These statistics are updated as of 2021-02-15 23:56 (UTC)
Statistics are grouped by month of the issue being reported to the distros list.
| Date | All | 2017-06 | 2017-07 | 2017-08 | 2017-09 | 2017-10 | 2017-11 | 2017-12 | 2018-01 | 2018-02 | 2018-03 | 2018-04 | 2018-05 | 2018-06 | 2018-07 | 2018-08 | 2018-09 | 2018-10 | 2018-11 | 2018-12 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Number of reports | 162 | 1 | 3 | 6 | 9 | 6 | 7 | 5 | 8 | 4 | 6 | 10 | 5 | 6 | 7 | 13 | 4 | 7 | 3 | 3 |
| Average embargo time (first public) | 6.10 | 10.84 | 4.69 | 6.39 | 5.83 | 4.10 | 6.70 | 5.99 | 7.28 | 2.99 | 6.52 | 7.40 | 7.30 | 5.13 | 5.38 | 4.36 | 5.53 | 8.62 | 5.06 | 6.76 |
| Average embargo time (oss-security) | 6.32 | 14.16 | 5.03 | 6.39 | 5.84 | 4.44 | 6.70 | 6.02 | 9.64 | 2.99 | 6.60 | 7.60 | 7.30 | 5.13 | 5.38 | 4.36 | 5.53 | 8.62 | 5.06 | 6.76 |
| Median embargo time (first public) | 6.18 | 10.84 | 3.07 | 7.02 | 6.68 | 4.74 | 7.10 | 6.18 | 5.45 | 2.78 | 6.00 | 6.13 | 8.82 | 4.64 | 5.06 | 3.01 | 4.02 | 8.21 | 5.35 | 6.26 |
| Median embargo time (oss-security) | 6.21 | 14.16 | 3.94 | 7.02 | 6.78 | 4.74 | 7.10 | 6.18 | 5.72 | 2.78 | 6.00 | 6.13 | 8.82 | 4.64 | 5.06 | 3.01 | 4.02 | 8.21 | 5.35 | 6.26 |
| Date | 2019-01 | 2019-02 | 2019-03 | 2019-04 | 2019-05 | 2019-06 | 2019-07 | 2019-08 | 2019-09 | 2021-01 | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Number of reports | 8 | 3 | 5 | 6 | 5 | 6 | 6 | 5 | 5 | 5 | ||||||||||
| Average embargo time (first public) | 8.20 | 4.80 | 7.15 | 5.36 | 6.51 | 5.81 | 5.84 | 7.48 | 3.98 | 5.8 | ||||||||||
| Average embargo time (oss-security) | 8.20 | 4.80 | 7.15 | 5.36 | 6.69 | 5.81 | 5.84 | 7.48 | 5.17 | 5.8 | ||||||||||
| Median embargo time (first public) | 8.74 | 4.93 | 7.33 | 3.10 | 7.05 | 5.01 | 5.66 | 5.98 | 3.79 | 7 | ||||||||||
| Median embargo time (oss-security) | 8.74 | 4.93 | 7.33 | 3.10 | 7.05 | 5.01 | 5.66 | 5.98 | 6.01 | 7 | ||||||||||
If ND is specified the row is not included in calculation of statistical metrics.
| Project | Subject | Reported (UTC) | Public (UTC) | oss-security posting | Time of oss-security posting (UTC) | CVE(s) | Days embargoed (first public) | Days embargoed (oss-security) |
|---|---|---|---|---|---|---|---|---|
| Spice | [vs] spice | 2017-06-30 03:50:00 | 2017-07-11 00:00:00 | http://www.openwall.com/lists/oss-security/2017/07/14/1 | 2017-07-14 07:38:00 | CVE-2017-7506 | 10.84 | 14.16 |
| Jenkins | [vs] CVE ID assignment request from the Jenkins project | 2017-07-07 13:13:00 | 2017-07-10 15:00:00 | http://www.openwall.com/lists/oss-security/2017/07/11/9 | 2017-07-11 11:52:00 | CVE-2017-1000084 CVE-2017-1000085 CVE-2017-1000086 CVE-2017-1000087 CVE-2017-1000088 CVE-2017-1000089 CVE-2017-1000090 CVE-2017-1000091 CVE-2017-1000092 CVE-2017-1000093 CVE-2017-1000094 CVE-2017-1000095 CVE-2017-1000096 | 3.07 | 3.94 |
| Evince | [vs] evince: Command injection vulnerability in CBT handler | 2017-07-10 13:57:00 | 2017-07-13 12:00:00 | http://www.openwall.com/lists/oss-security/2017/07/13/5 | 2017-07-13 15:43:00 | CVE-2017-1000083 | 2.92 | 3.07 |
| Linux Kernel | [vs-plain] linux kernel: CVE-2017-7533 | 2017-07-26 12:18:00 | 2017-08-03 14:00:00 | http://www.openwall.com/lists/oss-security/2017/08/03/2 | 2017-08-03 14:00:00 | CVE-2017-7533 | 8.07 | 8.07 |
| Curl | [vs-plain] curl: URL globbing out of bounds read (1/3) | 2017-08-01 10:02:00 | 2017-08-09 06:00:00 | http://www.openwall.com/lists/oss-security/2017/08/09/1 | 2017-08-09 06:00:00 | CVE-2017-1000101 | 7.83 | 7.83 |
| Curl | [vs-plain] curl: TFTP sends more than buffer size (2/3) | 2017-08-01 10:02:00 | 2017-08-09 06:00:00 | http://www.openwall.com/lists/oss-security/2017/08/09/2 | 2017-08-09 06:00:00 | CVE-2017-1000100 | 7.83 | 7.83 |
| Curl | [vs-plain] curl: FILE buffer read out of bounds | 2017-08-01 10:02:00 | 2017-08-09 06:00:00 | http://www.openwall.com/lists/oss-security/2017/08/09/3 | 2017-08-09 06:00:00 | CVE-2017-1000099 | 7.83 | 7.83 |
| Linux Kernel | [vs-plain] Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch | 2017-08-04 15:59:00 | 2017-08-10 20:55:00 | http://www.openwall.com/lists/oss-security/2017/08/10/5 | 2017-08-10 20:55:00 | CVE-2017-1000112 | 6.21 | 6.21 |
| Linux Kernel | [vs-plain] Linux kernel: heap out-of-bounds in AF_PACKET sockets | 2017-08-04 16:48:00 | 2017-08-10 13:25:00 | http://www.openwall.com/lists/oss-security/2017/08/10/7 | 2017-08-10 13:25:00 | CVE-2017-1000111 | 5.86 | 5.86 |
| GNOME | [vs] CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding | 2017-08-07 17:54:00 | 2017-08-10 12:41:00 | http://www.openwall.com/lists/oss-security/2017/08/10/1 | 2017-08-10 12:53:00 | CVE-2017-2885 | 2.78 | 2.79 |
| file | [vs] file: stack based buffer overflow | 2017-09-01 09:30:00 | 2017-09-05 16:24:00 | http://www.openwall.com/lists/oss-security/2017/09/05/3 | 2017-09-05 16:24:00 | CVE-2017-1000249 | 4.29 | 4.29 |
| BlueZ | [vs-plain] Info Leak vulnerability in BlueZ | 2017-09-05 20:29:00 | 2017-09-13 21:08:00 | http://www.openwall.com/lists/oss-security/2017/09/13/4 | 2017-09-13 21:08:00 | CVE-2017-1000250 CVE-2017-1000251 | 8.03 | 8.03 |
