Table of Contents

Report statistics for distros ML

These statistics are updated as of 2021-02-15 23:56 (UTC)

Statistics by month

Statistics are grouped by month of the issue being reported to the distros list.

DateAll2017-062017-072017-082017-092017-102017-112017-122018-012018-022018-032018-042018-052018-062018-072018-082018-092018-102018-112018-12
Number of reports162136967584610567134733
Average embargo time (first public)6.1010.844.696.395.834.106.705.997.282.996.527.407.305.135.384.365.538.625.066.76
Average embargo time (oss-security)6.3214.165.036.395.844.446.706.029.642.996.607.607.305.135.384.365.538.625.066.76
Median embargo time (first public)6.1810.843.077.026.684.747.106.185.452.786.006.138.824.645.063.014.028.215.356.26
Median embargo time (oss-security)6.2114.163.947.026.784.747.106.185.722.786.006.138.824.645.063.014.028.215.356.26
Date2019-012019-022019-032019-042019-052019-062019-072019-082019-092021-01
Number of reports8356566555
Average embargo time (first public)8.204.807.155.366.515.815.847.483.985.8
Average embargo time (oss-security)8.204.807.155.366.695.815.847.485.175.8
Median embargo time (first public)8.744.937.333.107.055.015.665.983.797
Median embargo time (oss-security)8.744.937.333.107.055.015.665.986.017

Data

If ND is specified the row is not included in calculation of statistical metrics.

ProjectSubjectReported (UTC)Public (UTC)oss-security postingTime of oss-security posting (UTC)CVE(s)Days embargoed (first public)Days embargoed (oss-security)
Spice[vs] spice2017-06-30 03:50:002017-07-11 00:00:00http://www.openwall.com/lists/oss-security/2017/07/14/12017-07-14 07:38:00CVE-2017-7506 10.8414.16
Jenkins[vs] CVE ID assignment request from the Jenkins project2017-07-07 13:13:002017-07-10 15:00:00http://www.openwall.com/lists/oss-security/2017/07/11/92017-07-11 11:52:00CVE-2017-1000084
CVE-2017-1000085
CVE-2017-1000086
CVE-2017-1000087
CVE-2017-1000088
CVE-2017-1000089
CVE-2017-1000090
CVE-2017-1000091
CVE-2017-1000092
CVE-2017-1000093
CVE-2017-1000094
CVE-2017-1000095
CVE-2017-1000096
3.073.94
Evince[vs] evince: Command injection vulnerability in CBT handler2017-07-10 13:57:002017-07-13 12:00:00http://www.openwall.com/lists/oss-security/2017/07/13/52017-07-13 15:43:00CVE-2017-10000832.923.07
Linux Kernel[vs-plain] linux kernel: CVE-2017-75332017-07-26 12:18:002017-08-03 14:00:00http://www.openwall.com/lists/oss-security/2017/08/03/22017-08-03 14:00:00CVE-2017-75338.078.07
Curl[vs-plain] curl: URL globbing out of bounds read (1/3)2017-08-01 10:02:002017-08-09 06:00:00http://www.openwall.com/lists/oss-security/2017/08/09/12017-08-09 06:00:00CVE-2017-10001017.837.83
Curl[vs-plain] curl: TFTP sends more than buffer size (2/3)2017-08-01 10:02:002017-08-09 06:00:00http://www.openwall.com/lists/oss-security/2017/08/09/22017-08-09 06:00:00CVE-2017-10001007.837.83
Curl[vs-plain] curl: FILE buffer read out of bounds2017-08-01 10:02:002017-08-09 06:00:00http://www.openwall.com/lists/oss-security/2017/08/09/32017-08-09 06:00:00CVE-2017-10000997.837.83
Linux Kernel[vs-plain] Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch2017-08-04 15:59:002017-08-10 20:55:00http://www.openwall.com/lists/oss-security/2017/08/10/52017-08-10 20:55:00CVE-2017-10001126.216.21
Linux Kernel[vs-plain] Linux kernel: heap out-of-bounds in AF_PACKET sockets2017-08-04 16:48:002017-08-10 13:25:00http://www.openwall.com/lists/oss-security/2017/08/10/72017-08-10 13:25:00CVE-2017-10001115.865.86
GNOME[vs] CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding2017-08-07 17:54:002017-08-10 12:41:00http://www.openwall.com/lists/oss-security/2017/08/10/12017-08-10 12:53:00CVE-2017-2885 2.782.79
file[vs] file: stack based buffer overflow2017-09-01 09:30:002017-09-05 16:24:00http://www.openwall.com/lists/oss-security/2017/09/05/32017-09-05 16:24:00CVE-2017-10002494.294.29
BlueZ[vs-plain] Info Leak vulnerability in BlueZ2017-09-05 20:29:002017-09-13 21:08:00http://www.openwall.com/lists/oss-security/2017/09/13/42017-09-13 21:08:00CVE-2017-1000250
CVE-2017-1000251
8.038.03
tcpdump[vs-plain] Re: tcpdump 4.9.2 and NixOS2017-09-06 13:08:002017-09-07 14:06:00http://www.openwall.com/lists/oss-security/2017/09/07/82017-09-07 14:06:00CVE-2017-11543
CVE-2017-13011
CVE-2017-12989
CVE-2017-12990
CVE-2017-12995
CVE-2017-12997
CVE-2017-11541
CVE-2017-11542
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12898
CVE-2017-12897
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-11542
