oss-sec: by author
RSS Feed
About List
All Lists
Previous period
211 messages
starting Sep 27 20 and
ending Jul 28 20
Date index |
Thread index |
Author index
Akira Ajisaka
CVE-2018-11765: Potential information disclosure in Hadoop Web interfaces Akira Ajisaka (Sep 27)
Aki Tuomi
CVE-2020-12673: Dovecot IMAP server: Specially crafted NTLM package can crash auth service Aki Tuomi (Aug 12)
CVE-2020-12674: Dovecot IMAP server: Specially crafted RPA authentication message crashes auth Aki Tuomi (Aug 12)
CVE-2020-12100: Dovecot IMAP server: Receiving mail with deeply nested MIME parts leads to resource exhaustion Aki Tuomi (Aug 12)
Alan Coopersmith
Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Aug 13)
Re: X.Org server security advisory: August 25, 2020 Alan Coopersmith (Aug 25)
Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Sep 08)
Alex Gaynor
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Alex Gaynor (Sep 08)
ali . of . south
CVE-2018-21036: Sails.js before v1.0.0-46 DoS ali . of . south (Jul 19)
Amos Jeffries
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Amos Jeffries (Sep 06)
Andrew Cooper
Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Andrew Cooper (Jul 20)
Andy Lutomirski
CVE Request: Linux kernel vsyscall page refcounting error Andy Lutomirski (Sep 08)
asterite
CVE-2020-13640: WordPress Plugin wpDiscuz <= 5.3.5 SQL injection asterite (Jul 06)
Bartłomiej Płotka
Re: [prometheus-team] Voiding CVE-2020-16248 Bartłomiej Płotka (Aug 08)
Bastian Blank
Re: Voiding CVE-2020-16248 Bastian Blank (Aug 08)
Brandon Williams
CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX Brandon Williams (Aug 31)
Brian Demers
[CVE-2020-13933] Apache Shiro Authentication Bypass Vulnerability Brian Demers (Aug 17)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007 Carlos Alberto Lopez Perez (Jul 29)
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006 Carlos Alberto Lopez Perez (Jul 10)
Carlton Gibson
Django Security Releases for CVE-2020-24583 & CVE-2020-24584: permissions on intermediate-level directories on Python 3.7+ Carlton Gibson (Sep 01)
Casper . Dik
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Casper . Dik (Jul 21)
Cédric Damioli
[CVE-2020-11991] Apache Cocoon security vulnerability Cédric Damioli (Sep 11)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 02)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 23)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 16)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 01)
Vulnerability in Jenkins Daniel Beck (Aug 17)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Aug 12)
Daniel Ruggeri
CVE-2020-9490: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header Daniel Ruggeri (Aug 07)
CVE-2020-11985: Apache httpd: CWE-345: Insufficient verification of data authenticity Daniel Ruggeri (Aug 07)
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
CVE-2020-11993: Apache httpd: Push Diary Crash on Specifically Crafted HTTP/2 Header Daniel Ruggeri (Aug 07)
CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 07)
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
Daniel Stenberg
[SECURITY ADVISORY] libcurl: wrong connect-only connection Daniel Stenberg (Aug 19)
Re: Contributing Back Daniel Stenberg (Jul 02)
David Smiley
[CVE-2020-13941] Apache Solr information disclosure vulnerability David Smiley (Aug 15)
Debora Velarde Babb
Re: [TrouSerS-tech] [oss-security] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 04)
Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 14)
Re: [TrouSerS-tech] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Debora Velarde Babb (Aug 06)
Douglas Bagnall
Samba and CVE-2020-1472 ("Zerologon") Douglas Bagnall (Sep 17)
Eric Biggers
Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update Eric Biggers (Jul 28)
Ferruh Yigit
DPDK security advisory for multiple vhost crypto issues Ferruh Yigit (Sep 28)
Florian Weimer
Re: Alternative CET ABI Florian Weimer (Jul 30)
Alternative CET ABI Florian Weimer (Jul 30)
Francesco Chicchiriccò
[CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition Francesco Chicchiriccò (Sep 14)
Francis Perron
Re: Contributing Back Francis Perron (Jul 02)
Fstark
libass ass_outline.c signed integer overflow Fstark (Sep 29)
Gary Tully
CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin Gary Tully (Jul 20)
Greg KH
Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
Re: Flatcar membership on the linux-distros list Greg KH (Jul 24)
Re: CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Greg KH (Sep 29)
Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
Re: Linux Kernel 5.7.9 DRM Double Free Greg KH (Aug 19)
Hanno Böck
Re: Voiding CVE-2020-16248 Hanno Böck (Aug 08)
Hardik Vyas
CVE-2020-10763 heketi: gluster-block volume password details available in logs Hardik Vyas (Sep 30)
CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files Hardik Vyas (Sep 30)
Havijoori
Apache + PHP <= 7.4.10 open_basedir bypass Havijoori (Sep 17)
H.J. Lu
Re: Alternative CET ABI H.J. Lu (Jul 30)
Ian Maxon
[CVE-2020-9479] Directory traversal vulnerability in Apache AsterixDB Ian Maxon (Aug 08)
Iorga, Serban
CVE-2020-16843: Firecracker v0.20.0, v0.21.0 and v0.21.1 network stack can freeze under heavy ingress traffic Iorga, Serban (Aug 13)
Jacques Le Roux
[CVE-2020-13923] IDOR in Apache OFBiz Jacques Le Roux (Jul 15)
[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication Jacques Le Roux (Jul 15)
James Bottomley
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon James Bottomley (Aug 06)
Jann Horn
Re: Alternative CET ABI Jann Horn (Jul 30)
Jason A. Donenfeld
UEFI SecureBoot bypass fixes rolled out to kernels below radar Jason A. Donenfeld (Jul 30)
Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 03)
Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
Jean-Baptiste Onofre
[CVE-2020-11998] Apache ActiveMQ JMX remote client could execute arbitrary code Jean-Baptiste Onofre (Sep 10)
[CVE-2020-13920] ActiveMQ JMX vulenarable to MITM attack Jean-Baptiste Onofre (Sep 09)
Jeff Law
Re: Flatcar membership on the linux-distros list Jeff Law (Jul 23)
Re: Flatcar membership on the linux-distros list Jeff Law (Jul 23)
Jeffrey Walton
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Jeffrey Walton (Sep 07)
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Jeffrey Walton (Sep 08)
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Jeffrey Walton (Jul 20)
Re: Voiding CVE-2020-16248 Jeffrey Walton (Aug 08)
Jeremy Stanley
[OSSA-2020-006] Nova: Live migration fails to update persistent domain XML (CVE-2020-17376) Jeremy Stanley (Aug 25)
Risk and severity vectors (was: Open Source Tool | vPrioritization | Risk Prioritization Framework) Jeremy Stanley (Sep 05)
Jerry Snitselaar
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jerry Snitselaar (Aug 06)
Joel Smith
CVE-2020-8557: Kubernetes: Node disk DOS by writing to container /etc/hosts Joel Smith (Jul 15)
[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Joel Smith (Jul 08)
Joe Orton
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Joe Orton (Aug 17)
John Haxby
multiple secure boot grub2 and linux kernel vulnerabilities John Haxby (Jul 29)
Re: UEFI SecureBoot bypass fixes rolled out to kernels below radar John Haxby (Jul 30)
Jonas Witschel
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Jonas Witschel (Aug 06)
Julien Pivotto
Re: [prometheus-team] Voiding CVE-2020-16248 Julien Pivotto (Aug 08)
Kai Lüke
Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Kai Lüke (Sep 10)
Kaxil Naik
[CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12 Kaxil Naik (Sep 16)
Re: [CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12 Kaxil Naik (Sep 16)
Keval Bhatt
Fwd: [CVE-2020-13928 ] Apache Atlas Multiple XSS Vulnerability Keval Bhatt (Sep 15)
Kurt H Maier
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Kurt H Maier (Sep 07)
Larry W. Cashdollar
SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql Larry W. Cashdollar (Jul 09)
Luca Boccassi
CVE-2020-15166: zeromq/libzmq: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients Luca Boccassi (Sep 07)
Marco Benatto
Re: [TrouSerS-tech] [oss-security] Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Marco Benatto (Aug 04)
Re: Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon Marco Benatto (Aug 03)
Marcus Meissner
Re: Re: lockdown bypass on mainline kernel for loading unsigned modules Marcus Meissner (Jul 20)
Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Marcus Meissner (Jul 20)
GNUPG released with AEAD sec fix CVE-2020-25125 Marcus Meissner (Sep 03)
Mark Thomas
[SECURITY] CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service Mark Thomas (Jul 14)
[SECURITY] CVE-2020-13935 Apache Tomcat WebSocket Denial of Service Mark Thomas (Jul 14)
Matthias Bläsing
[CVE-2020-11986] Opening a Gradle project with Apache NetBeans executes foreign script immediately Matthias Bläsing (Sep 07)
Matthias Gerstner
veyon: Veyon uses fixed logfile paths in /tmp in versions prior v4.4.0 Matthias Gerstner (Jul 07)
chrony: CVE-2020-14367: unsafe pidfile creation allows privilege escalation from chrony user to root Matthias Gerstner (Aug 21)
Matthieu Herrb
X.Org server security advisory: August 25, 2020 Matthieu Herrb (Aug 25)
Fwd: X.Org security advisory: July 31, 2020: libX11 Matthieu Herrb (Jul 31)
Fwd: X.Org security advisory: July 31, 2020: Xserver Matthieu Herrb (Jul 31)
X.Org libX11 security advisory: August 25, 2020 Matthieu Herrb (Aug 25)
Mauro Matteo Cascella
Re: Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Mauro Matteo Cascella (Jul 17)
CVE-2020-15863 QEMU: stack-based overflow in xgmac_enet_send() in hw/net/xgmac.c Mauro Matteo Cascella (Jul 22)
CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Mauro Matteo Cascella (Aug 10)
Maxim Solodovnik
[ANNOUNCE] CVE-2020-13951 - Apache Openmeetings: DoS via public web service Maxim Solodovnik (Sep 28)
Michael McNally
Five vulnerabilities disclosed in BIND (CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, and CVE-2020-8624) Michael McNally (Aug 20)
Michael Tokarev
Re: CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c Michael Tokarev (Aug 10)
Mike Jumper
[SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels Mike Jumper (Jul 02)
[SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling Mike Jumper (Jul 02)
Minh Yuan
CVE-2020-14390: Linux kernel: slab-out-of-bounds in fbcon Minh Yuan (Sep 15)
Mohammad Tausif Siddiqui
Re: Contributing Back Mohammad Tausif Siddiqui (Jul 23)
NopNop Nop
Linux Kernel: out-of-bounds reading in vgacon_scrolldelta NopNop Nop (Sep 16)
Or Cohen
CVE-2020-14386: Linux kernel: af_packet.c vulnerability Or Cohen (Sep 03)
Otto Moerbeek
PowerDNS Recursor 4.3.2, 4.2.3. and 4.1.17 released fixing CVE-2020-14196: Access restriction,bypass Otto Moerbeek (Jul 01)
Perry E. Metzger
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger (Sep 07)
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Perry E. Metzger (Sep 05)
Peter van Dijk
[Fwd: [Pdns-announce] security advisories for Authoritative 4.3.1, 4.2.3, 4.1.14] Peter van Dijk (Sep 22)
Phil Pennock
[CVE-2020-26149] NATS project vulnerabilities: nats.js, (nats.ws, nats.deno) Phil Pennock (Sep 30)
Re: Perl 5.32.0 mishandling of rpath and runpath tokens Phil Pennock (Jul 20)
P J P
CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet P J P (Sep 16)
CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while processing transfer descriptors P J P (Sep 17)
CVE-2020-25085 QEMU: sdhci: out-of-bounds access issue while doing multi block SDMA P J P (Sep 16)
CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets P J P (Aug 24)
QEMU: NULL pointer derefrence issues P J P (Sep 29)
CVE-2020-15469 QEMU: MMIO ops null pointer dereference may lead to DoS P J P (Jul 01)
CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets P J P (Jul 21)
Pramod Rana
Open Source Tool | vPrioritization | Risk Prioritization Framework Pramod Rana (Sep 03)
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Pramod Rana (Sep 06)
Randy Barlow
Re: Flatcar membership on the linux-distros list Randy Barlow (Jul 15)
Richard Hartmann
Re: Voiding CVE-2020-16248 Richard Hartmann (Aug 09)
Re: Voiding CVE-2020-16248 Richard Hartmann (Aug 09)
Voiding CVE-2020-16248 Richard Hartmann (Aug 08)
Richard Hipp
Fossil-SCM patch fixes RCE in all historic versions Richard Hipp (Aug 20)
Robert Watson
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework Robert Watson (Sep 06)
Rohit Keshri
CVE-2019-20794 kernel: task processes not being properly ended could lead to resource exhaustion Rohit Keshri (Aug 24)
Salvatore Bonaccorso
Re: Fossil-SCM patch fixes RCE in all historic versions Salvatore Bonaccorso (Aug 25)
Re: CVE Request: Linux kernel vsyscall page refcounting error Salvatore Bonaccorso (Sep 10)
Sam Tunnicliffe
CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability Sam Tunnicliffe (Sep 01)
Sandro Gauci
Kamailio vulnerable to header smuggling possible due to bypass of remove_hf Sandro Gauci (Sep 01)
Seth Arnold
[cve-request () mitre org: Re: [scr966354] oniguruma regular expression library - fixed in devel version cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0] Seth Arnold (Sep 30)
Re: Contributing Back Seth Arnold (Sep 03)
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 07)
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 10)
ShaoFeng Shi
[SECURITY][CVE-2020-13925] Apache Kylin command injection vulnerability ShaoFeng Shi (Jul 14)
[SECURITY][CVE-2020-13926] Apache Kylin SQL injection vulnerability ShaoFeng Shi (Jul 14)
Sheng Wu
[CVE-2020-13921] Apache SkyWalking SQL injection vulnerability after H2/MySQL/TiDB storage option activated. Sheng Wu (Aug 05)
Solar Designer
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 08)
Re: Flatcar membership on the linux-distros list Solar Designer (Jul 25)
Re: Contributing Back Solar Designer (Jul 20)
Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability Solar Designer (Sep 04)
Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update Solar Designer (Jul 29)
Re: Flatcar membership on the linux-distros list Solar Designer (Jul 20)
Re: Contributing Back Solar Designer (Jul 11)
Re: Contributing Back Solar Designer (Jul 23)
Re: Flatcar membership on the linux-distros list Solar Designer (Jul 23)
Re: Flatcar membership on the linux-distros list Solar Designer (Jul 23)
Re: Contributing Back Solar Designer (Sep 03)
Stefan Bodewig
[CVE-2020-11979] Apache Ant insecure temporary file vulnerability Stefan Bodewig (Sep 30)
svenmeier
[CVE-2020-11976] Apache Wicket information disclosure vulnerability svenmeier (Aug 10)
Sylvain Beucler
Re: Voiding CVE-2020-16248 Sylvain Beucler (Aug 08)
Szabolcs Nagy
Re: Alternative CET ABI Szabolcs Nagy (Jul 30)
The Doctor [412/724/301/703/415/510]
Re: Open Source Tool | vPrioritization | Risk Prioritization Framework The Doctor [412/724/301/703/415/510] (Sep 09)
Thiago H. de Paula Figueiredo
[CVE-2020-13953] Apache Tapestry WEB-INF file download vulnerability Thiago H. de Paula Figueiredo (Sep 26)
Tim Allclair
