oss-sec: by author
193 messages
starting Aug 19 21 and
ending Jul 22 21
Date index |
Thread index |
Author index
Aaron Patterson
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware Aaron Patterson (Aug 19)
Alan Coopersmith
Oracle Solaris membership in the distros list Alan Coopersmith (Aug 24)
Re: Oracle Solaris membership in the distros list Alan Coopersmith (Sep 14)
3 new CVE's in vim Alan Coopersmith (Sep 30)
Alexandr Savca (chinarulezzz)
Re: Polipo: denial-of-service using range Alexandr Savca (chinarulezzz) (Jul 28)
Re: Polipo: denial-of-service using range Alexandr Savca (chinarulezzz) (Aug 03)
Alex O'Ree
[SECURITY] CVE-2021-37578 Apache jUDDI Remote code execution Alex O'Ree (Jul 29)
Alex Xu (Hello71)
Reminder: QtWebKit known vulnerabilities Alex Xu (Hello71) (Aug 04)
Andrew Cooper
Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Andrew Cooper (Sep 01)
Andy Seaborne
CVE-2021-33192: Apache Jena Fuseki: Display information UI XSS Andy Seaborne (Jul 04)
CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability Andy Seaborne (Sep 16)
Ariadne Conill
Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Ariadne Conill (Aug 07)
Re: Re: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Ariadne Conill (Aug 07)
Arpad Boda
CVE-2021-33191: Apache NiFi - MiNiFi C++: MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol Arpad Boda (Aug 24)
Axel Beckert
Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Axel Beckert (Aug 07)
Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Axel Beckert (Aug 07)
Re: bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Axel Beckert (Aug 07)
Re: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Axel Beckert (Aug 06)
Ben
CVE-2021-3773: Lack of port sanity checking in natd and Netfilter leads to exploit of OpenVPN clients on Linux and FreeBSD platforms Ben (Sep 08)
Bernd Zeimetz
GPSD time will jump back 1024 weeks at after week=2180 (23-October-2021) Bernd Zeimetz (Aug 01)
Brian Demers
CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass Brian Demers (Sep 16)
Bryan Pendleton
CVE-2021-41616: Apache ddlutils 1.0 readobject vulnerability Bryan Pendleton (Sep 29)
butt3rflyh4ck
Re: Linux kernel: fs/btrfs: null-ptr-dereference bug in btrfs_rm_device in fs/btrfs/volumes.c butt3rflyh4ck (Sep 01)
Re: Linux kernel: qrtr: another out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c butt3rflyh4ck (Aug 26)
Linux kernel: fs/btrfs: null-ptr-dereference bug in btrfs_rm_device in fs/btrfs/volumes.c butt3rflyh4ck (Aug 25)
Re: Linux kernel: qrtr: another out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c butt3rflyh4ck (Aug 27)
Re: Linux kernel: qrtr: another out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c butt3rflyh4ck (Aug 27)
Re: Linux kernel: fs/btrfs: null-ptr-dereference bug in btrfs_rm_device in fs/btrfs/volumes.c butt3rflyh4ck (Aug 26)
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Aug 17)
Linux kernel: qrtr: another out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c butt3rflyh4ck (Aug 25)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004 Carlos Alberto Lopez Perez (Jul 23)
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005 Carlos Alberto Lopez Perez (Sep 20)
CJ Cullen
[kubernetes] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding CJ Cullen (Jul 14)
[kubernetes] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access CJ Cullen (Sep 15)
Clint Wylie
CVE-2021-36749: Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920) Clint Wylie (Sep 23)
Colm O hEigeartaigh
CVE-2021-40690: Apache Santuario: Bypass of the secureValidation property Colm O hEigeartaigh (Sep 17)
Damien Miller
Announce: OpenSSH 8.8 released Damien Miller (Sep 26)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Aug 31)
Daniel Bevenius