CVE-2017-11541
CVE-2017-12994
CVE-2017-12996
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-11543
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
1.041.04
Linux Kernel[vs] KVM denial of service2017-09-08 11:21:002017-09-15 16:36:00http://www.openwall.com/lists/oss-security/2017/09/15/42017-09-15 16:36:00CVE-2017-10002527.227.22
apachevs] OPTIONSbleed bug in apache httpd2017-09-11 10:17:002017-09-18 13:18:00http://www.openwall.com/lists/oss-security/2017/09/18/22017-09-18 13:18:00CVE-2017-97987.137.13
Linux Kernel[vs] Qualys Security Advisory (CVE-2017-1000253)2017-09-20 09:28:002017-09-26 15:08:00http://www.openwall.com/lists/oss-security/2017/09/26/162017-09-26 15:08:00CVE-2017-10002536.246.24
Linux Kernel[vs-plain] Bluetooth RCE in Linux Kernel - follow up2017-09-24 19:20:002017-09-27 17:39:00http://www.openwall.com/lists/oss-security/2017/09/27/102017-09-27 17:39:00CVE-2017-10002512.932.93
Curl[vs-plain] curl: FTP PWD response parser out of bounds read2017-09-25 08:26:002017-10-04 06:06:00http://www.openwall.com/lists/oss-security/2017/10/04/12017-10-04 06:06:00CVE-2017-10002548.908.90
DNSMasq[vs] DNSMasq Security vulnerabilities, public release October 2nd2017-09-25 20:59:002017-10-02 13:22:00http://www.openwall.com/lists/oss-security/2017/10/02/52017-10-02 15:47:00CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
6.686.78
Linux Kernel[vs] CVE Request for powerpc kernel bug2017-10-03 00:49:002017-10-09http://www.openwall.com/lists/oss-security/2017/10/10/32017-10-10 04:00:00CVE-2017-10002555.977.13
Linux Kernel[vs-plain] CVE-2017-5123 Linux kernel waitid() not calling access_ok()2017-10-09 19:06:002017-10-12 19:16:00http://www.openwall.com/lists/oss-security/2017/10/12/182017-10-12 20:02:00CVE-2017-51233.013.04
wpa_supplicant[vs] VU#228519 and wpa_supplicant/hostapd2017-10-10 08:08:002017-10-16 09:08:00http://www.openwall.com/lists/oss-security/2017/10/16/22017-10-16 09:08:00CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
6.046.04
Curl[vs-plain] curl: IMAP FETCH response out of bounds read2017-10-17 11:54:002017-10-23 06:07:00http://www.openwall.com/lists/oss-security/2017/10/23/12017-10-23 06:07:00CVE-2017-10002575.765.76
Wget[vs] [FICORA #1010111] Vulnerability report2017-10-23 14:50:002017-10-27 08:21:00http://www.openwall.com/lists/oss-security/2017/10/27/12017-10-27 08:21:00CVE-2017-13089
CVE-2017-13090
3.733.73
PowerDNS[vs] PowerDNS prenotification2017-11-20 14:01:002017-11-27 16:32:00http://www.openwall.com/lists/oss-security/2017/11/27/12017-11-27 16:32:00CVE-2017-15090
CVE-2017-15091
CVE-2017-15092
CVE-2017-15093
CVE-2017-15094
7.107.10
Curl[vs-plain] curl: NTLM buffer overflow via integer overflow2017-11-21 08:15:002017-11-29 09:34:00http://www.openwall.com/lists/oss-security/2017/11/29/22017-11-29 09:34:00CVE-2017-8816 8.058.05
Curl[vs-plain] (2/2) curl: FTP wildcard out of bounds read2017-11-21 08:16:002017-11-29 09:34:00http://www.openwall.com/lists/oss-security/2017/11/29/32017-11-29 09:34:00CVE-2017-88178.058.05
Linux Kernel[vs-plain] Security Bug - transparent huge pages dirty bit2017-11-22 18:50:002017-11-30 00:32:00http://www.openwall.com/lists/oss-security/2017/11/30/12017-11-30 00:32:00CVE-2017-10004057.247.24
Curl[vs-plain] curl: SSL out of buffer access2017-11-24 09:19:002017-11-29 09:34:00http://www.openwall.com/lists/oss-security/2017/11/29/42017-11-29 09:34:00CVE-2017-88185.015.01
Linux Kernel[vs-plain] Info Leak in the Linux Kernel via Bluetooth2017-11-30 09:44:002017-12-06 16:23:00http://www.openwall.com/lists/oss-security/2017/12/06/32017-12-06 16:23:006.286.28
OpenStack[vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2017-17051)2017-11-30 12:35:002017-12-05 16:50:00http://www.openwall.com/lists/oss-security/2017/12/05/52017-12-05 16:50:00CVE-2017-170515.185.18
Linux Kernel[vs-plain] Security bug in DCCP socket2017-12-01 11:08:002017-12-04 20:27:00http://www.openwall.com/lists/oss-security/2017/12/05/12017-12-05 00:11:00CVE-2017-88243.393.54
PowerDNS[vs] PowerDNS prenotification2017-12-04 14:43:002017-12-11 12:34:31http://www.openwall.com/lists/oss-security/2017/12/11/12017-12-11 12:34:31CVE-2017-151206.916.91
glibc[vs] Qualys Security Advisory2017-12-05 14:59:002017-12-11 19:14:00http://www.openwall.com/lists/oss-security/2017/12/11/42017-12-11 19:14:00CVE-2017-1000408
CVE-2017-1000409
6.186.18