| tcpdump | [vs-plain] Re: tcpdump 4.9.2 and NixOS | 2017-09-06 13:08:00 | 2017-09-07 14:06:00 | http://www.openwall.com/lists/oss-security/2017/09/07/8 | 2017-09-07 14:06:00 | CVE-2017-11543 CVE-2017-13011 CVE-2017-12989 CVE-2017-12990 CVE-2017-12995 CVE-2017-12997 CVE-2017-11541 CVE-2017-11542 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12898 CVE-2017-12897 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-11542 CVE-2017-11541 CVE-2017-12994 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-11543 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 | 1.04 | 1.04 |
| Linux Kernel | [vs] KVM denial of service | 2017-09-08 11:21:00 | 2017-09-15 16:36:00 | http://www.openwall.com/lists/oss-security/2017/09/15/4 | 2017-09-15 16:36:00 | CVE-2017-1000252 | 7.22 | 7.22 |
| apache | vs] OPTIONSbleed bug in apache httpd | 2017-09-11 10:17:00 | 2017-09-18 13:18:00 | http://www.openwall.com/lists/oss-security/2017/09/18/2 | 2017-09-18 13:18:00 | CVE-2017-9798 | 7.13 | 7.13 |
| Linux Kernel | [vs] Qualys Security Advisory (CVE-2017-1000253) | 2017-09-20 09:28:00 | 2017-09-26 15:08:00 | http://www.openwall.com/lists/oss-security/2017/09/26/16 | 2017-09-26 15:08:00 | CVE-2017-1000253 | 6.24 | 6.24 |
| Linux Kernel | [vs-plain] Bluetooth RCE in Linux Kernel - follow up | 2017-09-24 19:20:00 | 2017-09-27 17:39:00 | http://www.openwall.com/lists/oss-security/2017/09/27/10 | 2017-09-27 17:39:00 | CVE-2017-1000251 | 2.93 | 2.93 |
| Curl | [vs-plain] curl: FTP PWD response parser out of bounds read | 2017-09-25 08:26:00 | 2017-10-04 06:06:00 | http://www.openwall.com/lists/oss-security/2017/10/04/1 | 2017-10-04 06:06:00 | CVE-2017-1000254 | 8.90 | 8.90 |
| DNSMasq | [vs] DNSMasq Security vulnerabilities, public release October 2nd | 2017-09-25 20:59:00 | 2017-10-02 13:22:00 | http://www.openwall.com/lists/oss-security/2017/10/02/5 | 2017-10-02 15:47:00 | CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 | 6.68 | 6.78 |
| Linux Kernel | [vs] CVE Request for powerpc kernel bug | 2017-10-03 00:49:00 | 2017-10-09 | http://www.openwall.com/lists/oss-security/2017/10/10/3 | 2017-10-10 04:00:00 | CVE-2017-1000255 | 5.97 | 7.13 |
| Linux Kernel | [vs-plain] CVE-2017-5123 Linux kernel waitid() not calling access_ok() | 2017-10-09 19:06:00 | 2017-10-12 19:16:00 | http://www.openwall.com/lists/oss-security/2017/10/12/18 | 2017-10-12 20:02:00 | CVE-2017-5123 | 3.01 | 3.04 |
| wpa_supplicant | [vs] VU#228519 and wpa_supplicant/hostapd | 2017-10-10 08:08:00 | 2017-10-16 09:08:00 | http://www.openwall.com/lists/oss-security/2017/10/16/2 | 2017-10-16 09:08:00 | CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 | 6.04 | 6.04 |
| Curl | [vs-plain] curl: IMAP FETCH response out of bounds read | 2017-10-17 11:54:00 | 2017-10-23 06:07:00 | http://www.openwall.com/lists/oss-security/2017/10/23/1 | 2017-10-23 06:07:00 | CVE-2017-1000257 | 5.76 | 5.76 |
| Wget | [vs] [FICORA #1010111] Vulnerability report | 2017-10-23 14:50:00 | 2017-10-27 08:21:00 | http://www.openwall.com/lists/oss-security/2017/10/27/1 | 2017-10-27 08:21:00 | CVE-2017-13089 CVE-2017-13090 | 3.73 | 3.73 |
| PowerDNS | [vs] PowerDNS prenotification | 2017-11-20 14:01:00 | 2017-11-27 16:32:00 | http://www.openwall.com/lists/oss-security/2017/11/27/1 | 2017-11-27 16:32:00 | CVE-2017-15090 CVE-2017-15091 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 | 7.10 | 7.10 |
| Curl | [vs-plain] curl: NTLM buffer overflow via integer overflow | 2017-11-21 08:15:00 | 2017-11-29 09:34:00 | http://www.openwall.com/lists/oss-security/2017/11/29/2 | 2017-11-29 09:34:00 | CVE-2017-8816 | 8.05 | 8.05 |
| Curl | [vs-plain] (2/2) curl: FTP wildcard out of bounds read | 2017-11-21 08:16:00 | 2017-11-29 09:34:00 | http://www.openwall.com/lists/oss-security/2017/11/29/3 | 2017-11-29 09:34:00 | CVE-2017-8817 | 8.05 | 8.05 |
| Linux Kernel | [vs-plain] Security Bug - transparent huge pages dirty bit | 2017-11-22 18:50:00 | 2017-11-30 00:32:00 | http://www.openwall.com/lists/oss-security/2017/11/30/1 | 2017-11-30 00:32:00 | CVE-2017-1000405 | 7.24 | 7.24 |
| Curl | [vs-plain] curl: SSL out of buffer access | 2017-11-24 09:19:00 | 2017-11-29 09:34:00 | http://www.openwall.com/lists/oss-security/2017/11/29/4 | 2017-11-29 09:34:00 | CVE-2017-8818 | 5.01 | 5.01 |
| Linux Kernel | [vs-plain] Info Leak in the Linux Kernel via Bluetooth | 2017-11-30 09:44:00 | 2017-12-06 16:23:00 | http://www.openwall.com/lists/oss-security/2017/12/06/3 | 2017-12-06 16:23:00 | 6.28 | 6.28 | |
| OpenStack | [vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2017-17051) | 2017-11-30 12:35:00 | 2017-12-05 16:50:00 | http://www.openwall.com/lists/oss-security/2017/12/05/5 | 2017-12-05 16:50:00 | CVE-2017-17051 | 5.18 | 5.18 |
| Linux Kernel | [vs-plain] Security bug in DCCP socket | 2017-12-01 11:08:00 | 2017-12-04 20:27:00 | http://www.openwall.com/lists/oss-security/2017/12/05/1 | 2017-12-05 00:11:00 | CVE-2017-8824 | 3.39 | 3.54 |
