This shows you the differences between two versions of the page.
|
mailing-lists:distros:stats [2018/11/25 17:54] kristianf Update for Q3 |
mailing-lists:distros:stats [2024/02/06 22:41] (current) solar add 2024 |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Report statistics for distros ML ====== | + | ====== (linux-)distros list usage statistics by year ====== |
| - | These statistics are updated as of 2018-09-30 23:59 (UTC) | + | |
| - | ===== Statistics by month ===== | + | * Stats for [[mailing-lists/distros/stats/2024|2024]] |
| - | Statistics are grouped by month of the issue being reported to the distros list | + | * Stats for [[mailing-lists/distros/stats/2023|2023]] |
| - | ^Date^All^2017-06^2017-07^2017-08^2017-09^2017-10^2017-11^2017-12^2018-01^2018-02^2018-03^2018-04^2018-05^2018-06^2018-07^2018-08^2018-09^ | + | * Stats for [[mailing-lists/distros/stats/2022|2022]] (incomplete, unreliable) |
| - | |Number of reports|99|1|3|6|9|5|7|5|8|4|6|10|5|6|7|13|4| | + | * Stats for [[mailing-lists/distros/stats/archive|2017-2019]] |
| - | |Average embargo time (first public)|6.43|10.84|4.69|6.39|5.83|4.90|6.70|5.99|7.28|2.99|6.52|7.40|7.30|5.13|5.38|8.41|5.53| | + | |
| - | |Average embargo time (oss-security)|6.71|14.16|5.03|6.39|5.84|5.14|6.70|6.02|9.64|2.99|6.60|7.60|7.30|5.13|5.38|8.42|5.53| | + | |
| - | ===== Data ===== | + | |
| - | ^Project^Subject^Reported (UTC)^Public (UTC)^oss-security posting^Time of oss-security posting (UTC)^CVE(s)^Days embargoed (first public)^Days embargoed (oss-security)^ | + | |
| - | |Spice|[vs] spice|2017-06-30 03:50|2017-07-11 00:00|http://www.openwall.com/lists/oss-security/2017/07/14/1|2017-07-14 07:38|CVE-2017-7506 |10.84|14.16| | + | |
| - | |Jenkins|[vs] CVE ID assignment request from the Jenkins project|2017-07-07 13:13|2017-07-10 15:00|http://www.openwall.com/lists/oss-security/2017/07/11/9|2017-07-11 11:52|CVE-2017-1000084\\ CVE-2017-1000085\\ CVE-2017-1000086\\ CVE-2017-1000087\\ CVE-2017-1000088\\ CVE-2017-1000089\\ CVE-2017-1000090\\ CVE-2017-1000091\\ CVE-2017-1000092\\ CVE-2017-1000093\\ CVE-2017-1000094\\ CVE-2017-1000095\\ CVE-2017-1000096|3.07|3.94| | + | |
| - | |Evince|[vs] evince: Command injection vulnerability in CBT handler|2017-07-10 13:57|2017-07-13 12:00|http://www.openwall.com/lists/oss-security/2017/07/13/5|2017-07-13 15:43|CVE-2017-1000083|2.92|3.07| | + | |
| - | |Linux Kernel|[vs-plain] linux kernel: CVE-2017-7533|2017-07-26 12:18|2017-08-03 14:00|http://www.openwall.com/lists/oss-security/2017/08/03/2|2017-08-03 14:00|CVE-2017-7533|8.07|8.07| | + | |
| - | |Curl|[vs-plain] curl: URL globbing out of bounds read (1/3)|2017-08-01 10:02|2017-08-09 06:00|http://www.openwall.com/lists/oss-security/2017/08/09/1|2017-08-09 06:00|CVE-2017-1000101|7.83|7.83| | + | |
| - | |Curl|[vs-plain] curl: TFTP sends more than buffer size (2/3)|2017-08-01 10:02|2017-08-09 06:00|http://www.openwall.com/lists/oss-security/2017/08/09/2|2017-08-09 06:00|CVE-2017-1000100|7.83|7.83| | + | |
| - | |Curl|[vs-plain] curl: FILE buffer read out of bounds|2017-08-01 10:02|2017-08-09 06:00|http://www.openwall.com/lists/oss-security/2017/08/09/3|2017-08-09 06:00|CVE-2017-1000099|7.83|7.83| | + | |
