oss-sec: by author
RSS Feed
About List
All Lists
Previous period
241 messages
starting Oct 20 20 and
ending Nov 15 20
Date index |
Thread index |
Author index
Akira Ajisaka
[CVE-2018-11764] Apache Hadoop Privilege escalation in web endpoint Akira Ajisaka (Oct 20)
Alan Coopersmith
Re: The importance of mutual authentication: Local Privilege Escalation in X11 Alan Coopersmith (Nov 10)
CVE-2020-15999 fixed in FreeType 2.10.4 Alan Coopersmith (Oct 20)
Ana McTaggart
Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost Ana McTaggart (Nov 17)
CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila Ana McTaggart (Dec 16)
CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost Ana McTaggart (Nov 17)
Andrew Cooper
Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Andrew Cooper (Nov 30)
Andrew Donnellan
Re: Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Dec 10)
Re: Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Nov 23)
Linux kernel: powerpc: RTAS calls can be used to compromise kernel integrity Andrew Donnellan (Oct 09)
Andy LoPresto
[ANNOUNCE] Apache NiFi CVE-2020-9486, CVE-2020-9487, CVE-2020-9491, CVE-2020-13940 Andy LoPresto (Oct 01)
Anthony Liguori
Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori (Oct 12)
Billie Rinaldi
CVE-2020-17533: Apache Accumulo Improper Handling of Insufficient Permissions Billie Rinaldi (Dec 29)
Bob Friesenhahn
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Bob Friesenhahn (Oct 08)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Bob Friesenhahn (Oct 07)
Brennan Ashton
CVE-2020-17528: Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length Brennan Ashton (Dec 09)
CVE-2020-17529: Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header Brennan Ashton (Dec 09)
Brian Demers
[CVE-2020-17510] Apache Shiro Authentication Bypass Vulnerability Brian Demers (Nov 04)
Brian May
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Brian May (Oct 06)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 12)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Brian May (Oct 07)
butt3rflyh4ck
Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1 butt3rflyh4ck (Nov 30)
Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1 butt3rflyh4ck (Dec 03)
CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree butt3rflyh4ck (Nov 30)
Re: CVE-2020-27815 Linux kernel: jfs: array-index-out-of-bounds in dbAdjTree butt3rflyh4ck (Dec 28)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0009 Carlos Alberto Lopez Perez (Nov 30)
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 Carlos Alberto Lopez Perez (Nov 23)
caveman رجل الكهف
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. caveman رجل الكهف (Oct 07)
chinarulezzz
Polipo: denial-of-service using range chinarulezzz (Nov 18)
Colm O hEigeartaigh
CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath Colm O hEigeartaigh (Nov 12)
Daniel Axtens
Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Daniel Axtens (Nov 22)
CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Daniel Axtens (Nov 20)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Dec 03)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 08)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 04)
Daniel Sprouse
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Daniel Sprouse (Oct 06)
Daniel Stenberg
[SECURITY ADVISORY] curl: trusting FTP PASV responses Daniel Stenberg (Dec 08)
[SECURITY ADVISORY] libcurl: FTP wildcard stack overflow Daniel Stenberg (Dec 08)
[SECURITY ADVISORY] curl: Inferior OCSP verification Daniel Stenberg (Dec 08)
Dave Fisher
[CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents Dave Fisher (Nov 10)
Dave Horsfall
Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Dave Horsfall (Nov 14)
David A. Wheeler
Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 13)
Re: Buffer Overflow in raptor widely unfixed in Linux distros David A. Wheeler (Nov 16)
Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)
Dawid Golunski
Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn Dawid Golunski (Nov 04)
Demi M. Obenour
Re: The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 10)
Re: The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 10)
The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 09)
Dimitrios Glynos
CVE-2019-16127, CVE-2019-16128 and CVE-2019-16129 for Microchip code Dimitrios Glynos (Oct 22)
Dmitry V. Levin
Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions Dmitry V. Levin (Nov 24)
