oss-sec: by date
RSS Feed
About List
All Lists
Previous period
281 messages
starting Jan 04 21 and
ending Mar 30 21
Date index |
Thread index |
Author index
Monday, 04 January
Re: DPDK security advisory for multiple vhost crypto issues Mauro Matteo Cascella
Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Ferruh Yigit
CVE-2020-25275: Dovecot: MIME parsing crash Aki Tuomi
CVE-2020-24386: Dovecot: IMAP hibernation allows accessing other peoples mail Aki Tuomi
Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues Mauro Matteo Cascella
CVE-2020-26297: mdBook XSS Pietro Albini
Tuesday, 05 January
[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API Robert Metzger
[CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API Robert Metzger
Wednesday, 06 January
A security vulnerability in linux kernel 5.8.10 Anthony Liguori
Thursday, 07 January
Trovent Security Advisory 2010-01 / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch
Friday, 08 January
Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch
Sunday, 10 January
Re: distros list archive Solar Designer
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer
Monday, 11 January
[CVE-2020-17534] HTML/Java API 1.7: A race condition between deletion of the temporary file and creation of the temporary directory Jaroslav Tulach
Various security fixes in sudo 1.9.5 (CVE-2021-23239, CVE-2021-23240) Matthias Gerstner
Advisory: ES2021-01 - Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address Sandro Gauci
Re: Gentoo's "contributing back" linux-distros tasks Thomas Deutschmann
Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori
[Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client Brendan Burns
CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Wade Mealing
Tuesday, 12 January
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH
Security issues in hawk2 and crmsh Marcus Meissner
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic John Haxby
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic David A. Wheeler
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Sasha Levin
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Greg KH
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Solar Designer
Re: CVE-2021-20177 kernel: iptables string match rule could result in kernel panic Philip Pettersson
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer
RE: Gentoo's "contributing back" linux-distros tasks Anthony Liguori
CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby
Wednesday, 13 January
Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability Stefan Pietsch
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure Mauro Matteo Cascella
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner
CVE-2021-23926: XMLBeans XML Entity Expansion fanningpj () apache org
Thursday, 14 January
[SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure Mark Thomas
Friday, 15 January
Re: [vs] Cinnamon lock screen bypass in multiple distributions Alexander E. Patrakov
Re: Re: [vs] Cinnamon lock screen bypass in multiple distributions Morten Linderud
Adding an additional Amazon Linux member to distros@ Anthony Liguori
MATE screensaver screen lock bypass with external monitor Hanno Böck
Sunday, 17 January
Re: Adding an additional Amazon Linux member to distros@ Solar Designer
mutt recipient parsing memory leak Tavis Ormandy
Monday, 18 January
[SECURITY] CVE-2020-11997: Apache Guacamole: Inconsistent restriction of connection history visibility Mike Jumper
CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands P J P
libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner
Tuesday, 19 January
Multiple CVEs in dnsmasq fixed in version 2.83 Riccardo Schirone
segv_handler junkcode snippet / openSUSE segv_handler package potential local root exploit Matthias Gerstner
Xen Security Advisory 331 v3 (CVE-2020-27675) - Race condition in Linux event handler may crash dom0 Xen . org security team
Xen Security Advisory 355 v3 (CVE-2020-29040) - stack corruption from XSA-346 change Xen . org security team
Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries Xen . org security team
Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events Xen . org security team
Xen Security Advisory 345 v4 (CVE-2020-27672) - x86: Race condition in Xen mapping code Xen . org security team
Xen Security Advisory 346 v3 (CVE-2020-27671) - undue deferral of IOMMU TLB flushes Xen . org security team
Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates Xen . org security team
Re: mutt recipient parsing memory leak Utkarsh Gupta
Wednesday, 20 January
CVE-2021-3185 gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking Andrew Wesie
Thursday, 21 January
CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability wjm wjm
Re: libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner
Xen Security Advisory 360 v1 - IRQ vector leak on x86 Xen . org security team
CVE-2021-21261: Flatpak sandbox escape via spawn portal (aka GHSA-4ppf-fxf6-vxg2) Simon McVittie
Friday, 22 January
CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P
Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest Daniel Walsh
Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P
Sunday, 24 January
CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser lewis john mcgibbney
