May 22)
Deficient engineering processes Jeffrey Walton (Apr 01)
Jelle van der Waa
Re: Pacman package manager - taking untrusted input Jelle van der Waa (Apr 21)
jellicent () protonmail com
Re: Pacman package manager - taking untrusted input jellicent () protonmail com (Apr 21)
Pacman package manager - taking untrusted input jellicent () protonmail com (Apr 21)
Jeremy Stanley
Re: spoofing of local email sender via a homoglyph attack Jeremy Stanley (Apr 23)
Joel Smith
Kubernetes: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements Joel Smith (Jun 01)
Johannes Segitz
Re: Requesting a CVE id for Trojitá, an e-mail client: Improper Certificate Validation Johannes Segitz (Jun 25)
Check your pre/post install scripts in rpm/deb/... packages for security issues Johannes Segitz (Apr 30)
John Haxby
Re: spoofing of local email sender via a homoglyph attack John Haxby (Apr 23)
Re: lockdown bypass on mainline kernel for loading unsigned modules John Haxby (Jun 15)
Jonathan Gallimore
CVE-2020-11969 Apache TomEE - useJMX attribute on ActiveMQ resource adapter URI causes authenticated JMX port to be open Jonathan Gallimore (Jun 15)
Jonathan Wei
[CVE-2020-1958]: Apache Druid LDAP injection vulnerability Jonathan Wei (Apr 01)
Josh Fischer
CVE-2020-1964: Apache Heron (incubating) information disclosure vulnerability Josh Fischer (Apr 15)
Jouni Malinen
hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP Jouni Malinen (Jun 08)
Marco Ivaldi
CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris Marco Ivaldi (Apr 15)
Mark J Cox
[CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain Mark J Cox (Apr 22)
Mark Thomas
CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service Mark Thomas (Jun 25)
CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence Mark Thomas (May 20)
Martin
[SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection Martin (Jun 19)
Matheus Bratfisch
Python Beaker - Deserialization of Untrasted Data which can lead to Arbitrary code execution Matheus Bratfisch (May 14)
Matthias Gerstner
icinga2: CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context Matthias Gerstner (Jun 12)
oddjob: mkhomedir: CVE-2020-10737: race condition when copying skeleton tree Matthias Gerstner (May 11)
xawtv: CVE-2020-13696: v4l-conf setuid-root program allows file existence tests and open(..., O_RDRW) on arbitrary files Matthias Gerstner (Jun 04)
Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Matthias Gerstner (May 20)
linux-pam: pam_setquota.so vulnerability facilitated through fusermount setuid-root program Matthias Gerstner (Jun 04)
Matt Sicker
[CVE-2018-1285] XXE vulnerability in Apache log4net Matt Sicker (May 10)
[CVE-2020-9488] Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Matt Sicker (Apr 25)
Mauro Matteo Cascella
CVE-2020-11869 qemu: integer overflow in ati_2d_blt() in hw/display/ati-2d.c could lead to DoS Mauro Matteo Cascella (Apr 24)
Michael McNally
ISC announces two medium-severity vulnerabilities, CVE-2020-8618 and CVE-2020-8619 Michael McNally (Jun 17)
Michael Orlitzky
Re: Deficient engineering processes Michael Orlitzky (Apr 01)
Re: Check your pre/post install scripts in rpm/deb/... packages for security issues Michael Orlitzky (Apr 30)
Re: icinga2: CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context Michael Orlitzky (Jun 12)
Michal Suchánek
Re: CVE-2020-11669: Linux kernel 4.10 to 5.1: powerpc: guest can cause DoS on POWER9 KVM hosts Michal Suchánek (Apr 15)
Michal Zalewski
Re: Short notes on qmail security guarantee Michal Zalewski (May 22)
Monsieur Francis Perron
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Monsieur Francis Perron (Jun 10)
Morten Linderud
Re: Pacman package manager - taking untrusted input Morten Linderud (Apr 21)
Nathan Gough
[CVE-2020-9482] Apache NiFi Registry user log out issue Nathan Gough (Apr 27)
Ondrej Mosnacek
CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass Ondrej Mosnacek (May 27)