Kubernetes: CVE-2020-8559: Privilege escalation from compromised node to cluster Tim Allclair (Jul 15)
Vincent Batts
Flatcar membership on the linux-distros list Vincent Batts (Jul 14)
Re: Contributing Back Vincent Batts (Sep 09)
Re: Flatcar membership on the linux-distros list Vincent Batts (Jul 23)
vpn-research
Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) vpn-research (Aug 13)
Wadeck Follonier
Multiple vulnerabilities in Jenkins and Jenkins plugins Wadeck Follonier (Jul 15)
Wade Mealing
CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Wade Mealing (Sep 29)
Will Barrett
[CVE-2020-13952] Apache Superset Information Disclosure Vulnerability Will Barrett (Sep 29)
William Barrett
[CVE-2020-13948] Apache Superset Remote Code Execution Vulnerability William Barrett (Sep 15)
Wolfgang Frisch
CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences Wolfgang Frisch (Sep 03)
X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch X41 D-Sec GmbH Advisories (Jul 09)
Xen . org security team
Xen Security Advisory 329 v3 (CVE-2020-15852) - Linux ioperm bitmap context switching issues Xen . org security team (Jul 21)
Xen Security Advisory 336 v3 (CVE-2020-25604) - race when migrating timers between x86 HVM vCPU-s Xen . org security team (Sep 22)
Xen Security Advisory 342 v3 (CVE-2020-25600) - out of bounds event channels available to 32-bit x86 domains Xen . org security team (Sep 22)
Xen Security Advisory 333 v3 (CVE-2020-25602) - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE Xen . org security team (Sep 22)
Xen Security Advisory 334 v3 (CVE-2020-25598) - Missing unlock in XENMEM_acquire_resource error path Xen . org security team (Sep 22)
Xen Security Advisory 329 v2 - Linux ioperm bitmap context switching issues Xen . org security team (Jul 16)
Xen Security Advisory 338 v4 (CVE-2020-25597) - once valid event channels may not turn invalid Xen . org security team (Sep 22)
Xen Security Advisory 317 v3 (CVE-2020-15566) - Incorrect error handling in event channel port allocation Xen . org security team (Jul 07)
Xen Security Advisory 328 v3 (CVE-2020-15567) - non-atomic modification of live EPT PTE Xen . org security team (Jul 07)
Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d Xen . org security team (Jul 07)
Xen Security Advisory 337 v3 (CVE-2020-25595) - PCI passthrough code reading back hardware registers Xen . org security team (Sep 22)
Xen Security Advisory 319 v3 (CVE-2020-15563) - inverted code paths in x86 dirty VRAM tracking Xen . org security team (Jul 07)
Xen Security Advisory 335 v2 (CVE-2020-14364) - QEMU: usb: out-of-bounds r/w access issue Xen . org security team (Aug 24)
Xen Security Advisory 327 v3 (CVE-2020-15564) - Missing alignment check in VCPUOP_register_vcpu_info Xen . org security team (Jul 07)
Xen Security Advisory 343 v4 (CVE-2020-25599) - races with evtchn_reset() Xen . org security team (Sep 22)
Xen Security Advisory 339 v3 (CVE-2020-25596) - x86 pv guest kernel DoS via SYSENTER Xen . org security team (Sep 22)
Xen Security Advisory 340 v3 (CVE-2020-25603) - Missing memory barriers when accessing/allocating an event channel Xen . org security team (Sep 22)
Xen Security Advisory 344 v4 (CVE-2020-25601) - lack of preemption in evtchn_reset() / evtchn_destroy() Xen . org security team (Sep 22)
zdi-disclosures () trendmicro com
Linux Kernel 5.7.9 DRM Double Free zdi-disclosures () trendmicro com (Aug 19)
Zhang Xiao
Re: Contributing Back Zhang Xiao (Jul 02)
Re: Contributing Back Zhang Xiao (Jul 23)
Contributing Back Zhang Xiao (Jul 02)
Re: Contributing Back Zhang Xiao (Jul 13)
Re: Contributing Back Zhang Xiao (Jul 28)
张云海
Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update 张云海 (Jul 30)
[CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update 张云海 (Jul 28)