| PowerDNS | [vs] PowerDNS prenotification | 2017-12-04 14:43:00 | 2017-12-11 12:34:31 | http://www.openwall.com/lists/oss-security/2017/12/11/1 | 2017-12-11 12:34:31 | CVE-2017-15120 | 6.91 | 6.91 |
| glibc | [vs] Qualys Security Advisory | 2017-12-05 14:59:00 | 2017-12-11 19:14:00 | http://www.openwall.com/lists/oss-security/2017/12/11/4 | 2017-12-11 19:14:00 | CVE-2017-1000408 CVE-2017-1000409 | 6.18 | 6.18 |
| iscsi-initiator-utils | [vs] Bug report | 2017-12-11 16:21:00 | 2017-12-13 19:21:00 | http://www.openwall.com/lists/oss-security/2017/12/13/2 | 2017-12-13 19:21:00 | 2.13 | 2.13 | |
| glibc | [vs] GNU libc issue (–throw-keyids) | 2017-12-31 13:46:00 | 2018-01-11 21:34:44 | http://www.openwall.com/lists/oss-security/2018/01/11/5 | 2018-01-11 21:34:44 | CVE-2018-1000001 | 11.33 | 11.33 |
| dovecot | [vs] CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. | 2018-01-11 10:51:00 | 2018-01-25 09:35:00 | http://www.openwall.com/lists/oss-security/2018/01/25/4 | 2018-01-25 09:35:00 | CVE-2017-15132 | 13.95 | 13.95 |
| Linux Kernel | [vs-plain] sound driver Conditional competition | 2018-01-12 01:19:00 | 2018-01-16 14:21:19 | http://www.openwall.com/lists/oss-security/2018/01/16/1 | 2018-01-16 14:21:19 | 4.54 | 4.54 | |
| PowerDNS,knots | [vs] bug in DNS resolvers - DNSSEC validation | 2018-01-15 15:29:00 | 2018-01-22 00:00:00 | http://www.openwall.com/lists/oss-security/2018/02/09/1 | 2018-02-09 00:43:00 | CVE-2018-1000002 CVE-2018-1000003 | 6.35 | 24.38 |
| Bind | Packager Notification for CVE-2017-3145 [vs] | 2018-01-15 20:58:00 | 2018-01-16 14:25:46 | http://www.openwall.com/lists/oss-security/2018/01/16/7 | 2018-01-16 14:25:46 | CVE-2017-3145 | 0.73 | 0.73 |
| DHCP | [vs-plain] CVE-2017-3144: ISC DHCP can leak socket descriptors | 2018-01-15 21:12:00 | 2018-01-16 15:38:00 | http://www.openwall.com/lists/oss-security/2018/01/16/6 | 2018-01-16 15:38:00 | CVE-2017-3144 | 0.77 | 0.77 |
| curl | [vs-plain] : curl: HTTP/2 trailer out-of-bounds read | 2018-01-17 09:36:00 | 2018-01-24 07:11:30 | http://www.openwall.com/lists/oss-security/2018/01/24/3 | 2018-01-24 07:11:30 | CVE-2018-1000005 | 6.90 | 6.90 |
| InfoZip Unzip | [vs] SEC Consult SA-201801DD-0 :: Multiple vulnerabilities in InfoZip UnZip | 2018-01-17 20:54:00 | 2018-02-07 11:45:00 | http://www.openwall.com/lists/oss-security/2018/02/08/1 | 2018-02-08 07:19:20 | CVE-2018-1000035 CVE-2018-1000031 CVE-2018-1000032 CVE-2018-1000033 CVE-2018-1000034 | 20.62 | 21.43 |
| curl | [vs-plain] curl: HTTP authentication leak in redirects | 2018-01-19 22:06:00 | 2018-01-24 07:11:37 | http://www.openwall.com/lists/oss-security/2018/01/24/4 | 2018-01-24 07:11:37 | CVE-2018-1000007 | 4.38 | 4.38 |
| quagga | [vs] Quagga security issues | 2018-02-10 11:16:00 | 2018-02-15 23:07:00 | http://www.openwall.com/lists/oss-security/2018/02/15/4 | 2018-02-15 23:07:00 | CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 | 5.49 | 5.49 |
| dovecot | [vs] Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS | 2018-02-26 12:03:00 | 2018-03-01 06:51:00 | http://www.openwall.com/lists/oss-security/2018/03/01/3 | 2018-03-01 06:51:00 | CVE-2017-15130 | 2.78 | 2.78 |
| dovecot | [vs] Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability | 2018-02-26 12:04:00 | 2018-03-01 06:51:00 | http://www.openwall.com/lists/oss-security/2018/03/01/2 | 2018-03-01 06:51:00 | CVE-2017-14461 | 2.78 | 2.78 |
| DHCP,Bind | Multiple vulnerabilities in ISC products (ISC DHCP and BIND) will be disclosed 28 February 2018 [vs] | 2018-02-27 22:38:00 | 2018-02-28 20:29:55 | http://www.openwall.com/lists/oss-security/2018/02/28/1 | 2018-02-28 20:29:55 | CVE-2018-5734 CVE-2018-5732 CVE-2018-5733 | 0.91 | 0.91 |
| 389-ds | [vs] Remote DoS flaw in 389-ds-base | 2018-03-02 10:48:00 | 2018-03-06 03:56:00 | http://www.openwall.com/lists/oss-security/2018/03/06/2 | 2018-03-06 03:56:00 | CVE-2018-1054 | 3.71 | 3.71 |
| curl | [vs-plain] : curl LDAP NULL pointer dereference | 2018-03-07 08:25:00 | 2018-03-14 06:55:00 | http://www.openwall.com/lists/oss-security/2018/03/14/2 | 2018-03-14 06:55:00 | CVE-2018-1000121 | 6.94 | 6.94 |
| curl | Re: [vs-plain] curl: FTP path trickery leads to NIL byte out of bounds write | 2018-03-07 22:06:00 | 2018-03-14 06:55:00 | http://www.openwall.com/lists/oss-security/2018/03/14/1 | 2018-03-14 06:55:00 | CVE-2018-1000120 | 6.37 | 6.37 |
| curl | [vs-plain] curl: RTSP RTP buffer over-read | 2018-03-08 15:57:00 | 2018-03-14 06:55:00 | http://www.openwall.com/lists/oss-security/2018/03/14/3 | 2018-03-14 06:55:00 | CVE-2018-1000122 | 5.62 | 5.62 |
| Linux Kernel | [vs-plain] CVE-2018-1068: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets | 2018-03-13 12:38:00 | 2018-03-16 09:30:50 | http://www.openwall.com/lists/oss-security/2018/03/16/1 | 2018-03-16 09:30:50 | CVE-2018-1068 | 2.87 | 2.87 |
| pcs | [vs-plain] pcs: EMBARGOED CVE-2018-1079 and CVE-2018-1086 | 2018-03-26 09:12:00 | 2018-04-09 00:00:00 | http://www.openwall.com/lists/oss-security/2018/04/09/2 | 2018-04-09 11:28:00 | CVE-2018-1079 CVE-2018-1086 | 13.62 | 14.09 |