Otto Moerbeek
PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16 released fixing multiple vulnerabilities Otto Moerbeek (May 19)
Paul Mackerras
Re: CVE-2020-11669: Linux kernel 4.10 to 5.1: powerpc: guest can cause DoS on POWER9 KVM hosts Paul Mackerras (Apr 15)
Paul Moore
Linux kernel SELinux/netlink missing access check Paul Moore (Apr 30)
Perry E. Metzger
Re: Short notes on qmail security guarantee Perry E. Metzger (May 22)
Petr Špaček
[CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation Petr Špaček (May 19)
Piotr Krysiuk
[CVE-2020-12114] Linux kernel denial of service by corrupting mountpoint reference counter Piotr Krysiuk (May 04)
P J P
CVE-2020-13800 QEMU: ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS P J P (Jun 03)
CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers P J P (Apr 06)
Re: [test case][kunit] CVE-2020-10711 Kernel netLabel P J P (May 14)
CVE-2020-13765 QEMU: loader: OOB access while loading registered ROM may lead to code execution P J P (Jun 03)
CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS P J P (Jun 01)
CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category P J P (May 12)
CVE-2020-13362 QEMU: megasas: OOB read access due to invalid index leads to DoS P J P (May 27)
CVE-2020-10761 QEMU: nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client P J P (Jun 08)
Re: CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category P J P (May 12)
CVE-2020-13361 QEMU: es1370: OOB access due to incorrect frame count leads to DoS P J P (May 27)
CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario P J P (May 19)
Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS P J P (Jun 15)
CVE-2020-13253 QEMU: sd: OOB access could crash the guest resulting in DoS P J P (May 27)
CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS P J P (May 03)
CVE-2020-13659 QEMU: exec: address_space_map returns NULL without setting length to zero may lead to DoS P J P (Jun 01)
CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field P J P (Apr 15)
CVE-2020-13791 QEMU: ati-vga: OOB access while reading PCI configuration may lead to DoS P J P (Jun 03)
PromiseLabs Pentest Research
Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
Przemyslaw Roguski
CVE-2020-10753 ceph: radosgw: HTTP header injection via CORS ExposeHeader tag Przemyslaw Roguski (Jun 25)
qing xu
Linux kernel: two buffer overflow in the marvell wifi driver qing xu (May 08)
Qualys Security Advisory
Re: Remote Code Execution in qmail (CVE-2005-1513) Qualys Security Advisory (Jun 16)
qmail: short/int vs. gid_t Qualys Security Advisory (May 19)
Remote Code Execution in qmail (CVE-2005-1513) Qualys Security Advisory (May 19)
Re: Remote Code Execution in qmail (CVE-2005-1513) Qualys Security Advisory (May 20)
Ralph Dolmans
Unbound - CVE-2020-12662, CVE-2020-12663 Ralph Dolmans (May 19)
Reed Black
Re: Deficient engineering processes Reed Black (Apr 02)
Reed Loden
Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Reed Loden (Jun 15)
Richard Hartmann
Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379 Richard Hartmann (Jun 09)
Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379 Richard Hartmann (Jun 03)
Rohit Keshri
CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open Rohit Keshri (Apr 21)
CVE-2020-10769 kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. Rohit Keshri (Jun 23)
Russ Allbery
Re: Deficient engineering processes Russ Allbery (Apr 01)
Salvatore Bonaccorso
Re: mailman 2.x: XSS via file attachments in list archives Salvatore Bonaccorso (Apr 24)
Santiago Torres
Re: Pacman package manager - taking untrusted input Santiago Torres (Apr 21)
Sean Owen
CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master Sean Owen (Jun 22)
Serge Huber
[SECURITY][ANNOUNCEMENT] Fix for CVE-2020-11975 in Apache Unomi 1.5.1 Serge Huber (Jun 05)
Seth Arnold
Re: Deficient engineering processes Seth Arnold (Apr 01)
[cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1] Seth Arnold (Jun 25)
ShannonDing
[SECURITY][CVE-2019-17572] Apache RocketMQ directory traversal vulnerability ShannonDing (May 14)
Sheng Wu
[CVE-2020-9483] Apache SkyWalking SQL injection vulnerability Sheng Wu (Jun 15)
Simon McVittie
CVE-2020-12049: dbus: denial of service via file descriptor leak Simon McVittie (Jun 04)
Re: Pacman package manager - taking untrusted input Simon McVittie (Apr 21)
Simon Steiner
[CVE-2019-17566] Apache XML Graphics Batik SSRF vulnerability Simon Steiner (Jun 15)
Singh, Balbir
Re: [test case][kunit] CVE-2020-10711 Kernel netLabel Singh, Balbir (May 15)
[test case][kunit] CVE-2020-10711 Kernel netLabel Singh, Balbir (May 15)
Solar Designer
Re: Exploitability of the integer overflows in djbdns 1.05? Solar Designer (Jun 01)
CVE-2020-5260: Git: malicious URLs may cause Git to present stored credentials to the wrong server Solar Designer (Apr 15)
Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Solar Designer (May 05)
Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
Re: Short notes on qmail security guarantee Solar Designer (May 22)
Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
Stefan Bodewig
[CVE-2020-1945] Apache Ant insecure temporary file vulnerability Stefan Bodewig (May 13)
Stefan Cornelius
libvncserver: old websocket decoding patch Stefan Cornelius (Jun 30)
Re: mailman 2.x: XSS via file attachments in list archives Stefan Cornelius (Apr 23)
Re: libvncserver: old websocket decoding patch Stefan Cornelius (Jun 30)
Steve Beattie
CVE-2020-8834: Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability Steve Beattie (Apr 06)
Steve Grubb
Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Steve Grubb (Apr 17)
Stuart D Gathman
Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack Stuart D Gathman (Apr 09)
Stuart D. Gathman
Re: spoofing of local email sender via a homoglyph attack Stuart D. Gathman (Apr 23)
Taylor Blau
CVE-2020-11008: Git: Malicious URLs can still cause Git to send a stored credential to the wrong server Taylor Blau (Apr 20)
Re: CVE-2020-5260: Git: malicious URLs may cause Git to present stored credentials to the wrong server Taylor Blau (Apr 15)
Tim Allclair
CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager Tim Allclair (Jun 01)
Tim Allison
[CVE-2020-9489] Denial of Service (DOS) Vulnerabilities in Some of Apache Tika's Parsers Tim Allison (Apr 24)
Ulisses Albuquerque
Re: Deficient engineering processes Ulisses Albuquerque (Apr 02)
Vincent Batts
Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Vincent Batts (May 27)
Wade Mealing
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)
CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps Wade Mealing (May 05)
kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)
CVE-2020-10781 kernel: zram sysfs resource consumption Wade Mealing (Jun 17)
Wietse Venema
Re: spoofing of local email sender via a homoglyph attack Wietse Venema (Apr 23)
Xen . org security team
Xen Security Advisory 320 v2 (CVE-2020-0543) - Special Register Buffer speculative side channel Xen . org security team (Jun 11)
Xen Security Advisory 320 v1 (CVE-2020-0543) - Special Register Buffer speculative side channel Xen . org security team (Jun 09)
Xen Security Advisory 314 v3 (CVE-2020-11739) - Missing memory barriers in read-write unlock paths Xen . org security team (Apr 14)
Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues Xen . org security team (Apr 14)
Xen Security Advisory 318 v3 (CVE-2020-11742) - Bad continuation handling in GNTTABOP_copy Xen . org security team (Apr 14)
Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant Xen . org security team (Apr 14)
Юрий
[CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability Юрий (Jun 03)
陈伟宸(田各)
回复:[oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic 陈伟宸(田各) (Apr 17)
CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic 陈伟宸(田各) (Apr 17)