Fwd: Node.js security updates for versions 12.x, and 14.x releases lines, August 31 2021 Daniel Bevenius (Aug 27)
Node.js: Security updates for all active release lines, 30 July 2021 Daniel Bevenius (Jul 29)
Fwd: Node.js security updates for versions 12.x, and 14.x releases lines, August 31 2021 Daniel Bevenius (Aug 31)
Daniel Stenberg
[SECURITY ADVISORY] curl: Protocol downgrade required TLS bypassed Daniel Stenberg (Sep 14)
[SECURITY ADVISORY] curl: TELNET stack contents disclosure again Daniel Stenberg (Jul 21)
[SECURITY ADVISORY] curl: STARTTLS protocol injection via MITM Daniel Stenberg (Sep 14)
[SECURITY ADVISORY] c-ares: Missing input validation on hostnames returned by DNS servers Daniel Stenberg (Aug 09)
[SECURITY ADVISORY] curl: Wrong content via metalink not discarded Daniel Stenberg (Jul 21)
[SECURITY ADVISORY] curl: Bad connection reuse due to flawed path name checks Daniel Stenberg (Jul 21)
[SECURITY ADVISORY] curl: UAF and double-free in MQTT sending Daniel Stenberg (Sep 14)
[SECURITY ADVISORY] curl: Metalink download sends credentials Daniel Stenberg (Jul 21)
Dave
CVE-2021-33580: Apache Roller: regex injection leading to DoS Dave (Aug 17)
Eric Blake
Re: STARTTLS vulnerabilities Eric Blake (Aug 18)
Re: STARTTLS vulnerabilities Eric Blake (Aug 11)
Re: STARTTLS vulnerabilities Eric Blake (Aug 16)
Georgi Guninski
Re: Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 26)
ipython3 may execute code from the current working directory Georgi Guninski (Jul 22)
Re: ipython3 may execute code from the current working directory Georgi Guninski (Jul 25)
Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 24)
Greg KH
Re: CVE-2021-3715 Linux kernel: use-after-free in route4_change() in net/sched/cls_route.c Greg KH (Sep 07)
Guido Berhoerster
Re: STARTTLS vulnerabilities Guido Berhoerster (Aug 10)
Guillaume Nodet
CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server Guillaume Nodet (Jul 12)
Hanno Böck
STARTTLS vulnerabilities Hanno Böck (Aug 10)
Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
Re: STARTTLS vulnerabilities Hanno Böck (Aug 11)
Re: STARTTLS vulnerabilities Hanno Böck (Aug 10)
Hausler, Micah
[kubernetes] CVE-2020-8561: Webhook redirect in kube-apiserver Hausler, Micah (Sep 15)
Jakub Wilk
Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 24)
Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 23)
Re: Potential symlink attack in python3 __pycache__ Jakub Wilk (Jul 26)
Jan Engelhardt
Re: [OSSA-2021-004] Neutron: Linuxbridge ARP filter bypass on Netfilter platforms (CVE-2021-38598) Jan Engelhardt (Aug 17)
kopano-core 11.0.2.43: Remote authenticated DoS with unhandled exception Jan Engelhardt (Aug 14)
Jason Andryuk
Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Jason Andryuk (Sep 01)
Jean D'Elboux
Re: Possible memory leak on getspnam / getspnam_r Jean D'Elboux (Aug 26)
Jean Diogo
Possible memory leak on getspnam / getspnam_r Jean Diogo (Aug 25)
Jeffrey Walton
Re: SNI is a security vulnerability all by itself (was Re: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)) Jeffrey Walton (Aug 07)
Re: Polipo: denial-of-service using range Jeffrey Walton (Jul 19)
Jeff Zhang
CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass Jeff Zhang (Sep 02)
CVE-2019-10095: Apache Zeppelin: bash command injection in spark interpreter Jeff Zhang (Sep 02)
CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter Jeff Zhang (Sep 02)
Jeremy Soller
Re: Pop!_OS Membership to linux-distros list Jeremy Soller (Aug 04)
Re: Pop!_OS Membership to linux-distros list Jeremy Soller (Sep 07)
Pop!_OS Membership to linux-distros list Jeremy Soller (Jul 20)
Jeremy Stanley
[OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085) Jeremy Stanley (Aug 31)
[OSSA-2021-006] Neutron: Routes middleware memory leak for nonexistent controllers (CVE-2021-40797) Jeremy Stanley (Sep 09)
