oss-sec: by author
RSS Feed
About List
All Lists
Previous period
239 messages
starting Jul 07 22 and
ending Aug 18 22
Date index |
Thread index |
Author index
Abhishek Agarwal
CVE-2021-44791: Apache Druid: Reflected XSS on certain HTTP endpoints Abhishek Agarwal (Jul 07)
CVE-2022-28889: Apache Druid: Clickjacking in the web console Abhishek Agarwal (Jul 07)
Aki Tuomi
Re: CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used Aki Tuomi (Jul 08)
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used Aki Tuomi (Jul 06)
Alan Coopersmith
Re: zlib buffer overflow Alan Coopersmith (Aug 08)
Alejandro Guerrero
N-day exploit for CVE-2022-2586: Linux kernel nft_object UAF Alejandro Guerrero (Aug 29)
Alexander Burke
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Alexander Burke (Jul 06)
Alex Gaynor
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Alex Gaynor (Aug 25)
Amos Jeffries
Fwd: [ADVISORY] SQUID-2022:1 Exposure of Sensitive Information in Cache Manager Amos Jeffries (Sep 22)
Fwd: [ADVISORY] SQUID-2022:2 Buffer Over Read in SSPI and SMB Authentication Amos Jeffries (Sep 22)
Ana Oprea
CVE-2022-1941: Protobuf C++, Python DoS Ana Oprea (Sep 27)
Andrew Cooper
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Andrew Cooper (Jul 13)
Arnout Engelen
CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP Arnout Engelen (Sep 22)
CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC Arnout Engelen (Sep 22)
Art Manion
JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0 Art Manion (Sep 02)
Ash Berlin-Taylor
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag Ash Berlin-Taylor (Aug 16)
Benoit Tellier
CVE-2022-28220: STARTTLS command injection in Apache JAMES Benoit Tellier (Sep 20)
Carl B. Marcum
CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password Carl B. Marcum (Aug 12)
CVE-2022-37401: Apache OpenOffice Weak Master Keys Carl B. Marcum (Aug 12)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009 Carlos Alberto Lopez Perez (Sep 19)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez (Sep 02)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez (Aug 25)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0009 Carlos Alberto Lopez Perez (Sep 20)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007 Carlos Alberto Lopez Perez (Jul 28)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez (Sep 01)
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0006 Carlos Alberto Lopez Perez (Jul 05)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Carlos Alberto Lopez Perez (Aug 29)
Carlton Gibson
Django: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse. Carlton Gibson (Aug 03)
Charles Fol
CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities Charles Fol (Aug 30)
Christian Heinrich
Re: snowflakedb security contacts Christian Heinrich (Jul 26)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 27)
Vulnerability in Jenkins Daniel Beck (Sep 09)
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Sep 21)
Daniel Gaspar
CVE-2021-37839: Apache Superset: Improper access to dataset metadata information Daniel Gaspar (Jul 06)
Daniel Stenberg
[SECURITY ADVISORY] CVE-2022-35252: control code in cookie denial of service (curl) Daniel Stenberg (Aug 30)
Dave Horsfall
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Dave Horsfall (Jul 05)
David Hildenbrand
CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 08)
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 15)
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 08)
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 09)
David Leadbeater
CVE-2022-2663: Linux netfilter: nf_conntrack_irc message handling David Leadbeater (Aug 30)
Re: CVE-2022-2663: Linux netfilter: nf_conntrack_irc message handling David Leadbeater (Sep 01)
Demi Marie Obenour
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Demi Marie Obenour (Jul 03)
Denial of service in GnuPG Demi Marie Obenour (Jul 04)
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour (Jul 06)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Demi Marie Obenour (Sep 01)
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour (Jul 06)
