OSS Sec Archive by Thread 2019/01-Jan
- Re: [oss-security] Asserts considered harmful (or GMP spills its sensitive information),
Matthew Fernandez
- [oss-security] wget / chromium: URL metadata and potential password leaks via extended filesystem attributes,
Hanno Böck
- [oss-security] Re: Asserts considered harmful (or GMP spills its sensitive information),
Niels Möller
- [oss-security] aria2 leaks passwords for HTTP based authentication,
Dhiraj Mishra
- [oss-security] Django security releases issued: 2.1.5, 2.0.10, and 1.11.18,
Tim Graham
- [oss-security] [SECURITY] New security advisory for CVE-2018-11788 released for Apache Karaf,
Jean-Baptiste Onofré
- [oss-security] New pagecache based sidechannel attack published,
Marcus Meissner
- [oss-security] [SECURITY] CVE-2018-1320 Announcement,
James E. King III
- [oss-security] [SECURITY] CVE-2018-11798 Announcement,
James E. King III
- [oss-security] Sandbox bypass in multiple Jenkins plugins,
Daniel Beck
- [oss-security] Linux Kernel 4.20(21) deadlock vulnerability.,
Entropy Moe
- [oss-security] KASAN stack out of bound bug,
Entropy Moe
- [oss-security] Xen Security Advisory 275 v3 (CVE-2018-19961,CVE-2018-19962) - insufficient TLB flushing / improper large page mappings with AMD IOMMUs,
Xen . org security team
- [oss-security] Xen Security Advisory 276 v3 (CVE-2018-19963) - resource accounting issues in x86 IOREQ server handling,
Xen . org security team
- [oss-security] Xen Security Advisory 277 v3 (CVE-2018-19964) - x86: incorrect error handling for guest p2m page removals,
Xen . org security team
- [oss-security] Xen Security Advisory 279 v3 (CVE-2018-19965) - x86: DoS from attempting to use INVPCID with a non-canonical addresses,
Xen . org security team
- [oss-security] Xen Security Advisory 280 v3 (CVE-2018-19966) - Fix for XSA-240 conflicts with shadow paging,
Xen . org security team
- [oss-security] Xen Security Advisory 282 v2 (CVE-2018-19967) - guest use of HLE constructs may lock up host,
Xen . org security team
- [oss-security] RCE, CSRF and Information leak vulnerabilities against Airflow <= 1.8.2 (CVE-2017-15720, CVE-2017-17835, CVE-2017-17836),
Ash Berlin-Taylor
- [oss-security] CVE-2018-20245: Apache Airflow LDAP auth backend did not validate SSL certificate for <= 1.10.0,
Ash Berlin-Taylor
- [oss-security] Fastbin double free issue in MP4v2 2.0.0,
Purushottam Choudhary
- [oss-security] System Down: A systemd-journald exploit,
Qualys Security Advisory
- [oss-security] Irssi 1.1.2: CVE-2019-5882,
Ailin Nemui
- [oss-security] X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser,
X41 D-Sec GmbH Advisories
- [oss-security] [CVE-2018-17198] Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller,
Dave
- [oss-security] Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460),
Solar Designer
- [oss-security] Memory leak in libiec61850 protocol,
Dhiraj Mishra
- [oss-security] Memory leak in libiec61850,
Dhiraj Mishra
- [oss-security] NULL pointer dereference in lib60870 protocol,
Dhiraj Mishra
- [oss-security] SEGV in libIEC61850 protocol,
Dhiraj Mishra
- [oss-security] CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway,
Paul Harvey
- [oss-security] SCP client multiple vulnerabilities,
Harry Sintonen
- [oss-security] Statistics for distros lists updated for 2018Q4,
Kristian Fiskerstrand
- [oss-security] CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string length calculation,
Peter Kovacs
- [oss-security] Heap based buffer overflow in wolfSSL,
Dhiraj Mishra
- [oss-security] Multiple vulnerabilities in Jenkins,
Daniel Beck
- [oss-security] Unfixed FreeBSD uninitialized memory disclosures,
Vlad Tsyrklevich
- [oss-security] GattLib 0.2 has a stack-based buffer - CVE-2019-6498,
Dhiraj Mishra
- [oss-security] Apache web server use after free bugs (unfixed),
Hanno Böck
- [oss-security] Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable with L1TF,
Xen . org security team
- [oss-security] PowerDNS Security Advisories 2011-01 and 2019-02,
Remi Gacogne
- [oss-security] Xen Security Advisory 289 v3 - Cache-load gadgets exploitable with L1TF,
Xen . org security team
- Re: [oss-security] Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284,
Thomas Jarosch
- [oss-security] CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies,
Daniel Ruggeri
- [oss-security] CVE-2018-17199: mod_session_cookie does not respect expiry time,
Daniel Ruggeri
- [oss-security] CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1,
Daniel Ruggeri
- [oss-security] [CVE-2018-11803] Apache Subversion Denial of Service Vulnerability,
Troy Curtis
- [oss-security] ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators,
Tavis Ormandy
- [oss-security] Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver),
Timothy Michaud
- [oss-security] CVE-2018-1340: Apache Guacamole: Secure flag missing from session cookie,
Mike Jumper
- [oss-security] CVE-2018-1296: Apache Hadoop HDFS Permissive listXAttr Authorization,
Akira Ajisaka
- [oss-security] CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request,
P J P
- [oss-security] CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu(),
P J P
- [oss-security] CVE-2018-16880 Linux kernel: oob-write in drivers/vhost/net.c:get_rx_bufs(),
Vladis Dronov
- [oss-security] Multiple vulnerabilities in Jenkins plugins,
Daniel Beck
- [oss-security] CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c,
Scott Gayou
- [oss-security] CVE-2018-11760: Apache Spark local privilege escalation vulnerability,
Imran Rashid
- [oss-security] [CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration,
Sysdream Labs
- [oss-security] [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki,
Juan Pablo Santos Rodríguez
Mail converted by MHonArc