oss-sec: by author
236 messages
starting May 05 21 and
ending Apr 07 21
Date index |
Thread index |
Author index
Aaron Patterson
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication Aaron Patterson (May 05)
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack Aaron Patterson (May 05)
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch Aaron Patterson (May 05)
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack Aaron Patterson (May 05)
Adam Morrison
[CVE-2021-33624] Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory Adam Morrison (Jun 21)
Aki Tuomi
CVE-2021-33515: Dovecot SMTP Submission service STARTTLS injection. Aki Tuomi (Jun 28)
CVE-2021-29157: Dovecot oauth2 JWT local validation path traversal Aki Tuomi (Jun 28)
CVE-2020-28200: Dovecot Pigeonhole Sieve excessive resource usage Aki Tuomi (Jun 28)
Alan Coopersmith
Re: xscreensaver package caps gets raw socket Alan Coopersmith (Apr 18)
Albert Veli
Re: Malicious commits to Linux kernel as part of university study Albert Veli (Apr 22)
Aleksa Sarai
CVE-2021-29136: umoci: malicious layer with symlink entry for "/" allows overwriting of host files Aleksa Sarai (Apr 06)
CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack Aleksa Sarai (May 19)
Alexander Popov
Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Apr 09)
Alex Murray
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
Ana McTaggart
CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart (May 14)
CVE-2021-20288 Ceph: Unauthorized global_id reuse in cephx Ana McTaggart (Apr 14)
Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart (May 17)
CVE-2021-3509: Ceph: Cross Site Scripting via token Cookie Ana McTaggart (May 14)
Andreas Lehmkuehler
CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file Andreas Lehmkuehler (Jun 12)
CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file Andreas Lehmkuehler (Jun 12)
Andrew Cooper
Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Andrew Cooper (Jun 10)
Andrew Zayine
New Open-Source Forensic Tool for SQLite Data Recovery Andrew Zayine (Jun 17)
Ariadne Conill
Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ariadne Conill (Apr 29)
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ariadne Conill (Apr 29)
Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
Re: Malicious commits to Linux kernel as part of university study Ariadne Conill (Apr 22)
Re: Malicious commits to Linux kernel as part of university study Ariadne Conill (Apr 22)
Ben Hutchings
[ANNOUNCE] klibc 2.0.9 Ben Hutchings (Apr 30)
Bharat Viswanadham
CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users Bharat Viswanadham (Apr 26)
Brandon Perry
Re: Open Source WAF testing tools Brandon Perry (May 16)
Brennan Ashton
CVE-2021-26461: Apache NuttX (incubating): malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds Brennan Ashton (Jun 21)
Brian Fox
CVE-2021-26291: Apache Maven: block repositories using http by default Brian Fox (Apr 23)
butt3rflyh4ck
Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (May 07)
Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (May 08)
Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 01)
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 08)
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Jun 06)
Carlton Gibson
Django security releases 3.2.4, 3.1.12, and 2.2.24 for CVE-2021-33203 and CVE-2021-33571 Carlton Gibson (Jun 02)
Django 3.2.1, 3.1.9, and 2.2.21: CVE-2021-31542: Potential directory-traversal via uploaded files Carlton Gibson (May 04)
Cedric Buissart
CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() Cedric Buissart (Jun 03)
Christophe JAILLET
CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections Christophe JAILLET (Jun 10)
CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request Christophe JAILLET (Jun 10)
CVE-2021-26690: Apache httpd: mod_session NULL pointer dereference Christophe JAILLET (Jun 10)
CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference Christophe JAILLET (Jun 10)
CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF' Christophe JAILLET (Jun 10)
CVE-2021-26691: Apache httpd: mod_session response handling heap overflow Christophe JAILLET (Jun 10)
CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges Christophe JAILLET (Jun 10)
Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request Christophe JAILLET (Jun 10)
CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte Christophe JAILLET (Jun 10)
CJ Cullen
[kubernetes] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack CJ Cullen (May 18)
Colm O hEigeartaigh
CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks Colm O hEigeartaigh (Apr 02)
CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter Colm O hEigeartaigh (Jun 16)
Damien Miller
Announce: OpenSSH 8.6 released Damien Miller (Apr 18)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 25)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 11)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 21)
Vulnerability in Jenkins Daniel Beck (Apr 20)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 10)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 30)
Vulnerability in Jenkins Generic Webhook Trigger Plugin Daniel Beck (Jun 18)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Apr 07)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 16)
daniel gaspar
CVE-2021-28125: Apache Superset Open Redirect daniel gaspar (Apr 27)
Daniel Stenberg
[SECURITY ADVISORY] curl: TELNET stack contents disclosure Daniel Stenberg (May 25)
[SECURITY ADVISORY] curl: TLS session caching disaster Daniel Stenberg (May 25)
Dan Yefihmov
Re: rxvt terminal (+bash) remoteish code execution 0day Dan Yefihmov (May 17)
David A. Wheeler
Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
Re: Malicious commits to Linux kernel as part of university study David A. Wheeler (Apr 22)
David H
Re: Malicious commits to Linux kernel as part of university study David H (Apr 22)
def
rxvt terminal (+bash) remoteish code execution 0day def (May 17)
Re: Re: rxvt terminal (+bash) remoteish code execution 0day def (May 17)
Re: rxvt terminal (+bash) remoteish code execution 0day def (May 17)
Demi Marie Obenour
Multiple vulnerabilities in RPM Demi Marie Obenour (May 04)
Dino Team
[CVE-2021-33896] Path traversal in Dino file transfers Dino Team (Jun 07)
Eduardo' Vela" <Nava>
Re: CVE-2021-22543 - /dev/kvm LPE Eduardo' Vela" <Nava> (Jun 26)
CVE-2021-22543 - /dev/kvm LPE Eduardo' Vela" <Nava> (May 26)
Eli Schwartz
Re: xscreensaver package caps gets raw socket Eli Schwartz (Apr 19)
Emond Papegaaij
CVE-2021-23937: Apache Wicket: DNS proxy and possible amplification attack Emond Papegaaij (May 25)
Eric Biggers
Re: Malicious commits to Linux kernel as part of university study Eric Biggers (Apr 22)
Érico Nogueira
Re: xscreensaver package caps gets raw socket Érico Nogueira (Apr 18)
Francis Booth
Re: Malicious commits to Linux kernel as part of university study Francis Booth (Apr 22)
Gabriel Corona
DNS rebinding vulnerability in pupnp Gabriel Corona (Apr 20)
DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 20)
Re: DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 25)
Code execution through Thunar Gabriel Corona (May 09)
Re: Code execution through Thunar Gabriel Corona (May 10)
Gianluca Gabrielli
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli (Jun 11)
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli (Jun 10)
Greg KH
Re: Malicious commits to Linux kernel as part of university study Greg KH (Apr 23)
Greg Kroah-Hartman
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Greg Kroah-Hartman (May 29)
Hanno Böck
xscreensaver: filename command injection in vidwhacker screensaver Hanno Böck (Jun 14)
harris.johnson.x
Re: [CVE-2020-28018] Use-After-Free on Exim Question harris.johnson.x (May 12)
Hausler, Micah
[kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU Hausler, Micah (May 04)
Heiko Schlittermann
Exim security update ahead Heiko Schlittermann (Apr 21)
