oss-sec: by author
RSS Feed
About List
All Lists
Previous period
284 messages
starting Apr 18 23 and
ending May 15 23
Date index |
Thread index |
Author index
0xef967c36
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution 0xef967c36 (Apr 18)
Alan Coopersmith
Ghostscript CVE-2023-28879: "Shell in the Ghost" Alan Coopersmith (Apr 12)
CVE-2023-31975: memory leak in yasm Alan Coopersmith (Jun 20)
Re: CVE-2023-31975: memory leak in yasm Alan Coopersmith (Jun 21)
Fwd: [ANNOUNCE] X.Org Security Advisory: Sub-object overflows in libX11 Alan Coopersmith (Jun 15)
Re: The AI chatgpt writes insecure code Alan Coopersmith (Jun 20)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Alan Coopersmith (May 04)
Fwd: Retired X.Org Packages Alan Coopersmith (May 02)
alice
Re: ncurses fixes upstream alice (Apr 13)
Alistair Crooks
PAM/Kerberos issue on NetBSD Alistair Crooks (Jun 21)
Andrew G. Morgan
libcap-2.69 addresses 2 CVEs Andrew G. Morgan (May 15)
Andrew Worsley
Re: IPv6 and Route of Death Andrew Worsley (May 18)
Andy Seaborne
CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Andy Seaborne (Apr 24)
Angela Schreiber
CVE-2022-45064: Apache Sling Engine: Include-based XSS Angela Schreiber (Apr 12)
Anthony Liguori
Re: Clarification on embargoed testing in a partner cloud Anthony Liguori (May 24)
Arnout Engelen
CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication Arnout Engelen (Apr 20)
CVE-2023-32007: Apache Spark: Shell command injection via Spark UI Arnout Engelen (May 02)
Barry Greene
Re: IPv6 and Route of Death Barry Greene (May 17)
Bastien Roucariès
Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
Re: Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
Update CVE-2021-3610: ImageMagick Bastien Roucariès (May 29)
Bernd Zeimetz
Re: PostgreSQL and CREATEROLE permission Bernd Zeimetz (Apr 20)
Bob Friesenhahn
Re: Stack overflow in imagemagick coders/tiff.c Bob Friesenhahn (Jun 14)
Brad House
c-ares multiple vulnerabilities: CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124 Brad House (May 22)
Brian Behlendorf
Re: Clarification on embargoed testing in a partner cloud Brian Behlendorf (May 24)
Brian McDermott
CVE-2023-1672: race condition in Tang exposes private keys to other processes Brian McDermott (Jun 15)
Carlos Alberto Lopez Perez
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004 Carlos Alberto Lopez Perez (May 30)
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003 Carlos Alberto Lopez Perez (Apr 21)
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005 Carlos Alberto Lopez Perez (Jun 29)
Carlos López
Re: ncurses fixes upstream Carlos López (Apr 19)
Cathy Hu
CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input Cathy Hu (May 09)
Re: CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input Cathy Hu (May 10)
cbf0001
Re: Opinion: Governments don't want IT security, they want to have cyber weapons cbf0001 (Jun 24)
Charles Zhang
CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster Charles Zhang (May 21)
CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong Charles Zhang (May 21)
CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications Charles Zhang (May 21)
CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users Charles Zhang (May 21)
CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription Charles Zhang (May 21)
CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources Charles Zhang (May 21)
CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes Charles Zhang (May 21)
CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang (Apr 11)
CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong Charles Zhang (May 21)
CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong Charles Zhang (May 21)
CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks Charles Zhang (May 21)
CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster Charles Zhang (May 21)
Christian Heinrich
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Christian Heinrich (Apr 21)
Christopher Tubbs
CVE-2023-34340: Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials Christopher Tubbs (Jun 20)
CJ Cullen
[kubernetes/kops] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode CJ Cullen (Jun 21)
cpe_dictionary
RE: Update CVE-2021-3610 cpe_dictionary (Jun 05)
Daniel Beck
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 14)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 16)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 12)
Daniel Gaspar
CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role Daniel Gaspar (Apr 17)
CVE-2023-30776: Apache Superset: Database connection password leak Daniel Gaspar (Apr 24)
