oss-sec: by author
RSS Feed
About List
All Lists
Previous period
220 messages
starting Mar 30 23 and
ending Jan 31 23
Date index |
Thread index |
Author index
Ailin Nemui
Irssi SA-2023-03 / Use after free in printing routine Ailin Nemui (Mar 30)
Re: CVE-2023-29132: Irssi SA-2023-03 / Use after free in printing routine Ailin Nemui (Mar 31)
Alan Coopersmith
Re: CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Alan Coopersmith (Jan 31)
Re: Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 Alan Coopersmith (Feb 01)
Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 Alan Coopersmith (Jan 17)
Re: Directory traversal in sharutils/uudecode and python uu module Alan Coopersmith (Jan 24)
Albumen Kevin
CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Mar 08)
Angela Schreiber
CVE-2023-25141: JNDI injection into Apache sling-org-apache-sling-jcr-base Angela Schreiber (Feb 14)
Anthony Liguori
Re: New distros list statistics Anthony Liguori (Mar 27)
New distros list statistics Anthony Liguori (Mar 24)
Arnout Engelen
CVE-2023-28935: Apache UIMA DUCC: DUCC (EOL) allows RCE Arnout Engelen (Mar 30)
CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender Arnout Engelen (Mar 10)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Jan 02)
Benoit Tellier
CVE-2022-45935: Apache James server: Temporary File Information Disclosure Benoit Tellier (Jan 05)
CVE-2022-45787: Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider Benoit Tellier (Jan 05)
CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Benoit Tellier (Mar 31)
Brian Demers
CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request Brian Demers (Jan 13)
butt3rflyh4ck
Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup butt3rflyh4ck (Feb 23)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0001 Carlos Alberto Lopez Perez (Feb 02)
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0002 Carlos Alberto Lopez Perez (Feb 15)
Carlton Gibson
Django - CVE-2023-24580: Potential denial-of-service vulnerability in file uploads Carlton Gibson (Feb 14)
Carsten Ziegeler
CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way Carsten Ziegeler (Feb 23)
Casper Dik
Re: TTY pushback vulnerabilities / TIOCSTI Casper Dik (Mar 15)
Charles Zhang
CVE-2023-24977: Apache InLong: Jdbc Connection causes arbitrary file reading in InLong Charles Zhang (Feb 01)
CVE-2023-24997: Apache InLong: Jdbc Connection Security Bypass in InLong Charles Zhang (Feb 01)
CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability in InLong Charles Zhang (Mar 27)
Christos Zoulas
Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
Colm O hEigeartaigh
CVE-2023-25613: LDAP Injection Vulnerability in Apache Kerby Colm O hEigeartaigh (Feb 20)
Damien Miller
Announce: OpenSSH 9.2 released Damien Miller (Feb 02)
Announce: OpenSSH 9.3 released Damien Miller (Mar 15)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 21)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 15)
Multiple vulnerabilities in Jenkins Daniel Beck (Mar 08)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 24)
Daniel Gaspar
CVE-2022-43717: Apache Superset: Cross-Site Scripting on dashboards Daniel Gaspar (Jan 16)
CVE-2022-43718: Apache Superset: Cross-Site Scripting vulnerability on upload forms Daniel Gaspar (Jan 16)
CVE-2022-43720: Apache Superset: Improper rendering of user input Daniel Gaspar (Jan 16)
CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API Daniel Gaspar (Jan 16)
CVE-2022-45438: Apache Superset: Dashboard metadata information leak Daniel Gaspar (Jan 16)
CVE-2022-43721: Apache Superset: Open Redirect Vulnerability Daniel Gaspar (Jan 16)
CVE-2022-41703: Apache Superset: SQL injection vulnerability in adhoc clauses Daniel Gaspar (Jan 16)
Daniel Stenberg
[SECURITY ADVISORY] curl: CVE-2023-27534: SFTP path ~ resolving discrepancy Daniel Stenberg (Mar 20)
[SECURITY ADVISORY] curl: CVE-2023-27537: HSTS double-free Daniel Stenberg (Mar 20)
[SECURITY ADVISORY] curl: CVE-2023-27535: FTP too eager connection reuse Daniel Stenberg (Mar 20)
[SECURITY ADVISORY] curl: CVE-2023-27538: SSH connection too eager reuse still Daniel Stenberg (Mar 20)
curl: CVE-2023-23916: HTTP multi-header compression denial of service Daniel Stenberg (Feb 14)
[SECURITY ADVISORY] curl: CVE-2023-27536: GSS delegation too eager connection re-use Daniel Stenberg (Mar 20)
curl: CVE-2023-23915: HSTS amnesia with --parallel Daniel Stenberg (Feb 14)
curl: CVE-2023-23914: HSTS ignored on multiple requests Daniel Stenberg (Feb 14)
[SECURITY ADVISORY] curl: CVE-2023-27533: TELNET option IAC injection Daniel Stenberg (Mar 20)
Dan Klco
CVE-2023-22849: Apache Sling App CMS: XSS in CMS Reference / UI Components Dan Klco (Feb 04)
