oss-sec: by author
RSS Feed
About List
All Lists
Previous period
220 messages
starting Jun 15 22 and
ending Apr 26 22
Date index |
Thread index |
Author index
Akira Ajisaka
CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (Jun 15)
Alan Coopersmith
Re: linux-distros list policy and Linux kernel Alan Coopersmith (May 19)
mutt 2.2.3 released - fixes CVE-2022-1328 Alan Coopersmith (Apr 14)
Aleksa Sarai
CVE-2022-29162: runc < 1.1.2 incorrect handling of inheritable capabilities in default configuration Aleksa Sarai (May 11)
Alex Murray
Re: firejail: local root exploit reachable via --join logic (CVE-2022-31214) Alex Murray (Jun 09)
Andy Seaborne
CVE-2022-28890: Apache Jena: Processing external DTDs Andy Seaborne (May 04)
Anthony Liguori
Re: linux-distros list policy and Linux kernel Anthony Liguori (May 15)
Archange
Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Archange (May 09)
Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Archange (May 09)
Axel Beckert
Re: zgrep, xzgrep: arbitrary-file-write vulnerability Axel Beckert (Apr 08)
Brian Behlendorf
Re: CVE-2022-21449 and version reporting Brian Behlendorf (Apr 28)
Brian Demers
CVE-2022-32532: Apache Shiro: Authentication Bypass Vulnerability Brian Demers (Jun 28)
butt3rflyh4ck
CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode butt3rflyh4ck (Apr 13)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0005 Carlos Alberto Lopez Perez (May 30)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 Carlos Alberto Lopez Perez (Apr 08)
Christian Fischer
Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
Re: CVE-2022-21449 and version reporting Christian Fischer (Apr 30)
Re: CVE-2022-21449 and version reporting Christian Fischer (May 02)
CJ Cullen
[kubernetes] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file CJ Cullen (Apr 22)
[kubernetes] CVE-2021-25746: Ingress-nginx directive injection via annotations CJ Cullen (Apr 22)
[kubernetes] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character CJ Cullen (Jun 10)
Damien Miller
Announce: OpenSSH 9.0 released Damien Miller (Apr 07)
Dan Carpenter
Re: linux-distros list policy and Linux kernel Dan Carpenter (May 19)
Re: [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling Dan Carpenter (Apr 02)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 30)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 17)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 12)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 22)
Daniel Stenberg
[SECURITY ADVISORY] curl: removes wrong file on error Daniel Stenberg (May 10)
[SECURITY ADVISORY] curl: CVE-2022-32207: Unpreserved file permissions Daniel Stenberg (Jun 26)
[SECURITY ADVISORY] curl: cookie for trailing dot TLD Daniel Stenberg (May 10)
[SECURITY ADVISORY] curl: percent-encoded path separator in URL host Daniel Stenberg (May 10)
[SECURITY ADVISORY] curl: FTP-KRB bad message verification Daniel Stenberg (Jun 26)
[SECURITY ADVISORY] curl: CVE-2022-32206: HTTP compression denial of service Daniel Stenberg (Jun 26)
[SECURITY ADVISORY] curl credential leak on redirect Daniel Stenberg (Apr 26)
[SECURITY ADVISORY] curl: CVE-2022-32205: Set-Cookie denial of service Daniel Stenberg (Jun 26)
[SECURITY ADVISORY] curl OAUTH2 bearer bypass in connection re-use Daniel Stenberg (Apr 26)
[SECURITY ADVISORY] curl auth/cookie leak on redirect Daniel Stenberg (Apr 26)
[SECURITY ADVISORY] curl: TLS and SSH connection too eager reuse Daniel Stenberg (May 10)
[SECURITY ADVISORY] curl: HSTS bypass via trailing dot Daniel Stenberg (May 10)
[SECURITY ADVISORY] curl bad local IPv6 connection reuse Daniel Stenberg (Apr 26)
[SECURITY ADVISORY] curl: CERTINFO never-ending busy-loop Daniel Stenberg (May 10)
David A. Wheeler
Re: CVE-2022-21449 and version reporting David A. Wheeler (Apr 30)
David Bouman