Exim 4.94.2 - security update released Heiko Schlittermann (May 04)
Henri Salo
Re: Risk of local privilege escalation in GNU Guix Henri Salo (Apr 05)
Huzaifa Sidhpurwala
hivex CVE-2021-3504 Huzaifa Sidhpurwala (May 04)
Ivan Novikov
Re: Open Source WAF testing tools Ivan Novikov (May 16)
Jakub Wilk
Re: rxvt terminal (+bash) remoteish code execution 0day Jakub Wilk (May 17)
Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image Jakub Wilk (May 10)
James Dailey
CVE-2020-17514: Apache Fineract: Disabled hostname verification for HTTPS James Dailey (May 27)
James Feister
Re: Malicious commits to Linux kernel as part of university study James Feister (Apr 23)
Jan Engelhardt
Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt (Apr 01)
Re: Malicious commits to Linux kernel as part of university study Jan Engelhardt (Apr 23)
Re: Risk of local privilege escalation in GNU Guix Jan Engelhardt (Apr 05)
kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Jan Engelhardt (Apr 02)
kopano-core 11.0.1.143: Remote DoS with resource exhaustion Jan Engelhardt (May 01)
jleroux () apache org
[CVE-2021-30128] Unsafe deserialization in OFBiz jleroux () apache org (Apr 27)
[CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI jleroux () apache org (Apr 27)
Jochen Wiedmann
CVE-2021-29425 (Possible limited path traversal in Apache Commons IO 2.2 to 2.6) Jochen Wiedmann (Apr 12)
Johannes Berg
various 802.11 security issues - fragattacks.com Johannes Berg (May 11)
John Helmert III
Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request John Helmert III (Jun 10)
Julien Pivotto
Prometheus 2.26.1-2.27.1 released to fix an Open Redirect security issue Julien Pivotto (May 19)
JunXu Chen
CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control JunXu Chen (Jun 08)
Kurt H Maier
Re: Malicious commits to Linux kernel as part of university study Kurt H Maier (Apr 23)
Leo Famulari
Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 05)
Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 09)
Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 05)
Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 10)
Re: Risk of local privilege escalation in GNU Guix Leo Famulari (Apr 05)
Lin Horse
CVE-2021-3573: UAF in hci_sock_bound_ioctl() function Lin Horse (Jun 08)
CVE-2021-32399 Linux device detach race condition Lin Horse (May 10)
Luo Likang
FW: An out-of-bound read/write in fsi driver Luo Likang (Jun 25)
Linux kernel: a heap buffer overflow in firedtv driver Luo Likang (Apr 20)
Marc Kleine-Budde
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Marc Kleine-Budde (May 28)
Marcus Meissner
Re: Malicious commits to Linux kernel as part of university study Marcus Meissner (Apr 22)
Re: Malicious commits to Linux kernel as part of university study Marcus Meissner (Apr 22)
connman stack buffer overflow in dnsproxy CVE-2021-33833 Marcus Meissner (Jun 09)
Marek Marczykowski-Górecki
XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 10)
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki (Jun 05)
Mariusz Felisiak
Django: CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ Mariusz Felisiak (May 06)
Django: CVE-2021-28658: Potential directory-traversal via uploaded files Mariusz Felisiak (Apr 06)
Mark Steward
Re: Malicious commits to Linux kernel as part of university study Mark Steward (Apr 22)
Mart111n
Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug Mart111n (Jun 01)
CVE-2021-3564 Linux Bluetooth device initialization implementation bug Mart111n (May 25)
Martin O'Neil
Open Source WAF testing tools Martin O'Neil (May 16)
Matthew Wild
Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 14)
Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 13)
Matthias Gerstner
virtualbox: CVE-2021-25319: missing sticky bit in openSUSE packaging for /etc/box allows local root exploit for members of vboxusers group Matthias Gerstner (Apr 26)
virtualbox: CVE-2021-2264: vboxautostart-service.sh allows injection of parameters in 'su' invocation Matthias Gerstner (Apr 26)
