oss-security mailing list
Recent messages:
- 2024/05/03 #3:
CVE-2023-35701: Apache Hive: Arbitrary command execution via JDBC
driver (Stamatis Zampetakis <zabetak@...che.org>)
- 2024/05/03 #2:
Re: escaping terminal control characters (was
Re: backdoor in upstream xz/liblzma leading to ssh server compromise) (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/05/03 #1:
Re: escaping terminal control characters (was
Re: backdoor in upstream xz/liblzma leading to ssh server compromise) (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/05/02 #7:
Re: escaping terminal control characters (was Re:
backdoor in upstream xz/liblzma leading to ssh server compromise) (Sam James <sam@...too.org>)
- 2024/05/02 #6:
Re: New SMTP smuggling attack (Solar Designer <solar@...nwall.com>)
- 2024/05/02 #5:
Re: New SMTP smuggling attack (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/05/02 #4:
CVE-2024-30251: DoS in aiohttp (Sam Bull <9m199i@...bull.org>)
- 2024/05/02 #3:
Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2024/05/02 #2:
CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling (YuanSheng Wang <membphis@...che.org>)
- 2024/05/02 #1:
Re: Re: CVEs issued by the Linux kernel CNA (Greg KH <greg@...ah.com>)
- 2024/05/01 #2:
Re: CVEs issued by the Linux kernel CNA (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/05/01 #1:
CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not
secured with default configuration (Jean-Baptiste Onofré <jbonofre@...che.org>)
- 2024/04/30 #7:
Re: New SMTP smuggling attack (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/04/30 #6:
Re: New SMTP smuggling attack (Erik Auerswald <auerswal@...x-ag.uni-kl.de>)
- 2024/04/30 #5:
Re: New SMTP smuggling attack (nightmare.yeah27@...ecat.org)
- 2024/04/30 #4:
Re: Telegram Web app XSS / Session Hijacking 1-click (Pedro Batista <pedbap.g@...il.com>)
- 2024/04/30 #3:
Re: New SMTP smuggling attack (Mark Esler <mark.esler@...onical.com>)
- 2024/04/30 #2:
Re: Update on the distro-backdoor-scanner effort (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/30 #1:
Re: libksieve (used by kmail/kontact) sent password
as username (Salvatore Bonaccorso <carnil@...ian.org>)
- 2024/04/29 #6:
Re: Update on the distro-backdoor-scanner effort (Gabriel Ravier <gabravier@...il.com>)
- 2024/04/29 #5:
Re: Re: Linux: Disabling network namespaces (John Johansen <john.johansen@...onical.com>)
- 2024/04/29 #4:
Re: Linux: Disabling network namespaces (John Johansen <john.johansen@...onical.com>)
- 2024/04/29 #3:
CVE-2024-27322: Deserialization vulnerability in R before 4.4.0 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/29 #2:
Re: Update on the distro-backdoor-scanner effort (Vegard Nossum <vegard.nossum@...cle.com>)
- 2024/04/29 #1:
Re: Update on the distro-backdoor-scanner effort (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/28 #4:
Telegram Web app XSS / Session Hijacking 1-click (Pedro Batista <pedbap.g@...il.com>)
- 2024/04/28 #3:
Suspicious hook-loading mechanism in hyprland (Sam James <sam@...too.org>)
- 2024/04/28 #2:
Re: Update on the distro-backdoor-scanner effort (Hank Leininger <hlein@...elogic.com>)
- 2024/04/28 #1:
Re: Update on the distro-backdoor-scanner effort (Hank Leininger <hlein@...elogic.com>)
- 2024/04/27 #2:
Re: Update on the distro-backdoor-scanner effort (Morten Linderud <foxboron@...hlinux.org>)
- 2024/04/27 #1:
Re: Update on the distro-backdoor-scanner effort (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/26 #3:
Re: Update on the distro-backdoor-scanner effort (Sam James <sam@...too.org>)
- 2024/04/26 #2:
Re: Update on the distro-backdoor-scanner effort (Simon McVittie <smcv@...ian.org>)
- 2024/04/26 #1:
Update on the distro-backdoor-scanner effort (Hank Leininger <hlein@...elogic.com>)
- 2024/04/25 #1:
libksieve (used by kmail/kontact) sent password as username (Jonas Schäfer <j.wielicki@...ecware.net>)
- 2024/04/24 #4:
Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc) (Paragon Initiative Enterprises Security Team <security@...agonie.com>)
- 2024/04/24 #3:
CVE-2024-0582 - Linux kernel use-after-free vulnerability in
io_uring, writeup and exploit strategy (Oriol Castejón <Oriol.Castejon@...dusintel.com>)
- 2024/04/24 #2:
Re: The GNU C Library security advisories update for
2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix
ou… (Florian Weimer <fweimer@...hat.com>)
- 2024/04/24 #1:
PowerDNS Recursor Security Advisory 2024-02: if recursive
forwarding is configured, crafted responses can lead to a den… (Peter van Dijk <peter.van.dijk@...erdns…)
- 2024/04/23 #6:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/23 #5:
Re: 83 bogus CVEs assigned to Robot Operating System (ROS) (Yash Patel <yashpatelphd@...il.com>)
- 2024/04/23 #4:
Re: 83 bogus CVEs assigned to Robot Operating System (ROS) (Mark Esler <mark.esler@...onical.com>)
- 2024/04/23 #3:
Re: 83 bogus CVEs assigned to Robot Operating System (ROS) (Yash Patel <yashpatelphd@...il.com>)
- 2024/04/23 #2:
83 bogus CVEs assigned to Robot Operating System (ROS) (Mark Esler <mark.esler@...onical.com>)
- 2024/04/23 #1:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/22 #6:
Re: Linux: Disabling network namespaces ("Priedhorsky, Reid" <reidpr@...l.gov>)