CVE-2022-46769: Apache Sling App CMS: XSS in CMS Site Group Detail Dan Klco (Jan 07)
Dave Horsfall
Re: TTY pushback vulnerabilities / TIOCSTI Dave Horsfall (Mar 15)
Dave Wallace
CVE-2022-46397: FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV with AES-CBC mode Dave Wallace (Feb 14)
Davide Ornaghi
CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup Davide Ornaghi (Jan 13)
David Handermann
CVE-2023-22832: Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes David Handermann (Feb 09)
Demi Marie Obenour
Re: Data operand dependent timing on Intel and Arm CPUs Demi Marie Obenour (Jan 30)
Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations Demi Marie Obenour (Jan 05)
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Demi Marie Obenour (Feb 22)
Dino Team
[CVE-2023-28686] Insufficient message sender validation in Dino Dino Team (Mar 23)
duoming
Linux kernel: CVE-2023-1118: UAF vulnerabilities in "drivers/media/rc" directory duoming (Mar 01)
Ed Maste
Re: TTY pushback vulnerabilities / TIOCSTI Ed Maste (Mar 17)
Eric Ashley
Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
Eric Biggers
Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 25)
Re: Data operand dependent timing on Intel and Arm CPUs Eric Biggers (Jan 27)
Eric Covener
CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Eric Covener (Mar 07)
CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Eric Covener (Jan 31)
CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions Eric Covener (Jan 31)
CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte Eric Covener (Jan 17)
CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling Eric Covener (Jan 17)
CVE-2022-28331: Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function Eric Covener (Jan 31)
CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Eric Covener (Mar 07)
CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting Eric Covener (Jan 17)
Fabian Keil
Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
Florian Weimer
Re: SEGV in `alloca(BIG)` and `long pl[BIG]` Florian Weimer (Feb 08)
Gabriel Corona
Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Gabriel Corona (Mar 08)
Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations Gabriel Corona (Jan 05)
Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations Gabriel Corona (Jan 05)
Georgi Guninski
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Georgi Guninski (Mar 06)
First result on google promotes insecure coding (XSS) Georgi Guninski (Mar 19)
Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)
Re: First result on google promotes insecure coding (XSS) Georgi Guninski (Mar 19)
Giannis Christodoulakos
CVE-2023-24278 - Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint Giannis Christodoulakos (Mar 16)
CVE-2023-24278 - Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint Giannis Christodoulakos (Mar 16)
Greg KH
Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 12)
Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 13)
Hanno Böck
Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 15)
Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
Helmut Grohne
sox: patches for old vulnerabilities Helmut Grohne (Feb 03)
Re: sox: patches for old vulnerabilities Helmut Grohne (Mar 14)
Heping Wang
CVE-2022-44644: Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability Heping Wang (Jan 30)
CVE-2022-44645: Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability Heping Wang (Jan 30)
Hrvoje Mišetić
Linux kernel: Unauthenticated remote DOS in ksmbd NTLMv2 authentication Hrvoje Mišetić (Jan 04)
Jakub Wilk
Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
James Dailey
CVE-2023-25196: Apache Fineract: SQL injection vulnerability James Dailey (Mar 27)
CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls James Dailey (Mar 27)
CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users James Dailey (Mar 27)
Jan Engelhardt
Re: TTY pushback vulnerabilities / TIOCSTI Jan Engelhardt (Mar 15)
Jan Schaumann
CVE-2023-25139: glibc-2.37 sprintf buffer overflow Jan Schaumann (Feb 10)
Jarek Potiuk
CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution Jarek Potiuk (Feb 23)
CVE-2023-25695: Information disclosure in Apache Airflow Jarek Potiuk (Mar 15)
CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service Jarek Potiuk (Feb 23)
CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow Jarek Potiuk (Jan 21)
CVE-2023-25696: Apache Airflow Hive Provider Beeline RCE Jarek Potiuk (Feb 23)
CVE-2023-25693: Sqoop Apache Airflow Provider Remote Code Execution Vulnerability Jarek Potiuk (Feb 23)