please: CVE-2021-31153,CVE-2021-31154,CVE-2021-31155: local root exploit and further security issues in sudo-like utility Matthias Gerstner (May 18)
Matthieu Herrb
libX11 security advisory: May 18, 2021 Matthieu Herrb (May 18)
X.Org server security advisory: April 13, 2021 Matthieu Herrb (Apr 13)
Maurits van Rees
Re: Plone security hotfix 20210518 Maurits van Rees (May 22)
Plone: stored XSS in folder contents Maurits van Rees (Jun 30)
Plone security hotfix 20210518 Maurits van Rees (May 21)
Mauro Matteo Cascella
CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella (May 05)
QEMU: security issues in vhost-user-gpu Mauro Matteo Cascella (May 31)
QEMU: ESP security fixes Mauro Matteo Cascella (Apr 16)
Re: CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella (May 07)
Michael McNally
ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217) Michael McNally (May 26)
ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Michael McNally (Apr 28)
Michael Orlitzky
Re: Malicious commits to Linux kernel as part of university study Michael Orlitzky (Apr 22)
Mike Drob
CVE-2021-27905: Apache Solr: SSRF vulnerability with the Replication handler Mike Drob (Apr 12)
CVE-2021-29262: Apache Solr: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings Mike Drob (Apr 12)
CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections Mike Drob (Apr 12)
Mike O'Connor
Re: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Mike O'Connor (Jun 06)
Nadav Markus
CVE-2021-23134: Linux kernel: UAF in nfc sockets Nadav Markus (May 11)
- Nop
Re: Linux Kernel: out of bounds array access in dm-ioctl.c - Nop (Apr 19)
Norbert Slusarek
Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek (May 11)
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek (May 13)
CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel Norbert Slusarek (Jun 15)
CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation Norbert Slusarek (Jun 19)
null p0int3r
[CVE-2020-28018] Use-After-Free on Exim Question null p0int3r (May 11)
Re: [CVE-2020-28018] Use-After-Free on Exim Question null p0int3r (May 11)
Oliver Hartkopp
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Oliver Hartkopp (May 28)
Ondřej Surý
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ondřej Surý (Apr 29)
Or Cohen
CVE-2021-23133: Linux kernel: race condition in sctp sockets Or Cohen (Apr 18)
Oswald Buddenhagen
CVE-2021-3578: possible remote code execution in isync/mbsync Oswald Buddenhagen (Jun 07)
Paolo Bonzini
Re: CVE-2021-22543 - /dev/kvm LPE Paolo Bonzini (May 26)
Paraschiv, Andra-Irina
Nitro Enclaves kernel driver issue Paraschiv, Andra-Irina (Apr 29)
PengHui Li
CVE-2021-22160 Apache Pulsar Information Disclosure PengHui Li (May 25)
Peter Bex
Malicious commits to Linux kernel as part of university study Peter Bex (Apr 22)
Re: Malicious commits to Linux kernel as part of university study Peter Bex (Apr 22)
Piotr Krysiuk
[CVE-2021-29155] Linux kernel protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory Piotr Krysiuk (Apr 18)
[CVE-2021-29154] Linux kernel incorrect computation of branch displacements in BPF JIT compiler can be abused to execute arbitrary code in Kernel mode Piotr Krysiuk (Apr 08)
[CVE-2021-33200] Linux kernel enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes in kernel memory Piotr Krysiuk (May 27)
[CVE-2021-31829] Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory Piotr Krysiuk (May 04)
Priedhorsky, Reid
Re: rxvt terminal (+bash) remoteish code execution 0day Priedhorsky, Reid (May 17)
Qualys Security Advisory
Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory (May 11)
Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory (May 11)
Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory (May 12)
21Nails: Multiple vulnerabilities in Exim Qualys Security Advisory (May 04)
r00t4dm
Re: Malicious commits to Linux kernel as part of university study r00t4dm (Apr 22)
Robert G.
Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Robert G. (May 14)
Robert Middleton
CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw Robert Middleton (Jun 15)
Robert Scheck
Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Robert Scheck (Apr 24)
Salvatore Bonaccorso
Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Salvatore Bonaccorso (Apr 16)
Re: xscreensaver package caps gets raw socket Salvatore Bonaccorso (Apr 21)
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Salvatore Bonaccorso (May 11)
Santiago Torres
Re: Malicious commits to Linux kernel as part of university study Santiago Torres (Apr 22)
Silas
Re: Malicious commits to Linux kernel as part of university study Silas (Apr 24)
Simon McVittie
Re: xscreensaver package caps gets raw socket Simon McVittie (Apr 18)
Solar Designer
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Solar Designer (May 14)
Re: xscreensaver package caps gets raw socket Solar Designer (Apr 19)
Re: xscreensaver package caps gets raw socket Solar Designer (Apr 18)
Re: [CVE-2020-28018] Use-After-Free on Exim Question Solar Designer (May 11)
Re: CVE-2021-22543 - /dev/kvm LPE Solar Designer (May 26)
Stefan Pietsch
Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Stefan Pietsch (May 11)
Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Stefan Pietsch (May 11)
Steve Beattie
[CVE-2021-3492] Ubuntu shiftfs Linux kernel file system double free vulnerability Steve Beattie (Apr 16)
[CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Steve Beattie (Apr 16)
Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Steve Beattie (Apr 16)
Stuart Henderson
Re: xscreensaver package caps gets raw socket Stuart Henderson (Apr 19)
Sven Kieske
Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Sven Kieske (Jun 10)
Swamy Shivaganga Nagaraju
[Kubernetes] CVE-2021-25736: Windows kube-proxy LoadBalancer contention Swamy Shivaganga Nagaraju (May 10)
Tavis Ormandy
Re: xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
Thadeu Lima de Souza Cascardo
CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass Thadeu Lima de Souza Cascardo (May 11)
CVE-2021-3600 - Linux kernel eBPF 32-bit source register truncation on div/mod Thadeu Lima de Souza Cascardo (Jun 23)
CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking Thadeu Lima de Souza Cascardo (May 11)
CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation Thadeu Lima de Souza Cascardo (May 11)
Re: CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation Thadeu Lima de Souza Cascardo (Jun 19)
Thiago H. de Paula Figueiredo
CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later Thiago H. de Paula Figueiredo (Apr 27)
CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195 Thiago H. de Paula Figueiredo (Apr 15)
Thomas Ward
Re: Malicious commits to Linux kernel as part of university study Thomas Ward (Apr 24)
Tim Allclair
[kubernetes] CVE-2021-25735: Validating Admission Webhook does not observe some previous fields Tim Allclair (Apr 14)
Unparalleled IT Security Research
libx11 API Protocol Command Injection Unparalleled IT Security Research (May 18)
Wade Mealing
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Wade Mealing (Jun 07)
William Bowling
[CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image William Bowling (May 09)
X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability X41 D-Sec GmbH Advisories (May 25)
Xen . org security team
Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Xen . org security team (Jun 09)
Xen Security Advisory 372 v3 (CVE-2021-28693) - xen/arm: Boot modules are not scrubbed Xen . org security team (Jun 08)
Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Xen . org security team (Jun 10)
Xen Security Advisory 370 v2 (CVE-2021-28689) - x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests Xen . org security team (May 04)
Xen Security Advisory 373 v2 (CVE-2021-28692) - inappropriate x86 IOMMU timeout detection / handling Xen . org security team (Jun 08)
Xen Security Advisory 375 v2 (CVE-2021-0089) - Speculative Code Store Bypass Xen . org security team (Jun 08)
Xen Security Advisory 374 v2 (CVE-2021-28691) - Guest triggered use-after-free in Linux xen-netback Xen . org security team (Jun 08)
Xen Security Advisory 377 v2 (CVE-2021-28690) - x86: TSX Async Abort protections not restored after S3 Xen . org security team (Jun 08)
马哲宇
CVE-2021-3483: Linux kernel: a use-after-free bug in nosy driver 马哲宇 (Apr 07)