site:openwall.com

Linux kernel: Heap buffer overflow in fs_context.c since version 5.1 https://www.openwall.com/lists/oss-security/2022/01/18/7 18 comments 20/1/2022 linux

[CVE-2021-29154] Linux kernel BPF JIT compiler can be abused to execute arbitrary code in Kernel mode https://www.openwall.com/lists/oss-security/2021/04/08/1 6 comments 10/4/2021 linux

Heap-based buffer overflow in Sudo https://www.openwall.com/lists/oss-security/2021/01/26/3 27 comments 26/1/2021 programming

Pacman taking untrusted input https://www.openwall.com/lists/oss-security/2020/04/21/3 22 comments 21/4/2020 archlinux

Local information disclosure in OpenSMTPD (CVE-2020-8793) https://www.openwall.com/lists/oss-security/2020/02/24/4 2 comments 24/2/2020 bsd

oss-security — LPE and RCE in OpenSMTPD (CVE-2020-7247) https://www.openwall.com/lists/oss-security/2020/01/28/3 7 comments 29/1/2020 netsec

oss-security — LPE and RCE in OpenSMTPD (CVE-2020-7247) https://www.openwall.com/lists/oss-security/2020/01/28/3 3 comments 29/1/2020 bsd

oss-security - Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) https://www.openwall.com/lists/oss-security/2019/12/11/9 11 comments 11/12/2019 bsd

oss-security - Authentication vulnerabilities in OpenBSD https://www.openwall.com/lists/oss-security/2019/12/04/5 3 comments 4/12/2019 bsd

Clamav: Denial of service through "better zip bomb" https://www.openwall.com/lists/oss-security/2019/08/06/3 23 comments 6/8/2019 netsec

Microsoft's request to join the private Linux security developer list has been approved https://www.openwall.com/lists/oss-security/2019/07/06/3 15 comments 9/7/2019 microsoft

Microsoft developer Sasha Levin reveals Linux is now more used on Azure than Windows Server https://www.openwall.com/lists/oss-security/2019/06/27/7 53 comments 1/7/2019 linux

System Down: a systemd-journald exploit https://www.openwall.com/lists/oss-security/2019/01/09/3 22 comments 10/1/2019 netsec

CVE-2018-18284: Ghostscript sandbox escape (also Tavis Ormandy is officially done with Ghostscript) https://www.openwall.com/lists/oss-security/2018/10/16/2 3 comments 17/10/2018 netsec

Red Hat Sec to Linux Maintainers: "The responsibility that I have is to customers and not to kernel maintainers. The day that the kernel stops having these classes of flaws is the day that I won't have a job and you wont need to worry." https://www.openwall.com/lists/oss-security/2018/09/03/1 129 comments 14/9/2018 linux

"A a public RCE PoC has been avaliable for GhostScript for almost 2 years." http://www.openwall.com/lists/oss-security/2018/08/22/3 6 comments 22/8/2018 linux

Terminal Emulators Control Character Vulnerabilities http://www.openwall.com/lists/oss-security/2018/03/05/2 5 comments 5/3/2018 netsec

Linux kernel: multiple vulnerabilities in the USB subsystem http://www.openwall.com/lists/oss-security/2017/11/06/8 5 comments 8/11/2017 netsec

Emacs on alpine linux? http://www.openwall.com/lists/musl/2015/02/03/1 5 comments 25/5/2016 emacs

Technical Summary of Imagemagick Bug http://www.openwall.com/lists/oss-security/2016/05/03/18 21 comments 4/5/2016 netsec

OpenCart LFI mitigation bypass 0day http://www.openwall.com/lists/oss-security/2016/01/19/16 14 comments 20/1/2016 netsec

phpecc/phpecc - Timing side-channel in ECDSA signature verification http://www.openwall.com/lists/oss-security/2016/01/03/3 16 comments 4/1/2016 netsec

oss-security - CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege http://www.openwall.com/lists/oss-security/2015/09/22/7 8 comments 25/9/2015 netsec

s/party/hack like it's 1999 -- escape sequences security concerns http://openwall.com/lists/oss-security/2015/09/17/5 8 comments 20/9/2015 linux

Linux kernel privilege escalation due to nested NMIs interrupting espfix64 - affecting version 3.13 and newer http://www.openwall.com/lists/oss-security/2015/08/04/8 5 comments 4/8/2015 netsec

CVE-2015-3245 and CVE-2015-3245: local exploit that lets users change /etc/passwd http://www.openwall.com/lists/oss-security/2015/07/23/16 39 comments 23/7/2015 netsec

oss-security - Docker 1.6.1 - Security Advisory [150507] http://www.openwall.com/lists/oss-security/2015/05/07/10 10 comments 7/5/2015 netsec

Ubuntu local privilege escalation posted to oss-security (still unpatched; includes PoC) http://www.openwall.com/lists/oss-security/2015/04/22/12 37 comments 23/4/2015 netsec

ftp(1) can be made to execute arbitrary commands by a malicious webserver http://www.openwall.com/lists/oss-security/2014/10/28/4 39 comments 28/10/2014 netsec

CVE-2014-0476 chkrootkit (local root) vulnerability http://www.openwall.com/lists/oss-security/2014/06/04/9 21 comments 4/6/2014 netsec

yescrypt - password hashing scalable beyond bcrypt and scrypt (PHDays 2014) http://www.openwall.com/presentations/phdays2014-yescrypt/ 12 comments 24/5/2014 crypto

yescrypt - password hashing scalable beyond bcrypt and scrypt (PHDays 2014) http://www.openwall.com/presentations/phdays2014-yescrypt/ 40 comments 24/5/2014 netsec

[CVE-2014-0130] Rails Directory Traversal http://www.openwall.com/lists/oss-security/2014/05/06/12 13 comments 7/5/2014 netsec

Several vulnerabilities found in Linux kernel. "[One] could almost certainly be turned into full kernel execution" http://www.openwall.com/lists/oss-security/2013/08/28/13 32 comments 3/9/2013 linux

John the Ripper 1.8.0 released http://www.openwall.com/lists/announce/2013/05/30/1 15 comments 30/5/2013 netsec

New developments in password hashing: ROM-port-hard functions (building upon the ideas of scrypt and security through obesity) http://www.openwall.com/presentations/zeronights2012-new-in-password-hashing/ 8 comments 22/11/2012 netsec

Preliminary patch for OpenCL support in John The Ripper. http://www.openwall.com/lists/john-users/2010/12/31/1 3 comments 31/12/2010 netsec