[oss-security] CVE-2023-35701: Apache Hive: Arbitrary command execution via JDBC driver
Started by Stamatis Zampetakis on 2024-05-03 10:53:02 |
0
|
2024-05-03 10:53:02 by Stamatis Zampetakis
|
Re: [oss-security] escaping terminal control characters (was Re: backdoor in upstream xz/liblzma leading to ssh server compromise)
Started by Sam James on 2024-05-02 21:36:43 |
2
|
2024-05-03 10:50:44 by Steffen Nurpmeso
|
Re: [oss-security] New SMTP smuggling attack
Started by Mark Esler on 2024-04-30 10:14:00 |
5
|
2024-05-02 19:53:55 by Solar Designer
|
[oss-security] CVE-2024-30251: DoS in aiohttp
Started by Sam Bull on 2024-05-02 14:09:49 |
0
|
2024-05-02 14:09:49 by Sam Bull
|
[oss-security] CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling
Started by YuanSheng Wang on 2024-05-02 13:04:33 |
0
|
2024-05-02 13:04:33 by YuanSheng Wang
|
[oss-security] Re: CVEs issued by the Linux kernel CNA
Started by Alan Coopersmith on 2024-05-01 20:27:44 |
1
|
2024-05-02 09:14:28 by Greg KH
|
[oss-security] CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration
Started by Jean-Baptiste Onofré on 2024-05-01 16:35:12 |
0
|
2024-05-01 16:35:12 by Jean-Baptiste Onofré
|
[oss-security] Telegram Web app XSS / Session Hijacking 1-click
Started by Pedro Batista on 2024-04-28 16:18:06 |
1
|
2024-04-30 10:16:03 by Pedro Batista
|
Re: [oss-security] Update on the distro-backdoor-scanner effort
Started by Vegard Nossum on 2024-04-29 14:04:03 |
1
|
2024-04-30 10:10:16 by Jacob Bachmeyer
|
[oss-security] libksieve (used by kmail/kontact) sent password as username
Started by Jonas Schäfer on 2024-04-25 16:21:10 |
1
|
2024-04-30 07:41:59 by Salvatore Bonaccorso
|
[oss-security] Linux: Disabling network namespaces
Started by Solar Designer on 2024-04-14 19:13:09 |
19
|
2024-04-29 19:07:56 by John Johansen
|
[oss-security] CVE-2024-27322: Deserialization vulnerability in R before 4.4.0
Started by Alan Coopersmith on 2024-04-29 15:57:48 |
0
|
2024-04-29 15:57:48 by Alan Coopersmith
|
Re: [oss-security] Update on the distro-backdoor-scanner effort
Started by Jacob Bachmeyer on 2024-04-29 14:00:39 |
0
|
2024-04-29 14:00:39 by Jacob Bachmeyer
|
[oss-security] Suspicious hook-loading mechanism in hyprland
Started by Sam James on 2024-04-28 15:53:40 |
0
|
2024-04-28 15:53:40 by Sam James
|
Re: [oss-security] Update on the distro-backdoor-scanner effort
Started by Jacob Bachmeyer on 2024-04-27 13:28:39 |
0
|
2024-04-27 13:28:39 by Jacob Bachmeyer
|
Re: [oss-security] Update on the distro-backdoor-scanner effort
Started by Simon McVittie on 2024-04-26 20:59:42 |
0
|
2024-04-26 20:59:42 by Simon McVittie
|
[oss-security] Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc)
Started by Paragon Initiative Enterprises Security Team on 2024-04-24 21:18:27 |
0
|
2024-04-24 21:18:27 by Paragon Initiative Enterprises Security Team
|
[oss-security] CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy
Started by Oriol Castejón on 2024-04-24 18:04:43 |
0
|
2024-04-24 18:04:43 by Oriol Castejón
|
[oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
Started by Adhemerval Zanella Netto on 2024-04-17 17:43:59 |
2
|
2024-04-24 16:14:28 by Florian Weimer
|
[oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor
Started by Peter van Dijk on 2024-04-24 11:29:32 |
0
|
2024-04-24 11:29:32 by Peter van Dijk
|
[oss-security] 83 bogus CVEs assigned to Robot Operating System (ROS)
Started by Mark Esler on 2024-04-23 09:36:37 |
3
|
2024-04-23 09:43:01 by Yash Patel
|
[oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode
Started by Imba Jin on 2024-04-22 13:34:00 |
0
|
2024-04-22 13:34:00 by Imba Jin
|
[oss-security] CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin
Started by Imba Jin on 2024-04-22 13:31:56 |
0
|
2024-04-22 13:31:56 by Imba Jin
|
[oss-security] CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page
Started by Imba Jin on 2024-04-22 13:29:34 |
0