Re: Denial of service in GnuPG Demi Marie Obenour (Jul 04)
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Demi Marie Obenour (Aug 08)
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Demi Marie Obenour (Jul 06)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 Demi Marie Obenour (Aug 29)
Re: big ints in python: CVE-2020-10735 Demi Marie Obenour (Sep 21)
duoming
Linux kernel: UAF vulnerabilities in rose protocol duoming (Jul 03)
Re: Linux kernel: UAF vulnerabilities in rose protocol duoming (Jul 05)
Eduardo' Vela" <Nava>
Fwd: CVE-2022-2347 - Unchecked Download Size and Direction in U-Boot USB DFU Eduardo' Vela" <Nava> (Jul 08)
EGE BALCI
CVE-2022-29154: Rsync client-side arbitrary file write vulnerability. EGE BALCI (Aug 02)
Evgeny Legerov
Apache mod_dav off-by-one Evgeny Legerov (Aug 09)
Exim 4.96 overflow Evgeny Legerov (Aug 09)
Exim < 4.95 heap overflow Evgeny Legerov (Aug 06)
Re: Exim 4.95 invalid free Evgeny Legerov (Aug 07)
Re: Exim 4.95 invalid free Evgeny Legerov (Aug 06)
Exim 4.95 invalid free Evgeny Legerov (Aug 06)
zlib buffer overflow Evgeny Legerov (Aug 05)
Fabian Keil
wolfSSL 5.4.0 fixes CVE-2022-34293 and other issues Fabian Keil (Aug 08)
Filippo Bonazzi
gromox: potential local privilege escalation (CVE-2022-37030) Filippo Bonazzi (Aug 04)
Florian Weimer
Re: Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() Florian Weimer (Aug 08)
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Florian Weimer (Jul 06)
Georgi Guninski
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 14)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 08)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)
sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)
big ints in python: CVE-2020-10735 Georgi Guninski (Sep 21)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 07)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)
Graeme Fowler
Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Graeme Fowler (Aug 10)
Grant Taylor
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Grant Taylor (Jul 06)
Greg KH
Re: Linux kernel: stack-out-of-bounds in profile_pc Greg KH (Aug 18)
Haonan Hou
CVE-2022-38370: Apache IoTDB: No authorization of DatabaseConnectController in grafana-connector. Haonan Hou (Sep 05)
CVE-2022-38369: Apache IoTDB: Login check vulnerability by session Id Haonan Hou (Sep 05)
Hausler, Micah
[kubernetes] CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass Hausler, Micah (Jul 11)
Hsin-Wei Hung
Linux kernel slab-out-of-bound read in bpf Hsin-Wei Hung (Aug 25)
Re: Linux kernel slab-out-of-bound read in bpf Hsin-Wei Hung (Aug 26)
Hyunwoo Kim
[Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev Hyunwoo Kim (Sep 24)
Re: [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev Hyunwoo Kim (Sep 24)
CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev Hyunwoo Kim (Sep 23)
Jacques Le Roux
Apache OFBiz - Server-Side Template Injection (CVE-2022-25813) Jacques Le Roux (Sep 02)
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 02)
Apache OFBiz - Regular Expression Denial of Service (ReDoS) (CVE-2022-29158) Jacques Le Roux (Sep 02)
Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063) Jacques Le Roux (Sep 02)
Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 03)
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 08)
Apache OFBiz - Unauth Stored XSS (CVE-2022-25370) Jacques Le Roux (Sep 02)
Jakub Wilk
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Jakub Wilk (Jul 04)
Jed Cunningham
Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons Jed Cunningham (Sep 21)
Jedidiah Cunningham
CVE-2022-40754: Apache Airflow: Open Redirect Jedidiah Cunningham (Sep 20)
CVE-2022-38054: Apache Airflow: Session Fixation Jedidiah Cunningham (Sep 01)
CVE-2022-40604: Apache Airflow: Format String Vulnerability Jedidiah Cunningham (Sep 20)
CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons Jedidiah Cunningham (Sep 02)
Jeffrey Walton
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton (Sep 06)
Jens-Wolfhard Schicke-Uffmann
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Jens-Wolfhard Schicke-Uffmann (Jul 04)
Jeremy Stanley