iscsi-initiator-utils[vs] Bug report2017-12-11 16:21:002017-12-13 19:21:00http://www.openwall.com/lists/oss-security/2017/12/13/22017-12-13 19:21:002.132.13
glibc[vs] GNU libc issue (–throw-keyids)2017-12-31 13:46:002018-01-11 21:34:44http://www.openwall.com/lists/oss-security/2018/01/11/52018-01-11 21:34:44CVE-2018-100000111.3311.33
dovecot[vs] CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted.2018-01-11 10:51:002018-01-25 09:35:00http://www.openwall.com/lists/oss-security/2018/01/25/42018-01-25 09:35:00CVE-2017-1513213.9513.95
Linux Kernel[vs-plain] sound driver Conditional competition2018-01-12 01:19:002018-01-16 14:21:19http://www.openwall.com/lists/oss-security/2018/01/16/12018-01-16 14:21:194.544.54
PowerDNS,knots[vs] bug in DNS resolvers - DNSSEC validation2018-01-15 15:29:002018-01-22 00:00:00http://www.openwall.com/lists/oss-security/2018/02/09/12018-02-09 00:43:00CVE-2018-1000002
CVE-2018-1000003
6.3524.38
BindPackager Notification for CVE-2017-3145 [vs]2018-01-15 20:58:002018-01-16 14:25:46http://www.openwall.com/lists/oss-security/2018/01/16/72018-01-16 14:25:46CVE-2017-31450.730.73
DHCP[vs-plain] CVE-2017-3144: ISC DHCP can leak socket descriptors2018-01-15 21:12:002018-01-16 15:38:00http://www.openwall.com/lists/oss-security/2018/01/16/62018-01-16 15:38:00CVE-2017-31440.770.77
curl[vs-plain] : curl: HTTP/2 trailer out-of-bounds read2018-01-17 09:36:002018-01-24 07:11:30http://www.openwall.com/lists/oss-security/2018/01/24/32018-01-24 07:11:30CVE-2018-10000056.906.90
InfoZip Unzip[vs] SEC Consult SA-201801DD-0 :: Multiple vulnerabilities in InfoZip UnZip2018-01-17 20:54:002018-02-07 11:45:00http://www.openwall.com/lists/oss-security/2018/02/08/12018-02-08 07:19:20CVE-2018-1000035
CVE-2018-1000031
CVE-2018-1000032
CVE-2018-1000033
CVE-2018-1000034
20.6221.43
curl[vs-plain] curl: HTTP authentication leak in redirects2018-01-19 22:06:002018-01-24 07:11:37http://www.openwall.com/lists/oss-security/2018/01/24/42018-01-24 07:11:37CVE-2018-10000074.384.38
quagga[vs] Quagga security issues2018-02-10 11:16:002018-02-15 23:07:00http://www.openwall.com/lists/oss-security/2018/02/15/42018-02-15 23:07:00CVE-2018-5378
CVE-2018-5379
CVE-2018-5380
CVE-2018-5381
5.495.49
dovecot[vs] Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS2018-02-26 12:03:002018-03-01 06:51:00http://www.openwall.com/lists/oss-security/2018/03/01/32018-03-01 06:51:00CVE-2017-151302.782.78
dovecot[vs] Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability2018-02-26 12:04:002018-03-01 06:51:00http://www.openwall.com/lists/oss-security/2018/03/01/22018-03-01 06:51:00CVE-2017-144612.782.78
DHCP,BindMultiple vulnerabilities in ISC products (ISC DHCP and BIND) will be disclosed 28 February 2018 [vs]2018-02-27 22:38:002018-02-28 20:29:55http://www.openwall.com/lists/oss-security/2018/02/28/12018-02-28 20:29:55CVE-2018-5734
CVE-2018-5732
CVE-2018-5733
0.910.91
389-ds[vs] Remote DoS flaw in 389-ds-base2018-03-02 10:48:002018-03-06 03:56:00http://www.openwall.com/lists/oss-security/2018/03/06/22018-03-06 03:56:00CVE-2018-10543.713.71
curl[vs-plain] : curl LDAP NULL pointer dereference2018-03-07 08:25:002018-03-14 06:55:00http://www.openwall.com/lists/oss-security/2018/03/14/22018-03-14 06:55:00CVE-2018-10001216.946.94
curlRe: [vs-plain] curl: FTP path trickery leads to NIL byte out of bounds write2018-03-07 22:06:002018-03-14 06:55:00http://www.openwall.com/lists/oss-security/2018/03/14/12018-03-14 06:55:00CVE-2018-10001206.376.37
curl[vs-plain] curl: RTSP RTP buffer over-read2018-03-08 15:57:002018-03-14 06:55:00http://www.openwall.com/lists/oss-security/2018/03/14/32018-03-14 06:55:00CVE-2018-10001225.625.62
Linux Kernel[vs-plain] CVE-2018-1068: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets2018-03-13 12:38:002018-03-16 09:30:50http://www.openwall.com/lists/oss-security/2018/03/16/12018-03-16 09:30:50CVE-2018-10682.872.87
pcs[vs-plain] pcs: EMBARGOED CVE-2018-1079 and CVE-2018-10862018-03-26 09:12:002018-04-09 00:00:00http://www.openwall.com/lists/oss-security/2018/04/09/22018-04-09 11:28:00CVE-2018-1079
CVE-2018-1086
13.6214.09
nghttp2[vs-plain] nghttp2 vulnerability2018-04-08 14:14:002018-04-12 15:20:00http://www.openwall.com/lists/oss-security/2018/04/12/42018-04-12 15:20:00CVE-2018-10001684.054.05
PackageKit[vs] Multiple local root vulnerabilities involving PackageKit2018-04-09 14:06:002018-04-23 14:44:00http://www.openwall.com/lists/oss-security/2018/04/23/32018-04-23 14:44:00CVE-2018-110614.0314.03
