oss-sec: by date
236 messages
starting Apr 01 21 and
ending Jun 30 21
Date index |
Thread index |
Author index
Thursday, 01 April
Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt
Friday, 02 April
kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Jan Engelhardt
CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks Colm O hEigeartaigh
Monday, 05 April
Re: Risk of local privilege escalation in GNU Guix Leo Famulari
Re: Risk of local privilege escalation in GNU Guix Henri Salo
Re: Risk of local privilege escalation in GNU Guix Jan Engelhardt
Re: Risk of local privilege escalation in GNU Guix Leo Famulari
Re: Risk of local privilege escalation in GNU Guix Leo Famulari
Tuesday, 06 April
Django: CVE-2021-28658: Potential directory-traversal via uploaded files Mariusz Felisiak
CVE-2021-29136: umoci: malicious layer with symlink entry for "/" allows overwriting of host files Aleksa Sarai
Wednesday, 07 April
CVE-2021-3483: Linux kernel: a use-after-free bug in nosy driver 马哲宇
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Thursday, 08 April
[CVE-2021-29154] Linux kernel incorrect computation of branch displacements in BPF JIT compiler can be abused to execute arbitrary code in Kernel mode Piotr Krysiuk
Friday, 09 April
Re: Risk of local privilege escalation in GNU Guix Leo Famulari
Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov
Saturday, 10 April
Re: Risk of local privilege escalation in GNU Guix Leo Famulari
Monday, 12 April
CVE-2021-29425 (Possible limited path traversal in Apache Commons IO 2.2 to 2.6) Jochen Wiedmann
CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections Mike Drob
CVE-2021-29262: Apache Solr: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings Mike Drob
CVE-2021-27905: Apache Solr: SSRF vulnerability with the Replication handler Mike Drob
Tuesday, 13 April
X.Org server security advisory: April 13, 2021 Matthieu Herrb
Wednesday, 14 April
[kubernetes] CVE-2021-25735: Validating Admission Webhook does not observe some previous fields Tim Allclair
CVE-2021-20288 Ceph: Unauthorized global_id reuse in cephx Ana McTaggart
Thursday, 15 April
CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195 Thiago H. de Paula Figueiredo
Friday, 16 April
[CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Steve Beattie
[CVE-2021-3492] Ubuntu shiftfs Linux kernel file system double free vulnerability Steve Beattie
QEMU: ESP security fixes Mauro Matteo Cascella
Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Salvatore Bonaccorso
Re: [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation Steve Beattie
Saturday, 17 April
xscreensaver package caps gets raw socket Tavis Ormandy
Re: xscreensaver package caps gets raw socket Tavis Ormandy
Sunday, 18 April
Re: xscreensaver package caps gets raw socket Érico Nogueira
CVE-2021-23133: Linux kernel: race condition in sctp sockets Or Cohen
Re: xscreensaver package caps gets raw socket Simon McVittie
[CVE-2021-29155] Linux kernel protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory Piotr Krysiuk
Re: xscreensaver package caps gets raw socket Solar Designer
Re: xscreensaver package caps gets raw socket Alan Coopersmith
Announce: OpenSSH 8.6 released Damien Miller
Monday, 19 April
Re: Linux Kernel: out of bounds array access in dm-ioctl.c - Nop
Re: xscreensaver package caps gets raw socket David A. Wheeler
Re: xscreensaver package caps gets raw socket Solar Designer
Re: xscreensaver package caps gets raw socket Ariadne Conill
Re: xscreensaver package caps gets raw socket David A. Wheeler
Re: xscreensaver package caps gets raw socket Ariadne Conill
Re: xscreensaver package caps gets raw socket Eli Schwartz
Re: xscreensaver package caps gets raw socket Stuart Henderson
Tuesday, 20 April
Linux kernel: a heap buffer overflow in firedtv driver Luo Likang
DNS rebinding vulnerability in npupnp Gabriel Corona
Vulnerability in Jenkins Daniel Beck
DNS rebinding vulnerability in pupnp Gabriel Corona
Wednesday, 21 April
Exim security update ahead Heiko Schlittermann
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: xscreensaver package caps gets raw socket Salvatore Bonaccorso
Thursday, 22 April
Malicious commits to Linux kernel as part of university study Peter Bex
Re: Malicious commits to Linux kernel as part of university study Albert Veli
Re: Malicious commits to Linux kernel as part of university study Peter Bex
Re: Malicious commits to Linux kernel as part of university study David A. Wheeler
Re: Malicious commits to Linux kernel as part of university study David H
