oss-sec: by author
RSS Feed
About List
All Lists
Previous period
212 messages
starting Feb 11 22 and
ending Mar 17 22
Date index |
Thread index |
Author index
Aaron Patterson
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack Aaron Patterson (Feb 11)
Abhishek Tiwari
CVE-2021-36152: Apache Gobblin: Insecure TrustManager used in LDAP connections Abhishek Tiwari (Feb 03)
CVE-2021-36151: Apache Gobblin: Local Credentials Disclosure Vulnerability Abhishek Tiwari (Feb 03)
Adler, Mark
Re: zlib memory corruption on deflate (i.e. compress) Adler, Mark (Mar 27)
Alan Coopersmith
Re: Fuzzy CVE's in GNU inetutils Alan Coopersmith (Jan 16)
Re: 3 new CVE's in vim Alan Coopersmith (Jan 15)
Expat 2.4.3 released, includes 8 security fixes Alan Coopersmith (Jan 17)
Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)
Fuzzy CVE's in GNU inetutils Alan Coopersmith (Jan 15)
Expat 2.4.5 released, includes 5 security fixes Alan Coopersmith (Feb 19)
Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)
Re: zlib memory corruption on deflate (i.e. compress) Alan Coopersmith (Mar 29)
Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906] Alan Coopersmith (Feb 23)
Re: CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Alan Coopersmith (Jan 25)
Re: SpringShell and recent OpenJDK updates Alan Coopersmith (Mar 30)
Alejandro Guerrero
CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup Alejandro Guerrero (Jan 25)
Alex Murray
CVE-2021-4120: Insufficient validation of snap content interface and layout paths Alex Murray (Feb 18)
Ana McTaggart
CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Ana McTaggart (Jan 11)
Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Ana McTaggart (Jan 12)
Ana Oprea
CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS Ana Oprea (Jan 12)
ariel . byd
Re: zlib memory corruption on deflate (i.e. compress) ariel . byd (Mar 27)
Aristedes Maniatis
CVE-2022-24289: Apache Cayenne: Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions Aristedes Maniatis (Feb 11)
Bartek Plotka
CVE-2022-21698: HTTP method DOS; Prometheus client_golang <1.11.1 affected; Other web servers might be affected too Bartek Plotka (Feb 15)
Bastian Blank
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Bastian Blank (Jan 27)
Benoit Tellier
CVE-2021-40110: Apache James IMAP vulnerable to a ReDoS Benoit Tellier (Jan 03)
CVE-2021-40525: Apache James: Sieve file storage vulnerable to path traversal attacks Benoit Tellier (Jan 03)
CVE-2021-38542: Apache James vulnerable to STARTTLS command injection (IMAP and POP3) Benoit Tellier (Jan 03)
CVE-2021-40111: Apache James IMAP parsing Denial Of Service Benoit Tellier (Jan 03)
CVE-2022-22931: Path traversal in Apache James Benoit Tellier (Feb 07)
Bryan English
Fwd: Node.js security updates for all active release lines, January 2022 Bryan English (Jan 11)
Fwd: Node.js security updates for all active release lines, January 2022 Bryan English (Jan 04)
butt3rflyh4ck
Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c butt3rflyh4ck (Jan 16)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 21)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 31)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0003 Carlos Alberto Lopez Perez (Feb 17)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0002 Carlos Alberto Lopez Perez (Feb 09)
Carlos López
CVE-2022-24986: KCron: Insecure temporary file handling Carlos López (Feb 25)
Carlton Gibson
Django security releases issued: 4.0.1, 3.2.11, and 2.2.26 (Multiple CVEs) Carlton Gibson (Jan 04)
Chris Boot
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Chris Boot (Jan 27)
Christian Borntraeger
Linux kernel: Fix for KVM on s390, insufficient checks for ioctl Christian Borntraeger (Feb 11)
Daan
CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation Daan (Mar 15)
Damien Miller
Announce: OpenSSH 8.9 released Damien Miller (Feb 23)