Monday, 25 January
CVE-2020-17522: Traffic Control Mid Tier Cache Manipulation Attack ocket 8888
Tuesday, 26 January
[CVE-2020-9492] Apache Hadoop Potential privilege escalation Akira Ajisaka
Vulnerability in Jenkins Daniel Beck
Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Qualys Security Advisory
Xen Security Advisory 360 v2 (CVE-2021-3308) - IRQ vector leak on x86 Xen . org security team
Wednesday, 27 January
Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Hanno Böck
Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Dave Horsfall
glibc iconv crash with ISO-2022-JP-3 Tavis Ormandy
Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar
CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support Gary Tully
CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind Gary Tully
CVE-2021-20196 QEMU: block: fdc: null pointer dereference may lead to guest crash P J P
Thursday, 28 January
Re: glibc iconv crash with ISO-2022-JP-3 Siddhesh Poyarekar
Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck
Friday, 29 January
Linux Kernel: local priv escalation via futexes Marcus Meissner
X41 D-Sec GmbH Security Advisory X41-2021-001: Multiple Vulnerabilities in YARA X41 D-Sec GmbH Advisories
Re: Linux Kernel: local priv escalation via futexes Solar Designer
Re: Linux Kernel: local priv escalation via futexes Marcus Meissner
Re: Linux Kernel: local priv escalation via futexes David A. Wheeler
CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. Jihoon Son
Saturday, 30 January
sudo: Ineffective NO_ROOT_MAILER and Baron Samedit Roman Fiedler
Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq butt3rflyh4ck
Sunday, 31 January
Re: CVE request experience Fabian Keil
Two DoS issues fixed in Privoxy 3.0.31 stable Fabian Keil
Re: Re: Linux kernel: linux-block: nbd: use-after-free Read in nbd_queue_rq Marcus Meissner
Monday, 01 February
Django: CVE-2021-3281: Potential directory-traversal via archive.extract() Mariusz Felisiak
[CVE-2020-17523] Apache Shiro authentication bypass Brian Demers
Re: Linux Kernel: local priv escalation via futexes Solar Designer
[CVE-2020-17516] Apache Cassandra internode encryption enforcement vulnerability Aleksey Yeschenko
Tuesday, 02 February
Re: Gentoo's "contributing back" linux-distros tasks Anthony Liguori
Re: Gentoo's "contributing back" linux-distros tasks Solar Designer
KASAN: use-after-free in con_scroll ????
Re: KASAN: use-after-free in con_scroll Greg KH
Wednesday, 03 February
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil
wpa_supplicant P2P group information processing vulnerability Jouni Malinen
Thursday, 04 February
[CVE-2020-15692] Nim - stdlib Browsers - `open` Argument Injection Martin Ortner
[CVE-2020-15693, CVE-2020-15694] Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation Martin Ortner
[CVE-2020-15690] Nim - stdlib asyncftpd - Crlf Injection Martin Ortner
Re: Two DoS issues fixed in Privoxy 3.0.31 stable Fabian Keil
Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov
CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field P J P
CVE-2021-3392 QEMU: scsi: mptsas: use-after-free while processing io requests P J P
Friday, 05 February
[no-cve] Nim - Insecure SSL/TLS Defaults, MitM, and nimble shell command injection Martin Ortner
CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Alex Gaynor
Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Salvatore Bonaccorso
Saturday, 06 February
Re: wpa_supplicant P2P group information processing vulnerability Salvatore Bonaccorso
Sunday, 07 February
[CVE-2020-13924] Apache Ambari Arbitrary File Download Vulnerability Szabolcs Beki
CVE-2020-13947 - XSS in Apache ActiveMQ WebConsole Jean-Baptiste Onofre
Monday, 08 February
Remote code execution in connman Marcus Meissner
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Rohit Keshri
Re: CVE-2021-20226 kernel: use-after-free in io_uring feature Greg KH
[cve-pending] Firejail: root privilege escalation in OverlayFS code netblue30
Re: [cve-pending] Firejail: root privilege escalation in OverlayFS code Salvatore Bonaccorso
Tuesday, 09 February
Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer
screen crash processing combining characters Tavis Ormandy
Re: charset.alias in pkexec/glib/gnulib Jakub Wilk
Re: screen crash processing combining characters Tavis Ormandy
Re: screen crash processing combining characters Harry Sintonen
Re: screen crash processing combining characters Tavis Ormandy
Re: screen crash processing combining characters Utkarsh Gupta
Re: screen crash processing combining characters Tavis Ormandy
Re: charset.alias in pkexec/glib/gnulib Tavis Ormandy
Wednesday, 10 February
Replay-Sorcery: CVE-2021-26936: Multiple security issues in with setuid-root program in versions 0.4.0 through 0.5.0 Matthias Gerstner
[SECURITY][ANNOUNCE] Apache Subversion 1.14.1 released Stefan Sperling
[SECURITY][ANNOUNCE] Apache Subversion 1.10.7 released Stefan Sperling
CVE-2020-35498: Open vSwitch: Packet parsing vulnerability Flavio Leitner
CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou
Re: Re: screen crash processing combining characters Utkarsh Gupta
Re: Re: screen crash processing combining characters Salvatore Bonaccorso
Thursday, 11 February
CVE-2020-13949: Apache Thrift: potential DoS when processing untrusted payloads Jens Geyer