| nghttp2 | [vs-plain] nghttp2 vulnerability | 2018-04-08 14:14:00 | 2018-04-12 15:20:00 | http://www.openwall.com/lists/oss-security/2018/04/12/4 | 2018-04-12 15:20:00 | CVE-2018-1000168 | 4.05 | 4.05 |
| PackageKit | [vs] Multiple local root vulnerabilities involving PackageKit | 2018-04-09 14:06:00 | 2018-04-23 14:44:00 | http://www.openwall.com/lists/oss-security/2018/04/23/3 | 2018-04-23 14:44:00 | CVE-2018-1106 | 14.03 | 14.03 |
| gluster | [vs] gluster : privilege escalation on gluster server nodes | 2018-04-10 13:23:00 | 2018-04-18 12:24:00 | http://www.openwall.com/lists/oss-security/2018/04/18/1 | 2018-04-18 12:24:00 | CVE-2018-1088 | 7.96 | 7.96 |
| OpenSSL | [vs-plain] OpenSSL: RSA key generation follows several non constant time code paths | 2018-04-11 08:03:00 | 2018-04-16 16:46:00 | http://www.openwall.com/lists/oss-security/2018/04/16/3 | 2018-04-16 16:46:00 | 5.36 | 5.36 | |
| Linux Kernel | [vs-plain] [CVE request] Linux ptrace() bug leading to DoS or possibly corruption | 2018-04-17 14:25:00 | 2018-05-01 15:35:00 | http://www.openwall.com/lists/oss-security/2018/05/01/3 | 2018-05-01 15:35:00 | CVE-2018-1000199 | 14.05 | 14.05 |
| Linux Kernel | [vs-plain] NULL pointer dereference on oom kill of large mlocked process | 2018-04-18 01:09:00 | 2018-04-24 22:48:00 | http://www.openwall.com/lists/oss-security/2018/04/24/3 | 2018-04-24 22:48:00 | CVE-2018-1000200 | 6.90 | 6.90 |
| Ghostscript | [vs-plain] CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow | 2018-04-18 14:26:00 | 2018-04-19 22:22:00 | http://www.openwall.com/lists/oss-security/2018/04/19/5 | 2018-04-19 22:22:00 | CVE-2018-10194 | 1.33 | 1.33 |
| Knot Resolver | [vs] Knot Resolver 2.3.0 security release | 2018-04-19 18:55:00 | 2018-04-23 12:30:00 | http://www.openwall.com/lists/oss-security/2018/04/23/2 | 2018-04-23 12:30:00 | CVE-2018-1110 | 3.73 | 3.73 |
| quassecore | [vs-plain] quassecore RCE and DDOS | 2018-04-22 15:04:00 | 2018-04-24 21:28:00 | http://www.openwall.com/lists/oss-security/2018/04/27/1 | 2018-04-26 22:39:42 | 2.27 | 4.32 | |
| Linux Kernel | [vs-plain] [VS] Linux kernel: memory corruption during exception handling leading to DoS | 2018-04-24 10:19:00 | 2018-05-08 17:35:00 | http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.openwall.com/lists/oss-security/2018/05/08/4 | 2018-05-08 17:35:00 | CVE-2018-8897 CVE-2018-1087 | 14.30 | 14.30 |
| procps-ng | [vs] Qualys Security Advisory | 2018-05-05 01:10:00 | 2018-05-17 17:17:00 | http://www.openwall.com/lists/oss-security/2018/05/17/1 | 2018-05-17 17:17:00 | CVE-2018-1120 CVE-2018-1121 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 | 12.67 | 12.67 |
| curl | [vs-plain] curl (1/2): FTP shutdown response buffer overflow | 2018-05-07 10:46:00 | 2018-05-16 06:25:00 | http://www.openwall.com/lists/oss-security/2018/05/16/1 | 2018-05-16 06:25:00 | CVE-2018-1000300 | 8.82 | 8.82 |
| curl | [vs-plain] curl (2/2): RTSP bad headers buffer over-read | 2018-05-07 10:46:00 | 2018-05-16 06:25:00 | http://www.openwall.com/lists/oss-security/2018/05/16/2 | 2018-05-16 06:25:00 | CVE-2018-1000301 | 8.82 | 8.82 |
| Bind | [vs-plain] Multiple BIND CVEs for disclosure on 16 May 2018 | 2018-05-15 22:25:00 | 2018-05-18 22:08:27 | http://www.openwall.com/lists/oss-security/2018/05/18/2 | 2018-05-18 22:08:27 | CVE-2018-5736 CVE-2018-5737 | 2.99 | 2.99 |
| Prosody | [vs] prosody: insufficient stream header validation | 2018-05-28 13:44:00 | 2018-05-31 18:31:02 | http://www.openwall.com/lists/oss-security/2018/05/31/2 | 2018-05-31 18:31:02 | CVE-2018-10847 | 3.20 | 3.20 |
| pppd | [vs] Buffer Overflow in pppd EAP-TLS implementation | 2018-06-06 15:10:00 | 2018-06-11 18:57:00 | http://www.openwall.com/lists/oss-security/2018/06/11/1 | 2018-06-11 18:57:00 | CVE-2018-11574 | 5.16 | 5.16 |
| Linux Kernel | [vs-plain] Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl. | 2018-06-08 10:21:00 | 2018-06-08 19:38:27 | http://www.openwall.com/lists/oss-security/2018/06/08/1 | 2018-06-08 19:38:27 | CVE-2018-1000204 | 0.39 | 0.39 |
| Bind | [vs] BIND vulnerability CVE-2018-5738 will be announce 12 June 2018 | 2018-06-08 21:22:00 | 2018-06-13 00:07:00 | http://www.openwall.com/lists/oss-security/2018/06/13/1 | 2018-06-13 00:07:00 | CVE-2018-5738 | 4.11 | 4.11 |
| gluster | [vs] gluster : privilege escalation on gluster server nodes when TLS is enabled | 2018-06-12 13:34:00 | 2018-06-20 19:58:00 | http://www.openwall.com/lists/oss-security/2018/06/20/1 | 2018-06-20 19:58:00 | CVE-2018-10841 | 8.27 | 8.27 |
| Intel CPU | [vs-plain] CVE-2018-3665 | 2018-06-13 17:48:00 | 2018-06-15 14:55:00 | http://www.openwall.com/lists/oss-security/2018/06/15/5 | 2018-06-15 14:55:00 | CVE-2018-3665 | 1.88 | 1.88 |
| Git-annex | [vs] git-annex vulnerability | 2018-06-15 16:10:00 | 2018-06-26 16:02:00 | http://www.openwall.com/lists/oss-security/2018/06/26/4 | 2018-06-26 16:02:00 | CVE-2018-10857 CVE-2018-10859 | 10.99 | 10.99 |
| curl | [vs-plain] curl: SMTP send heap buffer overflow | 2018-07-01 12:37:00 | 2018-07-11 06:06:00 | https://www.openwall.com/lists/oss-security/2018/07/11/1 | 2018-07-11 06:06:00 | CVE-2018-0500 | 9.73 | 9.73 |