Douglas Bagnall
Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Douglas Bagnall (Dec 15)
Eli Schwartz
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Eli Schwartz (Oct 13)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Eli Schwartz (Oct 06)
Eric Biggers
Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Eric Biggers (Dec 08)
Érico Nogueira
Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions Érico Nogueira (Nov 24)
Eric Pruitt
Dash executes code when noexec ("-n") is specified Eric Pruitt (Nov 11)
Fabian Keil
Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Nov 29)
CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Fabian Keil (Dec 23)
Frank Morgner
OpenSC 0.21.0 released Frank Morgner (Nov 24)
Gage Hugo
[OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565) Gage Hugo (Dec 08)
Georgi Guninski
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Georgi Guninski (Oct 06)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Georgi Guninski (Oct 08)
the Bugtraq list archives before 2000 Georgi Guninski (Oct 04)
major changes if gnu/linux dominates the desktop and/or mobile market? Georgi Guninski (Oct 05)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Georgi Guninski (Oct 07)
Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Georgi Guninski (Oct 07)
Giacomo Catenazzi
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Giacomo Catenazzi (Oct 08)
Grant Taylor
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Grant Taylor (Oct 06)
Greg KH
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 07)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 06)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Greg KH (Oct 05)
Re: CVE-2020-25656: Linux kernel concurrency UAF in vt_do_kdgkb_ioctl Greg KH (Oct 16)
Guangning E
CVE-2020-17520 Apache Pulsar Manager Information Disclosure (bypass admin interceptor) Guangning E (Dec 17)
Hanno Böck
Buffer Overflow in raptor widely unfixed in Linux distros Hanno Böck (Nov 13)
Huzaifa Sidhpurwala
CVE-2020-25654 pacemaker: ACL restrictions bypass Huzaifa Sidhpurwala (Oct 27)
Ian Zimmerman
Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 19)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Ian Zimmerman (Oct 05)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Ian Zimmerman (Oct 19)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Ian Zimmerman (Nov 18)
Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 18)
Imre Rad
Re: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to arbitrary code execution in crafted documents Imre Rad (Nov 11)
Iordache, Alexandra
CVE-2020-27174: Firecracker serial console emulation may allocate an unbounded amount of memory Iordache, Alexandra (Oct 23)
Jakub Wilk
Re: Dash executes code when noexec ("-n") is specified Jakub Wilk (Nov 11)
James Dailey
CVE-2018-20243: Apache Fineract: password passed in URL, not via POST James Dailey (Oct 09)
Jeffrey Walton
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 12)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeffrey Walton (Oct 07)
More CVE request experience (Fwd: Automatic reply: [EXT] Need a CVE for Crypto++) Jeffrey Walton (Dec 25)
Re: You are using an old email address "@stahl.de". Please note our new email addresses "@r-stahl.com" Jeffrey Walton (Oct 12)
Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Jeffrey Walton (Dec 25)
Jeremy Stanley
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Jeremy Stanley (Oct 07)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Jeremy Stanley (Nov 16)
Jiri Slaby
Re: CVE-2020-25656: Linux kernel concurrency UAF in vt_do_kdgkb_ioctl Jiri Slaby (Oct 16)
Joe Orton
CVE-2019-12412: libapreq2 null pointer dereference Joe Orton (Nov 17)
John Haxby
Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 John Haxby (Dec 07)
CVE-2014-4508 John Haxby (Nov 12)
John Helmert III
Re: Heads up: PAM 1.5.0 has a auth bypass under some conditions John Helmert III (Nov 24)
Jonathan Gallimore
CVE-2020-13931 Apache TomEE - Incorrect config on JMS Resource Adapter can lead to JMX being enabled Jonathan Gallimore (Dec 16)
Jordan Glover
Re: CVE-2020-16120 - incorrect unprivileged overlayfs permission checking Jordan Glover (Oct 14)
Karp, Samuel
CVE-2020-15257: containerd-shim API exposed to host network containers Karp, Samuel (Nov 30)
CVE-2020-15157: containerd v1.2.x can be coerced into leaking credentials during image pull Karp, Samuel (Oct 15)
Kaxil Naik
CVE-2020-17511: Apache Airflow Admin password gets logged in plain text Kaxil Naik (Dec 11)
CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter Kaxil Naik (Dec 11)
CVE-2020-17526: Apache Airflow Incorrect Session Validation in Airflow Webserver with default config Kaxil Naik (Dec 21)
CVE-2020-17513: Apache Airflow Server-Side Request Forgery (SSRF) in Charts & Query View Kaxil Naik (Dec 11)
[CVE-2020-13927] - Insecure Default Configuration for Experimental API in Airflow < 1.10.11 Kaxil Naik (Nov 10)
Kurt H Maier
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Kurt H Maier (Oct 12)
Len Brown
CVE-2020-8694 RAPL power meter, Linux intel_powercap Len Brown (Nov 10)
Lukasz Lenart
Apache Struts 2: CVE-2020-17530: Potential RCE when using forced evaluation Lukasz Lenart (Dec 08)
Marcus Meissner
2 kernel issues Marcus Meissner (Dec 10)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Marcus Meissner (Nov 17)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Marcus Meissner (Nov 14)
Some mitigation for openssh CVE-2020-14145 Marcus Meissner (Dec 01)
Heads up: PAM 1.5.0 has a auth bypass under some conditions Marcus Meissner (Nov 24)
Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 Marcus Meissner (Dec 07)
Re: Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close Marcus Meissner (Nov 19)
Marius Bakke
Re: Buffer Overflow in raptor widely unfixed in Linux distros Marius Bakke (Nov 16)
Mark Thomas
[SECURITY] CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up Mark Thomas (Oct 12)
[SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up Mark Thomas (Dec 03)
Matthias Gerstner
sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file Matthias Gerstner (Nov 04)
Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Oct 14)
Security Issues in the spice-vdagentd daemon Matthias Gerstner (Nov 04)
Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Nov 30)
kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Oct 13)
Matthieu Herrb
X.Org server security advisory: December 1, 2020 Matthieu Herrb (Dec 01)
Mauro Matteo Cascella
CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c Mauro Matteo Cascella (Dec 22)
CVE-2020-25637 libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c Mauro Matteo Cascella (Oct 02)
Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Mauro Matteo Cascella (Nov 30)
CVE-2020-14355 spice: multiple buffer overflow vulnerabilities in QUIC decoding code Mauro Matteo Cascella (Oct 06)
CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c Mauro Matteo Cascella (Dec 16)
Michael Ellerman
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Michael Ellerman (Oct 06)
Re: CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs. Michael Ellerman (Oct 06)
Michael Orlitzky
Re: Dash executes code when noexec ("-n") is specified Michael Orlitzky (Nov 11)
Re: Dash executes code when noexec ("-n") is specified Michael Orlitzky (Nov 11)
Minh Yuan
CVE-2020-25656: Linux kernel concurrency UAF in vt_do_kdgkb_ioctl Minh Yuan (Oct 15)
CVE-2020-25668: Linux kernel concurrency use-after-free in vt Minh Yuan (Oct 30)
Linux kernel slab-out-of-bounds Read in fbcon Minh Yuan (Nov 09)
Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt Minh Yuan (Nov 04)
Mohammad Tausif Siddiqui
Re: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey Mohammad Tausif Siddiqui (Nov 04)
Moritz Mühlenhoff
Re: libass ass_outline.c signed integer overflow Moritz Mühlenhoff (Nov 19)
Morten Linderud
Re: Buffer Overflow in raptor widely unfixed in Linux distros Morten Linderud (Nov 17)
Nick Tait
Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Nick Tait (Dec 23)
Noel Kuntze
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Noel Kuntze (Oct 07)
Re: More CVE request experience (Fwd: Automatic reply: [EXT] Need a CVE for Crypto++) Noel Kuntze (Dec 25)
- Nop
Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 - Nop (Dec 07)
CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit - Nop (Nov 04)
Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit - Nop (Nov 20)
Re: Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 - Nop (Dec 08)
Oleg Kalnichevski
[CVE-2020-13956] Apache HttpClient incorrect handling of malformed URI authority component Oleg Kalnichevski (Oct 08)
Otto Moerbeek
PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18 released fixing a cache pollution issue (CVE-2020-25829) Otto Moerbeek (Oct 13)
Paul King
[CVE-2020-17521]: Apache Groovy Information Disclosure Paul King (Dec 06)
Phil Pennock