CVE-2023-25956: Apache Airflow AWS Provider: Arbitrary file read via AWS provider Jarek Potiuk (Feb 23)
Jeremy Stanley
[OSSA-2023-001] Swift: Arbitrary file access through custom S3 XML entities (CVE-2022-47950) Jeremy Stanley (Jan 17)
[OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) Jeremy Stanley (Jan 24)
Jialin Qiao
CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Jan 30)
CVE-2023-24830: Apache IoTDB: apache/iotdb-web-workbench: create a user without authorization Jialin Qiao (Jan 30)
Jisoo Jang
Re: A USB-accessible slab-out-of-bounds read in Linux kernel driver Jisoo Jang (Mar 14)
A USB-accessible slab-out-of-bounds read in Linux kernel driver Jisoo Jang (Mar 13)
Johannes Segitz
polkitd service user privilege separation Johannes Segitz (Mar 29)
Re: polkitd service user privilege separation Johannes Segitz (Mar 30)
Re: polkitd service user privilege separation Johannes Segitz (Mar 31)
John Gemignani
CVE-2022-45786: Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection John Gemignani (Feb 04)
CVE-2022-45786: Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection John Gemignani (Feb 04)
John Helmert III
Re: sudo: double free with per-command chroot sudoers rules John Helmert III (Mar 01)
Re: Type Confusion in Linux Kernel John Helmert III (Jan 10)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Jan 03)
Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe John Helmert III (Jan 12)
John Runyon
Re: Data operand dependent timing on Intel and Arm CPUs John Runyon (Jan 30)
Jordan Glover
Re: polkitd service user privilege separation Jordan Glover (Mar 30)
Junio C Hamano
[Announce] Git 2.39.2 and friends Junio C Hamano (Feb 14)
Git 2.39.1 and friends Junio C Hamano (Jan 17)
Kyle Zeng
null pointer dereference in Linux kernel Kyle Zeng (Jan 18)
Re: Type Confusion in Linux Kernel Kyle Zeng (Jan 10)
Type Confusion in Linux Kernel Kyle Zeng (Jan 10)
Lyndon Nerenberg (VE7TFX/VE6BBM)
Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
Marc Deslauriers
Re: sudo: double free with per-command chroot sudoers rules Marc Deslauriers (Mar 01)
Marco Benatto
pesign: Local privilege escalation on pesign systemd service Marco Benatto (Jan 31)
Marcus Lange
CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path Marcus Lange (Mar 24)
CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution Marcus Lange (Mar 24)
Mariusz Felisiak
Django: CVE-2023-23969: Potential denial-of-service via Accept-Language headers. Mariusz Felisiak (Feb 01)
Mark Hack
Re: Data operand dependent timing on Intel and Arm CPUs Mark Hack (Jan 30)
Re: Data operand dependent timing on Intel and Arm CPUs Mark Hack (Jan 30)
Mark Thomas
CVE-2023-28708: Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations Mark Thomas (Mar 22)
CVE-2023-24998: Apache Commons FileUpload: FileUpload DoS with excessive parts Mark Thomas (Feb 20)
CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Mark Thomas (Jan 03)
CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas (Feb 20)
Matthias Gerstner
Re: pesign: Local privilege escalation on pesign systemd service Matthias Gerstner (Feb 01)
EternalTerminal: Review report and findings (predictable /tmp file paths and file permission issues, 3 CVEs) Matthias Gerstner (Feb 16)
Security issue in Hotspot elevate_perf_privileges.sh (CVE-2023-28144) Matthias Gerstner (Mar 14)
Matthias Schmidt
Re: double-free vulnerability in OpenSSH server 9.1 Matthias Schmidt (Feb 02)
Matthieu Barjole
CVE-2023-22809: Sudoedit can edit arbitrary files Matthieu Barjole (Jan 18)
Maxim Solodovnik
CVE-2023-28326: Apache OpenMeetings: allows user impersonation Maxim Solodovnik (Mar 28)
Michał Kępień
ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924) Michał Kępień (Jan 25)
Nam Nguyen
Re: Re: sox: patches for old vulnerabilities Nam Nguyen (Mar 31)
Noryungi
Re: sudo: double free with per-command chroot sudoers rules Noryungi (Mar 01)
Octavio Galland
UAF in OpenSSL up to 3.0.7 Octavio Galland (Mar 03)
Olivier Fourdan
Fwd: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Olivier Fourdan (Mar 29)
Olivier Lamy
CVE-2023-28158: Apache Archiva privilege escalation Olivier Lamy (Mar 29)
Otto Moerbeek
Security Advisory 2023-01 for PowerDNS Recursor 4.8.0 (CVE-2023-22617) Otto Moerbeek (Jan 20)
Peter Bex
Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
Pietro Albini
CVE-2022-46176: Cargo does not check SSH host keys Pietro Albini (Jan 10)
Pietro Borrello
CVE-2023-1077: Linux kernel: Type confusion in pick_next_rt_entity() Pietro Borrello (Mar 01)
Linux Kernel: hid: type confusions on hid report_list entry Pietro Borrello (Jan 17)
Linux Kernel: sctp: KASLR leak in inet_diag_msg_sctpasoc_fill() Pietro Borrello (Jan 23)
