Messages by Thread
-
[oss-security] Fwd: [Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
Alan Coopersmith
-
[oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow
Alan Coopersmith
-
[oss-security] CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode
David M. Johnson
-
[oss-security] [ANNOUNCE] Apache Traffic Server is vulnerable to request smuggling and DoS
Masakazu Kitajo
-
[oss-security] inux kernel: virtio-net host dos
John Haxby
-
[oss-security] CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader
James Turton
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2024-6874: macidn punycode buffer overread
Daniel Stenberg
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str
Daniel Stenberg
-
[oss-security] CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information
Yupeng Fu
-
[oss-security] CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Andrew Lamb
-
[oss-security] [OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767)
Jeremy Stanley
-
[oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076)
Aram Sargsyan
-
[oss-security] GNU C Library version 2.40 released with 5 CVE fixes
Alan Coopersmith
-
[oss-security] CVE-2024-29070: Apache StreamPark: session not invalidated after logout
Huajie Wang
-
[oss-security] CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields
Francesco Chicchiriccò
-
[oss-security] CVE-2024-34457: Apache StreamPark IDOR Vulnerability
Huajie Wang
-
[oss-security] CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data
Rongtong Jin
-
[oss-security] CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion
Rohit Yadav
-
[oss-security] [ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion
Abhishek Kumar
-
[oss-security] CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients
Colm O hEigeartaigh
-
[oss-security] CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE
Colm O hEigeartaigh
-
[oss-security] CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Colm O hEigeartaigh
-
[oss-security] CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability
Huajie Wang
-
[oss-security] CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
Eric Covener
-
[oss-security] CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
[oss-security] Python Infrastructure Admin Token Leaked Through Docker Hub
Andrii Polkovnychenko [EXT]
-
[oss-security] CVE-2024-29120: Apache StreamPark: Information leakage vulnerability
Huajie Wang
-
[oss-security] [kubernetes] CVE-2024-5321: Incorrect permissions on Windows containers logs
Craig Ingram
-
[oss-security] CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution
Huajie Wang
-
[oss-security] CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
Huajie Wang
-
[oss-security] CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process
Dominik Riemer
-
[oss-security] CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload
Dominik Riemer
-
[oss-security] CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts
Dominik Riemer
-
[oss-security] Landlock news #4
Mickaël Salaün
-
[oss-security] CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
Ephraim Anierobi
-
[oss-security] CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability
Ephraim Anierobi
-
[oss-security] CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
Daniel Gaspar
-
[oss-security] Xen Security Advisory 459 v2 (CVE-2024-31144) - Xapi: Metadata injection attack against backup/restore functionality
Xen . org security team
-
[oss-security] Xen Security Advisory 458 v2 (CVE-2024-31143) - double unlock in x86 guest IRQ handling
Xen . org security team
-
[oss-security] CVE-2023-52290: Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability
Huajie Wang
-
[oss-security] CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in apache Linkis 1.4.0
Heping Wang
-
[oss-security] CVE-2023-49566: Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability
Heping Wang
-
[oss-security] CVE-2023-41916: Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading
Heping Wang
-
[oss-security] CVE-2024-36522: Apache Wicket: Remote code execution via XSLT injection
Martin Tzvetanov Grigorov
-
[oss-security] backtrace_symbols() misuse by Ceph and its supposedly-safe use
Alexander Patrakov
-
[oss-security] linux-distros application for CentOS Project's Hyperscale SIG
Michel Lind
-
[oss-security] CVE-2024-3596: RADIUS/UDP vulnerable to improved MD5 collision attack
Alan Coopersmith
-
[oss-security] Django CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Natalia Bidart
-
[oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Florian Weimer
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
David A. Wheeler
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Florian Weimer
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Simon McVittie
-
[oss-security] Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
David A. Wheeler
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Jacob Bachmeyer
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Demi Marie Obenour
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Jacob Bachmeyer
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Steffen Nurpmeso
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Yves-Alexis Perez
-
Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
Will Dormann
-
[oss-security] CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description
David Handermann
-
[oss-security] [ANNOUNCE] Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2
Abhishek Kumar
-
[oss-security] CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver
Maxim Suhanov
-
[oss-security] CVE-2024-39844: ZNC modtcl RCE
Martin Weinelt
-
[oss-security] CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
