oss-sec: by thread
RSS Feed
About List
All Lists
Previous period
269 messages
starting Jul 02 23 and
ending Sep 30 23
Date index |
Thread index |
Author index
- CVE-2023-3439: Linux MCTP use-after-free in mctp_sendmsg Lin Ma (Jul 02)
- CVE-2023-35797: Apache Airflow Hive Provider Beeline RCE with Principal Elad Kalif (Jul 02)
- Django: CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator Mariusz Felisiak (Jul 03)
- CVE-2023-34150: Apache Any23: Possible excessive allocation of resources reading input. Arnout Engelen (Jul 04)
- StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability Ruihan Li (Jul 05)
- Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability Solar Designer (Jul 07)
- Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability Ruihan Li (Jul 28)
- CVE-2023-31248 - Linux kernel nf_tables UAF when using nft_chain_lookup_byid Thadeu Lima de Souza Cascardo (Jul 05)
- CVE-2023-35001 - Linux kernel nf_tables nft_byteorder_eval OOB read/write Thadeu Lima de Souza Cascardo (Jul 05)
- CVE-2023-33008: Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale Jean-Louis Monteiro (Jul 06)
- [kubernetes] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin Rita Zhang (Jul 06)
- [kubernetes] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin Rita Zhang <rita.z.zhang () gmail com> Rita Zhang (Jul 06)
- CVE-2023-36460: mastodon: Arbitrary file creation through media attachments Jan Schaumann (Jul 06)
- CVE-2023-36459: mastodon: XSS through oEmbed preview cards Jan Schaumann (Jul 06)
- CVE-2023-28853: mastodon: Blind LDAP injection in login Jan Schaumann (Jul 06)
- CVE-2023-36461: mastodon: Denial of Service through slow HTTP responses Jan Schaumann (Jul 06)
- manjaro pamac vulnerability Tavis Ormandy (Jul 07)
- Re: manjaro pamac vulnerability Barnabás Pőcze (Jul 09)
- CVE-2023-34442: Apache Camel JIRA: Temporary file information disclosure in Camel-Jira Andrea Cosentino (Jul 07)
- CVE-2023-35887: Apache MINA SSHD: Information disclosure bugs with RootedFilesystem Guillaume Nodet (Jul 07)
- CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Brahma Reddy Battula (Jul 10)
- CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE Brahma Reddy Battula (Jul 10)
- CVE-2023-35908: Apache Airflow: Access to DAGs without relevant permission Ephraim Anierobi (Jul 11)
- CVE-2023-22887: Apache Airflow path traversal by authenticated user Ephraim Anierobi (Jul 11)
- CVE-2022-46651: Apache Airflow: Security vulnerability on AirFlow Connections Ephraim Anierobi (Jul 11)
- CVE-2023-36543: Apache Airflow: ReDoS via dags function Ephraim Anierobi (Jul 11)
- CVE-2023-22888: Apache Airflow: Scheduler remote DoS Ephraim Anierobi (Jul 11)
- CVE-2023-30428: Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer Dave Fisher (Jul 11)
- CVE-2023-30429: Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy Dave Fisher (Jul 11)
- CVE-2023-31007: Apache Pulsar: Broker does not always disconnect client when authentication data expires Dave Fisher (Jul 11)
- CVE-2023-37579: Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials Dave Fisher (Jul 11)
- CVE-2023-32200: Apache Jena: Exposure of execution in script engine expressions. Andy Seaborne (Jul 11)
- CVE-2023-37582: Apache RocketMQ: Possible remote code execution when using the update configuration function Rongtong Jin (Jul 12)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 12)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Aug 16)
- Re: Multiple vulnerabilities in Jenkins plugins Demi Marie Obenour (Aug 16)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 06)
- CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user Elad Kalif (Jul 12)
- Re: RCE in acme.sh < 3.0.6 Jan Schaumann (Jul 13)
- Xen Security Notice 1 v1 - winpvdrvbuild.xenproject.org potentially compromised Xen . org security team (Jul 14)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Solar Designer (Jul 14)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Marcus Meissner (Jul 19)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Marcus Meissner (Jul 25)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Solar Designer (Jul 25)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Marcus Meissner (Jul 25)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Tamás Koczka (Jul 19)
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Marcus Meissner (Jul 19)
- OpenSSL Security Advisory Tomas Mraz (Jul 15)
- <Possible follow-ups>
- OpenSSL Security Advisory Tomas Mraz (Jul 19)
- Re: OpenSSL Security Advisory Sandipan Roy (Jul 19)
- Re: OpenSSL Security Advisory Jeffrey Walton (Jul 19)