| qutebrowser | [vs] qutebrowser: Remote code execution | 2018-07-09 22:21:00 | 2018-07-11 15:34:31 | https://www.openwall.com/lists/oss-security/2018/07/11/7 | 2018-07-11 15:34:31 | CVE-2018-10895 | 1.72 | 1.72 |
| kea | [vs] Kea DHCP vulnerability CVE-2018-5739 will be announce 11 July 2018 | 2018-07-11 01:36:00 | 2018-07-11 23:00:00 | https://www.openwall.com/lists/oss-security/2018/07/11/8 | 2018-07-11 23:00:00 | CVE-2018-5739 | 0.89 | 0.89 |
| Network Manager VPNC | [vs-plain] CVE-2018-10900 NetworkManager-vpnc local authenticated root | 2018-07-17 06:58:00 | 2018-07-20 11:38:00 | https://www.openwall.com/lists/oss-security/2018/07/20/3 | 2018-07-20 11:38:00 | CVE-2018-10900 | 3.19 | 3.19 |
| fuse | [vs] FUSE user_allow_other restriction may be bypassed | 2018-07-18 19:27:00 | 2018-07-24 00:11:27 | https://www.openwall.com/lists/oss-security/2018/07/24/1 | 2018-07-24 00:11:27 | CVE-2018-10906 | 5.20 | 5.20 |
| OpenStack | [vs-plain] [pre-OSSA] Vulnerability in OpenStack Keystone (CVE-2018-14432) | 2018-07-20 16:32:00 | 2018-07-25 18:00:39 | https://www.openwall.com/lists/oss-security/2018/07/25/2 | 2018-07-25 18:00:39 | CVE-2018-14432 | 5.06 | 5.06 |
| Linux Kernel | [vs-plain] Remote Linux kernel DoS (fixed in stable) | 2018-07-27 18:51:00 | 2018-08-08 15:44:00 | https://www.openwall.com/lists/oss-security/2018/08/08/5 | 2018-08-08 15:44:00 | CVE 2018-5390 | 11.87 | 11.87 |
| Knot Resolver | [vs] Knot Resolver 2.4.1 security release + CVE request | 2018-08-01 14:47:00 | 2018-08-09 06:06:00 | https://www.openwall.com/lists/oss-security/2018/08/09/2 | 2018-08-09 06:06:00 | CVE-2018-10920 | 7.64 | 7.64 |
| Linux Kernel | [vs-plain] CVE-2017-18344: Linux kernel: meltdown-like vulnerability in the timer subsystem | 2018-08-02 13:01:00 | 2018-08-02 18:57:00 | http://www.openwall.com/lists/oss-security/2018/08/02/3 | 2018-08-02 18:57:00 | CVE-2017-18344 | 0.25 | 0.25 |
| brtfs | [vs-plain] btrfsmaintenance: CVE-2018-14722 | 2018-08-07 11:25:00 | 2018-08-14 15:57:00 | https://www.openwall.com/lists/oss-security/2018/08/14/7 | 2018-08-14 15:57:00 | CVE-2018-14722 | 7.19 | 7.19 |
| Bind | [vs] BIND vulnerability CVE-2018-5740 will be announced 08 August 2018 | 2018-08-07 21:44:00 | 2018-08-09 06:45:00 | https://www.openwall.com/lists/oss-security/2018/08/09/1 | 2018-08-09 06:45:00 | CVE-2018-5740 | 1.38 | 1.38 |
| cobbler | [vs] CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC | 2018-08-08 18:06:00 | 2018-08-09 15:42:00 | https://www.openwall.com/lists/oss-security/2018/08/09/9 | 2018-08-09 15:42:00 | CVE-2018-10931 | 0.90 | 0.90 |
| Spice | [vs] spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling | 2018-08-10 03:16:00 | 2018-08-16 23:51:00 | http://www.openwall.com/lists/oss-security/2018/08/17/1 | 2018-08-17 00:51:00 | CVE-2018-10873 | 6.86 | 6.90 |
| OpenSSH | [vs-plain] OpenSSH Username Enumeration | 2018-08-15 14:48:00 | 2018-08-15 16:05:00 | https://www.openwall.com/lists/oss-security/2018/08/15/5 | 2018-08-15 16:05:00 | 0.05 | 0.05 | |
| Linux Kernel | [vs-plain] CVE-2018-10902 - double free in midi subsystem. | 2018-08-20 09:07:00 | 2018-08-21 12:29:00 | https://www.openwall.com/lists/oss-security/2018/08/21/1 | 2018-08-21 12:29:00 | CVE-2018-10902 | 1.14 | 1.14 |
| Ghostscript | [vs-plain] More Ghostscript Issues | 2018-08-21 00:56:00 | 2018-08-21 12:46:00 | http://www.openwall.com/lists/oss-security/2018/08/21/2 | 2018-08-21 12:46:00 | 0.49 | 0.49 | |
| gluster | [vs] glusterfs : various flaws | 2018-08-22 14:45:00 | 2018-09-04 08:31:00 | https://www.openwall.com/lists/oss-security/2018/09/04/1 | 2018-09-04 08:31:00 | CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10924 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 | 12.74 | 12.74 |
| OpenSSH | [vs-plain] Another OpenSSH Username Enumeration | 2018-08-24 16:10:00 | 2018-08-27 16:27:00 | http://www.openwall.com/lists/oss-security/2018/08/27/2 | 2018-08-27 16:27:00 | CVE-2018-15919 | 3.01 | 3.01 |
| curl | [vs-plain] curl: NTLM password overflow via integer overflow | 2018-08-27 05:55:00 | 2018-09-05 05:55:00 | https://www.openwall.com/lists/oss-security/2018/09/05/1 | 2018-09-05 05:55:00 | CVE-2018-14618 | 9.00 | 9.00 |
| Linux Kernel | [vs] CVE-2018-6554 and CVE-2018-6555 | 2018-08-29 16:58:00 | 2018-09-04 16:47:00 | https://www.openwall.com/lists/oss-security/2018/09/04/2 | 2018-09-04 16:47:00 | CVE-2018-6554 CVE-2018-6555 | 5.99 | 5.99 |
| Linux Kernel | [vs] CVE-2018-14633: security flaw in iscsi target code | 2018-09-10 09:25:00 | 2018-09-24 10:03:00 | https://www.openwall.com/lists/oss-security/2018/09/24/2 | 2018-09-24 10:03:00 | CVE-2018-14633 | 14.03 | 14.03 |
| Linux Kernel | [vs] CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() | 2018-09-17 10:21:00 | 2018-09-18 10:02:00 | https://www.openwall.com/lists/oss-security/2018/09/18/1 | 2018-09-18 10:02:00 | CVE-2018-14641 | 0.99 | 0.99 |
| Linux Kernel | [vs-plain] potential local priviledge escalation bug in vmacache code | 2018-09-18 13:29:00 | 2018-09-18 14:54:00 | https://www.openwall.com/lists/oss-security/2018/09/18/4 | 2018-09-18 14:54:00 | 0.06 | 0.06 | |