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 07)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
Joe Orton
CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Joe Orton (Aug 25)
Joey
Re: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability Joey (Sep 06)
John Haxby
CVE-2022-21505: Kernel lockdown bypass bug John Haxby (Jul 19)
John Helmert III
Re: Exim < 4.95 heap overflow John Helmert III (Aug 07)
Re: Apache mod_dav off-by-one John Helmert III (Aug 10)
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets John Helmert III (Jul 19)
Re: Exim 4.95 invalid free John Helmert III (Aug 06)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Aug 26)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 John Helmert III (Aug 26)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 John Helmert III (Sep 13)
Re: CVE Request: heap buffer overflow in gdk-pixbuf John Helmert III (Jul 23)
Juan Pablo Santos Rodríguez
CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin Juan Pablo Santos Rodríguez (Aug 03)
CVE-2022-28731: Apache JSPWiki CSRF in UserPreferences.jsp Juan Pablo Santos Rodríguez (Aug 03)
CVE-2022-34158: Apache JSPWiki: User Group Privilege Escalation Juan Pablo Santos Rodríguez (Aug 03)
CVE-2022-27166: Apache JSPWiki: XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2 Juan Pablo Santos Rodríguez (Aug 03)
CVE-2022-28730: Apache JSPWiki Cross-site scripting vulnerability on AJAXPreview.jsp Juan Pablo Santos Rodríguez (Aug 03)
Junio C Hamano
Git v2.37.1 and friends for CVE-2022-29187 Junio C Hamano (Jul 13)
Justin Bertram
CVE-2022-35278: Apache ActiveMQ Artemis: HTML Injection in ActiveMQ Artemis Web Console Justin Bertram (Aug 18)
Keine Eile
Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250? Keine Eile (Jul 03)
Kirk Lund
CVE-2022-37023: Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 Kirk Lund (Aug 30)
CVE-2022-37022: Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11 Kirk Lund (Aug 30)
CVE-2022-37021: Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8. Kirk Lund (Aug 30)
Kurt H Maier
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Kurt H Maier (Jul 05)
Lari Hotari
CVE-2022-24280: Apache Pulsar Proxy target broker address isn't validated Lari Hotari (Sep 22)
Manikumar
CVE-2022-34917: Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers Manikumar (Sep 19)
Marcus Meissner
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Marcus Meissner (Jul 04)
Mariusz Felisiak
Django: CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. Mariusz Felisiak (Jul 04)
Mark J. Cox
CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Mark J. Cox (Jul 19)
CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues Mark J. Cox (Jul 06)
Marko Lindqvist
Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow Marko Lindqvist (Aug 05)
Mark Thomas
CVE-2021-43980: Apache Tomcat: Information disclosure Mark Thomas (Sep 28)
Matthias Gerstner
insufficiently protected D-Bus interface in KDiskMark 3.0.0 (CVE-2022-40673) Matthias Gerstner (Sep 14)
Matt Juntunen
CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults Matt Juntunen (Jul 06)
Michael Marshall
CVE-2022-33681: Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM Michael Marshall (Sep 22)
CVE-2022-33682: Apache Pulsar: Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack Michael Marshall (Sep 22)
CVE-2022-33683: Apache Pulsar: Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack Michael Marshall (Sep 22)
Michael Orlitzky
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Michael Orlitzky (Sep 06)
Michał Kępień
ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178) Michał Kępień (Sep 21)
Mickaël Salaün
Landlock news #2 Mickaël Salaün (Aug 17)
Monis Khan
[kubernetes] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) Monis Khan (Sep 16)
Moritz Muehlenhoff
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Moritz Muehlenhoff (Jul 20)
Moritz Mühlenhoff
Re: CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities Moritz Mühlenhoff (Aug 30)
Myers, Christopher
Grails Framework Remote Code Execution Vulnerability, CVE-2022-35912 Myers, Christopher (Jul 20)
Naveen Gangam
[Security] CVE-2021-34538: Security vulnerability in Hive with UDFs Naveen Gangam (Jul 15)