| - | |Linux Kernel|[vs-plain] Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch|2017-08-04 15:59|2017-08-10 20:55|http://www.openwall.com/lists/oss-security/2017/08/10/5|2017-08-10 20:55|CVE-2017-1000112|6.21|6.21| | + | |
| - | |Linux Kernel|[vs-plain] Linux kernel: heap out-of-bounds in AF_PACKET sockets|2017-08-04 16:48|2017-08-10 13:25|http://www.openwall.com/lists/oss-security/2017/08/10/7|2017-08-10 13:25|CVE-2017-1000111|5.86|5.86| | + | |
| - | |GNOME|[vs] CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding|2017-08-07 17:54|2017-08-10 12:41|http://www.openwall.com/lists/oss-security/2017/08/10/1|2017-08-10 12:53|CVE-2017-2885 |2.78|2.79| | + | |
| - | |file|[vs] file: stack based buffer overflow|2017-09-01 09:30|2017-09-05 16:24|http://www.openwall.com/lists/oss-security/2017/09/05/3|2017-09-05 16:24|CVE-2017-1000249|4.29|4.29| | + | |
| - | |BlueZ|[vs-plain] Info Leak vulnerability in BlueZ|2017-09-05 20:29|2017-09-13 21:08|http://www.openwall.com/lists/oss-security/2017/09/13/4|2017-09-13 21:08|CVE-2017-1000250\\ CVE-2017-1000251|8.03|8.03| | + | |
| - | |tcpdump|[vs-plain] Re: tcpdump 4.9.2 and NixOS|2017-09-06 13:08|2017-09-07 14:06|http://www.openwall.com/lists/oss-security/2017/09/07/8|2017-09-07 14:06|CVE-2017-11543\\ CVE-2017-13011\\ CVE-2017-12989\\ CVE-2017-12990\\ CVE-2017-12995\\ CVE-2017-12997\\ CVE-2017-11541\\ CVE-2017-11542\\ CVE-2017-12893\\ CVE-2017-12894\\ CVE-2017-12895\\ CVE-2017-12896\\ CVE-2017-12898\\ CVE-2017-12897\\ CVE-2017-12899\\ CVE-2017-12900\\ CVE-2017-12901\\ CVE-2017-12902\\ CVE-2017-12985\\ CVE-2017-12986\\ CVE-2017-12987\\ CVE-2017-12988\\ CVE-2017-12991\\ CVE-2017-12992\\ CVE-2017-12993\\ CVE-2017-11542\\ CVE-2017-11541\\ CVE-2017-12994\\ CVE-2017-12996\\ CVE-2017-12998\\ CVE-2017-12999\\ CVE-2017-13000\\ CVE-2017-13001\\ CVE-2017-13002\\ CVE-2017-13003\\ CVE-2017-13004\\ CVE-2017-13005\\ CVE-2017-13006\\ CVE-2017-13007\\ CVE-2017-13008\\ CVE-2017-13009\\ CVE-2017-13010\\ CVE-2017-13012\\ CVE-2017-13013\\ CVE-2017-13014\\ CVE-2017-13015\\ CVE-2017-11543\\ CVE-2017-13016\\ CVE-2017-13017\\ CVE-2017-13018\\ CVE-2017-13019\\ CVE-2017-13020\\ CVE-2017-13021\\ CVE-2017-13022\\ CVE-2017-13023\\ CVE-2017-13024\\ CVE-2017-13025\\ CVE-2017-13026\\ CVE-2017-13027\\ CVE-2017-13028\\ CVE-2017-13029\\ CVE-2017-13030\\ CVE-2017-13031\\ CVE-2017-13032\\ CVE-2017-13033\\ CVE-2017-13034\\ CVE-2017-13035\\ CVE-2017-13036\\ CVE-2017-13037\\ CVE-2017-13038\\ CVE-2017-13039\\ CVE-2017-13040\\ CVE-2017-13041\\ CVE-2017-13042\\ CVE-2017-13043\\ CVE-2017-13044\\ CVE-2017-13045\\ CVE-2017-13046\\ CVE-2017-13047\\ CVE-2017-13048\\ CVE-2017-13049\\ CVE-2017-13050\\ CVE-2017-13051\\ CVE-2017-13052\\ CVE-2017-13053\\ CVE-2017-13054\\ CVE-2017-13055\\ CVE-2017-13687\\ CVE-2017-13688\\ CVE-2017-13689\\ CVE-2017-13690\\ CVE-2017-13725|1.04|1.04| | + | |
| - | |Linux Kernel|[vs] KVM denial of service|2017-09-08 11:21|2017-09-15 16:36|http://www.openwall.com/lists/oss-security/2017/09/15/4|2017-09-15 16:36|CVE-2017-1000252|7.22|7.22| | + | |