| Linux Kernel | [vs-plain] Integer overflow in Linux's create_elf_tables() (CVE-2018-14634) | 2018-09-18 15:58:00 | 2018-09-25 17:07:00 | https://www.openwall.com/lists/oss-security/2018/09/25/4 | 2018-09-25 17:07:00 | CVE-2018-14634 | 7.05 | 7.05 |
| libssh | [vs] libssh security issue CVE-2018-10933 | 2018-10-08 08:41:00 | 2018-10-16 12:21:00 | https://www.openwall.com/lists/oss-security/2018/10/16/1 | 2018-10-16 12:21:00 | CVE-2018-10933 | 8.15 | 8.15 |
| glib | [vs] GLib variant binary form and D-Bus message parsing problems | 2018-10-11 02:09:00 | 2018-10-23 03:46:00 | https://www.openwall.com/lists/oss-security/2018/10/23/5 | 2018-10-23 03:46:00 | 12.07 | 12.07 | |
| Linux Kernel | [vs-plain] 4.19.0-rc3 global-out-of-bounds read in btusb_work | 2018-10-16 11:51:00 | 2018-10-31 14:11:00 | https://www.openwall.com/lists/oss-security/2018/10/31/6 | 2018-10-31 14:11:00 | 15.10 | 15.10 | |
| gcc | [vs-plain] GCC Compiler Induced Vulnerability | 2018-10-21 02:34:00 | 2018-10-22 15:07:00 | https://www.openwall.com/lists/oss-security/2018/10/22/3 | 2018-10-22 15:07:00 | 1.52 | 1.52 | |
| curl | [vs-plain] curl - two pending security advisories | 2018-10-22 08:26:00 | 2018-10-31 06:55:00 | https://www.openwall.com/lists/oss-security/2018/10/31/1 | 2018-10-31 06:55:00 | CVE-2018-16839 CVE-2018-16840 | 8.94 | 8.94 |
| glusterfs | [vs] glusterfs: multiple flaws | 2018-10-23 07:48:00 | 2018-10-31 12:50:00 | https://www.openwall.com/lists/oss-security/2018/10/31/5 | 2018-10-31 12:50:00 | CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 | 8.21 | 8.21 |
| Intel CPU | [vs-plain] new side-channel vulnerability on SMT/Hyper-Threading architectures | 2018-10-26 12:59:00 | 2018-11-01 22:12:00 | https://www.openwall.com/lists/oss-security/2018/11/01/4 | 2018-11-01 22:12:00 | CVE-2018-5407 | 6.38 | 6.38 |
| PowerDNS | [vs] PowerDNS prenotification | 2018-11-01 14:10:00 | 2018-11-06 22:28:00 | https://www.openwall.com/lists/oss-security/2018/11/06/8 | 2018-11-06 22:28:00 | CVE-2018-10851 CVE-2018-14626 CVE-2018-14644 | 5.35 | 5.35 |
| PowerDNS | [vs] PowerDNS prenotification | 2018-11-18 00:00:00 | 2018-11-26 16:14:00 | https://www.openwall.com/lists/oss-security/2018/11/26/2 | 2018-11-26 16:14:00 | CVE-2019-3806 | 8.68 | 8.68 |
| Linux Kernel | [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) | 2018-11-22 13:45:00 | 2018-11-23 17:22:00 | https://www.openwall.com/lists/oss-security/2018/11/23/6 | 2018-11-23 17:22:00 | 1.15 | 1.15 | |
| Linux Kernel | [vs-plain] UAF write in usb_audio_probe | 2018-12-03 14:45:00 | 2018-12-03 16:45:00 | https://www.openwall.com/lists/oss-security/2018/12/03/1 | 2018-12-03 16:45:00 | CVE-2018-19824 | 0.08 | 0.08 |
| Go | [vs-plain] Go security release next week, requesting 3 CVE IDs | 2018-12-08 11:56:00 | 2018-12-14 18:06:00 | https://www.openwall.com/lists/oss-security/2018/12/14/9 | 2018-12-14 18:06:00 | CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 | 6.26 | 6.26 |
| Systemd | [vs] Qualys Security Advisory | 2018-12-26 20:40:00 | 2019-01-09 19:02:00 | https://www.openwall.com/lists/oss-security/2019/01/09/3 | 2019-01-09 19:02:00 | CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 | 13.93 | 13.93 |
| Linux Kernel | [vs-plain] two information leak vulnerabilities in kernel bluetooth stack | 2019-01-01 09:27:00 | 2019-01-11 14:06:00 | https://www.openwall.com/lists/oss-security/2019/01/11/2 | 2019-01-11 14:06:00 | CVE-2019-3459 CVE-2019-3460 | 10.19 | 10.19 |
| PowerDNS | [vs] PowerDNS prenotification | 2019-01-14 15:21:00 | 2019-01-21 14:23:00 | https://www.openwall.com/lists/oss-security/2019/01/21/7 | 2019-01-21 14:23:00 | CVE-2019-3806 | 6.96 | 6.96 |
| Spice | [vs] CVE-2019-3813: spice | 2019-01-21 20:50:00 | 2019-01-28 19:53:00 | https://www.openwall.com/lists/oss-security/2019/01/28/2 | 2019-01-28 19:53:00 | CVE-2019-3813 | 6.96 | 6.96 |
| Linux Kernel | [vs] CVE-2018-16880 Linux kernel: oob-write in drivers/vhost/net.c:get_rx_bufs() | 2019-01-22 12:33:00 | 2019-01-25 15:46:00 | https://www.openwall.com/lists/oss-security/2019/01/25/1 | 2019-01-25 15:46:00 | CVE-2018-16880 | 3.13 | 3.13 |
| dovecot | [vs] Important vulnerability in Dovecot (CVE-2019-3814) | 2019-01-24 10:51:00 | 2019-02-05 13:02:00 | https://www.openwall.com/lists/oss-security/2019/02/05/1 | 2019-02-05 13:02:00 | CVE-2019-3814 | 12.09 | 12.09 |
| curl | [vs-plain] curl: NTLM type-2 out-of-bounds buffer read (1/3) | 2019-01-28 13:24:00 | 2019-02-06 07:12:00 | https://www.openwall.com/lists/oss-security/2019/02/06/1 | 2019-02-06 07:12:00 | CVE-2018-16890 | 8.74 | 8.74 |
| curl | [vs-plain] curl: NTLMv2 type-3 header stack buffer overflow (2/3) | 2019-01-28 13:24:00 | 2019-02-06 07:12:00 | https://www.openwall.com/lists/oss-security/2019/02/06/2 | 2019-02-06 07:12:00 | CVE-2019-3822 | 8.74 | 8.74 |
| curl | [vs-plain] curl: SMTP end-of-response out-of-bounds read (3/3) | 2019-01-28 13:24:00 | 2019-02-06 07:12:00 | https://www.openwall.com/lists/oss-security/2019/02/06/3 | 2019-02-06 07:12:00 | CVE-2019-3823 | 8.74 | 8.74 |