gluster[vs] gluster : privilege escalation on gluster server nodes2018-04-10 13:23:002018-04-18 12:24:00http://www.openwall.com/lists/oss-security/2018/04/18/12018-04-18 12:24:00CVE-2018-10887.967.96
OpenSSL[vs-plain] OpenSSL: RSA key generation follows several non constant time code paths2018-04-11 08:03:002018-04-16 16:46:00http://www.openwall.com/lists/oss-security/2018/04/16/32018-04-16 16:46:005.365.36
Linux Kernel[vs-plain] [CVE request] Linux ptrace() bug leading to DoS or possibly corruption2018-04-17 14:25:002018-05-01 15:35:00http://www.openwall.com/lists/oss-security/2018/05/01/32018-05-01 15:35:00CVE-2018-100019914.0514.05
Linux Kernel[vs-plain] NULL pointer dereference on oom kill of large mlocked process2018-04-18 01:09:002018-04-24 22:48:00http://www.openwall.com/lists/oss-security/2018/04/24/32018-04-24 22:48:00CVE-2018-10002006.906.90
Ghostscript[vs-plain] CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow2018-04-18 14:26:002018-04-19 22:22:00http://www.openwall.com/lists/oss-security/2018/04/19/52018-04-19 22:22:00CVE-2018-101941.331.33
Knot Resolver[vs] Knot Resolver 2.3.0 security release2018-04-19 18:55:002018-04-23 12:30:00http://www.openwall.com/lists/oss-security/2018/04/23/22018-04-23 12:30:00CVE-2018-11103.733.73
quassecore[vs-plain] quassecore RCE and DDOS2018-04-22 15:04:002018-04-24 21:28:00http://www.openwall.com/lists/oss-security/2018/04/27/12018-04-26 22:39:422.274.32
Linux Kernel[vs-plain] [VS] Linux kernel: memory corruption during exception handling leading to DoS2018-04-24 10:19:002018-05-08 17:35:00http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.openwall.com/lists/oss-security/2018/05/08/42018-05-08 17:35:00CVE-2018-8897
CVE-2018-1087
14.3014.30
procps-ng[vs] Qualys Security Advisory2018-05-05 01:10:002018-05-17 17:17:00http://www.openwall.com/lists/oss-security/2018/05/17/12018-05-17 17:17:00CVE-2018-1120
CVE-2018-1121
CVE-2018-1122
CVE-2018-1123
CVE-2018-1124
CVE-2018-1125
CVE-2018-1126
12.6712.67
curl[vs-plain] curl (1/2): FTP shutdown response buffer overflow2018-05-07 10:46:002018-05-16 06:25:00http://www.openwall.com/lists/oss-security/2018/05/16/12018-05-16 06:25:00CVE-2018-10003008.828.82
curl[vs-plain] curl (2/2): RTSP bad headers buffer over-read2018-05-07 10:46:002018-05-16 06:25:00http://www.openwall.com/lists/oss-security/2018/05/16/22018-05-16 06:25:00CVE-2018-10003018.828.82
Bind[vs-plain] Multiple BIND CVEs for disclosure on 16 May 20182018-05-15 22:25:002018-05-18 22:08:27http://www.openwall.com/lists/oss-security/2018/05/18/22018-05-18 22:08:27CVE-2018-5736
CVE-2018-5737
2.992.99
Prosody[vs] prosody: insufficient stream header validation2018-05-28 13:44:002018-05-31 18:31:02http://www.openwall.com/lists/oss-security/2018/05/31/22018-05-31 18:31:02CVE-2018-108473.203.20
pppd[vs] Buffer Overflow in pppd EAP-TLS implementation2018-06-06 15:10:002018-06-11 18:57:00http://www.openwall.com/lists/oss-security/2018/06/11/12018-06-11 18:57:00CVE-2018-115745.165.16
Linux Kernel[vs-plain] Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl.2018-06-08 10:21:002018-06-08 19:38:27http://www.openwall.com/lists/oss-security/2018/06/08/12018-06-08 19:38:27CVE-2018-10002040.390.39
Bind[vs] BIND vulnerability CVE-2018-5738 will be announce 12 June 20182018-06-08 21:22:002018-06-13 00:07:00http://www.openwall.com/lists/oss-security/2018/06/13/12018-06-13 00:07:00CVE-2018-57384.114.11
gluster[vs] gluster : privilege escalation on gluster server nodes when TLS is enabled2018-06-12 13:34:002018-06-20 19:58:00http://www.openwall.com/lists/oss-security/2018/06/20/12018-06-20 19:58:00CVE-2018-108418.278.27
Intel CPU[vs-plain] CVE-2018-36652018-06-13 17:48:002018-06-15 14:55:00http://www.openwall.com/lists/oss-security/2018/06/15/52018-06-15 14:55:00CVE-2018-36651.881.88
Git-annex[vs] git-annex vulnerability2018-06-15 16:10:002018-06-26 16:02:00http://www.openwall.com/lists/oss-security/2018/06/26/42018-06-26 16:02:00CVE-2018-10857
CVE-2018-10859
10.9910.99
curl[vs-plain] curl: SMTP send heap buffer overflow2018-07-01 12:37:002018-07-11 06:06:00https://www.openwall.com/lists/oss-security/2018/07/11/12018-07-11 06:06:00CVE-2018-05009.739.73
qutebrowser[vs] qutebrowser: Remote code execution2018-07-09 22:21:002018-07-11 15:34:31https://www.openwall.com/lists/oss-security/2018/07/11/72018-07-11 15:34:31CVE-2018-108951.721.72