| - | |apache|vs] OPTIONSbleed bug in apache httpd|2017-09-11 10:17|2017-09-18 13:18|http://www.openwall.com/lists/oss-security/2017/09/18/2|2017-09-18 13:18|CVE-2017-9798|7.13|7.13| | + | |
| - | |Linux Kernel|[vs] Qualys Security Advisory (CVE-2017-1000253)|2017-09-20 09:28|2017-09-26 15:08|http://www.openwall.com/lists/oss-security/2017/09/26/16|2017-09-26 15:08|CVE-2017-1000253|6.24|6.24| | + | |
| - | |Linux Kernel|[vs-plain] Bluetooth RCE in Linux Kernel - follow up|2017-09-24 19:20|2017-09-27 17:39|http://www.openwall.com/lists/oss-security/2017/09/27/10|2017-09-27 17:39|CVE-2017-1000251|2.93|2.93| | + | |
| - | |DNSMasq|[vs] DNSMasq Security vulnerabilities, public release October 2nd|2017-09-25 20:59|2017-10-02 13:22|http://www.openwall.com/lists/oss-security/2017/10/02/5|2017-10-02 15:47|CVE-2017-14491\\ CVE-2017-14492\\ CVE-2017-14493\\ CVE-2017-14494\\ CVE-2017-14495\\ CVE-2017-14496|6.68|6.78| | + | |
| - | |Curl|[vs-plain] curl: FTP PWD response parser out of bounds read|2017-09-25 08:26|2017-10-04 06:06|http://www.openwall.com/lists/oss-security/2017/10/04/1|2017-10-04 06:06|CVE-2017-1000254|8.90|8.90| | + | |
| - | |Linux Kernel|[vs] CVE Request for powerpc kernel bug|2017-10-03 00:49|2017-10-09|http://www.openwall.com/lists/oss-security/2017/10/10/3|2017-10-10 04:00|CVE-2017-1000255|5.97|7.13| | + | |
| - | |wpa_supplicant|[vs] VU#228519 and wpa_supplicant/hostapd|2017-10-10 08:08|2017-10-16 09:08|http://www.openwall.com/lists/oss-security/2017/10/16/2|2017-10-16 09:08|CVE-2017-13077\\ CVE-2017-13078\\ CVE-2017-13079\\ CVE-2017-13080\\ CVE-2017-13081\\ CVE-2017-13082\\ CVE-2017-13084\\ CVE-2017-13086\\ CVE-2017-13087\\ CVE-2017-13088|6.04|6.04| | + | |
| - | |Linux Kernel|[vs-plain] CVE-2017-5123 Linux kernel waitid() not calling access_ok()|2017-10-09 19:06|2017-10-12 19:16|http://www.openwall.com/lists/oss-security/2017/10/12/18|2017-10-12 20:02|CVE-2017-5123|3.01|3.04| | + | |
| - | |Curl|[vs-plain] curl: IMAP FETCH response out of bounds read|2017-10-17 11:54|2017-10-23 06:07|http://www.openwall.com/lists/oss-security/2017/10/23/1|2017-10-23 06:07|CVE-2017-1000257|5.76|5.76| | + | |
| - | |Wget|[vs] [FICORA #1010111] Vulnerability report|2017-10-23 14:50|2017-10-27 08:21|http://www.openwall.com/lists/oss-security/2017/10/27/1|2017-10-27 08:21|CVE-2017-13089\\ CVE-2017-13090|3.73|3.73| | + | |
| - | |PowerDNS|[vs] PowerDNS prenotification|2017-11-20 14:01|2017-11-27 16:32|http://www.openwall.com/lists/oss-security/2017/11/27/1|2017-11-27 16:32|CVE-2017-15090\\ CVE-2017-15091\\ CVE-2017-15092\\ CVE-2017-15093\\ CVE-2017-15094|7.10|7.10| | + | |
| - | |Curl|[vs-plain] (2/2) curl: FTP wildcard out of bounds read|2017-11-21 08:16|2017-11-29 09:34|http://www.openwall.com/lists/oss-security/2017/11/29/3|2017-11-29 09:34|CVE-2017-8817|8.05|8.05| | + | |
| - | |Curl|[vs-plain] curl: NTLM buffer overflow via integer overflow|2017-11-21 08:15|2017-11-29 09:34|http://www.openwall.com/lists/oss-security/2017/11/29/2|2017-11-29 09:34|CVE-2017-8816 |8.05|8.05| | + | |
| - | |Linux Kernel|[vs-plain] Security Bug - transparent huge pages dirty bit|2017-11-22 18:50|2017-11-30 00:32|http://www.openwall.com/lists/oss-security/2017/11/30/1|2017-11-30 00:32|CVE-2017-1000405|7.24|7.24| | + | |
