oss-security mailing list - 2022/11/01

Follow @Openwall on Twitter for new release announcements and other news

[<prev day] [next day>] [month] [year] [list]

oss-security mailing list - 2022/11/01

Re: Is third party javascript on a login page considered dangerous? (Jan Engelhardt <jengelh@...i.de>)
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC (Weijie Wu <wuweijie@...che.org>)
Xen Security Advisory 412 v2 (CVE-2022-42327) - x86: unintended memory sharing between guests (Xen.org security team <security@....org>)
Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored (Xen.org security team <security@....org>)
Xen Security Advisory 415 v2 (CVE-2022-42310) - Xenstore: Guests can create orphaned Xenstore nodes (Xen.org security team <security@....org>)
Xen Security Advisory 416 v2 (CVE-2022-42319) - Xenstore: Guests can cause Xenstore to not free temporary memory (Xen.org security team <security@....org>)
Xen Security Advisory 417 v2 (CVE-2022-42320) - Xenstore: Guests can get access to Xenstore nodes of deleted domains (Xen.org security team <security@....org>)
Xen Security Advisory 418 v2 (CVE-2022-42321) - Xenstore: Guests can crash xenstored via exhausting the stack (Xen.org security team <security@....org>)
Xen Security Advisory 419 v2 (CVE-2022-42322,CVE-2022-42323) - Xenstore: Cooperating guests can create arbitrary number… (Xen.org security team <security@....org…)
Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31 bit integer truncation issues (Xen.org security team <security@....org>)
Xen Security Advisory 421 v2 (CVE-2022-42325,CVE-2022-42326) - Xenstore: Guests can create arbitrary number of nodes vi… (Xen.org security team <security@....org…)
Re: Is third party javascript on a login page considered dangerous? (Solar Designer <solar@...nwall.com>)
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal (Jiajie Zhong <zhongjiajie@...che.org>)
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript ("Sean R. Owen" <srowen@...che.org>)
OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE… (Solar Designer <solar@...nwall.com>)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Ove… (Demi Marie Obenour <demi@...isiblething…)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow … (Dave Horsfall <dave@...sfall.org>)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Over… (Pavan Maddamsetti <pavan.maddamsetti@gm…)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Ove… (Demi Marie Obenour <demi@...isiblething…)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overf… ("Erin Shepherd" <erin.shepherd@....eu>)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow… (Jeffrey Walton <noloader@...il.com>)
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL (Jedidiah Cunningham <jedcunningham@...che.org>)
CVE-2022-43985: Apache Airflow: Open Redirect (Jedidiah Cunningham <jedcunningham@...che.org>)
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) (alex@...xburke.ca)

24 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.