Monday, 15 February
Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit Roman Fiedler
CVE-2021-26720: avahi-daemon: 'avahi' to 'root' user privilege escalation through Debian specific if-up script avahi-daemon-check-dns.sh Matthias Gerstner
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001 Carlos Alberto Lopez Perez
Tuesday, 16 February
2021-01 stats Fuller, Abby
Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported Xen . org security team
Xen Security Advisory 361 v4 (CVE-2021-26932) - Linux: grant mapping error handling issues Xen . org security team
Xen Security Advisory 362 v3 (CVE-2021-26931) - Linux: backends treating grant mapping errors as bugs Xen . org security team
Xen Security Advisory 364 v3 (CVE-2021-26933) - arm: The cache may not be cleaned for newly allocated scrubbed pages Xen . org security team
Xen Security Advisory 365 v3 (CVE-2021-26930) - Linux: error handling issues in blkback's grant mapping Xen . org security team
Re: 2021-01 stats Solar Designer
Wednesday, 17 February
CVE-2021-26559: Apache Airflow 2.0.0: CWE-284 Improper Access Control on Configurations Endpoint for the Stable API Kaxil Naik
CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check Kaxil Naik
CVE-2021-26911: Canary Mail with IMAP STARTTLS missing certificate validation Dimitrios Glynos
One BIND vulnerability (CVE-2020-8625) has been publicly disclosed Michael McNally
Thursday, 18 February
Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon
Xen Security Advisory 366 v1 - missed flush in XSA-321 backport Xen . org security team
Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb
Re: Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon
CVE-2021-26296: Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces Bill Lucy
Friday, 19 February
BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination ISC Security Officer
Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Hanno Böck
Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Michael McNally
Django security releases: CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()`` Carlton Gibson
Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Ondřej Surý
CVE-2021-3411 kernel: broken KRETPROBES reports corruption of .text section while running a FTRACE stress tester Rohit Keshri
Vulnerability in Jenkins Daniel Beck
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri
CVE-2021-26544: Apache Livy (Incubating) is vulnerable to cross site scripting Jerry Shao
BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 ISC Security Officer
Monday, 22 February
CVE-2021-20247: isync/mbsync data leak/destruction vulnerability Oswald Buddenhagen
BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 - REVISION ISC Security Officer
Tuesday, 23 February
Xen Security Advisory 366 v2 (CVE-2021-27379) - missed flush in XSA-321 backport Xen . org security team
Wednesday, 24 February
[CVE-2020-11988] Apache XML Graphics Commons SSRF vulnerability Simon Steiner
[CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability Simon Steiner
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Thursday, 25 February
CVE-2021-20255 QEMU: net: eepro100: stack overflow via infiniterecursion P J P
CVE-2021-20257 QEMU: net: e1000: infinite loop while processing transmit descriptors P J P
wpa_supplicant P2P provision discovery processing vulnerability Jouni Malinen
Re: Vulnerability in the Linux Audit Framework Auditd Salvatore Bonaccorso
Friday, 26 February
CVE-2021-3416 QEMU: net: infinite loop in loopback mode may lead tostack overflow P J P
Re: wpa_supplicant P2P provision discovery processing vulnerability Salvatore Bonaccorso
Sunday, 28 February
Multiple DoS issues fixed in Privoxy 3.0.32 stable Fabian Keil
Monday, 01 March
CVE-2021-25122: Apache Tomcat h2c request mix-up Mark Thomas
CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484 Mark Thomas
Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804) Marc
CVE-2020-1926: Timing attack in Cookie signature verification Chao Sun
Tuesday, 02 March
CVE-2020-1936: Stored XSS in Apache Ambari Szabolcs Beki
Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb
Multiple GRUB2 vulnerabilities John Haxby
Announce: OpenSSH 8.5 released Damien Miller
Thursday, 04 March
Xen Security Advisory 367 v1 - Linux: netback fails to honor grant mapping errors Xen . org security team
Xen Security Advisory 369 v1 - Linux: special config may crash when trying to map foreign pages Xen . org security team
CVE-2021-27907: Apache Superset stored XSS on Dashboard markdown daniel gaspar
Friday, 05 March
Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors Xen . org security team
Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages Xen . org security team
Saturday, 06 March
Linux iscsi security fixes Marcus Meissner
Re: Multiple DoS issues fixed in Privoxy 3.0.32 stable Fabian Keil
Monday, 08 March
CVE-2021-20263 QEMU: virtiofsd: 'security.capabilities' is not dropped with xattrmap option Mauro Matteo Cascella
Tuesday, 09 March
CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085 Mauro Matteo Cascella
CVE-2020-35451: Oozie local privilege escalation Gézapeti Cseh
git: malicious repositories can execute remote code while cloning Johannes Schindelin
Wednesday, 10 March