- OpenSSL Security Advisory Matt Caswell (Jul 31)
- OpenSSL Security Advisory Tomas Mraz (Sep 08)
- Re: OpenSSL Security Advisory Alex Gaynor (Sep 08)
- CVE-2023-26512: Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data Xue Weiming (Jul 15)
- curl: fopen race condition: CVE-2023-32001 Daniel Stenberg (Jul 18)
- CVE-2023-28754: ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent Weijie Wu (Jul 19)
- Announce: OpenSSH 9.3p2 released Damien Miller (Jul 19)
- Re: Announce: OpenSSH 9.3p2 released Demi Marie Obenour (Jul 20)
- Re: Announce: OpenSSH 9.3p2 released Sevan Janiyan (Jul 20)
- Re: Announce: OpenSSH 9.3p2 released Matthew Fernandez (Jul 20)
- Re: Announce: OpenSSH 9.3p2 released Marcus Meissner (Jul 21)
- Re: Announce: OpenSSH 9.3p2 released Demi Marie Obenour (Jul 21)
- Re: Announce: OpenSSH 9.3p2 released Qualys Security Advisory (Jul 21)
- Re: Announce: OpenSSH 9.3p2 released Sevan Janiyan (Jul 21)
- Re: Announce: OpenSSH 9.3p2 released Sevan Janiyan (Jul 20)
- Re: Announce: OpenSSH 9.3p2 released Demi Marie Obenour (Jul 20)
- CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent Qualys Security Advisory (Jul 19)
- Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent Ramon de C Valle (Jul 20)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0006 Carlos Alberto Lopez Perez (Jul 21)
- CVE-2023-20593: A use-after-free in AMD Zen2 Processors Tavis Ormandy (Jul 24)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers (Jul 24)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Eddie Chapman (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Matthias Schmidt (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Demi Marie Obenour (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Lucas Rolff (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jeffrey Walton (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Solar Designer (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers (Jul 24)
- Xen Security Advisory 433 v1 - x86/AMD: Zenbleed Xen . org security team (Jul 24)
- CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. Brian Demers (Jul 24)
- CVE-2023-34189: Apache InLong: General user can delete and update process Charles Zhang (Jul 25)
- CVE-2023-34434: Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param Charles Zhang (Jul 25)
- CVE-2023-35088: Apache InLong: SQL injection in audit endpoint Charles Zhang (Jul 25)
- CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE Julian Reschke (Jul 25)
- CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin Carsten Ziegeler (Jul 25)
- CVE-2023-38647: Apache Helix: Deserialization vulnerability in Helix workflow and REST Junkai Xue (Jul 25)
- Xen Security Advisory 433 v2 (CVE-2023-20593) - x86/AMD: Zenbleed Xen . org security team (Jul 26)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jul 26)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Sep 20)
- CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters Alan Coopersmith (Jul 27)
- Re: CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters Alan Coopersmith (Sep 06)
- CVE-2023-36542: Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources David Handermann (Jul 29)
- Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Xen . org security team (Jul 31)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Solar Designer (Aug 08)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Andrew Cooper (Aug 08)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Solar Designer (Aug 16)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Andrew Cooper (Aug 16)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Demi Marie Obenour (Aug 08)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Andrew Cooper (Aug 08)
- Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Solar Designer (Aug 08)
- Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77 Xen . org security team (Aug 01)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0007 Carlos Alberto Lopez Perez (Aug 02)
- Mozilla VPN: CVE-2023-4104: Privileged vpndaemon on Linux wrongly and incompletely implements Polkit authentication Matthias Gerstner (Aug 03)
- CVE-2023-38497: Cargo does not respect umask when extracting packages Pietro Albini (Aug 03)
- CVE-2023-39508: Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges Jarek Potiuk (Aug 04)
- CVE-2023-37581: Apache Roller: XSS vulnerability for site with untrusted users Dave (Aug 05)
- Re: CVE-2023-37581: Apache Roller: XSS vulnerability for site with untrusted users Srivani Reddy (Aug 16)