kea[vs] Kea DHCP vulnerability CVE-2018-5739 will be announce 11 July 20182018-07-11 01:36:002018-07-11 23:00:00https://www.openwall.com/lists/oss-security/2018/07/11/82018-07-11 23:00:00CVE-2018-57390.890.89
Network Manager VPNC[vs-plain] CVE-2018-10900 NetworkManager-vpnc local authenticated root2018-07-17 06:58:002018-07-20 11:38:00https://www.openwall.com/lists/oss-security/2018/07/20/32018-07-20 11:38:00CVE-2018-109003.193.19
fuse[vs] FUSE user_allow_other restriction may be bypassed2018-07-18 19:27:002018-07-24 00:11:27https://www.openwall.com/lists/oss-security/2018/07/24/12018-07-24 00:11:27CVE-2018-109065.205.20
OpenStack[vs-plain] [pre-OSSA] Vulnerability in OpenStack Keystone (CVE-2018-14432)2018-07-20 16:32:002018-07-25 18:00:39https://www.openwall.com/lists/oss-security/2018/07/25/22018-07-25 18:00:39CVE-2018-144325.065.06
Linux Kernel[vs-plain] Remote Linux kernel DoS (fixed in stable)2018-07-27 18:51:002018-08-08 15:44:00https://www.openwall.com/lists/oss-security/2018/08/08/52018-08-08 15:44:00CVE 2018-539011.8711.87
Knot Resolver[vs] Knot Resolver 2.4.1 security release + CVE request2018-08-01 14:47:002018-08-09 06:06:00https://www.openwall.com/lists/oss-security/2018/08/09/22018-08-09 06:06:00CVE-2018-109207.647.64
Linux Kernel[vs-plain] CVE-2017-18344: Linux kernel: meltdown-like vulnerability in the timer subsystem2018-08-02 13:01:002018-08-02 18:57:00http://www.openwall.com/lists/oss-security/2018/08/02/32018-08-02 18:57:00CVE-2017-183440.250.25
brtfs[vs-plain] btrfsmaintenance: CVE-2018-147222018-08-07 11:25:002018-08-14 15:57:00https://www.openwall.com/lists/oss-security/2018/08/14/72018-08-14 15:57:00CVE-2018-147227.197.19
Bind[vs] BIND vulnerability CVE-2018-5740 will be announced 08 August 20182018-08-07 21:44:002018-08-09 06:45:00https://www.openwall.com/lists/oss-security/2018/08/09/12018-08-09 06:45:00CVE-2018-57401.381.38
cobbler[vs] CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC2018-08-08 18:06:002018-08-09 15:42:00https://www.openwall.com/lists/oss-security/2018/08/09/92018-08-09 15:42:00CVE-2018-109310.900.90
Spice[vs] spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling2018-08-10 03:16:002018-08-16 23:51:00http://www.openwall.com/lists/oss-security/2018/08/17/12018-08-17 00:51:00CVE-2018-108736.866.90
OpenSSH[vs-plain] OpenSSH Username Enumeration2018-08-15 14:48:002018-08-15 16:05:00https://www.openwall.com/lists/oss-security/2018/08/15/52018-08-15 16:05:000.050.05
Linux Kernel[vs-plain] CVE-2018-10902 - double free in midi subsystem.2018-08-20 09:07:002018-08-21 12:29:00https://www.openwall.com/lists/oss-security/2018/08/21/12018-08-21 12:29:00CVE-2018-109021.141.14
Ghostscript[vs-plain] More Ghostscript Issues2018-08-21 00:56:002018-08-21 12:46:00http://www.openwall.com/lists/oss-security/2018/08/21/22018-08-21 12:46:000.490.49
gluster[vs] glusterfs : various flaws2018-08-22 14:45:002018-09-04 08:31:00https://www.openwall.com/lists/oss-security/2018/09/04/12018-09-04 08:31:00CVE-2018-10904
CVE-2018-10907
CVE-2018-10911
CVE-2018-10913
CVE-2018-10914
CVE-2018-10923
CVE-2018-10924
CVE-2018-10926
CVE-2018-10927
CVE-2018-10928
CVE-2018-10929
CVE-2018-10930
12.7412.74
OpenSSH[vs-plain] Another OpenSSH Username Enumeration2018-08-24 16:10:002018-08-27 16:27:00http://www.openwall.com/lists/oss-security/2018/08/27/22018-08-27 16:27:00CVE-2018-159193.013.01
curl[vs-plain] curl: NTLM password overflow via integer overflow2018-08-27 05:55:002018-09-05 05:55:00https://www.openwall.com/lists/oss-security/2018/09/05/12018-09-05 05:55:00CVE-2018-146189.009.00
Linux Kernel[vs] CVE-2018-6554 and CVE-2018-65552018-08-29 16:58:002018-09-04 16:47:00https://www.openwall.com/lists/oss-security/2018/09/04/22018-09-04 16:47:00CVE-2018-6554
CVE-2018-6555
5.995.99
Linux Kernel[vs] CVE-2018-14633: security flaw in iscsi target code2018-09-10 09:25:002018-09-24 10:03:00https://www.openwall.com/lists/oss-security/2018/09/24/22018-09-24 10:03:00CVE-2018-1463314.0314.03
Linux Kernel[vs] CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()2018-09-17 10:21:002018-09-18 10:02:00https://www.openwall.com/lists/oss-security/2018/09/18/12018-09-18 10:02:00CVE-2018-146410.990.99
Linux Kernel[vs-plain] potential local priviledge escalation bug in vmacache code2018-09-18 13:29:002018-09-18 14:54:00https://www.openwall.com/lists/oss-security/2018/09/18/42018-09-18 14:54:000.060.06
Linux Kernel[vs-plain] Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)2018-09-18 15:58:002018-09-25 17:07:00https://www.openwall.com/lists/oss-security/2018/09/25/42018-09-25 17:07:00CVE-2018-146347.057.05