CVE-2023-27524: Apache Superset: Session validation vulnerability when using provided default SECRET_KEY Daniel Gaspar (Apr 24)
CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Daniel Gaspar (Apr 17)
Daniel Stenberg
curl: CVE-2023-28320: siglongjmp race condition Daniel Stenberg (May 16)
curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check Daniel Stenberg (May 16)
curl: CVE-2023-28322: more POST-after-PUT confusion Daniel Stenberg (May 16)
curl: CVE-2023-28321: IDN wildcard match Daniel Stenberg (May 16)
Dave Horsfall
Re: CVE-2023-31975: memory leak in yasm Dave Horsfall (Jun 21)
David A. Wheeler
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler (May 04)
Re: Opinion: Governments don't want IT security, they want to have cyber weapons David A. Wheeler (Jun 23)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler (Apr 20)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules David A. Wheeler (May 03)
David Handermann
CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2 David Handermann (Jun 12)
CVE-2023-34212: Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components David Handermann (Jun 12)
David Leadbeater
Re: New Linux kernel NetFilter flaw gives attackers root privileges David Leadbeater (May 11)
Demi Marie Obenour
Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 21)
Re: CVE-2023-31975: memory leak in yasm Demi Marie Obenour (Jun 22)
Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour (Jun 06)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Demi Marie Obenour (Apr 19)
Re: Multiple vulnerabilities in Jenkins plugins Demi Marie Obenour (Apr 13)
Dominik Riemer
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user Dominik Riemer (Jun 22)
Dominique Martinet
Re: IPv6 and Route of Death Dominique Martinet (May 19)
Elad Kalif
CVE-2023-35798: Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability Elad Kalif (Jun 26)
CVE-2023-35005: Apache Airflow: Information disclosure on configuration view Elad Kalif (Jun 18)
CVE-2023-34395: Apache Airflow ODBC Provider: Remote code execution vulnerability Elad Kalif (Jun 26)
CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration Elad Kalif (May 26)
CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability Elad Kalif (Jun 26)
Erik Auerswald
Re: IPv6 and Route of Death Erik Auerswald (May 17)
Florian Weimer
Re: New Linux kernel NetFilter flaw gives attackers root privileges Florian Weimer (May 11)
Georgi Guninski
The AI chatgpt writes insecure code Georgi Guninski (Jun 20)
Re: Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 20)
Checking existence of firewalled web servers in Firefox via iframe.onload Georgi Guninski (Apr 18)
Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 19)
Re: ncurses fixes upstream Georgi Guninski (Apr 15)
Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Georgi Guninski (Apr 24)
Re: The AI chatgpt writes insecure code Georgi Guninski (Jun 20)
Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Georgi Guninski (Jun 13)
Opinion: Governments don't want IT security, they want to have cyber weapons Georgi Guninski (Jun 23)
Greg KH
Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Greg KH (May 15)
Hangyu Hua
Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 06)
Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 08)
Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 07)
Re: Linux kernel: off-by-one in fl_set_geneve_opt Hangyu Hua (Jun 12)
Hanno Böck
Re: CVE-2023-31975: memory leak in yasm Hanno Böck (Jun 23)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Hanno Böck (Apr 19)
Henri Salo
Re: Multiple vulnerabilities in Jenkins plugins Henri Salo (Apr 13)
Heping Wang
CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue Heping Wang (Apr 10)
CVE-2023-29215: Apache Linkis JDBC EngineCon has a deserialization command execution Heping Wang (Apr 10)
CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution Heping Wang (Apr 10)
CVE-2023-27987: Apache Linkis gateway module token authentication bypass Heping Wang (Apr 10)
CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Heping Wang (Apr 10)
Huajie Wang
CVE-2022-45801: Apache StreamPark (incubating): LDAP Injection Vulnerability Huajie Wang (Apr 20)
CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Huajie Wang (Apr 20)
CVE-2022-46365: Apache StreamPark (incubating): Logic error causing any account reset Huajie Wang (Apr 20)
Ilya Maximets
Re: [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 Ilya Maximets (Apr 06)
[ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 Ilya Maximets (Apr 06)
Jacques Le Roux
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 19)