- Foswiki-2.1.8 has been released Michael Daum (Aug 07)
- Fwd: Node.js security updates for all active release lines, August 2023 Rafael Silva (Aug 08)
- Re: Fwd: Node.js security updates for all active release lines, August 2023 Solar Designer (Aug 08)
- <Possible follow-ups>
- Fwd: Node.js security updates for all active release lines, August 2023 Rafael Silva (Aug 10)
- Xen Security Advisory 432 v2 (CVE-2023-34319) - Linux: buffer overrun in netback due to unusual packet Xen . org security team (Aug 08)
- Xen Security Advisory 434 v1 (CVE-2023-20569) - x86/AMD: Speculative Return Stack Overflow Xen . org security team (Aug 08)
- Xen Security Advisory 435 v1 (CVE-2022-40982) - x86/Intel: Gather Data Sampling Xen . org security team (Aug 08)
- Node.js security updates for August Ken Moffat (Aug 09)
- CVE-2023-3772: Linux kernel: xfrm_update_ae_params NULL pointer dereference Lin Ma (Aug 09)
- Re: CVE-2023-3772: Linux kernel: xfrm_update_ae_params NULL pointer dereference Seth Arnold (Aug 10)
- CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability Elad Kalif (Aug 11)
- Podman: API service listening on TCP can be used from websites Dennis Dast (Aug 15)
- CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Elad Kalif (Aug 17)
- Re: CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Seth Arnold (Aug 17)
- CVE-2023-40037: Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs David Handermann (Aug 18)
- CVE-2022-46751: Apache Ivy: XML External Entity vulnerability in Apache Ivy Stefan Bodewig (Aug 20)
- openSUSE-welcome: local privilege escalation when choosing XFCE desktop layout (CVE-2023-32184) Matthias Gerstner (Aug 22)
- [CVE-2022-44729] Apache Batik information disclosure vulnerability Simon Steiner (Aug 22)
- [CVE-2022-44730] Apache Batik information disclosure vulnerability Simon Steiner (Aug 22)
- Re: [CVE-2022-44730] Apache Batik information disclosure vulnerability Moritz Bechler (Aug 22)
- CVE-2023-40273: Session fixation in Apache Airflow web interface Ephraim Anierobi (Aug 23)
- CVE-2023-39441: Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation Ephraim Anierobi (Aug 23)
- [kubernetes] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation Rita Zhang (Aug 23)
- CVE-2023-37379: Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature Ephraim Anierobi (Aug 23)
- [kubernetes] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation Rita Zhang (Aug 23)
- [kubernetes] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation Rita Zhang (Aug 23)
- Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@ Donald Buczek (Aug 25)
- CVE-2023-27604: Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability Elad Kalif (Aug 25)
- CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE Elad Kalif (Aug 25)
- linux-distros list policy and Linux kernel, again Solar Designer (Aug 25)
- Re: linux-distros list policy and Linux kernel, again Seth Arnold (Aug 25)
- Re: linux-distros list policy and Linux kernel, again Demi Marie Obenour (Aug 26)
- Re: linux-distros list policy and Linux kernel, again Solar Designer (Aug 26)
- Re: linux-distros list policy and Linux kernel, again Eduardo' Vela" <Nava> (Aug 27)
- Re: linux-distros list policy and Linux kernel, again Demi Marie Obenour (Aug 27)
- Re: linux-distros list policy and Linux kernel, again Eduardo' Vela" <Nava> (Aug 27)
- Re: linux-distros list policy and Linux kernel, again Demi Marie Obenour (Aug 28)
- Re: linux-distros list policy and Linux kernel, again Willy Tarreau (Aug 27)
- Re: linux-distros list policy and Linux kernel, again Solar Designer (Aug 28)
- Re: linux-distros list policy and Linux kernel, again Jeremy Stanley (Aug 28)
- Re: linux-distros list policy and Linux kernel, again Willy Tarreau (Aug 28)
- Re: linux-distros list policy and Linux kernel, again Solar Designer (Aug 30)
- Re: linux-distros list policy and Linux kernel, again Willy Tarreau (Sep 04)
- Re: linux-distros list policy and Linux kernel, again Solar Designer (Sep 08)
- Re: linux-distros list policy and Linux kernel, again Solar Designer (Aug 28)
- Re: linux-distros list policy and Linux kernel, again Solar Designer (Sep 21)
- Re: linux-distros list policy and Linux kernel, again Seth Arnold (Aug 25)
- [Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900) VMware Security Response Center (Aug 31)
- Replacement of Allan McRae on linux-distros for Arch Linux Levente Polyak (Sep 01)
- Re: Replacement of Allan McRae on linux-distros for Arch Linux Solar Designer (Sep 01)
- CVE-2023-41180: Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ Marton Szasz (Sep 02)