Linux: UaF due to concurrency issue in io_uring timeouts David Bouman (Apr 22)
David Handermann
CVE-2022-33140: Apache NiFi, Apache NiFi Registry: Improper Neutralization of Command Elements in Shell User Group Provider David Handermann (Jun 15)
CVE-2022-29265: Apache NiFi: Improper Restriction of XML External Entity References in Multiple Components David Handermann (Apr 29)
Demi Marie Obenour
GnuPG signature spoofing via status line injection Demi Marie Obenour (Jun 29)
Dimitrios Glynos
multiple vulnerabilities in radare2 Dimitrios Glynos (May 25)
duoming
CVE-2022-1974: Linux kernel: use-after-free caused by improper check device_is_registered() in nfc netlink related functions duoming (Jun 05)
CVE-2022-1975: Linux kernel: sleep in atomic context bug when nfc firmware download timeout duoming (Jun 05)
Linux kernel: CVE-2022-1516: NULL pointer dereference in Linux kernel`s X.25 network protocol duoming (Jun 19)
Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module duoming (Jun 05)
Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module duoming (Jun 09)
EDG EDG
Linux Kernel use-after-free write in netfilter EDG EDG (May 31)
eduardo vela
Re: linux-distros list policy and Linux kernel eduardo vela (May 23)
Felix Fu
CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Felix Fu (Apr 11)
Gabriel Corona
Re: Browser-mediated attacks on WebDriver servers Gabriel Corona (Apr 16)
Re: Browser-mediated attacks on WebDriver servers Gabriel Corona (Apr 14)
Gautham Banasandra
CVE-2022-26612: Apache Hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows Gautham Banasandra (Apr 07)
Gerald Lee
CVE-2022-1976: Linux Kernel: A use-after-free in __lock_acquire Gerald Lee (Jun 14)
CVE-2022-1973: Linux Kernel: fs/ntfs3: invalid free in log_replay Gerald Lee (Jun 07)
Gianluca Gabrielli
CVE-2022-28356: Linux kernel: refcount leak in llc_ui_bind and llc_ui_autobind Gianluca Gabrielli (Apr 06)
Greg KH
Re: linux-distros list policy and Linux kernel Greg KH (May 17)
Re: linux-distros list policy and Linux kernel Greg KH (May 22)
Re: CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Greg KH (Apr 22)
Re: linux-distros list policy and Linux kernel Greg KH (May 24)
Re: linux-distros list policy and Linux kernel Greg KH (May 16)
Re: linux-distros list policy and Linux kernel Greg KH (May 16)
Re: CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Greg KH (Apr 21)
Re: Linux kernel: A concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources Greg KH (Apr 12)
Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Greg KH (Apr 11)
Re: linux-distros list policy and Linux kernel Greg KH (May 16)
Igor Seletskiy
Re: linux-distros list policy and Linux kernel Igor Seletskiy (May 15)
Request for comment: kmod signing by AlmaLinux OS Foundation Igor Seletskiy (Jun 21)
Iron-Bound
Re: CVE-2022-21449 and version reporting Iron-Bound (Apr 29)
ISC Security Officer
ISC has disclosed a vulnerability in BIND (CVE-2022-1183) ISC Security Officer (May 18)
Jakub Wilk
Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)
Jan Lehnardt
CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Jan Lehnardt (Apr 26)
Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Jan Lehnardt (May 09)
Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Jan Lehnardt (May 09)
Jason A. Donenfeld
Re: linux-distros list policy and Linux kernel Jason A. Donenfeld (May 17)
Re: linux-distros list policy and Linux kernel Jason A. Donenfeld (May 16)
Jeremy Stanley
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Jeremy Stanley (May 26)
Re: CVE-2022-21449 and version reporting Jeremy Stanley (Apr 28)
Re: CVE-2022-21449 and version reporting Jeremy Stanley (Apr 30)
Re: linux-distros list policy and Linux kernel Jeremy Stanley (May 17)
Jiang, Cheng1
DPDK CVE-2022-0669 Release Notice Jiang, Cheng1 (May 04)
DPDK CVE-2021-3839 Release Notice Jiang, Cheng1 (May 04)