[OSSA-2021-001] Neutron: Anti-spoofing bypass for Open vSwitch networks (CVE-2021-20267) Jeremy Stanley (Jul 12)
Re: [OSSA-2021-004] Neutron: Linuxbridge ARP filter bypass on Netfilter platforms (CVE-2021-38598) Jeremy Stanley (Aug 17)
[OSSA-2021-002] Nova: Open Redirect in noVNC proxy (CVE-2021-3654) Jeremy Stanley (Sep 27)
[OSSA-2021-003] Keystone: Account name and UUID oracles in account locking (CVE-2021-38155) Jeremy Stanley (Aug 10)
[OSSA-2021-004] Neutron: Linuxbridge ARP filter bypass on Netfilter platforms (CVE-2021-38598) Jeremy Stanley (Aug 17)
[OSSA-2021-002] Nova: Open Redirect in noVNC proxy (CVE-2021-3654) Jeremy Stanley (Jul 29)
Jihoon Son
CVE-2021-26920: Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended Jihoon Son (Jul 01)
jleroux () apache org
[CVE-2021-37608] Arbitrary file upload vulnerability in OFBiz jleroux () apache org (Aug 11)
Joe Orton
CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613 Joe Orton (Aug 23)
John Haxby
Re: Linux kernel: qrtr: another out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c John Haxby (Aug 26)
John Helmert III
Re: Polipo: denial-of-service using range John Helmert III (Jul 18)
Re: Polipo: denial-of-service using range John Helmert III (Aug 01)
Re: Polipo: denial-of-service using range John Helmert III (Aug 13)
Jonas Dellinger
CVE-2020-28020: Integer overflow in Exim that can lead to RCE: Some questions to the Qualys researchers who designed the exploit Jonas Dellinger (Jul 25)
Jonas Schäfer
Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) Jonas Schäfer (Jul 22)
Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601) Jonas Schäfer (Jul 28)
Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) Jonas Schäfer (Jul 28)
Jussi Hietanen
NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G Jussi Hietanen (Aug 30)
Karp, Samuel
CVE-2021-32760: containerd archive package allows chmod of file outside of unpack target directory Karp, Samuel (Jul 19)
Kaxil Naik
CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check Kaxil Naik (Sep 09)
CVE-2021-35936: Apache Airflow: No Authentication on Logging Server Kaxil Naik (Aug 14)
Kees Cook
Re: Containers-optimized OS (COS) membership in the linux-distros list Kees Cook (Sep 18)
lewis john mcgibbney
CVE-2021-38555: An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java lewis john mcgibbney (Sep 11)
CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java lewis john mcgibbney (Sep 11)
Lin Horse
CVE-2021-3640: Linux kernel: UAF in sco_send_frame function Lin Horse (Jul 22)
Luo Likang
CVE-2021-3752: Linux kernel: a uaf bug in bluetooth Luo Likang (Sep 15)
Marco Benatto
libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634) Marco Benatto (Aug 26)
Marcus Meissner
Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() Marcus Meissner (Sep 14)
Mariusz Felisiak
Django: CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input Mariusz Felisiak (Jul 01)
Mark J Cox
OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Mark J Cox (Aug 26)
Mark Thomas
CVE-2021-41079: Apache Tomcat DoS with unexpected TLS packet Mark Thomas (Sep 15)
Mats Wichmann
Re: ipython3 may execute code from the current working directory Mats Wichmann (Jul 23)
Matthew Wild
Re: STARTTLS vulnerabilities Matthew Wild (Aug 11)
Re: STARTTLS vulnerabilities Matthew Wild (Aug 11)
Matthias Andree
ANNOUNCE: fetchmail <= 6.4.19 security announcement 2021-01 (CVE-2021-36386) - fetchmail 6.4.20 released. DoS or information disclosure in some configurations Matthias Andree (Jul 28)
fetchmail 6.4.21 released/regression fix for 6.4.20's security fix, and UPDATE: fetchmail <= 6.4.19 security announcement 2021-01 (CVE-2021-36386) Matthias Andree (Aug 09)
ANNOUNCE: fetchmail security announcement 2021-02 (CVE-2021-39272) - TLS bypass vulnerabilities ("NO STARTTLS") Matthias Andree (Aug 27)
Matthias Gerstner