| - | |Curl|[vs-plain] curl: SSL out of buffer access|2017-11-24 09:19|2017-11-29 09:34|http://www.openwall.com/lists/oss-security/2017/11/29/4|2017-11-29 09:34|CVE-2017-8818|5.01|5.01| | + | |
| - | |OpenStack|[vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2017-17051)|2017-11-30 12:35|2017-12-05 16:50|http://www.openwall.com/lists/oss-security/2017/12/05/5|2017-12-05 16:50|CVE-2017-17051|5.18|5.18| | + | |
| - | |Linux Kernel|[vs-plain] Info Leak in the Linux Kernel via Bluetooth|2017-11-30 09:44|2017-12-06 16:23|http://www.openwall.com/lists/oss-security/2017/12/06/3|2017-12-06 16:23||6.28|6.28| | + | |
| - | |Linux Kernel|[vs-plain] Security bug in DCCP socket|2017-12-01 11:08|2017-12-04 20:27|http://www.openwall.com/lists/oss-security/2017/12/05/1|2017-12-05 00:11|CVE-2017-8824|3.39|3.54| | + | |
| - | |PowerDNS|[vs] PowerDNS prenotification|2017-12-04 14:43|2017-12-11 12:34|http://www.openwall.com/lists/oss-security/2017/12/11/1|2017-12-11 12:34|CVE-2017-15120|6.91|6.91| | + | |
| - | |glibc|[vs] Qualys Security Advisory|2017-12-05 14:59|2017-12-11 19:14|http://www.openwall.com/lists/oss-security/2017/12/11/4|2017-12-11 19:14|CVE-2017-1000408\\ CVE-2017-1000409|6.18|6.18| | + | |
| - | |iscsi-initiator-utils|[vs] Bug report|2017-12-11 16:21|2017-12-13 19:21|http://www.openwall.com/lists/oss-security/2017/12/13/2|2017-12-13 19:21||2.13|2.13| | + | |
| - | |glibc|[vs] GNU libc issue (--throw-keyids)|2017-12-31 13:46|2018-01-11 21:34|http://www.openwall.com/lists/oss-security/2018/01/11/5|2018-01-11 21:34|CVE-2018-1000001|11.33|11.33| | + | |
| - | |dovecot|[vs] CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted.|2018-01-11 10:51|2018-01-25 09:35|http://www.openwall.com/lists/oss-security/2018/01/25/4|2018-01-25 09:35|CVE-2017-15132|13.95|13.95| | + | |
| - | |Linux Kernel|[vs-plain] sound driver Conditional competition|2018-01-12 01:19|2018-01-16 14:21|http://www.openwall.com/lists/oss-security/2018/01/16/1|2018-01-16 14:21||4.54|4.54| | + | |
| - | |PowerDNS,knots|[vs] bug in DNS resolvers - DNSSEC validation|2018-01-15 15:29|2018-01-22 00:00|http://www.openwall.com/lists/oss-security/2018/02/09/1|2018-02-09 00:43|CVE-2018-1000002\\ CVE-2018-1000003|6.35|24.38| | + | |
| - | |Bind|Packager Notification for CVE-2017-3145 [vs]|2018-01-15 20:58|2018-01-16 14:25|http://www.openwall.com/lists/oss-security/2018/01/16/7|2018-01-16 14:25|CVE-2017-3145|0.73|0.73| | + | |
| - | |DHCP|[vs-plain] CVE-2017-3144: ISC DHCP can leak socket descriptors|2018-01-15 21:12|2018-01-16 15:38|http://www.openwall.com/lists/oss-security/2018/01/16/6|2018-01-16 15:38|CVE-2017-3144|0.77|0.77| | + | |
| - | |curl|[vs-plain] : curl: HTTP/2 trailer out-of-bounds read|2018-01-17 09:36|2018-01-24 07:11|http://www.openwall.com/lists/oss-security/2018/01/24/3|2018-01-24 07:11|CVE-2018-1000005|6.90|6.90| | + | |
| - | |InfoZip Unzip|[vs] SEC Consult SA-201801DD-0 :: Multiple vulnerabilities in InfoZip UnZip|2018-01-17 20:54|2018-02-07 11:45|http://www.openwall.com/lists/oss-security/2018/02/08/1|2018-02-08 07:19|CVE-2018-1000035\\ CVE-2018-1000031\\ CVE-2018-1000032\\ CVE-2018-1000033\\ CVE-2018-1000034|20.62|21.43| | + | |
