Messages by Thread
-
-
[oss-security] CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package
Andrea Intilangelo
-
[oss-security] OpenSSL Security Advisory [corrected CVE id]
Tomas Mraz
-
[oss-security] OpenSSL Security Advisory
Tomas Mraz
-
[oss-security] CVE-2024-21823: Intel DSA and Intel IAA advisory
Alan Coopersmith
-
[oss-security] git: 5 vulnerabilities fixed
Johannes Schindelin
-
[oss-security] CVE-2024-32077: Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Ephraim Anierobi
-
[oss-security] PowerDNS Security Advisory 2024-03: Transfer requests received over DoH can lead to a denial of service in DNSdist
Remi Gacogne
-
[oss-security] Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory
Corey Lopez
-
[oss-security] [vim-security] buffer-overlow in xxd with colored output < v9.1.0404
Christian Brabandt
-
[oss-security] CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access
Arnout Engelen
-
[oss-security] [kubernetes] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs
Rita Zhang
-
[oss-security] CVE-2024-26579: Apache Inlong JDBC Vulnerability
Charles Zhang
-
[oss-security] CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE
Jacques Le Roux
-
[oss-security] Xen Security Advisory 457 v3 (CVE-2024-27393) - Linux/xen-netfront: Memory leak due to missing cleanup function
Xen . org security team
-
[oss-security] [security] Go 1.22.3 and Go 1.21.10 are released
Alan Coopersmith
-
[oss-security] Xen Security Advisory 457 v2 - Linux/xen-netfront: Memory leak due to missing cleanup function
Xen . org security team
-
[oss-security] Xen Security Advisory 457 v1 - Linux/xen-netback: Memory leak due to missing cleanup function
Xen . org security team
-
[oss-security] Xen Security Advisory 456 v3 (CVE-2024-2201) - x86: Native Branch History Injection
Xen . org security team
-
[oss-security] CVE-2024-26925: Linux: nf_tables: locking issue in the nf_tables_abort() function
HexRabbit Chen
-
[oss-security] GLib (2.26.0+): GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing
Philip Withnall
-
[oss-security] HNS-2024-07 - HN Security Advisory - Multiple vulnerabilities in RIOT OS
Marco Ivaldi
-
[oss-security] CVE-2024-28148: Apache Superset: Incorrect datasource authorization on explore REST API
Daniel Gaspar
-
[oss-security] CVE-2023-49606, CVE-2023-40533: memory safety vulnerabilities in tinyproxy <=1.11.1
Valtteri Vuorikoski
-
[oss-security] The GNU C Library security advisories update for 2024-05-06
Carlos O'Donell
-
[oss-security] Fwd: uriparser 0.9.8 released, includes security fixes
Sebastian Pipping
-
[oss-security] CVE-2023-35701: Apache Hive: Arbitrary command execution via JDBC driver
Stamatis Zampetakis
-
Re: [oss-security] escaping terminal control characters (was Re: backdoor in upstream xz/liblzma leading to ssh server compromise)
Sam James
-
[oss-security] CVE-2024-30251: DoS in aiohttp
Sam Bull
-
[oss-security] Multiple vulnerabilities in Jenkins plugins
Daniel Beck
-
[oss-security] CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling
YuanSheng Wang
-
[oss-security] Re: CVEs issued by the Linux kernel CNA
Alan Coopersmith
-
[oss-security] CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration
Jean-Baptiste Onofré
-
Re: [oss-security] New SMTP smuggling attack
Mark Esler
-
[oss-security] CVE-2024-27322: Deserialization vulnerability in R before 4.4.0
Alan Coopersmith
-
[oss-security] Telegram Web app XSS / Session Hijacking 1-click
Pedro Batista
-
[oss-security] Suspicious hook-loading mechanism in hyprland
Sam James
-
[oss-security] Update on the distro-backdoor-scanner effort
Hank Leininger
-
[oss-security] libksieve (used by kmail/kontact) sent password as username
Jonas Schäfer
-
[oss-security] Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc)
Paragon Initiative Enterprises Security Team
-
[oss-security] CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy
Oriol Castejón
-
[oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor
Peter van Dijk
-
[oss-security] 83 bogus CVEs assigned to Robot Operating System (ROS)
Mark Esler
-
[oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode
Imba Jin
-
[oss-security] CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin
Imba Jin
-
[oss-security] CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page
Imba Jin
-
[oss-security] Wordpress Responsive theme: arbitrary HTML content injection (CVE-2024-2848)
Hanno Böck
-
Re: [oss-security] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass
Jeffrey Walton
-
[oss-security] [Update] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass
Fay Stegerman
-
[oss-security] CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context
Elad Kalif
-
[oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website
Enxin Xie
-
[oss-security] flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal and CWE-88
Simon McVittie
-
[oss-security] libreswan: IKEv1 default AH/ESP responder can crash and restart
David Morel
-
[oss-security] CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ephraim Anierobi
-
[oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
Adhemerval Zanella Netto
-
[oss-security] Terrapin vulnerability in Jenkins CLI client
Daniel Beck
-
[oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config
Vegard Nossum
-
Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
Solar Designer
-
[oss-security] [kubernetes] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Rita Zhang
-
[oss-security] CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client
Fabian Bäumer
-
[oss-security] Linux: Disabling network namespaces
Solar Designer
-
[oss-security] Re: less(1) with LESSOPEN mishandles \n in paths
Tobias Powalowski
-
[oss-security] PHP security releases 8.1.28, 8.2.18, & 8.3.6
Alan Coopersmith
-
[oss-security] Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
Alan Coopersmith
-
Re: [oss-security] Re: backdoor in upstream xz/liblzma leading to ssh server compromise
Jakub Wilk
-
[oss-security] CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials
Jason Gerlowski
-
[oss-security] less(1) with LESSOPEN mishandles \n in paths
Jakub Wilk
-
[oss-security] CVE-2024-27309: Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Colin McCabe
-
[oss-security] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm
Ben Hutchings
-
Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI?
Donald Buczek
-
[oss-security] Re: Is CVE-2024-30203 bogus? (Emacs)
Sean Whitton
-
[oss-security] Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow
Tianyu Chen
-
Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git
Jacob Bachmeyer
-
WELCOME to oss-security@lists.openwall.com
oss-security-help
-
ezmlm response
oss-security-help
-
confirm subscribe to oss-security@lists.openwall.com
oss-security-help