- Django: CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() Mariusz Felisiak (Sep 04)
- CVE-2023-40743: Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Arnout Engelen (Sep 05)
- Xen Security Advisory 437 v2 (CVE-2023-34321) - arm32: The cache may not be properly cleaned/invalidated Xen . org security team (Sep 05)
- CVE-2023-36387: Apache Superset: Improper API permission for low privilege users Daniel Gaspar (Sep 06)
- CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF Daniel Gaspar (Sep 06)
- CVE-2023-27523: Apache Superset: Improper data permission validation on Jinja templated queries Daniel Gaspar (Sep 06)
- CVE-2023-27526: Apache Superset: Improper Authorization check on import charts Daniel Gaspar (Sep 06)
- CVE-2023-39264: Apache Superset: Stack traces enabled by default Daniel Gaspar (Sep 06)
- CVE-2023-39265: Apache Superset: Possible Unauthorized Registration of SQLite Database Connections Daniel Gaspar (Sep 06)
- CVE-2023-37941: Apache Superset: Metadata db write access can lead to remote code execution Daniel Gaspar (Sep 06)
- CVE-2023-32672: Apache Superset: SQL parser edge case bypasses data access authorization Daniel Gaspar (Sep 06)
- croc: multiple issues in file sharing utility Matthias Gerstner (Sep 08)
- Re: croc: multiple issues in file sharing utility Salvatore Bonaccorso (Sep 21)
- CVE-2023-4809: FreeBSD pf bypass when using IPv6 Enrico Bassetti (Sep 08)
- Re: CVE-2023-4809: FreeBSD pf bypass when using IPv6 Alexander Bluhm (Sep 08)
- Re: CVE-2023-4809: FreeBSD pf bypass when using IPv6 Demi Marie Obenour (Sep 08)
- Re: CVE-2023-4809: FreeBSD pf bypass when using IPv6 Alexander Bluhm (Sep 08)
- mutt 2.2.12 security update Tavis Ormandy (Sep 09)
- Re: mutt 2.2.12 security update Thadeu Lima de Souza Cascardo (Sep 26)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008 Carlos Alberto Lopez Perez (Sep 11)
- CVE-2023-40712: Apache Airflow: Secrets can be unmasked in the "Rendered Template" Ephraim Anierobi (Sep 12)
- CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control Vulnerability Ephraim Anierobi (Sep 12)
- CVE-2023-38039 curl: HTTP headers eat all memory Daniel Stenberg (Sep 12)
- [SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Mark Thomas (Sep 13)
- CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file Gary D. Gregory (Sep 13)
- illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 13)
- Re: illumos (or at least danmcd) membership in the distros list Katherine Mcmillan (Sep 13)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Bob Friesenhahn (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Demi Marie Obenour (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Jean Luc Picard (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Solar Designer (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Alan Coopersmith (Sep 14)
- Re: illumos (or at least danmcd) membership in the distros list Solar Designer (Sep 15)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 18)
- Re: illumos (or at least danmcd) membership in the distros list Solar Designer (Sep 22)
- Re: illumos (or at least danmcd) membership in the distros list Solar Designer (Sep 22)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 25)
- Re: illumos (or at least danmcd) membership in the distros list Solar Designer (Sep 25)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 25)
- Re: illumos (or at least danmcd) membership in the distros list Solar Designer (Sep 25)
- Re: administrative tasks (was: illumos (or at least danmcd) membership in the distros list) Alan Coopersmith (Sep 26)
- Re: illumos (or at least danmcd) membership in the distros list Alan Coopersmith (Sep 25)
- Re: illumos (or at least danmcd) membership in the distros list Dan McDonald (Sep 18)
- Re: illumos (or at least danmcd) membership in the distros list Katherine Mcmillan (Sep 13)
- CVE-2023-41267: Apache HDFS Provider error message suggested installation of incorrect pip package Elad Kalif (Sep 14)
- Possible AMD Zen2 CVE Steve Thompson (Sep 18)
- Re: Possible AMD Zen2 CVE Mathias Krause (Sep 19)
- RE: [External] : [oss-security] Possible AMD Zen2 CVE Casper Dik (Sep 19)
- [CVE-2023-42752] integer overflow in Linux kernel leading to exploitable memory access Kyle Zeng (Sep 18)
- [CVE-2023-41834] Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences Martijn Visser (Sep 19)
- Xen Security Advisory 438 v2 (CVE-2023-34322) - top-level shadow reference dropped too early for 64-bit PV guests Xen . org security team (Sep 20)
- ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-3341, CVE-2023-4236) Michał Kępień (Sep 20)