| - | |curl|[vs-plain] curl: HTTP authentication leak in redirects|2018-01-19 22:06|2018-01-24 07:11|http://www.openwall.com/lists/oss-security/2018/01/24/4|2018-01-24 07:11|CVE-2018-1000007|4.38|4.38| | + | |
| - | |quagga|[vs] Quagga security issues|2018-02-10 11:16|2018-02-15 23:07|http://www.openwall.com/lists/oss-security/2018/02/15/4|2018-02-15 23:07|CVE-2018-5378\\ CVE-2018-5379\\ CVE-2018-5380\\ CVE-2018-5381|5.49|5.49| | + | |
| - | |dovecot|[vs] Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability|2018-02-26 12:04|2018-03-01 06:51|http://www.openwall.com/lists/oss-security/2018/03/01/2|2018-03-01 06:51|CVE-2017-14461|2.78|2.78| | + | |
| - | |dovecot|[vs] Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS|2018-02-26 12:03|2018-03-01 06:51|http://www.openwall.com/lists/oss-security/2018/03/01/3|2018-03-01 06:51|CVE-2017-15130|2.78|2.78| | + | |
| - | |DHCP,Bind|Multiple vulnerabilities in ISC products (ISC DHCP and BIND) will be disclosed 28 February 2018 [vs]|2018-02-27 22:38|2018-02-28 20:29|http://www.openwall.com/lists/oss-security/2018/02/28/1|2018-02-28 20:29|CVE-2018-5734\\ CVE-2018-5732\\ CVE-2018-5733|0.91|0.91| | + | |
| - | |389-ds|[vs] Remote DoS flaw in 389-ds-base|2018-03-02 10:48|2018-03-06 03:56|http://www.openwall.com/lists/oss-security/2018/03/06/2|2018-03-06 03:56|CVE-2018-1054|3.71|3.71| | + | |
| - | |curl|[vs-plain] : curl LDAP NULL pointer dereference|2018-03-07 08:25|2018-03-14 06:55|http://www.openwall.com/lists/oss-security/2018/03/14/2|2018-03-14 06:55|CVE-2018-1000121|6.94|6.94| | + | |
| - | |curl|Re: [vs-plain] curl: FTP path trickery leads to NIL byte out of bounds write|2018-03-07 22:06|2018-03-14 06:55|http://www.openwall.com/lists/oss-security/2018/03/14/1|2018-03-14 06:55|CVE-2018-1000120|6.37|6.37| | + | |
| - | |Linux Kernel|[vs-plain] CVE-2018-1068: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets|2018-03-13 12:38|2018-03-16 09:30|http://www.openwall.com/lists/oss-security/2018/03/16/1|2018-03-16 09:30:50|CVE-2018-1068|2.87|2.87| | + | |
| - | |pcs|[vs-plain] pcs: EMBARGOED CVE-2018-1079 and CVE-2018-1086|2018-03-26 09:12|2018-04-09 00:00|http://www.openwall.com/lists/oss-security/2018/04/09/2|2018-04-09 11:28|CVE-2018-1079\\ CVE-2018-1086|13.62|14.09| | + | |
| - | |nghttp2|[vs-plain] nghttp2 vulnerability|2018-04-08 14:14|2018-04-12 15:20|http://www.openwall.com/lists/oss-security/2018/04/12/4|2018-04-12 15:20|CVE-2018-1000168|4.05|4.05| | + | |
| - | |PackageKit|[vs] Multiple local root vulnerabilities involving PackageKit|2018-04-09 14:06|2018-04-23 14:44|http://www.openwall.com/lists/oss-security/2018/04/23/3|2018-04-23 14:44|CVE-2018-1106|14.03|14.03| | + | |
| - | |curl|[vs-plain] curl: RTSP RTP buffer over-read|2018-03-08 15:57|2018-03-14 06:55|http://www.openwall.com/lists/oss-security/2018/03/14/3|2018-03-14 06:55|CVE-2018-1000122|5.62|5.62| | + | |
| - | |gluster|[vs] gluster : privilege escalation on gluster server nodes|2018-04-10 13:23|2018-04-18 12:24|http://www.openwall.com/lists/oss-security/2018/04/18/1|2018-04-18 12:24|CVE-2018-1088|7.96|7.96| | + | |