Jim Meyering
zgrep, xzgrep: arbitrary-file-write vulnerability Jim Meyering (Apr 07)
John Haxby
CVE-2022-21499: trivial lockdown break John Haxby (May 24)
[SECURITY PATCH 00/30] Multiple GRUB2 vulnerabilities - 2022/06/07 round John Haxby (Jun 07)
Re: CVE-2022-21499: trivial lockdown break John Haxby (May 24)
John Helmert III
Re: CVE-2022-21449 and version reporting John Helmert III (Apr 30)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
Re: CVE-2022-21449 and version reporting John Helmert III (May 01)
Junio C Hamano
git v2.35.2 and friends for CVE-2022-24765 Junio C Hamano (Apr 12)
Jussi Hietanen
OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0001 Jussi Hietanen (May 26)
OPEN SOURCE NTFS-3G SECURITY ADVISORY NTFS3G-SA-2022-0002 Jussi Hietanen (May 26)
Kamil Dudka
Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file Kamil Dudka (May 25)
Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file Kamil Dudka (May 25)
kangel
Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push kangel (Apr 07)
CVE-2022-1789: Linux Kernel: x86/kvm: NULL pointer dereference in kvm_mmu_invpcid_gva kangel (May 25)
CVE-2022-2153: Linux Kernel: x86/kvm: NULL pointer dereference in kvm_irq_delivery_to_apic_fast kangel (Jun 22)
CVE-2022-1852: Linux Kernel: x86/kvm: NULL pointer dereference in x86_emulate_insn kangel (May 31)
Kyle Zeng
CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 24)
Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 24)
CVE-2022-29581: Linux kernel cls_u32 UAF Kyle Zeng (May 18)
Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Kyle Zeng (May 28)
Levente Polyak
Re: zgrep, xzgrep: arbitrary-file-write vulnerability Levente Polyak (Apr 08)
Marc Deslauriers
Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file Marc Deslauriers (May 25)
Marcus Meissner
CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter Marcus Meissner (Apr 27)
Re: CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Marcus Meissner (Apr 22)
Mariusz Felisiak
Django: CVE-2022-28346: Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and ``extra()`` Mariusz Felisiak (Apr 11)
Django: CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL Mariusz Felisiak (Apr 11)
markphip () gmail com
[SECURITY][ANNOUNCE] Apache Subversion 1.10.8 released markphip () gmail com (Apr 12)
[SECURITY][ANNOUNCE] Apache Subversion 1.14.2 released markphip () gmail com (Apr 12)
Mark Thomas
CVE-2022-34305: Apache Tomcat: XSS in examples web application Mark Thomas (Jun 23)
Matteo Collina
Fwd: Node.js security updates for all active release lines, July 2022 Matteo Collina (Jun 28)
Matthias Gerstner
Multiple vulnerabilities in swhkd hotkey helper for Wayland Matthias Gerstner (Apr 14)
firejail: local root exploit reachable via --join logic (CVE-2022-31214) Matthias Gerstner (Jun 08)
tpm2-abrmd: possibly surprising security model for local users could result in a local DoS against TPM configuration and data Matthias Gerstner (Apr 20)
Michael Ellerman
CVE-2022-32981: Linux kernel for powerpc 32-bit, buffer overflow in ptrace PEEKUSER/POKEUSER Michael Ellerman (Jun 14)
Mickaël Salaün
Re: linux-distros list policy and Linux kernel Mickaël Salaün (May 24)
Mike O'Connor
Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem Mike O'Connor (Apr 11)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Mike O'Connor (May 27)
Minh Yuan
Linux kernel: A concurrency use-after-free in floppy's raw_cmd Minh Yuan (Apr 28)
Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version Minh Yuan (May 10)
CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create Minh Yuan (Apr 21)
Linux kernel: A concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources Minh Yuan (Apr 12)
Re: Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version Minh Yuan (May 10)
Moritz Mühlenhoff
