OSS Sec Archive by Thread 2018/04-Apr
- [oss-security] [CVE-2018-1295]: Possible Execution of Arbitrary Code Within Deserialization Endpoints of Apache Ignite,
Denis Magda
- [oss-security] Announce: OpenSSH 7.7 released,
Damien Miller
- [oss-security] CVE-2018-1002150: koji: Dist Repo call missing authorization check allowing filesystem manipulation,
Patrick Uiterwijk
- [oss-security] Linux Kernel Defence Map,
Alexander Popov
- [oss-security] WebKitGTK+ Security Advisory WSA-2018-0003,
Michael Catanzaro
- [oss-security] [SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised,
Daniel Dai
- [oss-security] [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned,
Daniel Dai
- [oss-security] [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files,
Daniel Dai
- Re: [oss-security] Multiple vulnerabilities in Jenkins plugins,
Daniel Beck
- [oss-security] Privsec vuln in beep / Code execution in GNU patch,
Hanno Böck
- [oss-security] beep infoleak,
Hanno Böck
- [oss-security] CVE-2018-2767: MySQL & MariaDB: Return of the BACKRONYM vulnerability (public disclosure),
Pali Rohár
- [oss-security] [SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter,
Uwe Schindler
- [oss-security] pcs: disclosure of CVE-2018-1079 and CVE-2018-1086,
Cedric Buissart
- [oss-security] Re: Terminal Control Chars,
Ian Zimmerman
- Re: [oss-security] Terminal Control Chars,
Gordo Lowrey
- [oss-security] CVE-2017-13220 / Android A-63527053: Linux kernel: Possible out-of-bound access in Bluetooth subsystem,
Vladis Dronov
- [oss-security] CVE-2018-1097 Foreman: oVirt credentials exposed by host power API,
Tomer Brisker
- [oss-security] Change to ASF httpd vulnerability XML format,
Mark Cox
- [oss-security] Multiple vulnerabilities in Jenkins,
Daniel Beck
- [oss-security] CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function,
Raphael Sanchez Prudencio
- [oss-security] Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8,
Larry W. Cashdollar
- [oss-security] Re: CVE-2018-1000168: nghttp2: Denial of service due to NULL pointer dereference.,
Tatsuhiro Tsujikawa
- [oss-security] Updated distros statistics,
Kristian Fiskerstrand
- [oss-security] CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths,
Billy Brumley
- [oss-security] CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled,
Siddharth Sharma
- [oss-security] CVE-2018-1172 Squid Proxy Cache Denial of Service vulnerability,
Amos Jeffries
- [oss-security] [SECURITY] CVE-2018-1289: Apache Fineract SQL Injection Vulnerability by orderBy and sortOrder parameters,
Ed Cable
- [oss-security] [SECURITY] CVE-2018-1290: Apache Fineract SQL Injection Vulnerability - Single quotation escape caused by two continuous SQL parameters,
Ed Cable
- [oss-security] [SECURITY] CVE-2018-1291: Apache Fineract SQL Injection Vulnerability - Order by injection via Order Param,
Ed Cable
- [oss-security] [SECURITY] CVE-2018-1292: Apache Fineract SQL Injection Vulnerability - Injection via reportName parameter,
Ed Cable
- [oss-security] CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow,
Vítor Silva
- [oss-security] Re: a number of CVEs for issues in the filesystem's code in the Linux kernel,
Vladis Dronov
- [oss-security] [OSSA-2018-001] Raw underlying encrypted volume access (CVE-2017-18191),
Tristan Cacqueray
- [oss-security] Authorization bypass in PHPLiteAdmin since 1.9.5,
Karsten König
- [oss-security] CVE-2018-1110: Knot Resolver <= 2.2.0 Improper Input Validation,
Petr Špaček
- [oss-security] Multiple local root vulnerabilities involving PackageKit CVE-2018-1106,
Matthias Gerstner
- [oss-security] ktexteditor / Kate local privilege escalation,
Matthias Gerstner
- [oss-security] CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process,
David Rientjes
- [oss-security] Xen Security Advisory 258 - Information leak via crafted user-supplied CDROM,
Xen . org security team
- [oss-security] Xen Security Advisory 259 - x86: PV guest may crash Xen with XPTI,
Xen . org security team
- [oss-security] [CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser,
Tim Allison
- [oss-security] [CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser,
Tim Allison
- [oss-security] [CVE-2018-1335] Command Injection Vulnerability in Apache Tika’s tika-server module,
Tim Allison
- [oss-security] [ANNOUNCE] CVE-2017-15691: Apache UIMA XML external entity expansion (XXE) attack exposure,
Marshall Schor
- [oss-security] CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS,
nongiach nongiach
- [oss-security] Xen Security Advisory 258 (CVE-2018-10472) - Information leak via crafted user-supplied CDROM,
Xen . org security team
- [oss-security] Xen Security Advisory 259 (CVE-2018-10471) - x86: PV guest may crash Xen with XPTI,
Xen . org security team
Mail converted by MHonArc