| - | |OpenSSL|[vs-plain] OpenSSL: RSA key generation follows several non constant time code paths|2018-04-11 08:03|2018-04-16 16:46|http://www.openwall.com/lists/oss-security/2018/04/16/3|2018-04-16 16:46||5.36|5.36| | + | |
| - | |Linux Kernel|[vs-plain] [CVE request] Linux ptrace() bug leading to DoS or possibly corruption|2018-04-17 14:25|2018-05-01 15:35|http://www.openwall.com/lists/oss-security/2018/05/01/3|2018-05-01 15:35|CVE-2018-1000199|14.05|14.05| | + | |
| - | |Linux Kernel|[vs-plain] NULL pointer dereference on oom kill of large mlocked process|2018-04-18 01:09|2018-04-24 22:48|http://www.openwall.com/lists/oss-security/2018/04/24/3|2018-04-24 22:48|CVE-2018-1000200|6.90|6.90| | + | |
| - | |Ghostscript|[vs-plain] CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow|2018-04-18 14:26|2018-04-19 22:22|http://www.openwall.com/lists/oss-security/2018/04/19/5|2018-04-19 22:22|CVE-2018-10194|1.33|1.33| | + | |
| - | |Knot Resolver|[vs] Knot Resolver 2.3.0 security release|2018-04-19 18:55|2018-04-23 12:30|http://www.openwall.com/lists/oss-security/2018/04/23/2|2018-04-23 12:30|CVE-2018-1110|3.73|3.73| | + | |
| - | |quassecore|[vs-plain] quassecore RCE and DDOS|2018-04-22 15:04|2018-04-24 21:28|http://www.openwall.com/lists/oss-security/2018/04/27/1|2018-04-26 22:39||2.27|4.32| | + | |
| - | |Linux Kernel|[vs-plain] [VS] Linux kernel: memory corruption during exception handling leading to DoS|2018-04-24 10:19|2018-05-08 17:35|http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.openwall.com/lists/oss-security/2018/05/08/4|2018-05-08 17:35|CVE-2018-8897\\ CVE-2018-1087|14.30|14.30| | + | |
| - | |curl|[vs-plain] curl (1/2): FTP shutdown response buffer overflow|2018-05-07 10:46|2018-05-16 06:25|http://www.openwall.com/lists/oss-security/2018/05/16/1|2018-05-16 06:25|CVE-2018-1000300|8.82|8.82| | + | |
| - | |curl|[vs-plain] curl (2/2): RTSP bad headers buffer over-read|2018-05-07 10:46|2018-05-16 06:25|http://www.openwall.com/lists/oss-security/2018/05/16/2|2018-05-16 06:25|CVE-2018-1000301|8.82|8.82| | + | |
| - | |procps-ng|[vs] Qualys Security Advisory|2018-05-05 01:10|2018-05-17 17:17|http://www.openwall.com/lists/oss-security/2018/05/17/1|2018-05-17 17:17|CVE-2018-1120\\ CVE-2018-1121\\ CVE-2018-1122\\ CVE-2018-1123\\ CVE-2018-1124\\ CVE-2018-1125\\ CVE-2018-1126|12.67|12.67| | + | |
| - | |Bind|[vs-plain] Multiple BIND CVEs for disclosure on 16 May 2018|2018-05-15 22:25|2018-05-18 22:08|http://www.openwall.com/lists/oss-security/2018/05/18/2|2018-05-18 22:08|CVE-2018-5736\\ CVE-2018-5737|2.99|2.99| | + | |
| - | |Prosody|[vs] prosody: insufficient stream header validation|2018-05-28 13:44|2018-05-31 18:31|http://www.openwall.com/lists/oss-security/2018/05/31/2|2018-05-31 18:31|CVE-2018-10847|3.20|3.20| | + | |
| - | |pppd|[vs] Buffer Overflow in pppd EAP-TLS implementation|2018-06-06 15:10|2018-06-11 18:57|http://www.openwall.com/lists/oss-security/2018/06/11/1|2018-06-11 18:57|CVE-2018-11574|5.16|5.16| | + | |