| runc | [EMBARGOED][vs] CVE-2019-5736: runc container breakout notification | 2019-02-04 03:25:00 | 2019-02-11 13:05:00 | https://www.openwall.com/lists/oss-security/2019/02/11/2 | 2019-02-11 13:05:00 | CVE-2019-5736 | 7.40 | 7.40 |
| Systemd | [vs] systemd (PID1) crash with specially crafted D-Bus message | 2019-02-13 18:32:00 | 2019-02-18 16:48:00 | https://www.openwall.com/lists/oss-security/2019/02/18/3 | 2019-02-18 16:48:00 | CVE-2019-6454 | 4.93 | 4.93 |
| Bind | [vs] Three BIND vulnerabilities (CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465) will be announced 21 February 2019 | 2019-02-20 01:03:00 | 2019-02-22 02:59:00 | https://www.openwall.com/lists/oss-security/2019/02/22/1 | 2019-02-22 02:59:00 | CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 | 2.08 | 2.08 |
| Linux Kernel | [vs-plain] Stack/Heap Clashing on Linux >=4.13 when loader directly invoked | 2019-03-05 17:35:00 | 2019-03-13 01:30:06 | https://www.openwall.com/lists/oss-security/2019/03/13/1 | 2019-03-13 01:30:06 | 7.33 | 7.33 | |
| libssh | [vs-plain] libssh2: *nine* security fixes coming (take 2) | 2019-03-08 06:01:00 | 2019-03-18 21:42:00 | https://www.openwall.com/lists/oss-security/2019/03/18/3 | 2019-03-18 21:42:00 | CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 | 10.65 | 10.65 |
| libseccomp | [vs] linux-distros disclosure | 2019-03-11 21:12:00 | 2019-03-14 23:48:22 | https://www.openwall.com/lists/oss-security/2019/03/15/1 | 2019-03-14 23:48:22 | 3.11 | 3.11 | |
| Ghostscript | [vs] ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-3838 | 2019-03-13 20:32:00 | 2019-03-21 15:31:00 | https://www.openwall.com/lists/oss-security/2019/03/21/1 | 2019-03-21 15:31:00 | CVE-2019-3835 CVE-2019-3838 | 7.79 | 7.79 |
| dovecot | [vs] Important vulnerability in Dovecot (CVE-2019-7524) | 2019-03-21 15:29:00 | 2019-03-28 11:42:00 | https://www.openwall.com/lists/oss-security/2019/03/28/1 | 2019-03-28 11:42:00 | CVE-2019-7524 | 6.84 | 6.84 |
| apache | Re: [vs-plain] Apache HTTP Server 2.4.39 is important upgrade for distros due to CVE-2019-0211 | 2019-04-02 07:11:00 | 2019-04-02 01:31:00 | https://www.openwall.com/lists/oss-security/2019/04/02/3 | 2019-04-02 01:31:00 | CVE-2019-0211 | ND | ND |
| pacemaker | [vs-plain] pacemaker | 2019-04-03 05:01:00 | 2019-04-17 09:40:00 | https://www.openwall.com/lists/oss-security/2019/04/17/1 | 2019-04-17 09:40:00 | CVE-2019-3885 | 14.19 | 14.19 |
| wpa_supplicant | [vs] VU#871675 and wpa_supplicant/hostapd | 2019-04-03 16:04:00 | 2019-04-10 15:13:00 | https://www.openwall.com/lists/oss-security/2019/04/10/2 | 2019-04-10 15:13:00 | CVE-2019-9494 | 6.96 | 6.96 |
| dovecot | [vs] Important security bug in Dovecot | 2019-04-15 06:38:00 | 2019-04-18 09:05:00 | https://www.openwall.com/lists/oss-security/2019/04/18/3 | 2019-04-18 09:05:00 | CVE-2019-10691 | 3.10 | 3.10 |
| Bind | [vs-plain] Three BIND vulnerabilities (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) will be announced 24 April 2019 | 2019-04-24 01:32:00 | 2019-04-25 06:55:00 | https://www.openwall.com/lists/oss-security/2019/04/25/1 | 2019-04-25 06:55:00 | CVE-2018-5743 CVE-2018-6467 CVE-2019-6468 | 1.22 | 1.22 |
| dovecot | [vs] Important security bugs in Dovecot | 2019-04-29 06:11:00 | 2019-04-30 13:35:00 | https://www.openwall.com/lists/oss-security/2019/04/30/6 | 2019-04-30 13:35:00 | CVE-2019-11494 CVE-2019-11499 | 1.31 | 1.31 |
| curl | [vs-plain] curl: Integer overflows in curl_url_set (1/2) | 2019-05-15 06:07:00 | 2019-05-22 07:24:00 | https://www.openwall.com/lists/oss-security/2019/05/22/2 | 2019-05-22 07:24:00 | CVE-2019-5435 | 7.05 | 7.05 |
| curl | [vs-plain] curl: TFTP receive buffer overflow (2/2) | 2019-05-15 06:07:00 | 2019-05-22 07:24:00 | https://www.openwall.com/lists/oss-security/2019/05/22/3 | 2019-05-22 07:24:00 | CVE-2019-5436 | 7.05 | 7.05 |
| marwell wifi driver | [vs-plain] Bug report and CVE request : Heap Overflow in mwifiex_update_bss_desc_with_ie function of Marvell Wifi Driver in Linux kernel | 2019-05-21 08:39:00 | 2019-05-29 12:52:18 | https://www.openwall.com/lists/oss-security/2019/05/30/2 | 2019-05-30 10:58:59 | CVE-2019-3846 | 8.18 | 9.10 |
| Exim | [vs-plain] Qualys Security Advisory | 2019-05-28 10:20:00 | 2019-06-05 17:28:00 | https://www.openwall.com/lists/oss-security/2019/06/04/1 | 2019-06-05 17:28:00 | CVE-2019-10149 | 8.30 | 8.30 |
| marwell wifi driver | [vs-plain] CVE request : Heap Overflow in mwifiex_uap_parse_tail_ies function of Marvell Wifi Driver in Linux kernel | 2019-05-30 11:23:00 | 2019-06-01 10:07:00 | https://www.openwall.com/lists/oss-security/2019/06/01/1 | 2019-06-01 10:07:00 | CVE-2019-10126 | 1.95 | 1.95 |
| Mozilla Thunderbird | [vs] Thunderbird Vulnerabilities | 2019-06-06 17:11:00 | 2019-06-13 20:27:00 | https://www.openwall.com/lists/oss-security/2019/06/13/1 https://www.openwall.com/lists/oss-security/2019/06/13/2 https://www.openwall.com/lists/oss-security/2019/06/13/3 https://www.openwall.com/lists/oss-security/2019/06/13/4 | 2019-06-13 20:27:00 | CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 | 7.14 | 7.14 |