Daniel Beck
Vulnerability in Jenkins Daniel Beck (Feb 09)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 29)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 15)
Daniel Gaspar
CVE-2021-44451: Apache Superset: API sensitive information leak Daniel Gaspar (Feb 01)
David Bouman
Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak David Bouman (Mar 28)
Deepesh Chaudhari
Grant Opportunities to Protect Open Source Deepesh Chaudhari (Mar 10)
Devon Thompson
CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Devon Thompson (Feb 18)
Dominik Czarnota
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
Dongliang Mu
Memory leak in Linux HID-elo driver Dongliang Mu (Mar 13)
Ed Kellett
General authentication bypass in Atheme IRC services with InspIRCd 3 Ed Kellett (Jan 30)
Enrico Olivelli
CVE-2021-41571: Apache Pulsar: Pulsar Admin API allows access to data from other tenants using getMessageById API Enrico Olivelli (Jan 31)
Eric Biggers
Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 27)
Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 28)
Re: zlib memory corruption on deflate (i.e. compress) Eric Biggers (Mar 27)
Re: fscrypt: Multiple File System Related Security Issues (CVE-2022-25326, CVE-2022-25327, CVE-2022-25328) Eric Biggers (Feb 24)
Erik Auerswald
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Erik Auerswald (Jan 26)
Everett B. Fulton
Four vulnerabilities disclosed in BIND (CVE-2021-25220, CVE-2022-0396, CVE-2022-0635 and CVE-2022-0667) Everett B. Fulton (Mar 16)
Filip Palian
Re: Linux Kernel 5.15-rc-ksmbd-part2 is affected by: Buffer Overflow. The impact is: use-after-free (local). Filip Palian (Mar 17)
Gabriel Corona
Re: DNS rebinding on ReadyMedia/minidlna v1.3.0 and below Gabriel Corona (Mar 06)
Browser-mediated attacks on WebDriver servers Gabriel Corona (Feb 07)
DNS rebinding on ReadyMedia/minidlna v1.3.0 and below Gabriel Corona (Mar 03)
Lack of TLS certification chain validation in ZAP Proxy Gabriel Corona (Mar 23)
Re: Lack of TLS certification chain validation in ZAP Proxy Gabriel Corona (Mar 24)
Greg KH
Re: usbview polkit policy local root exploit (CVE-2022-23220) Greg KH (Jan 22)
Hannes von Haugwitz
CVE-2021-45417 - aide (>= 0.13 <= 0.17.3): heap-based buffer overflow vulnerability in base64 functions Hannes von Haugwitz (Jan 20)
Haoran Meng
CVE-2022-22733: Apache ShardingSphere ElasticJob-UI: Access-Token in ElasticJob UI causes password disclosure Haoran Meng (Jan 20)
Henri Salo
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Henri Salo (Jan 26)
Hu Jiahui
Linux Kernel: Race Condition in snd_pcm_hw_free leading to use-after-free Hu Jiahui (Mar 28)
Jakub Wilk
Bad signal handling in shell scripts leading to insecure use of /tmp Jakub Wilk (Jan 25)
Re: Re: xterm buffer overflow via crafted sixel Jakub Wilk (Jan 31)
Jean-Baptiste Onofré
[SECURITY] New security advisory for CVE-2021-41766 released for Apache Karaf Jean-Baptiste Onofré (Jan 25)
[SECURITY] New security advisory for CVE-2022-22932 Jean-Baptiste Onofré (Jan 25)
Jedidiah Cunningham
CVE-2022-24288: Apache Airflow: RCE in example DAGs Jedidiah Cunningham (Feb 24)
CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham (Feb 24)
Jeffrey Walton
Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Jeffrey Walton (Jan 12)
SpringShell and recent OpenJDK updates Jeffrey Walton (Mar 30)
Joe Sepi
Fwd: Node.js security updates for all active release lines, March 2022 Joe Sepi (Mar 18)
Fwd: Node.js security updates for all active release lines, March 2022 Joe Sepi (Mar 16)
John Haxby
Re: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1 John Haxby (Jan 18)
John Helmert III
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 24)
Re: zlib memory corruption on deflate (i.e. compress) John Helmert III (Mar 25)
Samba 4.15.5, 4.14.12, 4.13.17 Security Releases John Helmert III (Jan 31)
Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size John Helmert III (Jan 12)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 23)
Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS John Helmert III (Jan 12)
Jonas Schäfer
Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 18)
Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Jonas Schäfer (Jan 13)
Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
Jouni Malinen
wpa_supplicant/hostapd: SAE/EAP-pwd side-channel attack update 2 Jouni Malinen (Jan 16)
Juan Pablo Santos Rodríguez
[CVE-2022-24947] Apache JSPWiki CSRF Account Takeover Juan Pablo Santos Rodríguez (Feb 25)
[CVE-2022-24948] Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen Juan Pablo Santos Rodríguez (Feb 25)
Justin Bertram
ARTEMIS-3593: CVE-2022-23913: Apache ActiveMQ Artemis DoS Justin Bertram (Feb 03)
Kai Lüke
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Kai Lüke (Jan 27)
Karp, Samuel
CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes Karp, Samuel (Mar 02)
Kaxil Naik
CVE-2021-45230: Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver Kaxil Naik (Jan 19)
Kevin Decherf
Re: SpringShell and recent OpenJDK updates Kevin Decherf (Mar 31)
Kim Alvefur
Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Kim Alvefur (Jan 20)
Kirk Lund
CVE-2021-34797: Apache Geode project log file redaction of sensitive information vulnerability Kirk Lund (Jan 03)
Larry McCay
CVE-2021-42357: DOM based XSS Vulnerability in Apache Knox Larry McCay (Jan 17)
Leo Famulari
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 24)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 29)
lewis john mcgibbney
CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor lewis john mcgibbney (Mar 04)
Liu, Congyu
Linux kernel: potential net namespace bug in IPv6 flow label management Liu, Congyu (Feb 13)
Marcus Eriksson
CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs Marcus Eriksson (Feb 11)
Mariusz Felisiak
Django: CVE-2022-23833: Denial-of-service possibility in file uploads Mariusz Felisiak (Feb 01)
Django: CVE-2022-22818: Possible XSS via {% debug %} template tag Mariusz Felisiak (Feb 01)
Mathias Krause
CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
Linux kernel: erroneous error handling after fd_install() Mathias Krause (Jan 27)
Linux kernel: use-after-free of user namespace on shm and mqueue destruction Mathias Krause (Jan 29)
Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Feb 03)
Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
Matthias Gerstner
keylime: Multiple Security Issues (including remote code execution in the Agent component) Matthias Gerstner (Jan 28)
usbview polkit policy local root exploit (CVE-2022-23220) Matthias Gerstner (Jan 21)
Multiple vulnerabilities in connman's dnsproxy component Matthias Gerstner (Jan 25)
fscrypt: Multiple File System Related Security Issues (CVE-2022-25326, CVE-2022-25327, CVE-2022-25328) Matthias Gerstner (Feb 24)
Matthias Schmidt
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Matthias Schmidt (Jan 26)
Maurits van Rees
Plone: cache poisoning in image_view_fullscreen Maurits van Rees (Jan 31)
Max Kellermann
CVE-2022-0847: Linux kernel: overwriting read-only files Max Kellermann (Mar 07)
Mike Jumper
[SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections Mike Jumper (Jan 11)
[SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses Mike Jumper (Jan 11)
Milan Broz
CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery Milan Broz (Jan 13)
Mukul Gandhi
CVE-2022-23437: Infinite loop within Apache XercesJ xml parser Mukul Gandhi (Jan 24)
Neil Griffin
CVE-2021-36739: Apache Portals: XSS vulnerability in the MVCBean JSP portlet maven archetype Neil Griffin (Jan 05)
CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet Neil Griffin (Jan 05)
CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet Neil Griffin (Jan 05)