libssh[vs] libssh security issue CVE-2018-109332018-10-08 08:41:002018-10-16 12:21:00https://www.openwall.com/lists/oss-security/2018/10/16/12018-10-16 12:21:00CVE-2018-109338.158.15
glib[vs] GLib variant binary form and D-Bus message parsing problems2018-10-11 02:09:002018-10-23 03:46:00https://www.openwall.com/lists/oss-security/2018/10/23/52018-10-23 03:46:0012.0712.07
Linux Kernel[vs-plain] 4.19.0-rc3 global-out-of-bounds read in btusb_work2018-10-16 11:51:002018-10-31 14:11:00https://www.openwall.com/lists/oss-security/2018/10/31/62018-10-31 14:11:0015.1015.10
gcc[vs-plain] GCC Compiler Induced Vulnerability2018-10-21 02:34:002018-10-22 15:07:00https://www.openwall.com/lists/oss-security/2018/10/22/32018-10-22 15:07:001.521.52
curl[vs-plain] curl - two pending security advisories2018-10-22 08:26:002018-10-31 06:55:00https://www.openwall.com/lists/oss-security/2018/10/31/12018-10-31 06:55:00CVE-2018-16839
CVE-2018-16840
8.948.94
glusterfs[vs] glusterfs: multiple flaws2018-10-23 07:48:002018-10-31 12:50:00https://www.openwall.com/lists/oss-security/2018/10/31/52018-10-31 12:50:00CVE-2018-14651
CVE-2018-14652
CVE-2018-14653
CVE-2018-14654
CVE-2018-14659
CVE-2018-14660
CVE-2018-14661
8.218.21
Intel CPU[vs-plain] new side-channel vulnerability on SMT/Hyper-Threading architectures2018-10-26 12:59:002018-11-01 22:12:00https://www.openwall.com/lists/oss-security/2018/11/01/42018-11-01 22:12:00CVE-2018-54076.386.38
PowerDNS[vs] PowerDNS prenotification2018-11-01 14:10:002018-11-06 22:28:00https://www.openwall.com/lists/oss-security/2018/11/06/82018-11-06 22:28:00CVE-2018-10851
CVE-2018-14626
CVE-2018-14644
5.355.35
PowerDNS[vs] PowerDNS prenotification2018-11-18 00:00:002018-11-26 16:14:00https://www.openwall.com/lists/oss-security/2018/11/26/22018-11-26 16:14:00CVE-2019-38068.688.68
Linux Kernel[vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided)2018-11-22 13:45:002018-11-23 17:22:00https://www.openwall.com/lists/oss-security/2018/11/23/62018-11-23 17:22:001.151.15
Linux Kernel[vs-plain] UAF write in usb_audio_probe2018-12-03 14:45:002018-12-03 16:45:00https://www.openwall.com/lists/oss-security/2018/12/03/12018-12-03 16:45:00CVE-2018-198240.080.08
Go[vs-plain] Go security release next week, requesting 3 CVE IDs2018-12-08 11:56:002018-12-14 18:06:00https://www.openwall.com/lists/oss-security/2018/12/14/92018-12-14 18:06:00CVE-2018-16873
CVE-2018-16874
CVE-2018-16875
6.266.26
Systemd[vs] Qualys Security Advisory2018-12-26 20:40:002019-01-09 19:02:00https://www.openwall.com/lists/oss-security/2019/01/09/32019-01-09 19:02:00CVE-2018-16864
CVE-2018-16865
CVE-2018-16866
13.9313.93
Linux Kernel[vs-plain] two information leak vulnerabilities in kernel bluetooth stack2019-01-01 09:27:002019-01-11 14:06:00https://www.openwall.com/lists/oss-security/2019/01/11/22019-01-11 14:06:00CVE-2019-3459
CVE-2019-3460
10.1910.19
PowerDNS[vs] PowerDNS prenotification2019-01-14 15:21:002019-01-21 14:23:00https://www.openwall.com/lists/oss-security/2019/01/21/72019-01-21 14:23:00CVE-2019-38066.966.96
Spice[vs] CVE-2019-3813: spice2019-01-21 20:50:002019-01-28 19:53:00https://www.openwall.com/lists/oss-security/2019/01/28/22019-01-28 19:53:00CVE-2019-38136.966.96
Linux Kernel[vs] CVE-2018-16880 Linux kernel: oob-write in drivers/vhost/net.c:get_rx_bufs()2019-01-22 12:33:002019-01-25 15:46:00https://www.openwall.com/lists/oss-security/2019/01/25/12019-01-25 15:46:00CVE-2018-168803.133.13
dovecot[vs] Important vulnerability in Dovecot (CVE-2019-3814)2019-01-24 10:51:002019-02-05 13:02:00https://www.openwall.com/lists/oss-security/2019/02/05/12019-02-05 13:02:00CVE-2019-381412.0912.09
curl[vs-plain] curl: NTLM type-2 out-of-bounds buffer read (1/3)2019-01-28 13:24:002019-02-06 07:12:00https://www.openwall.com/lists/oss-security/2019/02/06/12019-02-06 07:12:00CVE-2018-168908.748.74
curl[vs-plain] curl: NTLMv2 type-3 header stack buffer overflow (2/3)2019-01-28 13:24:002019-02-06 07:12:00https://www.openwall.com/lists/oss-security/2019/02/06/22019-02-06 07:12:00CVE-2019-38228.748.74
curl[vs-plain] curl: SMTP end-of-response out-of-bounds read (3/3)2019-01-28 13:24:002019-02-06 07:12:00https://www.openwall.com/lists/oss-security/2019/02/06/32019-02-06 07:12:00CVE-2019-38238.748.74
runc[EMBARGOED][vs] CVE-2019-5736: runc container breakout notification2019-02-04 03:25:002019-02-11 13:05:00https://www.openwall.com/lists/oss-security/2019/02/11/22019-02-11 13:05:00CVE-2019-57367.407.40