[CVE-2020-26521][CVE-2020-26892] NATS JWT vulnerabilities Phil Pennock (Nov 02)
Pierre Riteau
[OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943) Pierre Riteau (Oct 16)
P J P
CVE-2020-27152 Kernel: KVM: host stack overflow via loop due to lazy update IOAPIC P J P (Nov 03)
CVE-2020-27617 QEMU: net: an assert failure via eth_get_gso_type P J P (Nov 02)
RE: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey(Internet mail) P J P (Nov 06)
CVE-2020-29129 CVE-2020-29130 QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets P J P (Nov 27)
[ANNOUNCE] qemu-security mailing list P J P (Dec 16)
CVE-2020-27616 QEMU: ati-vga: potential crash via invalid x y parameter values P J P (Nov 03)
CVE-2020-28916 QEMU: e1000e: infinite loop scenario in case of null packet descriptor P J P (Dec 01)
Rich Felker
CVE-2020-28928: musl libc: wcsnrtombs destination buffer overflow Rich Felker (Nov 20)
Robert Watson
Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Robert Watson (Dec 08)
Roger Pau Monné
Re: Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Roger Pau Monné (Nov 24)
Rohit Keshri
CVE-2020-27825 kernel: use-after-free in the ftrace ring buffer resizing logic due to a race condition Rohit Keshri (Dec 11)
Russ Allbery
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Russ Allbery (Oct 12)
Salvatore Bonaccorso
Re: Re: libass ass_outline.c signed integer overflow Salvatore Bonaccorso (Nov 19)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Salvatore Bonaccorso (Nov 16)
Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? Salvatore Bonaccorso (Dec 05)
Sam Fowler
Kubernetes: Multiple secret leaks when verbose logging is enabled Sam Fowler (Oct 15)
Sam James
Re: Buffer Overflow in raptor widely unfixed in Linux distros Sam James (Nov 16)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Sam James (Nov 16)
Sandro Gauci
Advisory: ES2020-02 - Asterisk crash due to INVITE flood over TCP Sandro Gauci (Nov 06)
Serge Huber
CVE-2020-13942: Remote Code Execution in Apache Unomi Serge Huber (Nov 24)
Seth Arnold
Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Seth Arnold (Dec 08)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Seth Arnold (Oct 08)
Re: Buffer Overflow in raptor widely unfixed in Linux distros Seth Arnold (Nov 16)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Seth Arnold (Oct 07)
Shisong Qin
Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2 Shisong Qin (Dec 06)
Linux kernel NULL-ptr deref bug in spk_ttyio_ldisc_close Shisong Qin (Nov 19)
Simon McVittie
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Simon McVittie (Oct 19)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Simon McVittie (Oct 06)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Simon McVittie (Oct 06)
sjw
Unpatched XSS in Redmine 4.1 sjw (Nov 19)
snizovtsev
CVE-2020-27347: tmux buffer overflow in escape sequence parser snizovtsev (Nov 05)
Solar Designer
Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Solar Designer (Oct 13)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Oct 05)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Oct 19)
Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022 Solar Designer (Oct 12)
Re: the Bugtraq list archives before 2000 Solar Designer (Oct 04)
Gentoo's "contributing back" linux-distros tasks Solar Designer (Oct 12)
Srivatsa S. Bhat
Re: Linux kernel slab-out-of-bounds Read in fbcon Srivatsa S. Bhat (Nov 24)
Stamatis Zampetakis
[CVE-2020-13955] Apache Calcite Disabled HTTPS Hostname Verification Stamatis Zampetakis (Oct 09)
Stephen John Smoogen
Re: Buffer Overflow in raptor widely unfixed in Linux distros Stephen John Smoogen (Nov 16)
Re: Re: major changes if gnu/linux dominates the desktop and/or mobile market? Stephen John Smoogen (Oct 05)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Stephen John Smoogen (Oct 06)
Steve Beattie
CVE-2020-16120 - incorrect unprivileged overlayfs permission checking Steve Beattie (Oct 13)
CVE-2020-16119 - Linux kernel DCCP CCID structure use-after-free Steve Beattie (Oct 13)
Steve Grubb
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Steve Grubb (Oct 05)
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Steve Grubb (Oct 06)
Tim Allclair
[kubernetes] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs Tim Allclair (Dec 07)
Tomas Fernandez Lobbe
[CVE-2020-13957] The checks added to unauthenticated configset uploads in Apache Solr can be circumvented Tomas Fernandez Lobbe (Oct 12)
Vladimir D. Seleznev