Neil Williams
CVE-2022-20359 is not mentioned in linked bulletin Neil Williams (Aug 11)
Noel Kuntze
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Noel Kuntze (Jul 04)
Otto Moerbeek
Security Advisory 2022-02 for PowerDNS Recursor up to and including 4.5.9, 4.6.2, 4.7.1 Otto Moerbeek (Aug 23)
Pedro Ribeiro
CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 23)
Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 24)
Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 24)
Peter van Dijk
DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Peter van Dijk (Jul 04)
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Peter van Dijk (Jul 04)
Philipp Jeitner (SIT)
Fixed DNS UDP port in totd DNS forwarder (CVE-2022-34294) Philipp Jeitner (SIT) (Aug 13)
Multiple DNS Cache poisoning vulnerabilities in dnrd DNS forwarder (CVE-2022-33993, CVE-2022-33992) Philipp Jeitner (SIT) (Aug 13)
Multiple DNS Cache poisoning vulnerabilities in dproxy and drpoxy-nexgen (CVE-2022-33988, CVE-2022-33989, CVE-2022-33990, CVE-2022-33991) Philipp Jeitner (SIT) (Aug 13)
Povilas Kanapickas
Fwd: X.Org Security Advisory: July 12, 2022 Povilas Kanapickas (Jul 12)
Pushkar Joglekar
[kubernetes] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Pushkar Joglekar (Sep 15)
Ralph Goers
CVE-2022-34916: Apache Flume: Improper Input Validation (JNDI Injection) in JMSMessageConsumer Ralph Goers (Aug 20)
Rohit Yadav
[ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741) Rohit Yadav (Jul 18)
Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741) Rohit Yadav (Jul 19)
Roxana Bradescu
Re: Exim < 4.95 heap overflow Roxana Bradescu (Aug 07)
Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets Roxana Bradescu (Jul 20)
Re: [Exim-Security] [oss-security] Exim < 4.95 heap overflow Roxana Bradescu (Aug 12)
Re: CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities Roxana Bradescu (Sep 01)
Re: snowflakedb security contacts Roxana Bradescu (Jul 24)
Ruben Q L
CVE-2022-36364: Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector Ruben Q L (Jul 28)
CVE-2022-39135: Apache Calcite: potential XEE attacks Ruben Q L (Sep 11)
Russ Allbery
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 06)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 07)
Ryan Skraba
CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK Ryan Skraba (Aug 08)
CVE-2022-36124: Apache Avro: Memory overconsumption in Avro Rust SDK Ryan Skraba (Aug 08)
CVE-2022-35724: Apache Avro: Denial of service while reading data in Avro Rust SDK Ryan Skraba (Aug 08)
Salvatore Bonaccorso
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso (Jul 12)
Re: GnuPG signature spoofing via status line injection Salvatore Bonaccorso (Jul 02)
Re: Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow Salvatore Bonaccorso (Aug 30)
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso (Jul 12)
Re: CVE-2022-20359 is not mentioned in linked bulletin Salvatore Bonaccorso (Aug 11)
SBA - Advisory
[SBA-ADV-20220328-01] CVE-2022-38335: Vtiger CRM 7.4.0 or below Stored Cross-Site Scripting SBA - Advisory (Sep 27)
Sean Owen
CVE-2022-33891: Apache Spark shell command injection vulnerability via Spark UI Sean Owen (Jul 17)
Seth Arnold
Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons Seth Arnold (Sep 02)
Re: sagemath denial of service with abort() in gmp: overflow in mpz type Seth Arnold (Sep 06)
snowflakedb security contacts Seth Arnold (Jul 18)
Re: snowflakedb security contacts Seth Arnold (Jul 25)
Sheng Zha
CVE-2022-24294: ReDoS in Apache MXNet RTC Module Sheng Zha (Jul 24)
Simon Steiner
[CVE-2022-40146] Apache Batik information disclosure vulnerability Simon Steiner (Sep 22)
[CVE-2022-38398] Apache Batik information disclosure vulnerability Simon Steiner (Sep 22)
[CVE-2022-38648] Apache Batik information disclosure vulnerability Simon Steiner (Sep 22)
Solar Designer
Re: Linux Kernel use-after-free write in netfilter Solar Designer (Aug 25)
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer (Jul 02)
Re: Exim 4.95 invalid free Solar Designer (Aug 06)
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Solar Designer (Aug 08)