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 18)
CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux (Apr 10)
Jakub Wilk
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Jakub Wilk (Apr 16)
Re: CVE-2023-31975: memory leak in yasm Jakub Wilk (Jun 23)
Jan Fader
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Fader (Apr 18)
Jan Klopper
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Jan Klopper (Apr 20)
Jan Schaumann
RCE in acme.sh < 3.0.6 Jan Schaumann (Jun 14)
Jarek Potiuk
CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Jarek Potiuk (Apr 07)
CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs Jarek Potiuk (May 08)
CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability Jarek Potiuk (Apr 07)
CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution Jarek Potiuk (Apr 07)
Jeffrey Walton
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Jeffrey Walton (Apr 20)
IPv6 and Route of Death Jeffrey Walton (May 17)
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 22)
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
PostgreSQL and CREATEROLE permission Jeffrey Walton (Apr 20)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Jeffrey Walton (May 03)
Re: CVE-2023-31975: memory leak in yasm Jeffrey Walton (Jun 21)
Re: PostgreSQL and CREATEROLE permission Jeffrey Walton (Apr 20)
Jeremy Stanley
Re: Checking existence of firewalled URLs via javascript's script.onload Jeremy Stanley (Apr 20)
[OSSA-2023-003] cinder, glance_store, nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-2023-2088) Jeremy Stanley (May 10)
Re: Clarification on embargoed testing in a partner cloud Jeremy Stanley (May 24)
Jialin Qiao
CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao (Apr 16)
CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Jialin Qiao (Apr 16)
Johannes Segitz
Re: semi-public issues on (linux-)distros Johannes Segitz (May 04)
John Helmert III
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules John Helmert III (May 07)
Jonathan Bar Or (JBO)
RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 19)
ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 12)
Juan Pablo Santos Rodríguez
CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins Juan Pablo Santos Rodríguez (May 25)
Junio C Hamano
[ANNOUNCE] Git v2.40.1 and friends Junio C Hamano (Apr 25)
Jyoti Raval
Open Source Tool | MPT: Pentest In Action! Jyoti Raval (Jun 22)
Katherine Mcmillan
Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Katherine Mcmillan (Jun 10)
Kyle Zeng
CVE-2023-2124: OOB access in the Linux kernel's XFS subsystem Kyle Zeng (Apr 18)
Ludovic Courtès
Attestation, reproducible builds, and bootstrapping Ludovic Courtès (May 24)
Madhan Neethiraj
CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions Madhan Neethiraj (May 04)
Marc Deslauriers
Clarification on embargoed testing in a partner cloud Marc Deslauriers (May 11)
Re: Clarification on embargoed testing in a partner cloud Marc Deslauriers (May 16)
Marcus Eriksson
CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs Marcus Eriksson (May 29)
Marcus Meissner
Re: CVE-2023-31975: memory leak in yasm Marcus Meissner (Jun 23)
Re: Clarification on embargoed testing in a partner cloud Marcus Meissner (May 11)
Mariusz Felisiak
Django: CVE-2023-31047 Potential bypass of validation when uploading multiple files using one form field Mariusz Felisiak (May 03)
Mark Esler
Re: ncurses fixes upstream Mark Esler (Apr 13)
Mark Thomas
CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Mark Thomas (May 22)
Matthew Fernandez
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Matthew Fernandez (Apr 20)
Matthew Vernon
Re: CVE-2017-11164 - stack exhaustion in PCRE Matthew Vernon (Apr 12)
Matthias Gerstner
Warpinator: Remote file deletion vulnerability (CVE-2023-29380) Matthias Gerstner (Apr 26)
Maxim Solodovnik
CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash Maxim Solodovnik (May 11)
CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection Maxim Solodovnik (May 11)
CVE-2023-29032: Apache OpenMeetings: allows bypass authentication Maxim Solodovnik (May 11)
Michael Jumper
Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
[SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
[SECURITY] CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths Michael Jumper (Jun 06)
Michael Orlitzky
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Michael Orlitzky (May 03)
Michał Kępień
ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-2828, CVE-2023-2911) Michał Kępień (Jun 21)
Monis Khan
[kubernetes] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs Monis Khan (May 25)
Moritz Bechler