| Kernel Networking Stack (Multiple Kernels) | [vs] Kernel: Multiple remote denial of service issues | 2019-06-07 01:06:00 | 2019-06-17 17:33:00 | https://www.openwall.com/lists/oss-security/2019/06/17/5 | 2019-06-17 17:33:00 | CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 | 10.69 | 10.69 |
| dbus | [vs] CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass | 2019-06-09 13:37:00 | 2019-06-11 15:09:00 | https://www.openwall.com/lists/oss-security/2019/06/11/2 | 2019-06-11 15:09:00 | CVE-2019-12749 | 2.06 | 2.06 |
| Linux Kernel | [vs-plain] Linux kernel for powerpc mm bug | 2019-06-13 16:41:00 | 2019-06-24 14:44:00 | https://www.openwall.com/lists/oss-security/2019/06/24/5 | 2019-06-24 14:44:00 | CVE-2019-12817 | 10.92 | 10.92 |
| PowerDNS | [vs] PowerDNS prenotification | 2019-06-18 14:08:00 | 2019-06-21 11:19:00 | https://www.openwall.com/lists/oss-security/2019/06/21/5 | 2019-06-21 11:19:00 | CVE-2019-10162 CVE-2019-10163 | 2.88 | 2.88 |
| Bind | [vs-plain] BIND vulnerability CVE-2019-6471 will be announced tomorrow (Wednesday, 19 June 2019) | 2019-06-18 21:05:00 | 2019-06-20 01:13:00 | https://www.openwall.com/lists/oss-security/2019/06/20/1 | 2019-06-20 01:13:00 | CVE-2019-6471 | 1.17 | 1.17 |
| zeromq | [vs] CVE-2019-13132 in zeromq | 2019-07-04 09:11:00 | 2019-07-08 16:23:00 | https://www.openwall.com/lists/oss-security/2019/07/08/6 | 2019-07-08 16:23:00 | CVE-2019-13132 | 4.30 | 4.30 |
| Knot Resolver | [vs] Knot Resolver 4.1.0 security release + CVE request (#1) | 2019-07-04 16:31:00 | 2019-07-14 07:27:00 | https://www.openwall.com/lists/oss-security/2019/07/14/1 | 2019-07-14 07:27:00 | CVE-2019-10190 | 9.62 | 9.62 |
| Exim | [vs] Exim CVE-2019-13917 OVE-20190718-0006 | 2019-07-18 20:19:00 | 2019-07-22 10:00:00 | https://www.openwall.com/lists/oss-security/2019/07/22/3 | 2019-07-22 10:00:00 | CVE-2019-13917 | 3.57 | 3.57 |
| PowerDNS | [vs] PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records (CVE-2019-10203) | 2019-07-25 09:01:00 | 2019-07-30 11:37:00 | https://www.openwall.com/lists/oss-security/2019/07/30/2 | 2019-07-30 11:37:00 | CVE-2019-10203 | 5.11 | 5.11 |
| icedtea | [vs] icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 | 2019-07-25 09:23:00 | 2019-07-31 15:26:00 | https://www.openwall.com/lists/oss-security/2019/07/31/2 | 2019-07-31 15:26:00 | CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 | 6.25 | 6.25 |
| OpenStack | [vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2019-14433) | 2019-07-31 14:42:00 | 2019-08-06 19:44:00 | https://www.openwall.com/lists/oss-security/2019/08/06/6 | 2019-08-06 19:44:00 | CVE-2019-14433 | 6.21 | 6.21 |
| Ghostscript | [vs] ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 | 2019-08-07 06:57:00 | 2019-08-12 13:25:00 | https://www.openwall.com/lists/oss-security/2019/08/12/4 | 2019-08-12 13:25:00 | CVE-2019-10216 | 5.27 | 5.27 |
| dovecot | [vs] Important vulnerability in Dovecot (CVE-2019-11500) | 2019-08-14 07:00:00 | 2019-08-28 12:06:00 | https://www.openwall.com/lists/oss-security/2019/08/28/3 | 2019-08-28 12:06:00 | CVE-2019-11500 | 14.21 | 14.21 |
| Linux Kernel | [vs-plain] [PATCH] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings | 2019-08-21 02:05:00 | 2019-08-28 05:50:00 | https://www.openwall.com/lists/oss-security/2019/08/28/1 | 2019-08-28 05:50:00 | CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 | 7.16 | 7.16 |
| Ghostscript | [vs] ghostscript: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 and CVE-2019-14817 (.forceput exposed) | 2019-08-22 12:59:00 | 2019-08-28 12:29:00 | https://www.openwall.com/lists/oss-security/2019/08/28/2 | 2019-08-28 12:29:00 | CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 | 5.98 | 5.98 |
| Systemd | [vs] Missing access controls on systemd-resolved's D-Bus interface | 2019-08-29 23:35:00 | 2019-09-03 18:04:00 | https://www.openwall.com/lists/oss-security/2019/09/03/1 | 2019-09-03 18:35:00 | CVE-2019-15718 | 4.77 | 4.79 |
| Exim | [vs] CVE-2019-15846: Exim Buffer overflow | 2019-09-03 11:09:00 | 2019-09-06 06:00:00 | https://www.openwall.com/lists/oss-security/2019/09/06/1 | 2019-09-06 06:00:00 | CVE-2019-15846 | 2.79 | 2.79 |
| curl | [vs-plain] : curl: FTP-KRB double-free (1/2) | 2019-09-05 05:48:00 | 2019-09-11 06:01:00 | https://www.openwall.com/lists/oss-security/2019/09/11/5 | 2019-09-11 06:01:00 | CVE-2019-5481 | 6.01 | 6.01 |
| curl | [vs-plain] : curl: TFTP small blocksize heap buffer overflow (2/2) | 2019-09-05 05:48:00 | 2019-09-11 06:01:00 | https://www.openwall.com/lists/oss-security/2019/09/11/6 | 2019-09-11 06:01:00 | CVE-2019-5482 | 6.01 | 6.01 |
| ibus | [vs] ibus flaw | 2019-09-09 12:24:00 | 2019-09-13 07:18:00 | https://www.openwall.com/lists/oss-security/2019/09/13/1 | 2019-09-13 07:18:00 | CVE-2019-14822 | 3.79 | 3.79 |
| qemu | [vs-plain] QEMU-KVM Guest to Host Kernel Escape 0 day Vulnerability: vhost/vhost_net kernel buffer overflow | 2019-09-10 02:05:00 | 2019-09-11 09:44:00 | https://www.openwall.com/lists/oss-security/2019/09/17/1 | 2019-09-17 08:19:00 | CVE-2019-14835 | 1.32 | 7.26 |