| - | |Linux Kernel|[vs-plain] Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl.|2018-06-08 10:21|2018-06-08 19:38|http://www.openwall.com/lists/oss-security/2018/06/08/1|2018-06-08 19:38|CVE-2018-1000204|0.39|0.39| | + | |
| - | |Bind|[vs] BIND vulnerability CVE-2018-5738 will be announce 12 June 2018|2018-06-08 21:22|2018-06-13 00:07|http://www.openwall.com/lists/oss-security/2018/06/13/1|2018-06-13 00:07|CVE-2018-5738|4.11|4.11| | + | |
| - | |gluster|[vs] gluster : privilege escalation on gluster server nodes when TLS is enabled|2018-06-12 13:34|2018-06-20 19:58|http://www.openwall.com/lists/oss-security/2018/06/20/1|2018-06-20 19:58|CVE-2018-10841|8.27|8.27| | + | |
| - | |Intel CPU|[vs-plain] CVE-2018-3665|2018-06-13 17:48|2018-06-15 14:55|http://www.openwall.com/lists/oss-security/2018/06/15/5|2018-06-15 14:55|CVE-2018-3665|1.88|1.88| | + | |
| - | |Git-annex|[vs] git-annex vulnerability|2018-06-15 16:10|2018-06-26 16:02|http://www.openwall.com/lists/oss-security/2018/06/26/4|2018-06-26 16:02|CVE-2018-10857\\ CVE-2018-10859|10.99|10.99| | + | |
| - | |curl|[vs-plain] curl: SMTP send heap buffer overflow|2018-07-01 12:37|2018-07-11 06:06|https://www.openwall.com/lists/oss-security/2018/07/11/1|2018-07-11 06:06|CVE-2018-0500|9.73|9.73| | + | |
| - | |qutebrowser|[vs] qutebrowser: Remote code execution|2018-07-09 22:21|2018-07-11 15:34|https://www.openwall.com/lists/oss-security/2018/07/11/7|2018-07-11 15:34|CVE-2018-10895|1.72|1.72| | + | |
| - | |kea|[vs] Kea DHCP vulnerability CVE-2018-5739 will be announce 11 July 2018|2018-07-11 01:36|2018-07-11 23:00|https://www.openwall.com/lists/oss-security/2018/07/11/8|2018-07-11 23:00|CVE-2018-5739|0.89|0.89| | + | |
| - | |Network Manager VPNC|[vs-plain] CVE-2018-10900 NetworkManager-vpnc local authenticated root|2018-07-17 06:58|2018-07-20 11:38|https://www.openwall.com/lists/oss-security/2018/07/20/3|2018-07-20 11:38|CVE-2018-10900|3.19|3.19| | + | |
| - | |fuse|[vs] FUSE user_allow_other restriction may be bypassed|2018-07-18 19:27|2018-07-24 00:11|https://www.openwall.com/lists/oss-security/2018/07/24/1|2018-07-24 00:11|CVE-2018-10906|5.20|5.20| | + | |
| - | |OpenStack|[vs-plain] [pre-OSSA] Vulnerability in OpenStack Keystone (CVE-2018-14432)|2018-07-20 16:32|2018-07-25 18:00|https://www.openwall.com/lists/oss-security/2018/07/25/2|2018-07-25 18:00|CVE-2018-14432|5.06|5.06| | + | |
| - | |Linux Kernel|[vs-plain] Remote Linux kernel DoS (fixed in stable)|2018-07-27 18:51|2018-08-08 15:44|https://www.openwall.com/lists/oss-security/2018/08/08/5|2018-08-08 15:44|CVE 2018-5390|11.87|11.87| | + | |
| - | |Knot Resolver|[vs] Knot Resolver 2.4.1 security release + CVE request|2018-08-01 14:47|2018-08-09 06:06|https://www.openwall.com/lists/oss-security/2018/08/09/2|2018-08-09 06:06|CVE-2018-10920|7.64|7.64| | + | |
| - | |Linux Kernel|[vs-plain] CVE-2017-18344: Linux kernel: meltdown-like vulnerability in the timer subsystem|2018-08-02 13:01|2018-08-02 18:57|http://www.openwall.com/lists/oss-security/2018/08/02/3|2018-08-02 18:57|CVE-2017-18344|0.25|0.25| | + | |
| - | |brtfs|[vs-plain] btrfsmaintenance: CVE-2018-14722|2018-08-07 11:25|2018-08-14 15:57|https://www.openwall.com/lists/oss-security/2018/08/14/7|2018-08-14 15:57|CVE-2018-14722|7.19|7.19| | + | |