Re: Linux Kernel use-after-free write in netfilter Moritz Mühlenhoff (Jun 20)
Myers, Christopher
CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote code to execution vulnerability. Myers, Christopher (Apr 22)
Nathan Gough
CVE-2022-26850: Apache NiFi: Insufficiently protected credentials Nathan Gough (Apr 06)
Norbert Slusarek
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 26)
CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 20)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (Jun 30)
Paolo Bonzini
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
Paolo Perego
Multiple vulnerabilities affecting Uyuni / SUSE Manager Paolo Perego (Jun 21)
Peter Hutterer
CVE-2022-1215 libinput format string vulnerability Peter Hutterer (Apr 19)
Philip Pettersson
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Philip Pettersson (May 26)
Qiuhao Li
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region Qiuhao Li (Apr 08)
Rainer Gerhards
CVE-2022-24903: rsyslog < 8.2204.1 heap buffer overrun Rainer Gerhards (May 05)
Ralph Goers
CVE-2022-25167 - Apache Flume JMSSource does not protect from malicious JNDI urls Ralph Goers (Jun 14)
Robert Munteanu
CVE-2022-32549: Apache Sling: log injection in Sling logging Robert Munteanu (Jun 22)
Roman Fiedler
UNPAR-2022-0 Multiple Vulnerabilities in ntfs-3g NTFS Mount Tool Roman Fiedler (Jun 07)
Salvatore Bonaccorso
Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module Salvatore Bonaccorso (Jun 05)
Re: Linux kernel: A concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources Salvatore Bonaccorso (Apr 12)
Re: Linux Kernel use-after-free write in netfilter Salvatore Bonaccorso (Jun 02)
Re: Linux: UaF due to concurrency issue in io_uring timeouts Salvatore Bonaccorso (Apr 22)
Sam James
Re: linux-distros list policy and Linux kernel Sam James (May 22)
Re: linux-distros list policy and Linux kernel Sam James (May 22)
Samuel Karp
CVE-2022-31030: containerd CRI plugin: Host memory exhaustion through ExecSync Samuel Karp (Jun 07)
Seaman, Chad
CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
Re: CVE-2022-21449 and version reporting Seaman, Chad (Apr 28)
Seth Arnold
[morningman () 163 com: [oss-security] CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization] Seth Arnold (Apr 26)
Re: linux-distros list policy and Linux kernel Seth Arnold (May 16)
Re: CVE-2022-21449 and version reporting Seth Arnold (Apr 28)
Slawomir Jaranowski
CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities Slawomir Jaranowski (May 23)
Solar Designer
Re: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 01)
Re: Linux Kernel: Exploitable vulnerability in io_uring Solar Designer (Jun 04)
Re: linux-distros list policy and Linux kernel Solar Designer (May 24)
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 24)
Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 01)
Re: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 04)
linux-distros list policy and Linux kernel Solar Designer (May 15)
Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability Solar Designer (Jun 04)
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
Re: CVE-2022-1786: Linux Kernel invalid-free in io_uring Solar Designer (May 24)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (Jun 30)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 26)
Re: linux-distros list policy and Linux kernel Solar Designer (May 24)
Re: Linux Kernel use-after-free write in netfilter Solar Designer (Jun 04)
Re: linux-distros list policy and Linux kernel Solar Designer (May 22)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
Re: linux-distros list policy and Linux kernel Solar Designer (May 22)
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 28)
Stefan Eissing
CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match() Stefan Eissing (Jun 08)