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Moritz Bechler (May 03)
Moritz Mühlenhoff
Re: Clarification on embargoed testing in a partner cloud Moritz Mühlenhoff (May 24)
Nick Vatamaniuc
CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes Nick Vatamaniuc (May 02)
nightmare . yeah27
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution nightmare . yeah27 (Apr 19)
Ornaghi Davide - Betrusted
CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet Ornaghi Davide - Betrusted (Jun 24)
Otto Moerbeek
PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable Otto Moerbeek (Apr 04)
peacewong
Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file peacewong (Apr 19)
Peter Philip Pettersson
Re: Checking existence of firewalled URLs via javascript's script.onload Peter Philip Pettersson (Apr 19)
Re: CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet Peter Philip Pettersson (Jun 24)
Petr Štetiar
Re: The AI chatgpt writes insecure code Petr Štetiar (Jun 20)
Pierre Jeambrun
CVE-2023-29247: Stored XSS on Apache Airflow Pierre Jeambrun (May 07)
Piotr Krysiuk
Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory Piotr Krysiuk (May 15)
Re: New Linux kernel NetFilter flaw gives attackers root privileges Piotr Krysiuk (May 10)
[CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory Piotr Krysiuk (May 08)
Qualys Security Advisory
LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 Qualys Security Advisory (Jun 06)
Rafael Silva
Fwd: Node.js security updates for all active release lines, June 2023 Rafael Silva (Jun 14)
Rainer Canavan
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Rainer Canavan (May 04)
Ramesh Mani
CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani (May 04)
Reid Sutherland
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 04)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 03)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Reid Sutherland (May 03)
Robert Middleton
CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender Robert Middleton (May 07)
Robert Munteanu
CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module Robert Munteanu (May 15)
Rongtong Jin
CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configuration function Rongtong Jin (May 23)
Ruihan Li
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 16)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Ruihan Li (Apr 18)
Russ Allbery
Re: Re: PAM/Kerberos issue on NetBSD Russ Allbery (Jun 21)
Salvatore Bonaccorso
Re: Stack overflow in imagemagick coders/tiff.c Salvatore Bonaccorso (Jun 13)
Re: Linux kernel: off-by-one in fl_set_geneve_opt Salvatore Bonaccorso (Jun 16)
Sam Bull
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Sam Bull (May 04)
Sam James
Re: ncurses fixes upstream Sam James (Apr 13)
Sean R. Owen
CVE-2023-22946: Apache Spark proxy-user privilege escalation from malicious configuration class Sean R. Owen (Apr 15)
Seth Arnold
Re: CVE-2022-45064: Apache Sling Engine: Include-based XSS Seth Arnold (Apr 17)
Re: CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Seth Arnold (Apr 17)
Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Seth Arnold (Apr 17)
Re: CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Seth Arnold (Apr 17)
Re: CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Seth Arnold (Apr 17)
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold (Apr 18)
Re: CVE-2023-28158: Apache Archiva privilege escalation Seth Arnold (Apr 17)
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Seth Arnold (Apr 17)
Sevan Janiyan
CVE-2017-11164 - stack exhaustion in PCRE Sevan Janiyan (Apr 11)
Re: ncurses fixes upstream Sevan Janiyan (Apr 21)
Siddhesh Poyarekar
Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 21)
Re: CVE-2023-31975: memory leak in yasm Siddhesh Poyarekar (Jun 23)
Smith, Stewart
Re: CVE-2023-31975: memory leak in yasm Smith, Stewart (Jun 22)
Solar Designer
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 17)
Re: Linux kernel: off-by-one in fl_set_geneve_opt Solar Designer (Jun 08)
Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
Re: Linux kernel io_uring out-of-bounds access to physical memory Solar Designer (May 09)
Re: libcap-2.69 addresses 2 CVEs Solar Designer (May 16)
Re: semi-public issues on (linux-)distros Solar Designer (May 14)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 18)
Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer (Jun 24)
Fwd: Forthcoming OpenSSL Releases Solar Designer (May 24)
Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Solar Designer (Jun 21)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Solar Designer (Apr 18)
Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Solar Designer (May 14)
Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer (May 10)
Re: ncurses fixes upstream Solar Designer (Apr 19)
Re: distros list archive Solar Designer (Jun 15)
Re: Clarification on embargoed testing in a partner cloud Solar Designer (May 14)
Re: ncurses fixes upstream Solar Designer (Apr 15)
Re: New Linux kernel NetFilter flaw gives attackers root privileges Solar Designer (May 10)
Re: Clarification on embargoed testing in a partner cloud Solar Designer (May 24)
Re: Opinion: Governments don't want IT security, they want to have cyber weapons Solar Designer (Jun 23)
semi-public issues on (linux-)distros Solar Designer (May 03)
Re: IPv6 and Route of Death Solar Designer (May 17)
Re: Linux kernel io_uring out-of-bounds access to physical memory Solar Designer (May 10)
Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Solar Designer (Jun 23)
Stefano Di Paola
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Stefano Di Paola (Apr 20)
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Stefano Di Paola (Apr 20)
Steffen Nurpmeso
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 18)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (May 04)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 19)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 20)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 20)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 18)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 16)
Re: Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 20)
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Steffen Nurpmeso (Apr 20)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Steffen Nurpmeso (Apr 17)
Steve Grubb
Re: CVE-2023-31975: memory leak in yasm Steve Grubb (Jun 21)
Stig Palmquist
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Stig Palmquist (Apr 29)
Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Stig Palmquist (Apr 18)
Stuart Henderson
Re: CVE-2023-31975: memory leak in yasm Stuart Henderson (Jun 23)
Tamás Koczka
Our learnings from 42 Linux kernel exploits, we are limiting io_uring Tamás Koczka (Jun 17)
Tavis Ormandy
Re: ncurses fixes upstream Tavis Ormandy (Apr 20)
Re: ncurses fixes upstream Tavis Ormandy (Apr 14)
Taylor R Campbell
Re: PAM/Kerberos issue on NetBSD Taylor R Campbell (Jun 21)
Thadeu Lima de Souza Cascardo
Re: New Linux kernel NetFilter flaw gives attackers root privileges Thadeu Lima de Souza Cascardo (May 10)
Till Kamppeter
CVE-2023-24805: RCE in cups-filters, beh CUPS backend Till Kamppeter (May 17)
CVE-2023-34095: cpdb-libs: Buffer overflows via scanf Till Kamppeter (Jun 14)
Tobias Heider
Re: New Linux kernel NetFilter flaw gives attackers root privileges Tobias Heider (May 10)
Tobias Holl
Linux kernel io_uring out-of-bounds access to physical memory Tobias Holl (May 08)
Todd C. Miller
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller (Apr 18)
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Todd C. Miller (Apr 18)
Tomas Mraz
OpenSSL Security Advisory Tomas Mraz (May 30)
OpenSSL Security Advisory Tomas Mraz (Apr 20)
Travis Biehn
Re: The AI chatgpt writes insecure code Travis Biehn (Jun 21)
Turritopsis Dohrnii Teo En Ming
New Linux kernel NetFilter flaw gives attackers root privileges Turritopsis Dohrnii Teo En Ming (May 10)
valis
CVE-2023-1281, CVE-2023-1829: Linux kernel: Vulnerabilities in the tcindex classifier valis (Apr 11)
Vellore Rajakumar, Sri Saran Balaji
[kubernetes] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password Vellore Rajakumar, Sri Saran Balaji (Apr 19)
Wang Weibing
CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution Wang Weibing (May 08)
Xen . org security team
Xen Security Advisory 431 v1 (CVE-2022-42336) - Mishandling of guest SSBD selection on AMD hardware Xen . org security team (May 16)
Xen Security Advisory 430 v2 (CVE-2022-42335) - x86 shadow paging arbitrary pointer dereference Xen . org security team (Apr 25)
Yasser Zamani
S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms Yasser Zamani (Jun 14)
S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds Yasser Zamani (Jun 14)
Yves-Alexis Perez
Solar Designer talk about 15 years of oss-security at SSTIC conference Yves-Alexis Perez (Jun 10)
Zdenek Dohnal
CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 22)
[vs] CVE-2023-32324 heap buffer overflow in cupsd Zdenek Dohnal (Jun 01)
Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient() Zdenek Dohnal (Jun 26)
Zheng Hacker
Re: linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition Zheng Hacker (May 16)
蓝色的小羊
linux kernel 6.3.0: slab-use-after-free Write in txEnd due to race condition 蓝色的小羊 (May 15)