CVE-2023-1079: Linux Kernel: Use-After-Free in asus_kbd_backlight_set() Pietro Borrello (Mar 01)
Linux Kernel: hid: Use-After-Free in bigben_set_led() Pietro Borrello (Jan 25)
CVE-2023-1075 - Linux Kernel: Type Confusion in tls_is_tx_ready() Pietro Borrello (Mar 01)
Linux Kernel: hid: NULL pointer dereference in hid_betopff_play() Pietro Borrello (Jan 18)
CVE-2023-1076: Linux Kernel: Type Confusion hardcodes tuntap socket UID to root Pietro Borrello (Mar 01)
Qualys Security Advisory
Minor stack-based buffer overflow in OpenBSD's libskey Qualys Security Advisory (Mar 15)
Re: double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 13)
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Mar 09)
Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 23)
Radu Cotescu
CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS Radu Cotescu (Mar 20)
Rafael Correa De Ysasi
CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rafael Correa De Ysasi (Feb 03)
Rodrigo Branco
Re: CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rodrigo Branco (Feb 04)
Re: CVE-2023-0045: Linux Kernel: Bypassing Spectre-BTI User Space Mitigations Rodrigo Branco (Feb 03)
Rohit Keshri
Re: null pointer dereference in Linux kernel Rohit Keshri (Jan 18)
Salvatore Bonaccorso
Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Salvatore Bonaccorso (Mar 08)
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Salvatore Bonaccorso (Jan 02)
Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Salvatore Bonaccorso (Jan 18)
Sandrine Bailleux
CVE-2022-47630 Trusted Firmware-A - Out-of-bounds read in X.509 parser Sandrine Bailleux (Jan 16)
Seth Arnold
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Seth Arnold (Mar 28)
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Seth Arnold (Mar 28)
Shawn Webb
Re: TTY pushback vulnerabilities / TIOCSTI Shawn Webb (Mar 14)
Simon McVittie
flatpak: CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console Simon McVittie (Mar 17)
flatpak: CVE-2023-28101: escape characters in metadata can hide app permissions in terminal Simon McVittie (Mar 17)
Re: polkitd service user privilege separation Simon McVittie (Mar 29)
Solar Designer
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Solar Designer (Mar 28)
Re: New distros list statistics Solar Designer (Mar 27)
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Solar Designer (Mar 28)
Re: First result on google promotes insecure coding (XSS) Solar Designer (Mar 19)
Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup Solar Designer (Jan 13)
CVE-2023-0464: OpenSSL: Excessive Resource Usage Verifying X.509 Policy Constraints Solar Designer (Mar 22)
Re: Data operand dependent timing on Intel and Arm CPUs Solar Designer (Jan 25)
Steffen Nurpmeso
Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 30)
Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 31)
Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Feb 04)
Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
Tal Lossos
CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Tal Lossos (Jan 12)
Thadeu Lima de Souza Cascardo
CVE-2023-1032 - Linux kernel io_uring IORING_OP_SOCKET double free Thadeu Lima de Souza Cascardo (Mar 13)
Thomas Leroy
Re: Linux Kernel: hid: Use-After-Free in bigben_set_led() Thomas Leroy (Feb 02)
Todd C. Miller
sudo: double free with per-command chroot sudoers rules Todd C. Miller (Feb 28)
Re: sudo: double free with per-command chroot sudoers rules Todd C. Miller (Mar 01)
Tomas Mraz
OpenSSL Security Advisory Tomas Mraz (Mar 28)
Will
Re: Linux kernel: Unauthenticated remote DOS in ksmbd NTLMv2 authentication Will (Jan 11)
Xen . org security team
Xen Security Advisory 428 v3 (CVE-2022-42333,CVE-2022-42334) - x86/HVM pinned cache attributes mis-handling Xen . org security team (Mar 21)
Xen Security Advisory 429 v3 (CVE-2022-42331) - x86: speculative vulnerability in 32bit SYSCALL path Xen . org security team (Mar 21)
Xen Security Advisory 426 v1 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions Xen . org security team (Feb 14)
Xen Security Advisory 426 v2 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions Xen . org security team (Feb 16)
Xen Security Advisory 425 v1 (CVE-2022-42330) - Guests can cause Xenstore crash via soft reset Xen . org security team (Jan 25)
Xen Security Advisory 427 v2 (CVE-2022-42332) - x86 shadow plus log-dirty mode use-after-free Xen . org security team (Mar 21)
Zhang Yonglun
CVE-2022-42735: Apache ShenYu Admin ultra vires Zhang Yonglun (Feb 15)
Zhenghan Wang
CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Zhenghan Wang (Mar 28)
Zube
Re: CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Zube (Jan 31)