CVE-2022-30556: Apache HTTP Server: Information Disclosure in mod_lua with websockets Stefan Eissing (Jun 08)
CVE-2022-30522: Apache HTTP Server: mod_sed denial of service Stefan Eissing (Jun 08)
CVE-2022-31813: Apache HTTP Server: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism Stefan Eissing (Jun 08)
CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi Stefan Eissing (Jun 08)
CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody Stefan Eissing (Jun 08)
CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite() Stefan Eissing (Jun 08)
CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling Stefan Eissing (Jun 08)
Subbu Subramaniam
CVE-2022-23974: Apache Pinot: Pinot segment push endpoint has a vulnerability in unprotected environments Subbu Subramaniam (Apr 05)
Sven Schwedas
Re: CVE-2022-21449 and version reporting Sven Schwedas (Apr 28)
Thadeu Lima de Souza Cascardo
Re: linux-distros list policy and Linux kernel Thadeu Lima de Souza Cascardo (May 16)
Re: linux-distros list policy and Linux kernel Thadeu Lima de Souza Cascardo (May 17)
Thomas Liske
CVE-2022-30688: needrestart 0.8+ local privilege escalation Thomas Liske (May 17)
Tim Allison
CVE-2022-33879: Apache Tika: Incomplete fix and new regex DoS in StandardsExtractingContentHandler Tim Allison (Jun 27)
CVE-2022-30126: Apache Tika Regular Expression Denial of Service in Standards Extractor Tim Allison (May 16)
CVE-2022-25169: Apache Tika BPGParser Memory Usage DoS Tim Allison (May 16)
CVE-2022-30973: Apache Tika: Missing fix for CVE-2022-30126 in 1.28.2 Tim Allison (May 31)
tr3e wang
Re: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jun 07)
Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability tr3e wang (Jun 07)
Vegard Nossum
Re: linux-distros list policy and Linux kernel Vegard Nossum (May 24)
Re: linux-distros list policy and Linux kernel Vegard Nossum (May 20)
Ville Brofeldt
CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API Ville Brofeldt (Apr 13)
Xen . org security team
Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls Xen . org security team (Apr 05)
Xen Security Advisory 399 v2 (CVE-2022-26357) - race in VT-d domain ID cleanup Xen . org security team (Apr 05)
Xen Security Advisory 401 v2 (CVE-2022-26362) - x86 pv: Race condition in typeref acquisition Xen . org security team (Jun 09)
Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities Xen . org security team (Jun 16)
Xen Security Advisory 402 v4 (CVE-2022-26363,CVE-2022-26364) - x86 pv: Insufficient care with non-coherent mappings Xen . org security team (Jun 09)
Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361) - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues Xen . org security team (Apr 05)
Xen Security Advisory 404 v1 (CVE-2022-21123,CVE-2022-21124,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities Xen . org security team (Jun 14)
Yasser Zamani
CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. Yasser Zamani (Apr 12)
Zeping Bai
CVE-2022-29266: Apache APISIX: apisix/jwt-auth may leak secrets in error response Zeping Bai (Apr 19)
Zhang Yonglun
CVE-2022-26650: Apache ShenYu (incubating) Regular expression denial of service Zhang Yonglun (May 17)
一只狗
CVE-2022-1462: Linux kernel: A race condition vulnerability in drivers/tty/tty_buffers.c 一只狗 (May 27)
周多明
CVE-2022-1205 kernel: Null pointer dereference and use-after-free in net/ax25/ax25_timer.c 周多明 (Apr 02)
CVE-2022-1198 kernel: use-after-free in drivers/net/hamradio/6pack.c 周多明 (Apr 02)
CVE-2022-1204: Linux kernel: UAF caused by binding operation when ax25 device is detaching 周多明 (Apr 02)
CVE-2022-1199 kernel: Null pointer dereference and use-after-free in ax25_release() 周多明 (Apr 02)
张子明(明程)
CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation 张子明(明程) (Jun 02)
陈明雨
CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization 陈明雨 (Apr 26)