|
2024-04-22 13:29:34 by Imba Jin
|
[oss-security] Wordpress Responsive theme: arbitrary HTML content injection (CVE-2024-2848)
Started by Hanno Böck on 2024-04-22 10:52:44 |
0
|
2024-04-22 10:52:44 by Hanno Böck
|
Re: [oss-security] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass
Started by Jeffrey Walton on 2024-04-21 12:42:51 |
0
|
2024-04-21 12:42:51 by Jeffrey Walton
|
[oss-security] [Update] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass
Started by Fay Stegerman on 2024-04-20 23:17:13 |
0
|
2024-04-20 23:17:13 by Fay Stegerman
|
[oss-security] CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context
Started by Elad Kalif on 2024-04-19 10:18:09 |
0
|
2024-04-19 10:18:09 by Elad Kalif
|
Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
Started by Solar Designer on 2024-04-16 23:00:40 |
4
|
2024-04-19 10:15:39 by Jacob Bachmeyer
|
[oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website
Started by Enxin Xie on 2024-04-19 10:03:18 |
0
|
2024-04-19 10:03:18 by Enxin Xie
|
[oss-security] flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal and CWE-88
Started by Simon McVittie on 2024-04-18 16:47:43 |
0
|
2024-04-18 16:47:43 by Simon McVittie
|
[oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config
Started by Vegard Nossum on 2024-04-17 12:43:03 |
1
|
2024-04-18 12:58:34 by Jacob Bachmeyer
|
[oss-security] CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Started by Ephraim Anierobi on 2024-04-17 22:28:56 |
0
|
2024-04-17 22:28:56 by Ephraim Anierobi
|
Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
Started by Jakub Wilk on 2024-04-17 14:39:33 |
0
|
2024-04-17 14:39:33 by Jakub Wilk
|
Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI?
Started by Solar Designer on 2024-04-16 20:17:21 |
2
|
2024-04-17 12:40:32 by Dr. Christopher Kunz
|
[oss-security] [kubernetes] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Started by Rita Zhang on 2024-04-16 21:50:26 |
0
|
2024-04-16 21:50:26 by Rita Zhang
|
Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git
Started by Jacob Bachmeyer on 2024-04-11 13:44:31 |
4
|
2024-04-13 12:06:02 by Jacob Bachmeyer
|
[oss-security] PHP security releases 8.1.28, 8.2.18, & 8.3.6
Started by Alan Coopersmith on 2024-04-12 19:05:36 |
0
|
2024-04-12 19:05:36 by Alan Coopersmith
|
[oss-security] Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
Started by Alan Coopersmith on 2024-04-12 17:44:03 |
0
|
2024-04-12 17:44:03 by Alan Coopersmith
|
Re: [oss-security] Re: backdoor in upstream xz/liblzma leading to ssh server compromise
Started by Jakub Wilk on 2024-04-12 16:38:14 |
0
|
2024-04-12 16:38:14 by Jakub Wilk
|
[oss-security] CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials
Started by Jason Gerlowski on 2024-04-12 15:48:54 |
0
|
2024-04-12 15:48:54 by Jason Gerlowski
|
[oss-security] less(1) with LESSOPEN mishandles \n in paths
Started by Jakub Wilk on 2024-04-12 12:21:19 |
1
|
2024-04-12 15:46:04 by Sam James
|
Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI?
Started by Dr. Christopher Kunz on 2024-04-11 14:01:41 |
4
|
2024-04-12 01:24:56 by Kyle Zeng
|
[oss-security] CVE-2024-27309: Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Started by Colin McCabe on 2024-04-12 01:12:32 |
0
|
2024-04-12 01:12:32 by Colin McCabe
|
[oss-security] Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm
Started by Yann E. MORIN on 2024-04-11 18:36:00 |
0
|
2024-04-11 18:36:00 by Yann E. MORIN
|
Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI?
Started by Donald Buczek on 2024-04-11 13:58:56 |
0
|
2024-04-11 13:58:56 by Donald Buczek
|
[oss-security] Re: Is CVE-2024-30203 bogus? (Emacs)
Started by Sean Whitton on 2024-04-11 13:51:59 |
2
|
2024-04-11 13:56:41 by Max Nikulin
|
[oss-security] Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow
Started by Tianyu Chen on 2024-04-11 13:47:23 |
0
|
2024-04-11 13:47:23 by Tianyu Chen
|