| - | |Bind|[vs] BIND vulnerability CVE-2018-5740 will be announced 08 August 2018|2018-08-07 21:44||||CVE-2018-5740|54.09|54.09| | + | |
| - | |cobbler|[vs] CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC|2018-08-08 18:06|2018-08-09 15:42|https://www.openwall.com/lists/oss-security/2018/08/09/9|2018-08-09 15:42|CVE-2018-10931|0.90|0.90| | + | |
| - | |Spice|[vs] spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling|2018-08-10 03:16|2018-08-16 23:51|http://www.openwall.com/lists/oss-security/2018/08/17/1|2018-08-17 00:51|CVE-2018-10873|6.86|6.90| | + | |
| - | |OpenSSH|[vs-plain] OpenSSH Username Enumeration|2018-08-15 14:48|2018-08-15 16:05|https://www.openwall.com/lists/oss-security/2018/08/15/5|2018-08-15 16:05||0.05|0.05| | + | |
| - | |Linux Kernel|[vs-plain] CVE-2018-10902 - double free in midi subsystem.|2018-08-20 09:07|2018-08-21 12:29|https://www.openwall.com/lists/oss-security/2018/08/21/1|2018-08-21 12:29|CVE-2018-10902|1.14|1.14| | + | |
| - | |Ghostscript|[vs-plain] More Ghostscript Issues|2018-08-21 00:56|2018-08-21 12:46|http://www.openwall.com/lists/oss-security/2018/08/21/2|2018-08-21 12:46||0.49|0.49| | + | |
| - | |gluster|[vs] glusterfs : various flaws|2018-08-22 14:45|2018-09-04 08:31|https://www.openwall.com/lists/oss-security/2018/09/04/1|2018-09-04 08:31|CVE-2018-10904\\ CVE-2018-10907\\ CVE-2018-10911\\ CVE-2018-10913\\ CVE-2018-10914\\ CVE-2018-10923\\ CVE-2018-10924\\ CVE-2018-10926\\ CVE-2018-10927\\ CVE-2018-10928\\ CVE-2018-10929\\ CVE-2018-10930|12.74|12.74| | + | |
| - | |OpenSSH|[vs-plain] Another OpenSSH Username Enumeration|2018-08-24 16:10|2018-08-27 16:27|http://www.openwall.com/lists/oss-security/2018/08/27/2|2018-08-27 16:27|CVE-2018-15919|3.01|3.01| | + | |
| - | |curl|[vs-plain] curl: NTLM password overflow via integer overflow|2018-08-27 05:55|2018-09-05 05:55|https://www.openwall.com/lists/oss-security/2018/09/05/1|2018-09-05 05:55|CVE-2018-14618|9.00|9.00| | + | |
| - | |Linux Kernel|[vs] CVE-2018-6554 and CVE-2018-6555|2018-08-29 16:58|2018-09-04 16:47|https://www.openwall.com/lists/oss-security/2018/09/04/2|2018-09-04 16:47|CVE-2018-6554\\ CVE-2018-6555|5.99|5.99| | + | |
| - | |Linux Kernel|[vs] CVE-2018-14633: security flaw in iscsi target code|2018-09-10 09:25|2018-09-24 10:03|https://www.openwall.com/lists/oss-security/2018/09/24/2|2018-09-24 10:03|CVE-2018-14633|14.03|14.03| | + | |
| - | |Linux Kernel|[vs] CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()|2018-09-17 10:21|2018-09-18 10:02|https://www.openwall.com/lists/oss-security/2018/09/18/1|2018-09-18 10:02|CVE-2018-14641|0.99|0.99| | + | |
| - | |Linux Kernel|[vs-plain] potential local priviledge escalation bug in vmacache code|2018-09-18 13:29|2018-09-18 14:54|https://www.openwall.com/lists/oss-security/2018/09/18/4|2018-09-18 14:54||0.06|0.06| | + | |
| - | |Linux Kernel|[vs-plain] Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)|2018-09-18 15:58|2018-09-25 17:07|https://www.openwall.com/lists/oss-security/2018/09/25/4|2018-09-25 17:07|CVE-2018-14634|7.05|7.05| | + | |