Systemd[vs] systemd (PID1) crash with specially crafted D-Bus message2019-02-13 18:32:002019-02-18 16:48:00https://www.openwall.com/lists/oss-security/2019/02/18/32019-02-18 16:48:00CVE-2019-64544.934.93
Bind[vs] Three BIND vulnerabilities (CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465) will be announced 21 February 20192019-02-20 01:03:002019-02-22 02:59:00https://www.openwall.com/lists/oss-security/2019/02/22/12019-02-22 02:59:00CVE-2018-5744
CVE-2018-5745
CVE-2019-6465
2.082.08
Linux Kernel[vs-plain] Stack/Heap Clashing on Linux >=4.13 when loader directly invoked2019-03-05 17:35:002019-03-13 01:30:06https://www.openwall.com/lists/oss-security/2019/03/13/12019-03-13 01:30:067.337.33
libssh[vs-plain] libssh2: *nine* security fixes coming (take 2)2019-03-08 06:01:002019-03-18 21:42:00https://www.openwall.com/lists/oss-security/2019/03/18/32019-03-18 21:42:00CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
10.6510.65
libseccomp[vs] linux-distros disclosure2019-03-11 21:12:002019-03-14 23:48:22https://www.openwall.com/lists/oss-security/2019/03/15/12019-03-14 23:48:223.113.11
Ghostscript[vs] ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-38382019-03-13 20:32:002019-03-21 15:31:00https://www.openwall.com/lists/oss-security/2019/03/21/12019-03-21 15:31:00CVE-2019-3835
CVE-2019-3838
7.797.79
dovecot[vs] Important vulnerability in Dovecot (CVE-2019-7524)2019-03-21 15:29:002019-03-28 11:42:00https://www.openwall.com/lists/oss-security/2019/03/28/12019-03-28 11:42:00CVE-2019-75246.846.84
apacheRe: [vs-plain] Apache HTTP Server 2.4.39 is important upgrade for distros due to CVE-2019-02112019-04-02 07:11:002019-04-02 01:31:00https://www.openwall.com/lists/oss-security/2019/04/02/32019-04-02 01:31:00CVE-2019-0211NDND
pacemaker[vs-plain] pacemaker2019-04-03 05:01:002019-04-17 09:40:00https://www.openwall.com/lists/oss-security/2019/04/17/12019-04-17 09:40:00CVE-2019-388514.1914.19
wpa_supplicant[vs] VU#871675 and wpa_supplicant/hostapd2019-04-03 16:04:002019-04-10 15:13:00https://www.openwall.com/lists/oss-security/2019/04/10/22019-04-10 15:13:00CVE-2019-94946.966.96
dovecot[vs] Important security bug in Dovecot2019-04-15 06:38:002019-04-18 09:05:00https://www.openwall.com/lists/oss-security/2019/04/18/32019-04-18 09:05:00CVE-2019-106913.103.10
Bind[vs-plain] Three BIND vulnerabilities (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) will be announced 24 April 20192019-04-24 01:32:002019-04-25 06:55:00https://www.openwall.com/lists/oss-security/2019/04/25/12019-04-25 06:55:00CVE-2018-5743
CVE-2018-6467
CVE-2019-6468
1.221.22
dovecot[vs] Important security bugs in Dovecot2019-04-29 06:11:002019-04-30 13:35:00https://www.openwall.com/lists/oss-security/2019/04/30/62019-04-30 13:35:00CVE-2019-11494
CVE-2019-11499
1.311.31
curl[vs-plain] curl: Integer overflows in curl_url_set (1/2)2019-05-15 06:07:002019-05-22 07:24:00https://www.openwall.com/lists/oss-security/2019/05/22/22019-05-22 07:24:00CVE-2019-54357.057.05
curl[vs-plain] curl: TFTP receive buffer overflow (2/2)2019-05-15 06:07:002019-05-22 07:24:00https://www.openwall.com/lists/oss-security/2019/05/22/32019-05-22 07:24:00CVE-2019-54367.057.05
marwell wifi driver[vs-plain] Bug report and CVE request : Heap Overflow in mwifiex_update_bss_desc_with_ie function of Marvell Wifi Driver in Linux kernel2019-05-21 08:39:002019-05-29 12:52:18https://www.openwall.com/lists/oss-security/2019/05/30/22019-05-30 10:58:59CVE-2019-38468.189.10
Exim[vs-plain] Qualys Security Advisory2019-05-28 10:20:002019-06-05 17:28:00https://www.openwall.com/lists/oss-security/2019/06/04/12019-06-05 17:28:00CVE-2019-101498.308.30
marwell wifi driver[vs-plain] CVE request : Heap Overflow in mwifiex_uap_parse_tail_ies function of Marvell Wifi Driver in Linux kernel2019-05-30 11:23:002019-06-01 10:07:00https://www.openwall.com/lists/oss-security/2019/06/01/12019-06-01 10:07:00CVE-2019-101261.951.95
Mozilla Thunderbird[vs] Thunderbird Vulnerabilities2019-06-06 17:11:002019-06-13 20:27:00https://www.openwall.com/lists/oss-security/2019/06/13/1 https://www.openwall.com/lists/oss-security/2019/06/13/2 https://www.openwall.com/lists/oss-security/2019/06/13/3 https://www.openwall.com/lists/oss-security/2019/06/13/42019-06-13 20:27:00CVE-2019-11703
CVE-2019-11704
CVE-2019-11705
CVE-2019-11706
7.147.14
