oss-sec: by author
182 messages
starting Dec 14 21 and
ending Nov 23 21
Date index |
Thread index |
Author index
Aaron Patterson
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware Aaron Patterson (Dec 14)
Alan Coopersmith
Re: Fwd: X.Org Security Advisory: December 14, 2021 Alan Coopersmith (Dec 14)
CVE website transition from cve.mitre.org to cve.org Alan Coopersmith (Oct 29)
Mailman 2.1.35 security release Alan Coopersmith (Oct 21)
Re: 3 new CVE's in vim Alan Coopersmith (Oct 04)
Re: CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Alan Coopersmith (Dec 01)
Re: 3 new CVE's in vim Alan Coopersmith (Oct 04)
Alberto Garcia
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Alberto Garcia (Oct 27)
Aleksa Sarai
CVE-2021-43784: integer overflow in runc's netlink bytemsg allows malicious configuration to discreetly modify container configuration Aleksa Sarai (Dec 05)
Alexander E. Patrakov
CVE-2021-44273: e2guardian did not validate TLS hostnames Alexander E. Patrakov (Dec 23)
Alex Gaynor
Re: 3 new CVE's in vim Alex Gaynor (Oct 04)
Alon Zahavi
CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Alon Zahavi (Oct 14)
Amos Jeffries
CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2 Amos Jeffries (Oct 03)
Anthony Liguori
RE: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Anthony Liguori (Oct 26)
Bryan Call
Apache Traffic Server is vulnerable to various smuggle, DOS, and validation attacks Bryan Call (Nov 02)
butt3rflyh4ck
CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c butt3rflyh4ck (Dec 14)
Re: Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c butt3rflyh4ck (Nov 05)
Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c butt3rflyh4ck (Oct 19)
Calvin Kirs
CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution Calvin Kirs (Nov 01)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Carlos Alberto Lopez Perez (Oct 26)
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007 Carlos Alberto Lopez Perez (Dec 20)
Charles Fol
CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root Charles Fol (Oct 26)
Christofer Dutz
CVE-2021-43083: Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response Christofer Dutz (Dec 20)
CJ Cullen
[kubernetes] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces CJ Cullen (Oct 21)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 12)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Nov 04)
Daniel Gaspar
CVE-2021-42250: Apache Superset: Possible log injection Daniel Gaspar (Nov 17)
CVE-2021-41971: Apache Superset: Possible SQL Injection when template processing is enabled Daniel Gaspar (Oct 15)
CVE-2021-32609: Apache Superset: XSS vulnerability on Explore page Daniel Gaspar (Oct 15)
CVE-2021-41972: Apache Superset: Credentials leak Daniel Gaspar (Nov 11)
Daniel Lee
CVE-2021-43798 Grafana directory traversal Daniel Lee (Dec 09)
CVE-2021-41174 Grafana XSS vulnerability Daniel Lee (Nov 03)
Dave Fisher
CVE-2021-40439: Apache OpenOffice: Billion Laughs Dave Fisher (Oct 07)
CVE-2021-41832: Apache OpenOffice: Content Manipulation with Certificate Validation Attack Dave Fisher (Oct 11)
CVE-2021-41830: Apache OpenOffice: Double Certificate Attack Dave Fisher (Oct 11)
CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file Dave Fisher (Oct 07)
CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping Dave Fisher (Oct 11)
CVE-2021-28129: DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid Dave Fisher (Oct 07)
Dave Horsfall
Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Dave Horsfall (Nov 01)
David A. Wheeler
Re: Trojan Source Attacks David A. Wheeler (Nov 02)
Re: Trojan Source Attacks David A. Wheeler (Nov 02)
Dennis Jackson
CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Dennis Jackson (Dec 01)
Derek Dagit
CVE-2021-40865: Apache Storm: Unsafe Pre-Authentication Deserialization In Workers Derek Dagit (Oct 21)
CVE-2021-38294: Apache Storm: Shell Command Injection Vulnerability in Nimbus Thrift Server Derek Dagit (Oct 21)
Emmanuel Lecharny
CVE-2021-41973: Apache MINA HTTP listener DOS Emmanuel Lecharny (Nov 01)
[ANNOUNCE] Apache MINA 2.0.22 & 2.1.5 released Emmanuel Lecharny (Nov 01)
Eric Friedrich
CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request Eric Friedrich (Oct 12)
Fabian Keil
Multiple issues fixed in Privoxy 3.0.33 stable Fabian Keil (Dec 09)
Florian Weimer
IMA gadgets Florian Weimer (Nov 30)
Francis Perron
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Francis Perron (Oct 27)
Gábor Szádovszky
CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file Gábor Szádovszky (Dec 20)
Georgi Guninski
Re: Trojan Source Attacks Georgi Guninski (Nov 04)
Grant Taylor
Re: IMA gadgets Grant Taylor (Dec 01)
halfdog
Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up halfdog (Oct 18)
Itai Greenhut
Core-dump handing issues with suid binaries Itai Greenhut (Oct 20)
Jakub Wilk
Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Jakub Wilk (Nov 01)
Jan Engelhardt
Re: Trojan Source Attacks Jan Engelhardt (Nov 01)
Re: Trojan Source Attacks Jan Engelhardt (Nov 01)
Jan Høydahl
CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler Jan Høydahl (Dec 18)
Jan Lehnardt
CVE-2021-38295 Apache CouchDB <= 3.1.1 privilege escalation Jan Lehnardt (Oct 12)
Jeffrey Walton
Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack Jeffrey Walton (Dec 15)
Jens Timmerman
Re: IMA gadgets Jens Timmerman (Dec 01)
Johannes Segitz
Re: IMA gadgets Johannes Segitz (Dec 01)
John Paul Adrian Glaubitz
Re: Linux kernel: powerpc: KVM guest can trigger host crash on Power8 John Paul Adrian Glaubitz (Oct 26)
Re: Linux kernel: powerpc: KVM guest can trigger host crash on Power8 John Paul Adrian Glaubitz (Oct 28)
Re: Linux kernel: powerpc: KVM guest can trigger host crash on Power8 John Paul Adrian Glaubitz (Oct 28)
Josh Bressers
Re: Trojan Source Attacks Josh Bressers (Nov 02)
Juan Pablo Santos Rodríguez
[CVE-2021-44140] Apache JSPWiki Arbitrary file deletion on logout Juan Pablo Santos Rodríguez (Nov 23)
[CVE-2021-40369] Apache JSPWiki Cross-site scripting vulnerability on Denounce plugin Juan Pablo Santos Rodríguez (Nov 23)
Juan Pan
CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data Juan Pan (Nov 11)
JunXu Chen
CVE-2021-45232: Apache APISIX Dashboard: security vulnerability on unauthorized access JunXu Chen (Dec 27)
Kai Engert
Re: CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures Kai Engert (Dec 01)
Karp, Samuel
Moby (Docker Engine) CVE-2021-41089 Karp, Samuel (Oct 04)
Leonid Isaev (ifax)
Re: Trojan Source Attacks Leonid Isaev (ifax) (Nov 04)
Liang Liu
CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication Liang Liu (Nov 16)
Lin Horse
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Lin Horse (Oct 26)
CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Lin Horse (Oct 26)
Marcin Niemiec
Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable Marcin Niemiec (Nov 22)
Marcus Christie
CVE-2021-43410: Apache Airavata Django Portal: airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements Marcus Christie (Dec 06)
Mariusz Felisiak
Django: CVE-2021-44420: Potential bypass of an upstream access control based on URL paths Mariusz Felisiak (Dec 07)
Mark Thomas
CVE-2021-42340: Apache Tomcat: DoS via memory leak with WebSocket connections Mark Thomas (Oct 14)
Matteo Collina
Fwd: Node.js security updates for all active release lines, October 2021 Matteo Collina (Oct 05)
Matthias Gerstner
Barrier "software KVM switch" multiple remote security issues Matthias Gerstner (Nov 02)
tmate-ssh-server: Local Privilege Escalation Issues and DoS issues (CVE-2021-44512, CVE-2021-44513) Matthias Gerstner (Dec 06)
Matt Sicker
CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration Matt Sicker (Dec 28)
CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation Matt Sicker (Dec 18)
Michael Ellerman
Linux kernel: powerpc: KVM guest can trigger host crash on Power8 Michael Ellerman (Oct 25)
Michael Orlitzky
Re: Trojan Source Attacks Michael Orlitzky (Nov 02)
Miklos Szeredi
Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Miklos Szeredi (Oct 20)
Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Miklos Szeredi (Oct 19)
Moritz Bechler
Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints Moritz Bechler (Dec 10)
Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack Moritz Bechler (Dec 15)
Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 Moritz Bechler (Dec 13)
Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack Moritz Bechler (Dec 18)
Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints Moritz Bechler (Dec 10)
Nadav Amit
CVE-2021-4002: Linux kernel: Missing TLB flush on hugetlbfs Nadav Amit (Nov 25)
Nathan Gough
CVE-2021-44145: Apache NiFi information disclosure by XXE Nathan Gough (Dec 16)
Nicholas Boucher
Trojan Source Attacks Nicholas Boucher (Nov 01)
Oswald Buddenhagen
CVE-2021-44143: heap overflow in isync/mbsync Oswald Buddenhagen (Dec 03)
CVE-2021-3657: multiple buffer overflows in isync/mbsync Oswald Buddenhagen (Dec 03)
Paolo Perego
spacewalk-admin: CVE-2021-40348: arbitrary local code execution by 'tomcat' user via rhn-config-satellite.pl Paolo Perego (Oct 28)
Pavel Mayorov
binutils: Stack-overflow in debug_write_type in debug.c Pavel Mayorov (Dec 23)
Perry E. Metzger
Re: Trojan Source Attacks Perry E. Metzger (Nov 01)
Philipp Jeitner (SIT)
[CVE-2021-43523] Incorrect handling of special characters in domain names in uclibc and uclibc-ng Philipp Jeitner (SIT) (Nov 09)
Pietro Albini
CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code Pietro Albini (Oct 31)
Povilas Kanapickas
Fwd: X.Org Security Advisory: December 14, 2021 Povilas Kanapickas (Dec 14)
Ralph Goers
CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 Ralph Goers (Dec 13)
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints Ralph Goers (Dec 10)
Richard Hartmann
CVE-2021-39226 Grafana snapshot authentication bypass Richard Hartmann (Oct 05)
Roman Medina-Heigl Hernandez
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 07)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 09)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 15)
Ron Grabowski
CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack Ron Grabowski (Dec 14)
Roxana Bradescu
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Roxana Bradescu (Oct 28)
Salvatore Bonaccorso
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 31)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 26)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 27)
Re: Linux kernel: powerpc: KVM guest can trigger host crash on Power8 Salvatore Bonaccorso (Oct 27)
Samanta Navarro
Supply Chain Security and Tar Samanta Navarro (Oct 03)
Samuel Groß
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Samuel Groß (Oct 27)
Sandro Gauci
[ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default Sandro Gauci (Oct 25)
[ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets Sandro Gauci (Oct 25)
[ES2021-07] FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing Sandro Gauci (Oct 25)
[ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding Sandro Gauci (Oct 25)
[ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways Sandro Gauci (Oct 25)
Santiago Torres
Re: Trojan Source Attacks Santiago Torres (Nov 01)
Seth Arnold
Re: Trojan Source Attacks Seth Arnold (Nov 02)
Siddharth Wagle
CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced Siddharth Wagle (Nov 19)
CVE-2021-36372: Apache Ozone: Original block tokens are persisted and can be retrieved Siddharth Wagle (Nov 19)
CVE-2021-39231: Apache Ozone: Missing authentication/authorization on internal RPC endpoints Siddharth Wagle (Nov 19)
CVE-2021-39233: Apache Ozone: Container-related datanode operations can be called without authorization Siddharth Wagle (Nov 19)
CVE-2021-39236: Apache Ozone: Owners of the S3 tokens are not validated Siddharth Wagle (Nov 19)
CVE-2021-41532: Apache Ozone: Unauthenticated access to Ozone Recon HTTP endpoints Siddharth Wagle (Nov 19)
CVE-2021-39232: Apache Ozone: Missing admin check for SCM related admin commands Siddharth Wagle (Nov 19)
CVE-2021-39234: Apache Ozone: Raw block data can be read bypassing ACL/authorization Siddharth Wagle (Nov 19)
Siddhesh Poyarekar
Re: Trojan Source Attacks Siddhesh Poyarekar (Nov 01)
Solar Designer
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Solar Designer (Oct 08)
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Solar Designer (Oct 26)
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Solar Designer (Oct 26)
Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download Solar Designer (Nov 10)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Solar Designer (Oct 08)
Stefan Eissing
CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Stefan Eissing (Oct 07)
CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier Stefan Eissing (Dec 20)
CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 Stefan Eissing (Oct 05)
CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing Stefan Eissing (Oct 05)
CVE-2021-44224: Apache HTTP Server: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier Stefan Eissing (Dec 20)
Stefan Pietsch
Trovent Security Advisory 2105-02 / CVE-2021-33618: Stored cross-site scripting in Dolibarr ERP & CRM Stefan Pietsch (Nov 10)
Trovent Security Advisory 2106-01 / CVE-2021-33816: Authenticated remote code execution in Dolibarr ERP & CRM Stefan Pietsch (Nov 10)
Trovent Security Advisory 2109-01 / CVE-2021-41843: Authenticated SQL injection in OpenEMR calendar search Stefan Pietsch (Dec 15)
Stuart D Gathman
Re: Trojan Source Attacks Stuart D Gathman (Nov 02)
Re: Trojan Source Attacks Stuart D Gathman (Nov 02)
Szymon Heidrich
CVE-2021-39685 : Linux Kernel USB Gadget buffer overflow Szymon Heidrich (Dec 15)
Thadeu Lima de Souza Cascardo
Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Thadeu Lima de Souza Cascardo (Oct 19)
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object Thadeu Lima de Souza Cascardo (Oct 26)
Timur Olzhabayev
CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv files Timur Olzhabayev (Dec 10)
Tim Wadhwa-Brown (twadhwab)
RE: CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 Tim Wadhwa-Brown (twadhwab) (Oct 07)
Travis Finkenauer
Re: IMA gadgets Travis Finkenauer (Dec 01)
Vardan Torosyan
Grafana 8.2.4 released with security fixes Vardan Torosyan (Nov 15)
Vincent Batts
CVE-2021-41190 OCI distribution and image spec: "content-type" confusion Vincent Batts (Nov 19)
Wadeck Follonier
Multiple vulnerabilities in Jenkins and Jenkins plugins Wadeck Follonier (Oct 06)
Wenqing Liu
CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr Wenqing Liu (Dec 24)
Wolfgang Frisch
CVE-2021-42257: check_smart.pl: unprivileged user can alter hard drive settings Wolfgang Frisch (Oct 14)
Xen . org security team
Xen Security Advisory 387 v2 (CVE-2021-28703) - grant table v2 status pages may remain accessible after de-allocation (take two) Xen . org security team (Nov 23)
Xen Security Advisory 392 v4 (CVE-2021-28714,CVE-2021-28715) - Guest can force Linux netback driver to hog large amounts of kernel memory Xen . org security team (Dec 20)
Xen Security Advisory 389 v3 (CVE-2021-28705,CVE-2021-28709) - issues with partially successful P2M updates on x86 Xen . org security team (Nov 23)
Xen Security Advisory 386 v2 (CVE-2021-28702) - PCI devices with RMRRs not deassigned correctly Xen . org security team (Oct 07)
Xen Security Advisory 390 v1 (CVE-2021-28710) - certain VT-d IOMMUs may not work in shared page table mode Xen . org security team (Nov 19)
Xen Security Advisory 385 v2 (CVE-2021-28706) - guests may exceed their designated memory limit Xen . org security team (Nov 23)
Xen Security Advisory 391 v3 (CVE-2021-28711,CVE-2021-28712,CVE-2021-28713) - Rogue backends can cause DoS of guests via high frequency events Xen . org security team (Dec 20)
Xen Security Advisory 386 v1 (CVE-2021-28702) - PCI devices with RMRRs not deassigned correctly Xen . org security team (Oct 05)
Xen Security Advisory 388 v3 (CVE-2021-28704,CVE-2021-28707,CVE-2021-28708) - PoD operations on misaligned GFNs Xen . org security team (Nov 23)
Xen Security Advisory 376 v1 - frontends vulnerable to backends Xen . org security team (Dec 20)
Yann Ylavic
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 11)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 15)
Zach Hoffman
CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops Zach Hoffman (Nov 11)
Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops Zach Hoffman (Nov 17)
Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops Zach Hoffman (Nov 11)
Zexuan Luo
CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable Zexuan Luo (Nov 22)
Zhiyuan Ju
Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable Zhiyuan Ju (Nov 23)