Re: Malicious commits to Linux kernel as part of university study Marcus Meissner
Re: Malicious commits to Linux kernel as part of university study Marcus Meissner
Re: Malicious commits to Linux kernel as part of university study Santiago Torres
Re: Malicious commits to Linux kernel as part of university study Ariadne Conill
Re: Malicious commits to Linux kernel as part of university study Ariadne Conill
Re: Malicious commits to Linux kernel as part of university study r00t4dm
Re: Malicious commits to Linux kernel as part of university study Mark Steward
Re: Malicious commits to Linux kernel as part of university study Michael Orlitzky
Re: Malicious commits to Linux kernel as part of university study Francis Booth
Re: Malicious commits to Linux kernel as part of university study Eric Biggers
Friday, 23 April
Re: Malicious commits to Linux kernel as part of university study Jan Engelhardt
Re: Malicious commits to Linux kernel as part of university study Kurt H Maier
Re: Malicious commits to Linux kernel as part of university study Greg KH
Re: Malicious commits to Linux kernel as part of university study James Feister
CVE-2021-26291: Apache Maven: block repositories using http by default Brian Fox
Saturday, 24 April
Re: Malicious commits to Linux kernel as part of university study Silas
Re: Malicious commits to Linux kernel as part of university study Thomas Ward
Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Robert Scheck
Sunday, 25 April
Re: DNS rebinding vulnerability in npupnp Gabriel Corona
Monday, 26 April
virtualbox: CVE-2021-2264: vboxautostart-service.sh allows injection of parameters in 'su' invocation Matthias Gerstner
virtualbox: CVE-2021-25319: missing sticky bit in openSUSE packaging for /etc/box allows local root exploit for members of vboxusers group Matthias Gerstner
CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users Bharat Viswanadham
Tuesday, 27 April
CVE-2021-28125: Apache Superset Open Redirect daniel gaspar
CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later Thiago H. de Paula Figueiredo
[CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI jleroux () apache org
[CVE-2021-30128] Unsafe deserialization in OFBiz jleroux () apache org
Wednesday, 28 April
ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Michael McNally
Thursday, 29 April
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ariadne Conill
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ondřej Surý
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ariadne Conill
Nitro Enclaves kernel driver issue Paraschiv, Andra-Irina
Friday, 30 April
[ANNOUNCE] klibc 2.0.9 Ben Hutchings
Saturday, 01 May
kopano-core 11.0.1.143: Remote DoS with resource exhaustion Jan Engelhardt
Tuesday, 04 May
Exim 4.94.2 - security update released Heiko Schlittermann
[CVE-2021-31829] Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory Piotr Krysiuk
21Nails: Multiple vulnerabilities in Exim Qualys Security Advisory
hivex CVE-2021-3504 Huzaifa Sidhpurwala
Xen Security Advisory 370 v2 (CVE-2021-28689) - x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests Xen . org security team
Multiple vulnerabilities in RPM Demi Marie Obenour
Django 3.2.1, 3.1.9, and 2.2.21: CVE-2021-31542: Potential directory-traversal via uploaded files Carlton Gibson
[kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU Hausler, Micah
Wednesday, 05 May
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch Aaron Patterson
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack Aaron Patterson
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack Aaron Patterson
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication Aaron Patterson
CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella
Thursday, 06 May
Django: CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ Mariusz Felisiak
Friday, 07 May
Re: CVE-2021-3527 QEMU: usb: unbounded stack allocation in usbredir Mauro Matteo Cascella
Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck
Saturday, 08 May
Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck
Sunday, 09 May
[CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image William Bowling
Code execution through Thunar Gabriel Corona
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso
Monday, 10 May
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray
Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image Jakub Wilk
[Kubernetes] CVE-2021-25736: Windows kube-proxy LoadBalancer contention Swamy Shivaganga Nagaraju