[oss-security] [OSSA-2024-001] OpenStack Cinder, Glance, Nova: Arbitrary file access through custom QCOW2 external data (CVE-2024-32498)
Jeremy Stanley
-
[oss-security] CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution
Eric Covener
-
[oss-security] CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
Eric Covener
-
[oss-security] CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
Eric Covener
-
[oss-security] CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Eric Covener
-
[oss-security] CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences
Eric Covener
-
[oss-security] CVE-2024-38473: Apache HTTP Server proxy encoding problem
Eric Covener
-
[oss-security] CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
Eric Covener
-
[oss-security] CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Eric Covener
-
[oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
jvoisin
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Mathias Krause
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Jacob Bachmeyer
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Jeffrey Walton
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Jacob Bachmeyer
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
[oss-security] Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Yves-Alexis Perez
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Qualys Security Advisory
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Damien Miller
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Solar Designer
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Nick Tait
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Pete Allor
-
Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Alan Coopersmith
-
[oss-security] Re: Announce: OpenSSH 9.8 released (fwd)
Damien Miller
-
[oss-security] Announce: OpenSSH 9.8 released
Damien Miller
-
[oss-security] Linux non-security almost non-issue: stack-out-of-bounds Read in profile_pc
Solar Designer
-
[oss-security] Kerberos 1.21.3 fixes vulnerabilities in GSS message token handling
Alan Coopersmith
-
[oss-security] Fwd: [Security-announce][CVE-2024-5642] Buffer over-read in SSLContext.set_npn_protocols() for Python 3.9 and earlier
Alan Coopersmith
-
[oss-security] Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including CVE-2024-33871 arbitrary code execution
Solar Designer
-
[oss-security] Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor
Alan Coopersmith
-
[oss-security] CVE-2024-5535: OpenSSL: SSL_select_next_proto buffer overread
Solar Designer
-
[oss-security] Fwd: [siren] Reputation Farming Using Closed Github Issues / PRs
Alan Coopersmith
-
[oss-security] Fwd: Node.js security updates for all active release lines, July 2024
Rafael Gonzaga
-
Re: [oss-security] Out-of-bounds read & write in the glibc's qsort()
Douglas Bagnall
-
[oss-security] CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page
Juan Pablo Santos Rodríguez
-
[oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)
Ihor Radchenko
-
[oss-security] CVE-2024-29868: Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Dominik Riemer
-
[oss-security] CVE-2024-38379: Apache Allura: Stored authenticated XSS
David Philip Brondsema
-
[oss-security] CVE-2024-34693: Apache Superset: Server arbitrary file read
Daniel Gaspar
-
[oss-security] Fwd: [Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges
Alan Coopersmith
-
[oss-security] Fwd: [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate store methods
Alan Coopersmith
-
[oss-security] iTerm2 3.5.x title reporting bug
David Leadbeater
-
[oss-security] CVE-2024-25142: Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
Jarek Potiuk
-
[oss-security] CVE-2024-36265: Apache Submarine Server Core: authorization bypass
Arnout Engelen
-
[oss-security] CVE-2024-36264: Apache Submarine Commons Utils: default secret
Arnout Engelen
-
[oss-security] CVE-2024-36263: Apache Submarine Server Core: SQL injection
Arnout Engelen
-
[oss-security] CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Zdenek Dohnal
-
[oss-security] CVE-2024-36471: Apache Allura: sensitive information exposure via DNS rebinding
David Philip Brondsema
-
[oss-security] vte 0.76.3 released with fix for CVE-2024-37535
Alan Coopersmith
-
[oss-security] PHP security releases 8.3.8, 8.2.20, and 8.1.29
Alan Coopersmith
-
[oss-security] [SBA-ADV-20240202-02] CVE-2024-5658: CraftCMS Plugin - Two-Factor Authentication through 3.3.3 - TOTP Token Stays Valid After Use
SBA Research Security Advisory
-
[oss-security] [SBA-ADV-20240202-01] CVE-2024-5657: CraftCMS Plugin - Two-Factor Authentication 3.3.1 to 3.3.3 - Password Hash Disclosure
SBA Research Security Advisory
-
[oss-security] libarchive 3.7.4 released with 2 security fixes
Alan Coopersmith
-
[oss-security] Go 1.22.4 and Go 1.21.11 released with 2 security fixes (CVE-2024-24789, CVE-2024-24790)
Alan Coopersmith
-
[oss-security] CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE
Jacques Le Roux
-
[oss-security] Security vulnerability in fprintd
Yaron Shahrabani
-
[oss-security] List linux CVEs for a given stable release?
Dominique Martinet
-
[oss-security] path traversal in tar extract in intel cve-bin-tool
houjingyi
-
[oss-security] gnome-remote-desktop: D-Bus system service in GNOME release 46 local information leaks (CVE-2024-5148)
Matthias Gerstner
-
[oss-security] Intel CPU Hardware Features and Behaviors Related to Speculative Execution
Alan Coopersmith
-
[oss-security] asterisk security releases 18.23.1, 20.8.1, & 21.3.1
Alan Coopersmith
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0003
Adrian Perez de Castro
-
[oss-security] Article: State of Sandboxing in Linux
Ali Polatel