CVE-2020-13936: Velocity Sandbox Bypass Will Glass-Husain
CVE-2020-13959: Velocity Tools XSS Vulnerability Will Glass-Husain
CVE-2021-20261: kernel: panic in start_motor+0x21 when /dev/fd0 is read by multiple threads. Wade Mealing
CVE-2021-20269: kexec-tools: incorrect permissions on vmcore-dmesg.txt file Wade Mealing
Saturday, 13 March
CVE-2021-27576: Apache OpenMeetings: bandwidth can be overloaded with public web service Maxim Solodovnik
Monday, 15 March
ES2021-02: VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages Sandro Gauci
ES2021-03: VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer Sandro Gauci
ES2021-04: VoIPmonitor static builds are compiled without any standard memory corruption protection Sandro Gauci
Tuesday, 16 March
[CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities Phil Pennock
[CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities Phil Pennock
Wednesday, 17 March
CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Rohit Keshri
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg KH
Use After Free and Double Free bugs in Linux Kernel mainline lyl2019
Re: Use After Free and Double Free bugs in Linux Kernel mainline John Haxby
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Salvatore Bonaccorso
Re: Use After Free and Double Free bugs in Linux Kernel mainline Greg KH
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Wolfgang Frisch
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Greg Kroah-Hartman
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Brad Spengler
CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso
Re: CVE-2021-3428 Linux kernel: integer overflow in ext4_es_cache_extent Jan Kara
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH
CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Rohit Keshri
Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Sasha Levin
Re: CVE-2020-35519 Linux kernel: x25_bind out-of-bounds read Salvatore Bonaccorso
Thursday, 18 March
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri
Xen Security Advisory 368 v2 - HVM soft-reset crashes toolstack Xen . org security team
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Xen Security Advisory 368 v3 (CVE-2021-28687) - HVM soft-reset crashes toolstack Xen . org security team
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer
Risk of local privilege escalation in GNU Guix Leo Famulari
[CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory Piotr Krysiuk
[CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory Piotr Krysiuk
Friday, 19 March
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH
Grafana 7.4.5, 7.3.10 and 6.7.6 released with security fixes for Grafana Enterprose Vardan Torosyan
kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler
CVE-2021-27807: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file Andreas Lehmkuehler
CVE-2021-27906: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file Andreas Lehmkuehler
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Eddie Chapman
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin
Sunday, 21 March
[CVE-2021-26295] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI Jacques Le Roux
Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Robert Scheck
Monday, 22 March
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 Carlos Alberto Lopez Perez
Tuesday, 23 March
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Petr Matousek
[CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation Steve Beattie
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Alan Coopersmith
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil
Wednesday, 24 March
Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz ortmann
CVE-2020-1946: Apache SpamAssassin has an OS Command Injection vulnerability Sidney Markowitz
Re: [CVE-2020-27170] Protection against speculatively out-of-bounds loads in the Linux kernel can be bypassed by unprivileged local users to leak content of kernel memory Piotr Krysiuk
Re: [CVE-2020-27171] Numeric error when restricting speculative pointer arithmetic allows unprivileged local users to leak content of kernel memory Piotr Krysiuk
Saturday, 27 March
OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Solar Designer
Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Gordon Tetlow
Linux Kernel: out of bounds array access in dm-ioctl.c - Nop
Sunday, 28 March
Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck
Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Mark J Cox
Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing Jeroen Roovers
Monday, 29 March
Re: Linux Kernel: out of bounds array access in dm-ioctl.c John Haxby
[CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems Jihoon Son
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0003 Carlos Alberto Lopez Perez
Tuesday, 30 March
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Xen Security Advisory 371 v3 (CVE-2021-28688) - Linux: blkback driver may leak persistent grants Xen . org security team
CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser Tim Allison
Re: Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz ortmann
[SECURITY ADVISORY] curl: Automatic referer leaks credentials Daniel Stenberg
[SECURITY ADVISORY] curl: TLS 1.3 session ticket proxy host mixup Daniel Stenberg