- 2024/04/22 #5:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/22 #4:
CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode (Imba Jin <jin@...che.org>)
- 2024/04/22 #3:
CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin (Imba Jin <jin@...che.org>)
- 2024/04/22 #2:
CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection
page (Imba Jin <jin@...che.org>)
- 2024/04/22 #1:
Wordpress Responsive theme: arbitrary HTML content injection
(CVE-2024-2848) (Hanno Böck <hanno@...eck.de>)
- 2024/04/21 #5:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/21 #4:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/21 #3:
Re: PoC for fdroidserver AllowedAPKSigningKeys
certificate pinning bypass (Jeffrey Walton <noloader@...il.com>)
- 2024/04/21 #2:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/21 #1:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/20 #3:
[Update] PoC for fdroidserver AllowedAPKSigningKeys certificate
pinning bypass (Fay Stegerman <flx@...usk.net>)
- 2024/04/20 #2:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/20 #1:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/19 #6:
Re: Linux: Disabling network namespaces (nightmare.yeah27@...ecat.org)
- 2024/04/19 #5:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/19 #4:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/19 #3:
CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with
unverified SSL context (Elad Kalif <eladkal@...che.org>)
- 2024/04/19 #2:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/19 #1:
CVE-2024-29217: Apache Answer: XSS vulnerability when changing
personal website (Enxin Xie <linkinstar@...che.org>)
- 2024/04/18 #5:
flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal
and CWE-88 (Simon McVittie <smcv@...ian.org>)
- 2024/04/18 #4:
Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-… (Solar Designer <solar@...nwall.com>)
- 2024/04/18 #3:
Re: Make your own backdoor: CFLAGS code injection,
Makefile injection, pkg-config (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/18 #2:
libreswan: IKEv1 default AH/ESP responder can crash and restart (David Morel <david.morel@...es.tech>)
- 2024/04/18 #1:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Matt Johnston <matt@....asn.au>)
- 2024/04/17 #10:
CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used (Ephraim Anierobi <ephraimanierobi@...che…)
- 2024/04/17 #9:
The GNU C Library security advisories update for 2024-04-17:
GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out… (Adhemerval Zanella Netto <zatrazz@...il…)
- 2024/04/17 #8:
Terrapin vulnerability in Jenkins CLI client (Daniel Beck <ml@...kweb.net>)
- 2024/04/17 #7:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Loganaden Velvindron <loganaden@...il.com>)
- 2024/04/17 #6:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/17 #5:
Re: Linux: Disabling network namespaces (Georgia Garcia <georgia.garcia@...onical.com>)
- 2024/04/17 #4:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/17 #3:
Make your own backdoor: CFLAGS code injection, Makefile injection,
pkg-config (Vegard Nossum <vegard.nossum@...cle.com>)
- 2024/04/17 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/17 #1:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Greg KH <greg@...ah.com>)
- 2024/04/16 #6:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/16 #5:
Re: backdoor in upstream xz/liblzma leading to ssh server compromise (Solar Designer <solar@...nwall.com>)
- 2024/04/16 #4:
[kubernetes] CVE-2024-3177: Bypassing mountable secrets policy
imposed by the ServiceAccount admission plugin (Rita Zhang <rita.z.zhang@...il.com>)
- 2024/04/16 #3:
Re: Linux: Disabling network namespaces (Philippe Cerfon <philcerf@...il.com>)
- 2024/04/16 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/16 #1:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/15 #6:
CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys
Through Biased ECDSA Nonces in PuTTY Client (Fabian Bäumer <fabian.baeumer@....de>)
- 2024/04/15 #5:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/15 #4:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/15 #3:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/15 #2:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/15 #1:
Re: less(1) with LESSOPEN mishandles \n in paths (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/14 #1:
Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/13 #2:
Re: less(1) with LESSOPEN mishandles \n in paths (Tobias Powalowski <tobias.powalowski@...glemail.com>)
- 2024/04/13 #1:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/12 #11:
PHP security releases 8.1.28, 8.2.18, & 8.3.6 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/12 #10:
Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to
21.1.12 and Xwayland prior to 23.2.5 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/12 #9:
Re: Re: backdoor in upstream xz/liblzma leading to
ssh server compromise (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/12 #8:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/12 #7:
CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and
readiness probes may leak basic auth credentials (Jason Gerlowski <gerlowskija@...che.org>)
30116 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.