- CVE-2023-4504 cups, libppd: Postscript parsing heap-based buffer overflow Zdenek Dohnal (Sep 20)
- Re: CVE-2023-4504 cups, libppd: Postscript parsing heap-based buffer overflow Solar Designer (Sep 20)
- MOV{H,L}PS instructions can fail on Genoa (Zen 4) Tavis Ormandy (Sep 21)
- Advisory X41-2023-001: Two Vulnerabilities in OPNsense X41 D-Sec GmbH Advisories (Sep 21)
- Supply Chain Issues in PyPI Stian Kristoffersen (Sep 21)
- CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 21)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Hanno Böck (Sep 21)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Vincent Rabaud (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Vincent Rabaud (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Marc Deslauriers (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Rodrigo Freire (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 22)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Salvatore Bonaccorso (Sep 26)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 26)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Salvatore Bonaccorso (Sep 28)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Jeffrey Walton (Sep 28)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Emilio Pozuelo Monfort (Sep 28)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer (Sep 26)
- Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Hanno Böck (Sep 21)
- Plone security advisory 2023/09/21 Maurits van Rees (Sep 22)
- [CVE-2023-42753] Array Indexing error in Linux kernel Kyle Zeng (Sep 22)
- CVE-2023-4527: glibc: Stack read overflow in getaddrinfo in no-aaaa mode Solar Designer (Sep 25)
- Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Xen . org security team (Sep 25)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Sep 25)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Sep 25)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Sep 25)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Sep 26)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Sep 26)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Sep 26)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Sep 25)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Demi Marie Obenour (Sep 27)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Sep 25)
- Xen Security Advisory 439 v2 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Xen . org security team (Sep 25)
- [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Kyle Zeng (Sep 25)
- Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Greg KH (Sep 26)
- Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Kyle Zeng (Sep 26)
- Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Greg KH (Sep 26)
- CVE-2023-43040 Ceph: Improperly verified POST keys. Sage [They / Them] McTaggart (Sep 26)
- [CVE-2023-42756] Linux kernel race condition in netfilter Kyle Zeng (Sep 27)
- WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009 Carlos Alberto Lopez Perez (Sep 28)
- CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Alan Coopersmith (Sep 28)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 28)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27 (Sep 29)
- Re: Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Travis Finkenauer (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Dominique Martinet (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Demi Marie Obenour (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Michael Orlitzky (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Steffen Nurpmeso (Sep 30)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Jeffrey Walton (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Shawn Webb (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27 (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Alan Coopersmith (Sep 30)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 28)
- CVE-2023-41081: Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request [CORRECTION] Christopher Schultz (Sep 28)
- Multiple Exim4 Zero Days Markus Gschwendt (Sep 29)
- Re: Multiple Exim4 Zero Days Alex Gaynor (Sep 29)
- Exim4 MTA CVEs assigned from ZDI Heiko Schlittermann (Sep 29)
- Re: Exim4 MTA CVEs assigned from ZDI Solar Designer (Sep 29)
- RE: Exim4 MTA CVEs assigned from ZDI zdi () trendmicro com (Sep 29)
- Re: Exim4 MTA CVEs assigned from ZDI Solar Designer (Sep 29)
- CVE-2023-39410: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK Ryan Skraba (Sep 29)
- 3 buffer overflows in gstreamer's gst-plugins-bad before 1.22.6 Alan Coopersmith (Sep 29)