Re: Exim 4.95 invalid free Solar Designer (Aug 06)
Re: Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak Solar Designer (Aug 25)
Re: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation Solar Designer (Aug 06)
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Solar Designer (Jul 06)
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer (Aug 06)
Re: Linux Kernel use-after-free write in netfilter Solar Designer (Sep 02)
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer (Jul 03)
Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250? Solar Designer (Jul 03)
Re: CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow Solar Designer (Sep 11)
Re: Linux: UaF due to concurrency issue in io_uring timeouts Solar Designer (Aug 08)
Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer (Jul 03)
Re: Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Solar Designer (Jul 06)
Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init Solar Designer (Jul 02)
Linux kernel: io_uring: free of unallocated buffer list in io_register_pbuf_ring() Solar Designer (Aug 08)
Stuart Henderson
Re: Exim < 4.95 heap overflow Stuart Henderson (Aug 07)
Tavis Ormandy
Re: DO NOT OPEN PREVIOUS MAIL Re: [oss-security] Denial of service in GnuPG Tavis Ormandy (Jul 06)
Tej Rathi
ClusterLabs/PCS: [CVE-2022-2735] Obtaining an authentication token for hacluster user leads to privilege escalation. Tej Rathi (Sep 01)
Thadeu Lima de Souza Cascardo
Re: CVE-2022-2585 - Linux kernel POSIX CPU timer UAF Thadeu Lima de Souza Cascardo (Aug 18)
Re: CVE-2022-2588 - Linux kernel cls_route UAF Thadeu Lima de Souza Cascardo (Aug 18)
Re: CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo (Aug 18)
CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo (Aug 09)
CVE-2022-2588 - Linux kernel cls_route UAF Thadeu Lima de Souza Cascardo (Aug 09)
CVE-2022-2585 - Linux kernel POSIX CPU timer UAF Thadeu Lima de Souza Cascardo (Aug 09)
Thiago H. de Paula Figueiredo
[CVE-2022-31781] Apache Tapestry denial of service vulnerability Thiago H. de Paula Figueiredo (Jul 12)
Thomas Monjalon
CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability Thomas Monjalon (Aug 29)
CVE-2022-2132: DPDK copy_desc_to_mbuf() Vhost header vulnerability Thomas Monjalon (Aug 29)
Vegard Nossum
Re: CVE-2022-2588 - Linux kernel cls_route UAF Vegard Nossum (Aug 09)
Vladimir de Turckheim
Fwd: Node.js security updates for all active release lines, Month Year Vladimir de Turckheim (Sep 15)
Fwd: [Postponed] Node.js security updates for all active release lines, September 2022 Vladimir de Turckheim (Sep 22)
Fwd: Node.js security updates for all active release lines, September 2022 Vladimir de Turckheim (Sep 23)
VMware Security Response Center
[SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676) VMware Security Response Center (Aug 23)
Wadeck Follonier
Multiple vulnerabilities in Jenkins plugins Wadeck Follonier (Aug 23)
Weigang (Jimmy)
CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(<5.10.127) Weigang (Jimmy) (Jul 19)
CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1) Weigang (Jimmy) (Jul 19)
Xen . org security team
Xen Security Advisory 406 v3 (CVE-2022-33744) - Arm guests can cause Dom0 DoS via PV devices Xen . org security team (Jul 05)
Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode Xen . org security team (Jul 26)
Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode Xen . org security team (Jul 26)
Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Xen . org security team (Jul 12)
Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks Xen . org security team (Jul 05)
Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs Xen . org security team (Jul 05)
Xingyuan Mo
Linux kernel: information disclosure in stex_queuecommand_lck Xingyuan Mo (Sep 09)
Re: Linux kernel: information disclosure in stex_queuecommand_lck Xingyuan Mo (Sep 19)
Zhang Yonglun
CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management Zhang Yonglun (Sep 01)
Zhenxu Ke
CVE-2022-36127: Apache SkyWalking NodeJS Agent: Service unavailability impact in NodeJS agent(version <= 0.5.0) Zhenxu Ke (Jul 18)
黄 晓
Linux kernel: stack-out-of-bounds in profile_pc 黄 晓 (Aug 18)