replay-sorcery: CVE-2021-36983: kms service in version 0.6.0 allows local root exploit and other local attack vectors Matthias Gerstner (Jul 27)
Mauro Matteo Cascella
Re: CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) Mauro Matteo Cascella (Jul 20)
[CVE-2021-3653, CVE-2021-3656] SVM nested virtualization issues in KVM Mauro Matteo Cascella (Aug 16)
Michael Dawson
Fwd: Node.js security updates for all active release lines, August 2021 Michael Dawson (Aug 05)
Michael Ellerman
Linux kernel: powerpc: KVM guest to host memory corruption Michael Ellerman (Jul 26)
Re: Linux kernel: powerpc: KVM guest to host memory corruption Michael Ellerman (Jul 27)
Michael McNally
ISC has disclosed a vulnerability in BIND (CVE-2021-25218) Michael McNally (Aug 18)
August BIND maintenance releases contain a defect affecting servers using the map zone file format (was: A vulnerability in BIND (CVE-2021-25218) will be announced 18 August 2021) Michael McNally (Aug 20)
Michael Orlitzky
Re: Potential symlink attack in python3 __pycache__ Michael Orlitzky (Jul 24)
Minh Yuan
CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt for latest Linux Minh Yuan (Sep 01)
Mohammad Tausif Siddiqui
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Mohammad Tausif Siddiqui (Aug 24)
Mustafa Kuscu
xscreensaver 5.45 crash Mustafa Kuscu (Jul 06)
Nayna
CVE-2021-35039: Linux kernel loading unsigned kernel modules via init_module syscall Nayna (Jul 06)
Oleksandr Tymoshenko
Re: Containers-optimized OS (COS) membership in the linux-distros list Oleksandr Tymoshenko (Sep 21)
Containers-optimized OS (COS) membership in the linux-distros list Oleksandr Tymoshenko (Sep 16)
Paragon Initiative Enterprises Security Team
firebase/php-jwt Algorithm Confusion with Key IDs Paragon Initiative Enterprises Security Team (Aug 11)
Peter van Dijk
security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0 Peter van Dijk (Jul 26)
Petr Matousek
Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer Petr Matousek (Jul 20)
Philipp Jeitner (SIT)
CVE-2021-20314: Remote stack buffer overflow in libspf2 Philipp Jeitner (SIT) (Aug 11)
Philipp Takacs
security issues in Litex IP stack Philipp Takacs (Sep 30)
Piotr Krysiuk
[CVE-2021-34556,CVE-2021-35477] Linux kernel BPF protection against Speculative Store Bypass can be bypassed to disclose arbitrary kernel memory Piotr Krysiuk (Aug 01)
[CVE-2021-38300] Linux kernel cBPF JIT compiler for MIPS emits incorrect branches leading to execution of arbitrary Kernel code Piotr Krysiuk (Sep 15)
Przemyslaw Roguski
CVE-2021-3762 quay/claircore: directory traversal when scanning crafted container image Przemyslaw Roguski (Sep 29)
Qualys Security Advisory
CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) Qualys Security Advisory (Jul 20)
Re: CVE-2020-28020: Integer overflow in Exim that can lead to RCE: Some questions to the Qualys researchers who designed the exploit Qualys Security Advisory (Aug 02)
CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer Qualys Security Advisory (Jul 20)
Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer Qualys Security Advisory (Jul 22)
Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer Qualys Security Advisory (Aug 25)
Randall Hauch
CVE-2021-38153: Timing Attack Vulnerability for Apache Kafka Connect and Clients Randall Hauch (Sep 21)
Richard Cochran
linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571 Richard Cochran (Jul 06)
Rohit Keshri
Re: CVE-2021-3715 Linux kernel: use-after-free in route4_change() in net/sched/cls_route.c Rohit Keshri (Sep 08)
CVE-2021-3715 Linux kernel: use-after-free in route4_change() in net/sched/cls_route.c Rohit Keshri (Sep 07)
Salvatore Bonaccorso
Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Salvatore Bonaccorso (Aug 07)
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Salvatore Bonaccorso (Aug 17)
Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) Salvatore Bonaccorso (Jul 27)
Sam James
Re: CVE-2021-20314: Remote stack buffer overflow in libspf2 Sam James (Aug 12)
Santiago Torres
Re: Potential symlink attack in python3 __pycache__ Santiago Torres (Jul 26)
Solar Designer
Re: Pop!_OS Membership to linux-distros list Solar Designer (Aug 17)
Re: Oracle Solaris membership in the distros list Solar Designer (Sep 17)
Re: Pop!_OS Membership to linux-distros list Solar Designer (Jul 27)
Re: Containers-optimized OS (COS) membership in the linux-distros list Solar Designer (Sep 17)
Re: Oracle Solaris membership in the distros list Solar Designer (Sep 06)
Re: Possible memory leak on getspnam / getspnam_r Solar Designer (Sep 06)
Re: Containers-optimized OS (COS) membership in the linux-distros list Solar Designer (Sep 21)
Stefan Bodewig
CVE-2021-35516: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability Stefan Bodewig (Jul 13)
CVE-2021-36090: Apache Commons Compress 1.0 to 1.20 denial of service vulnerability Stefan Bodewig (Jul 13)
CVE-2021-35517: Apache Commons Compress 1.1 to 1.20 denial of service vulnerability Stefan Bodewig (Jul 13)
CVE-2021-36374: Apache Ant ZIP, and ZIP based, archive denial of service vulerability Stefan Bodewig (Jul 13)
CVE-2021-35515: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability Stefan Bodewig (Jul 13)
CVE-2021-36373: Apache Ant TAR archive denial of service vulnerability Stefan Bodewig (Jul 13)
Stefan Seelmann
CVE-2021-33900: Apache Directory Studio: StartTLS and SASL confidentiality protection bypass Stefan Seelmann (Jul 24)
Stuart Henderson
Re: Re: bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Stuart Henderson (Aug 07)
Thorsten Glaser
Re: bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Thorsten Glaser (Aug 07)
Re: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Thorsten Glaser (Aug 07)
Re: [Lynx-dev] [oss-security] Re: bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Thorsten Glaser (Aug 07)
SNI is a security vulnerability all by itself (was Re: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)) Thorsten Glaser (Aug 07)
Travis Finkenauer
Re: Possible memory leak on getspnam / getspnam_r Travis Finkenauer (Aug 25)
Tyler Hicks
Re: Pop!_OS Membership to linux-distros list Tyler Hicks (Aug 04)
Re: Pop!_OS Membership to linux-distros list Tyler Hicks (Jul 30)
Valentina Palmiotti
Linux Kernel: Exploitable vulnerability in io_uring Valentina Palmiotti (Sep 18)
vpn-research
Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) vpn-research (Jul 05)
Willem Jiang
CVE-2021-21501: Apache ServiceComb: ServiceComb ServiceCenter Directory Traversal Willem Jiang (Aug 10)
Xen . org security team
Xen Security Advisory 383 v2 (CVE-2021-28700) - xen/arm: No memory limit for dom0less domUs Xen . org security team (Aug 25)
Xen Security Advisory 380 v2 (CVE-2021-28698) - long running loops in grant table handling Xen . org security team (Aug 25)
Xen Security Advisory 379 v2 (CVE-2021-28697) - grant table v2 status pages may remain accessible after de-allocation Xen . org security team (Aug 25)
Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Xen . org security team (Sep 01)
Xen Security Advisory 382 v2 (CVE-2021-28699) - inadequate grant-v2 status frames array bounds check Xen . org security team (Aug 25)
Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in XENMAPSPACE_grant_table handling Xen . org security team (Sep 08)
Xen Security Advisory 380 v3 (CVE-2021-28698) - long running loops in grant table handling Xen . org security team (Sep 01)
Xen Security Advisory 378 v2 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Xen . org security team (Aug 25)
Zoltán Borók-Nagy
CVE-2021-28131: Apache Impala: Impala logs contain secrets Zoltán Borók-Nagy (Jul 22)