nick black
xterm buffer overflow via crafted sixel nick black (Jan 30)
Nick Gregory
Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4 Nick Gregory (Feb 21)
Nils Bars
Null pointer deref in unzip 6.0 Nils Bars (Jan 14)
Otto Moerbeek
Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0 Otto Moerbeek (Mar 25)
Paolo Perego
Multiple vulnerabilities affecting cobbler Paolo Perego (Feb 18)
Petr Štetiar
Re: zlib memory corruption on deflate (i.e. compress) Petr Štetiar (Mar 24)
Phil Pennock
CVE-2022-26652: nats-server arbitrary file write Phil Pennock (Mar 10)
[CVE-2022-24450] nats-server unconstrained account assumption by authenticated clients Phil Pennock (Feb 07)
Pietro Albini
Race condition in the Rust standard library (CVE-2022-21658) Pietro Albini (Jan 20)
PJ Fanning
CVE-2022-26336: poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception PJ Fanning (Mar 04)
Qualys Security Advisory
CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)
CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Qualys Security Advisory (Feb 17)
CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd() Qualys Security Advisory (Jan 24)
CVE-2021-3996 and CVE-2021-3995 in util-linux's libmount Qualys Security Advisory (Jan 24)
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Qualys Security Advisory (Jan 25)
Ralph Goers
CVE-2022-23307: Apache Log4j 1.x: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. Ralph Goers (Jan 18)
CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x Ralph Goers (Jan 18)
CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1 Ralph Goers (Jan 18)
Rohit Keshri
CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) Rohit Keshri (Jan 10)
Roman Medina-Heigl Hernandez
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
Ryan Skraba
CVE-2021-43045: Apache Avro: Possible DOS vulnerabilities in C# Avro SDK Ryan Skraba (Jan 06)
Salvatore Bonaccorso
Re: Linux kernel: use-after-free of user namespace on shm and mqueue destruction Salvatore Bonaccorso (Jan 29)
Re: Linux kernel: heap out of bounds write in nf_dup_netdev.c since 5.4 Salvatore Bonaccorso (Feb 21)
Re: xterm buffer overflow via crafted sixel Salvatore Bonaccorso (Jan 30)
Re: Fuzzy CVE's in GNU inetutils Salvatore Bonaccorso (Jan 16)
Sam James
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Sam James (Jan 30)
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
Samuel Page
CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc) Samuel Page (Feb 10)
SBA - Advisory
[SBA-ADV-20220127-01] CVE-2022-24129: Shibboleth Identity Provider OIDC OP Plugin 3.0.3 or below Server-Side Request Forgery SBA - Advisory (Jan 31)
Seth Arnold
Re: SpringShell and recent OpenJDK updates Seth Arnold (Mar 30)
Simon McVittie
Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Simon McVittie (Feb 23)
sirdarckcat .
CVE-2022-0742: Remote Denial of Service on Linux Kernel >=5.13 icmp6 sirdarckcat . (Mar 15)
Solar Designer
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)
Sönke Huster
CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver Sönke Huster (Mar 11)
Stefan Eissing
CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds Stefan Eissing (Mar 14)
CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier Stefan Eissing (Mar 14)
CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody Stefan Eissing (Mar 14)
CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody Stefan Eissing (Mar 14)
Sven Kieske
Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size Sven Kieske (Jan 12)
Szymon Heidrich
CVE-2022-25375 : Linux RNDIS USB Gadget memory extraction via packet filter Szymon Heidrich (Feb 21)
Tabitha Sable
CVE-2022-0492: Linux kernel cgroups v1 missing capabilities check when setting release_agent Tabitha Sable (Feb 04)
Tavis Ormandy
Re: Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 28)
zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 23)
Re: xterm buffer overflow via crafted sixel Tavis Ormandy (Jan 30)
Re: zlib memory corruption on deflate (i.e. compress) Tavis Ormandy (Mar 26)
tr3e wang
CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 11)
Re: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 14)
Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 13)
Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 18)
Re: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jan 18)
Tvrtko Ursulin
Linux kernel: Security sensitive bug in the i915 kernel driver (CVE-2022-0330) Tvrtko Ursulin (Jan 25)
Wadeck Follonier
Multiple vulnerabilities in Jenkins plugins Wadeck Follonier (Feb 15)
Multiple vulnerabilities in Jenkins and Jenkins plugins Wadeck Follonier (Jan 12)
Wenqing Liu
CVE-2021-44879: kernel:NULL pointer dereference in fs/f2fs/gc.c:move_data_page Wenqing Liu (Feb 11)
Will
Linux kernel: Heap buffer overflow in fs_context.c since version 5.1 Will (Jan 18)
Willem de Bruijn
Re: Linux kernel: potential net namespace bug in IPv6 flow label management Willem de Bruijn (Feb 13)
Re: Linux kernel: potential net namespace bug in IPv6 flow label management Willem de Bruijn (Feb 13)
Wire Snark
Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount() Wire Snark (Feb 23)
Xen . org security team
Xen Security Advisory 393 v2 (CVE-2022-23033) - arm: guest_physmap_remove_page not removing the p2m mappings Xen . org security team (Jan 25)
Xen Security Advisory 396 v3 (CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042) - Linux PV device frontends vulnerable to attacks by backends Xen . org security team (Mar 10)
Xen Security Advisory 395 v2 (CVE-2022-23035) - Insufficient cleanup of passed-through device IRQs Xen . org security team (Jan 25)
Xen Security Advisory 398 v1 - Multiple speculative security issues Xen . org security team (Mar 08)
Xen Security Advisory 394 v3 (CVE-2022-23034) - A PV guest could DoS Xen while unmapping a grant Xen . org security team (Jan 25)
Xen Security Advisory 398 v2 - Multiple speculative security issues Xen . org security team (Mar 18)
Xiaoxiang Yu
CVE-2021-45456: Apache Kylin: Command injection Xiaoxiang Yu (Jan 06)
CVE-2021-45458: Apache Kylin: Hardcoded credentials Xiaoxiang Yu (Jan 06)
CVE-2021-45457: Apache Kylin: Overly broad CORS configuration Xiaoxiang Yu (Jan 06)
CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE Xiaoxiang Yu (Jan 06)
CVE-2021-31522: Apache Kylin unsafe class loading Xiaoxiang Yu (Jan 06)
CVE-2021-27738: Apache Kylin: Improper Access Control to Streaming Coordinator & SSRF Xiaoxiang Yu (Jan 06)
Zach Hoffman
CVE-2022-23206: Apache Traffic Control: Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth Zach Hoffman (Feb 04)
Zexuan Luo
CVE-2022-24112: Apache APISIX: apisix/batch-requests plugin allows overwriting the X-REAL-IP header Zexuan Luo (Feb 11)
CVE-2022-25757: Apache APISIX: the body_schema check in request-validation plugin can be bypassed Zexuan Luo (Mar 28)
Zhang Yonglun
CVE-2022-23223: Apache ShenYu (incubating) Password leakage Zhang Yonglun (Jan 26)
CVE-2021-45029: Apache ShenYu (incubating) Groovy Code Injection and SpEL Injection Zhang Yonglun (Jan 26)
CVE-2021-45029: Groovy Code Injection & SpEL Injection in Apache ShenYu 2.4.1 Zhang Yonglun (Jan 25)
CVE-2022-23944: Apache ShenYu (incubating) Improper access control Zhang Yonglun (Jan 26)
CVE-2022-23945: Apache ShenYu (incubating) missing authentication allows gateway registration Zhang Yonglun (Jan 26)
CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Zhang Yonglun (Jan 25)
CVE-2022-23223: Password leakage in Apache ShenYu Zhang Yonglun (Jan 25)
CVE-2022-23945: Apache ShenYu missing authentication allows gateway registration Zhang Yonglun (Jan 25)
王明义
Linux Kernel 5.15-rc-ksmbd-part2 is affected by: Buffer Overflow. The impact is: use-after-free (local). 王明义 (Mar 17)