Kernel Networking Stack (Multiple Kernels)[vs] Kernel: Multiple remote denial of service issues2019-06-07 01:06:002019-06-17 17:33:00https://www.openwall.com/lists/oss-security/2019/06/17/52019-06-17 17:33:00CVE-2019-11477
CVE-2019-11478
CVE-2019-11479
10.6910.69
dbus[vs] CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass2019-06-09 13:37:002019-06-11 15:09:00https://www.openwall.com/lists/oss-security/2019/06/11/22019-06-11 15:09:00CVE-2019-127492.062.06
Linux Kernel[vs-plain] Linux kernel for powerpc mm bug2019-06-13 16:41:002019-06-24 14:44:00https://www.openwall.com/lists/oss-security/2019/06/24/52019-06-24 14:44:00CVE-2019-1281710.9210.92
PowerDNS[vs] PowerDNS prenotification2019-06-18 14:08:002019-06-21 11:19:00https://www.openwall.com/lists/oss-security/2019/06/21/52019-06-21 11:19:00CVE-2019-10162
CVE-2019-10163
2.882.88
Bind[vs-plain] BIND vulnerability CVE-2019-6471 will be announced tomorrow (Wednesday, 19 June 2019)2019-06-18 21:05:002019-06-20 01:13:00https://www.openwall.com/lists/oss-security/2019/06/20/12019-06-20 01:13:00CVE-2019-64711.171.17
zeromq[vs] CVE-2019-13132 in zeromq2019-07-04 09:11:002019-07-08 16:23:00https://www.openwall.com/lists/oss-security/2019/07/08/62019-07-08 16:23:00CVE-2019-13132 4.304.30
Knot Resolver[vs] Knot Resolver 4.1.0 security release + CVE request (#1)2019-07-04 16:31:002019-07-14 07:27:00https://www.openwall.com/lists/oss-security/2019/07/14/12019-07-14 07:27:00CVE-2019-101909.629.62
Exim[vs] Exim CVE-2019-13917 OVE-20190718-00062019-07-18 20:19:002019-07-22 10:00:00https://www.openwall.com/lists/oss-security/2019/07/22/32019-07-22 10:00:00CVE-2019-139173.573.57
PowerDNS[vs] PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records (CVE-2019-10203)2019-07-25 09:01:002019-07-30 11:37:00https://www.openwall.com/lists/oss-security/2019/07/30/22019-07-30 11:37:00CVE-2019-102035.115.11
icedtea[vs] icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-101852019-07-25 09:23:002019-07-31 15:26:00https://www.openwall.com/lists/oss-security/2019/07/31/22019-07-31 15:26:00CVE-2019-10181
CVE-2019-10182
CVE-2019-10185
6.256.25
OpenStack[vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2019-14433)2019-07-31 14:42:002019-08-06 19:44:00https://www.openwall.com/lists/oss-security/2019/08/06/62019-08-06 19:44:00CVE-2019-144336.216.21
Ghostscript[vs] ghostscript CVE-2019-10216: -dSAFER escape via .buildfont12019-08-07 06:57:002019-08-12 13:25:00https://www.openwall.com/lists/oss-security/2019/08/12/42019-08-12 13:25:00CVE-2019-102165.275.27
dovecot[vs] Important vulnerability in Dovecot (CVE-2019-11500)2019-08-14 07:00:002019-08-28 12:06:00https://www.openwall.com/lists/oss-security/2019/08/28/32019-08-28 12:06:00CVE-2019-1150014.2114.21
Linux Kernel[vs-plain] [PATCH] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings2019-08-21 02:05:002019-08-28 05:50:00https://www.openwall.com/lists/oss-security/2019/08/28/12019-08-28 05:50:00CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
7.167.16
Ghostscript[vs] ghostscript: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and CVE-2019-14817 (.forceput exposed)2019-08-22 12:59:002019-08-28 12:29:00https://www.openwall.com/lists/oss-security/2019/08/28/22019-08-28 12:29:00CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817
5.985.98
Systemd[vs] Missing access controls on systemd-resolved's D-Bus interface2019-08-29 23:35:002019-09-03 18:04:00https://www.openwall.com/lists/oss-security/2019/09/03/12019-09-03 18:35:00CVE-2019-157184.774.79
Exim[vs] CVE-2019-15846: Exim Buffer overflow2019-09-03 11:09:002019-09-06 06:00:00https://www.openwall.com/lists/oss-security/2019/09/06/12019-09-06 06:00:00CVE-2019-158462.792.79
curl[vs-plain] : curl: FTP-KRB double-free (1/2)2019-09-05 05:48:002019-09-11 06:01:00https://www.openwall.com/lists/oss-security/2019/09/11/52019-09-11 06:01:00CVE-2019-54816.016.01
curl[vs-plain] : curl: TFTP small blocksize heap buffer overflow (2/2)2019-09-05 05:48:002019-09-11 06:01:00https://www.openwall.com/lists/oss-security/2019/09/11/62019-09-11 06:01:00CVE-2019-54826.016.01
ibus[vs] ibus flaw2019-09-09 12:24:002019-09-13 07:18:00https://www.openwall.com/lists/oss-security/2019/09/13/12019-09-13 07:18:00CVE-2019-148223.793.79
qemu[vs-plain] QEMU-KVM Guest to Host Kernel Escape 0 day Vulnerability: vhost/vhost_net kernel buffer overflow2019-09-10 02:05:002019-09-11 09:44:00https://www.openwall.com/lists/oss-security/2019/09/17/12019-09-17 08:19:00CVE-2019-148351.327.26