CVE-2021-32399 Linux device detach race condition Lin Horse
Re: Code execution through Thunar Gabriel Corona
Tuesday, 11 May
CVE-2021-23134: Linux kernel: UAF in nfc sockets Nadav Markus
[CVE-2020-28018] Use-After-Free on Exim Question null p0int3r
Re: [CVE-2020-28018] Use-After-Free on Exim Question Solar Designer
Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Stefan Pietsch
Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Stefan Pietsch
Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation Thadeu Lima de Souza Cascardo
CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking Thadeu Lima de Souza Cascardo
various 802.11 security issues - fragattacks.com Johannes Berg
CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass Thadeu Lima de Souza Cascardo
Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory
Re: [CVE-2020-28018] Use-After-Free on Exim Question null p0int3r
Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek
Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Salvatore Bonaccorso
Wednesday, 12 May
Re: [CVE-2020-28018] Use-After-Free on Exim Question harris.johnson.x
Re: [CVE-2020-28018] Use-After-Free on Exim Question Qualys Security Advisory
Thursday, 13 May
Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek
Friday, 14 May
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Solar Designer
Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Robert G.
Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild
CVE-2021-3509: Ceph: Cross Site Scripting via token Cookie Ana McTaggart
CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart
Sunday, 16 May
Open Source WAF testing tools Martin O'Neil
Re: Open Source WAF testing tools Brandon Perry
Re: Open Source WAF testing tools Ivan Novikov
Monday, 17 May
rxvt terminal (+bash) remoteish code execution 0day def
Re: rxvt terminal (+bash) remoteish code execution 0day def
Re: rxvt terminal (+bash) remoteish code execution 0day Priedhorsky, Reid
Re: Re: rxvt terminal (+bash) remoteish code execution 0day def
Re: rxvt terminal (+bash) remoteish code execution 0day Jakub Wilk
Re: rxvt terminal (+bash) remoteish code execution 0day Dan Yefihmov
Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart
Tuesday, 18 May
please: CVE-2021-31153,CVE-2021-31154,CVE-2021-31155: local root exploit and further security issues in sudo-like utility Matthias Gerstner
libX11 security advisory: May 18, 2021 Matthieu Herrb
libx11 API Protocol Command Injection Unparalleled IT Security Research
[kubernetes] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack CJ Cullen
Wednesday, 19 May
Prometheus 2.26.1-2.27.1 released to fix an Open Redirect security issue Julien Pivotto
CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack Aleksa Sarai
Friday, 21 May
Plone security hotfix 20210518 Maurits van Rees
Saturday, 22 May
Re: Plone security hotfix 20210518 Maurits van Rees
Tuesday, 25 May
CVE-2021-3564 Linux Bluetooth device initialization implementation bug Mart111n
CVE-2021-23937: Apache Wicket: DNS proxy and possible amplification attack Emond Papegaaij
Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2021-22160 Apache Pulsar Information Disclosure PengHui Li
X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability X41 D-Sec GmbH Advisories
[SECURITY ADVISORY] curl: TELNET stack contents disclosure Daniel Stenberg
[SECURITY ADVISORY] curl: TLS session caching disaster Daniel Stenberg
Wednesday, 26 May
CVE-2021-22543 - /dev/kvm LPE Eduardo' Vela" <Nava>
Re: CVE-2021-22543 - /dev/kvm LPE Solar Designer
Re: CVE-2021-22543 - /dev/kvm LPE Paolo Bonzini
ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217) Michael McNally
Thursday, 27 May
[CVE-2021-33200] Linux kernel enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes in kernel memory Piotr Krysiuk
CVE-2020-17514: Apache Fineract: Disabled hostname verification for HTTPS James Dailey
Friday, 28 May
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Oliver Hartkopp
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Marc Kleine-Budde
Saturday, 29 May
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Greg Kroah-Hartman
Monday, 31 May
QEMU: security issues in vhost-user-gpu Mauro Matteo Cascella
Tuesday, 01 June
Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck
Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug Mart111n
Wednesday, 02 June
Django security releases 3.2.4, 3.1.12, and 2.2.24 for CVE-2021-33203 and CVE-2021-33571 Carlton Gibson
Thursday, 03 June
CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() Cedric Buissart
Saturday, 05 June
XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki
Sunday, 06 June
Re: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Mike O'Connor
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck
Monday, 07 June
CVE-2021-3578: possible remote code execution in isync/mbsync Oswald Buddenhagen
[CVE-2021-33896] Path traversal in Dino file transfers Dino Team
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Wade Mealing
Tuesday, 08 June
CVE-2021-3573: UAF in hci_sock_bound_ioctl() function Lin Horse
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck
CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control JunXu Chen
Xen Security Advisory 372 v3 (CVE-2021-28693) - xen/arm: Boot modules are not scrubbed Xen . org security team
Xen Security Advisory 374 v2 (CVE-2021-28691) - Guest triggered use-after-free in Linux xen-netback Xen . org security team
Xen Security Advisory 375 v2 (CVE-2021-0089) - Speculative Code Store Bypass Xen . org security team
Xen Security Advisory 377 v2 (CVE-2021-28690) - x86: TSX Async Abort protections not restored after S3 Xen . org security team
Xen Security Advisory 373 v2 (CVE-2021-28692) - inappropriate x86 IOMMU timeout detection / handling Xen . org security team
Wednesday, 09 June
connman stack buffer overflow in dnsproxy CVE-2021-33833 Marcus Meissner
Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Xen . org security team
Thursday, 10 June
Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Xen . org security team
CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections Christophe JAILLET
CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges Christophe JAILLET
CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference Christophe JAILLET
CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte Christophe JAILLET
CVE-2021-26690: Apache httpd: mod_session NULL pointer dereference Christophe JAILLET
CVE-2021-26691: Apache httpd: mod_session response handling heap overflow Christophe JAILLET
CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF' Christophe JAILLET
CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request Christophe JAILLET
Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Sven Kieske
Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass Andrew Cooper
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Marek Marczykowski-Górecki
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request John Helmert III
Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request Christophe JAILLET
Friday, 11 June
Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock Gianluca Gabrielli
Saturday, 12 June
CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file Andreas Lehmkuehler
CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file Andreas Lehmkuehler
Monday, 14 June
xscreensaver: filename command injection in vidwhacker screensaver Hanno Böck
Tuesday, 15 June
CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel Norbert Slusarek
CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw Robert Middleton
Wednesday, 16 June
CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter Colm O hEigeartaigh
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Thursday, 17 June
New Open-Source Forensic Tool for SQLite Data Recovery Andrew Zayine
Friday, 18 June
Vulnerability in Jenkins Generic Webhook Trigger Plugin Daniel Beck
Saturday, 19 June
CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation Norbert Slusarek
Re: CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation Thadeu Lima de Souza Cascardo
Monday, 21 June
[CVE-2021-33624] Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory Adam Morrison
CVE-2021-26461: Apache NuttX (incubating): malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds Brennan Ashton
Wednesday, 23 June
CVE-2021-3600 - Linux kernel eBPF 32-bit source register truncation on div/mod Thadeu Lima de Souza Cascardo
Friday, 25 June
FW: An out-of-bound read/write in fsi driver Luo Likang
Saturday, 26 June
Re: CVE-2021-22543 - /dev/kvm LPE Eduardo' Vela" <Nava>
Monday, 28 June
CVE-2021-29157: Dovecot oauth2 JWT local validation path traversal Aki Tuomi
CVE-2021-33515: Dovecot SMTP Submission service STARTTLS injection. Aki Tuomi
CVE-2020-28200: Dovecot Pigeonhole Sieve excessive resource usage Aki Tuomi
Wednesday, 30 June
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Plone: stored XSS in folder contents Maurits van Rees