Re: The importance of mutual authentication: Local Privilege Escalation in X11 Vladimir D. Seleznev (Nov 10)
Re: The importance of mutual authentication: Local Privilege Escalation in X11 Vladimir D. Seleznev (Nov 10)
Werner LEMBERG
Re: CVE-2020-15999 fixed in FreeType 2.10.4 Werner LEMBERG (Oct 20)
Xen . org security team
Xen Security Advisory 323 v3 (CVE-2020-29482) - Xenstore: wrong path length check Xen . org security team (Dec 15)
Xen Security Advisory 332 v3 - Rogue guests can cause DoS of Dom0 via high frequency events Xen . org security team (Oct 20)
Xen Security Advisory 322 v4 (CVE-2020-29481) - Xenstore: new domains inheriting existing node permissions Xen . org security team (Dec 15)
Xen Security Advisory 324 v3 (CVE-2020-29484) - Xenstore: guests can crash xenstored via watchs Xen . org security team (Dec 15)
Xen Security Advisory 351 v2 (CVE-2020-28368) - Information leak via power sidechannel Xen . org security team (Nov 26)
Xen Security Advisory 345 v3 - x86: Race condition in Xen mapping code Xen . org security team (Oct 20)
Xen Security Advisory 346 v2 - undue deferral of IOMMU TLB flushes Xen . org security team (Oct 20)
Xen Security Advisory 349 v3 (CVE-2020-29568) - Frontends can trigger OOM in Backends by update a watched path Xen . org security team (Dec 15)
Xen Security Advisory 330 v3 (CVE-2020-29485) - oxenstored memory leak in reset_watches Xen . org security team (Dec 15)
Xen Security Advisory 351 v1 - Information leak via power sidechannel Xen . org security team (Nov 10)
Xen Security Advisory 286 v4 - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team (Oct 20)
Xen Security Advisory 286 v5 - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team (Nov 03)
Xen Security Advisory 115 v4 (CVE-2020-29480) - xenstore watch notifications lacking permission checks Xen . org security team (Dec 15)
Xen Security Advisory 352 v3 (CVE-2020-29486) - oxenstored: node ownership can be changed by unprivileged clients Xen . org security team (Dec 15)
Xen Security Advisory 331 v2 - Race condition in Linux event handler may crash dom0 Xen . org security team (Oct 20)
Xen Security Advisory 322 v5 (CVE-2020-29481) - Xenstore: new domains inheriting existing node permissions Xen . org security team (Dec 16)
Xen Security Advisory 356 v3 (CVE-2020-29567) - infinite loop when cleaning up IRQ vectors Xen . org security team (Dec 15)
Xen Security Advisory 350 v4 (CVE-2020-29569) - Use after free triggered by block frontend in Linux blkback Xen . org security team (Dec 15)
Xen Security Advisory 358 v5 (CVE-2020-29570) - FIFO event channels control block related ordering Xen . org security team (Dec 16)
Xen Security Advisory 347 v2 - unsafe AMD IOMMU page table updates Xen . org security team (Oct 20)
Xen Security Advisory 343 v5 (CVE-2020-25599) - races with evtchn_reset() Xen . org security team (Dec 16)
Xen Security Advisory 348 v3 (CVE-2020-29566) - undue recursion in x86 HVM context switch code Xen . org security team (Dec 15)
Xen Security Advisory 359 v3 (CVE-2020-29571) - FIFO event channels control structure ordering Xen . org security team (Dec 15)
Xen Security Advisory 355 v2 - stack corruption from XSA-346 change Xen . org security team (Nov 24)
Xen Security Advisory 358 v4 (CVE-2020-29570) - FIFO event channels control block related ordering Xen . org security team (Dec 15)
Xen Security Advisory 325 v3 (CVE-2020-29483) - Xenstore: guests can disturb domain cleanup Xen . org security team (Dec 15)
Xen Security Advisory 354 v4 (CVE-2020-29487) - XAPI: guest-triggered excessive memory usage Xen . org security team (Dec 15)
Xen Security Advisory 353 v4 (CVE-2020-29479) - oxenstored: permissions not checked on root node Xen . org security team (Dec 15)
Xiaoxiang Yu
[SECURITY][CVE-2020-13937] Unauthenticated Configuration Disclosure Xiaoxiang Yu (Oct 19)
yersinia
Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? yersinia (Dec 08)
YuanSheng Wang
[SECURITY] CVE-2020-13945: Apache APISIX's Admin API default access token vulnerability YuanSheng Wang (Dec 07)
Yury German
Re: Gentoo's "contributing back" linux-distros tasks Yury German (Oct 12)
尹亮
RE: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey(Internet mail) 尹亮 (Nov 04)
[CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket 尹亮 (Nov 01)
[CVE-2020-25704] Linux kernel: perf_event_parse_addr_filter memory leak 尹亮 (Nov 09)
Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey 尹亮 (Oct 12)
Linux kernel: net/x25: a couple of overflows 尹亮 (Nov 15)