oss-sec: by date
RSS Feed
About List
All Lists
Previous period
108 messages
starting Oct 02 24 and
ending Nov 18 24
Date index |
Thread index |
Author index
Wednesday, 02 October
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck
Thursday, 03 October
CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Martin Tzvetanov Grigorov
CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader Gary D. Gregory
PowerDNS Security Advisory 2024-04 Otto Moerbeek
cups-browsed vulnerable to DDoS amplification attack Larry Cashdollar
Re: cups-browsed vulnerable to DDoS amplification attack Peter van Dijk
Re: cups-browsed vulnerable to DDoS amplification attack Larry Cashdollar
Friday, 04 October
Re[2]: cups-browsed vulnerable to DDoS amplification attack larry0
CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Johannes Segitz
CVE-2024-42415: Integer Overflow in GNOME libgsf Alan Coopersmith
Re: CVE-2024-42415: Integer Overflow in GNOME libgsf Alan Coopersmith
CVE-2024-8508 in Unbound DNS server prior to 1.21.1 Alan Coopersmith
Saturday, 05 October
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Simon Josefsson
OSSA-2024-004 / CVE-2024-47211: OpenStack Ironic <26.1.1 fails to verify checksums of supplied image_source URLs when configured to convert images to raw for streaming Jay Faulkner
Sunday, 06 October
[vim-security] use-after-free when closing buffers in Vim < 9.1.0764 Christian Brabandt
Monday, 07 October
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Solar Designer
Tuesday, 08 October
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Simon Josefsson
CVE-2024-45720: Apache Subversion: Command line argument injection on Windows platforms Stefan Sperling
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Solar Designer
Wednesday, 09 October
CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing Simon Steiner
Thursday, 10 October
libarchive 3.7.5 released with security fixes Alan Coopersmith
Friday, 11 October
CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation David M. Johnson
Monday, 14 October
[kubernetes] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials Joel Smith
CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans Justin Bertram
Tuesday, 15 October
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Matthias Gerstner
CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota Daniel Augusto Veronezi Salvador
CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout Daniel Augusto Veronezi Salvador
CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible Daniel Augusto Veronezi Salvador
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Demi Marie Obenour
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Solar Designer
CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending Houston Putman
CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly Houston Putman
Wednesday, 16 October
CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Tomas Mraz
Thursday, 17 October
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Matthias Gerstner
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Steffen Nurpmeso
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so Solar Designer
Wednesday, 23 October
Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Dr. Christopher Kunz
Thursday, 24 October
Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Dr. Christopher Kunz
CVE-2024-45031: Apache Syncope: Stored XSS in Console and Enduser Francesco Chicchiriccò
CVE-2024-9050: NetworkManager-libreswan IPSec VPN plugin local code execution Lubomir Rintel
Monday, 28 October
CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description David Handermann
Tuesday, 29 October
CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Joel GUITTET
CVE-2024-9632: X.Org X server and Xwayland: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap Jose Exposito Quintana
Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Jacob Bachmeyer
Wednesday, 30 October
mpg123 buffer overflow in versions before 1.32.8 (Frankenstein's Monster) Dr. Thomas Orgis
Re: mpg123 buffer overflow in versions before 1.32.8 (Frankenstein's Monster) Marco Benatto
qBittorrent RCE, Browser Hijacking vulnerabilities Sec Guy
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0006 Adrian Perez de Castro
CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator Paul Irwin
Re: qBittorrent RCE, Browser Hijacking vulnerabilities Eli Schwartz
Thursday, 31 October
Re: mpg123 buffer overflow in versions before 1.32.8 (Frankenstein's Monster) Marco Benatto
Re: mpg123 buffer overflow in versions before 1.32.8 (Frankenstein's Monster) Alexander Patrakov
Friday, 01 November
Re: mpg123 buffer overflow in versions before 1.32.8 (Frankenstein's Monster) Dr. Thomas Orgis
Re: mpg123 buffer overflow in versions before 1.32.8 (Frankenstein's Monster) Dr. Thomas Orgis
Sunday, 03 November
CVE-2024-23590: Apache Kylin: Session fixation in web interface Li Yang
Tuesday, 05 November
shell wildcard expansion (un)safety Solar Designer
[SECURITY ADVISTORY] curl: CVE-2024-9681 HSTS subdomain overwrites parent cache entry Daniel Stenberg
Wednesday, 06 November
Re: shell wildcard expansion (un)safety David A. Wheeler
Re: shell wildcard expansion (un)safety Eli Schwartz
CVE-2024-51504: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server Andor Molnar
Re: shell wildcard expansion (un)safety Fay Stegerman
Re: shell wildcard expansion (un)safety Steffen Nurpmeso
Re: shell wildcard expansion (un)safety Solar Designer
Thursday, 07 November
Re: shell wildcard expansion (un)safety Jakub Wilk
Re: shell wildcard expansion (un)safety Max Nikulin
Re: shell wildcard expansion (un)safety Steffen Nurpmeso
Re: shell wildcard expansion (un)safety Steffen Nurpmeso
Re: shell wildcard expansion (un)safety Mats Wichmann
Re: shell wildcard expansion (un)safety Solar Designer
Re: shell wildcard expansion (un)safety Steffen Nurpmeso
Re: CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 Solar Designer
Friday, 08 November
Re: shell wildcard expansion (un)safety Georgi Guninski
CVE-2024-50378: Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli Ephraim Anierobi
Re: shell wildcard expansion (un)safety Dominik Czarnota
Saturday, 09 November
4 recent security bugs in GNOME's libsoup Alan Coopersmith
Sunday, 10 November
Re: shell wildcard expansion (un)safety Eli Schwartz
Re: shell wildcard expansion (un)safety lists
Re: shell wildcard expansion (un)safety Jeroen Roovers
Re: shell wildcard expansion (un)safety Fay Stegerman
Tuesday, 12 November
Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables Xen . org security team
Xen Security Advisory 463 v2 (CVE-2024-45818) - Deadlock in x86 HVM standard VGA handling Xen . org security team
CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Solar Designer
Re: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Clemens Lang
RE: CVE-2024-36905: Linux kernel: Divide-by-zero on shutdown of TCP_SYN_RECV sockets Joel GUITTET
Re: Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables Andrew Cooper
Re: 4 recent security bugs in GNOME's libsoup Alan Coopersmith
Re: shell wildcard expansion (un)safety Ali Polatel
Re: Xen Security Advisory 464 v2 (CVE-2024-45819) - libxl leaks data to PVH guests via ACPI tables Demi Marie Obenour
CVE-2024-52533: Buffer overflow in socks proxy code in glib < 2.82.1 Alan Coopersmith
Wednesday, 13 November
[ANNOUNCE] Apache Traffic Server is vulnerable to specific user inputs Masakazu Kitajo
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Thursday, 14 November
CVE-2024-45784: Apache Airflow: Sensitive configuration values are not masked in the logs by default Ephraim Anierobi
Friday, 15 November
Re: shell wildcard expansion (un)safety Steffen Nurpmeso
Saturday, 16 November
CVE-2024-48962: Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) Jacques Le Roux
CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE Jacques Le Roux
CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities Chao Gong
CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string Chao Gong
CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability Chao Gong
PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21 Solar Designer
Re: PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21 Solar Designer
Sunday, 17 November
Re: shell wildcard expansion (un)safety Sean Whitton
Monday, 18 November
CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API Mark Thomas
CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2 Mark Thomas
CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS Mark Thomas
CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Greg Harris
Fwd: wget-1.25.0 released [fixes CVE-2024-10524] Alan Coopersmith