This is an old revision of the document!
These statistics are updated as of 2018-09-30 23:59 (UTC)
Statistics are grouped by month of the issue being reported to the distros list
Date | All | 2017-06 | 2017-07 | 2017-08 | 2017-09 | 2017-10 | 2017-11 | 2017-12 | 2018-01 | 2018-02 | 2018-03 | 2018-04 | 2018-05 | 2018-06 | 2018-07 | 2018-08 | 2018-09 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Number of reports | 99 | 1 | 3 | 6 | 9 | 5 | 7 | 5 | 8 | 4 | 6 | 10 | 5 | 6 | 7 | 13 | 4 |
Average embargo time (first public) | 6.43 | 10.84 | 4.69 | 6.39 | 5.83 | 4.90 | 6.70 | 5.99 | 7.28 | 2.99 | 6.52 | 7.40 | 7.30 | 5.13 | 5.38 | 8.41 | 5.53 |
Average embargo time (oss-security) | 6.71 | 14.16 | 5.03 | 6.39 | 5.84 | 5.14 | 6.70 | 6.02 | 9.64 | 2.99 | 6.60 | 7.60 | 7.30 | 5.13 | 5.38 | 8.42 | 5.53 |
Project | Subject | Reported (UTC) | Public (UTC) | oss-security posting | Time of oss-security posting (UTC) | CVE(s) | Days embargoed (first public) | Days embargoed (oss-security) |
---|---|---|---|---|---|---|---|---|
Spice | [vs] spice | 2017-06-30 03:50 | 2017-07-11 00:00 | http://www.openwall.com/lists/oss-security/2017/07/14/1 | 2017-07-14 07:38 | CVE-2017-7506 | 10.84 | 14.16 |
Jenkins | [vs] CVE ID assignment request from the Jenkins project | 2017-07-07 13:13 | 2017-07-10 15:00 | http://www.openwall.com/lists/oss-security/2017/07/11/9 | 2017-07-11 11:52 | CVE-2017-1000084 CVE-2017-1000085 CVE-2017-1000086 CVE-2017-1000087 CVE-2017-1000088 CVE-2017-1000089 CVE-2017-1000090 CVE-2017-1000091 CVE-2017-1000092 CVE-2017-1000093 CVE-2017-1000094 CVE-2017-1000095 CVE-2017-1000096 | 3.07 | 3.94 |
Evince | [vs] evince: Command injection vulnerability in CBT handler | 2017-07-10 13:57 | 2017-07-13 12:00 | http://www.openwall.com/lists/oss-security/2017/07/13/5 | 2017-07-13 15:43 | CVE-2017-1000083 | 2.92 | 3.07 |
Linux Kernel | [vs-plain] linux kernel: CVE-2017-7533 | 2017-07-26 12:18 | 2017-08-03 14:00 | http://www.openwall.com/lists/oss-security/2017/08/03/2 | 2017-08-03 14:00 | CVE-2017-7533 | 8.07 | 8.07 |
Curl | [vs-plain] curl: URL globbing out of bounds read (1/3) | 2017-08-01 10:02 | 2017-08-09 06:00 | http://www.openwall.com/lists/oss-security/2017/08/09/1 | 2017-08-09 06:00 | CVE-2017-1000101 | 7.83 | 7.83 |
Curl | [vs-plain] curl: TFTP sends more than buffer size (2/3) | 2017-08-01 10:02 | 2017-08-09 06:00 | http://www.openwall.com/lists/oss-security/2017/08/09/2 | 2017-08-09 06:00 | CVE-2017-1000100 | 7.83 | 7.83 |
Curl | [vs-plain] curl: FILE buffer read out of bounds | 2017-08-01 10:02 | 2017-08-09 06:00 | http://www.openwall.com/lists/oss-security/2017/08/09/3 | 2017-08-09 06:00 | CVE-2017-1000099 | 7.83 | 7.83 |
Linux Kernel | [vs-plain] Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch | 2017-08-04 15:59 | 2017-08-10 20:55 | http://www.openwall.com/lists/oss-security/2017/08/10/5 | 2017-08-10 20:55 | CVE-2017-1000112 | 6.21 | 6.21 |
Linux Kernel | [vs-plain] Linux kernel: heap out-of-bounds in AF_PACKET sockets | 2017-08-04 16:48 | 2017-08-10 13:25 | http://www.openwall.com/lists/oss-security/2017/08/10/7 | 2017-08-10 13:25 | CVE-2017-1000111 | 5.86 | 5.86 |
GNOME | [vs] CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding | 2017-08-07 17:54 | 2017-08-10 12:41 | http://www.openwall.com/lists/oss-security/2017/08/10/1 | 2017-08-10 12:53 | CVE-2017-2885 | 2.78 | 2.79 |
file | [vs] file: stack based buffer overflow | 2017-09-01 09:30 | 2017-09-05 16:24 | http://www.openwall.com/lists/oss-security/2017/09/05/3 | 2017-09-05 16:24 | CVE-2017-1000249 | 4.29 | 4.29 |
BlueZ | [vs-plain] Info Leak vulnerability in BlueZ | 2017-09-05 20:29 | 2017-09-13 21:08 | http://www.openwall.com/lists/oss-security/2017/09/13/4 | 2017-09-13 21:08 | CVE-2017-1000250 CVE-2017-1000251 | 8.03 | 8.03 |
tcpdump | [vs-plain] Re: tcpdump 4.9.2 and NixOS | 2017-09-06 13:08 | 2017-09-07 14:06 | http://www.openwall.com/lists/oss-security/2017/09/07/8 | 2017-09-07 14:06 | CVE-2017-11543 CVE-2017-13011 CVE-2017-12989 CVE-2017-12990 CVE-2017-12995 CVE-2017-12997 CVE-2017-11541 CVE-2017-11542 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12898 CVE-2017-12897 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-11542 CVE-2017-11541 CVE-2017-12994 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-11543 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 | 1.04 | 1.04 |
Linux Kernel | [vs] KVM denial of service | 2017-09-08 11:21 | 2017-09-15 16:36 | http://www.openwall.com/lists/oss-security/2017/09/15/4 | 2017-09-15 16:36 | CVE-2017-1000252 | 7.22 | 7.22 |
apache | vs] OPTIONSbleed bug in apache httpd | 2017-09-11 10:17 | 2017-09-18 13:18 | http://www.openwall.com/lists/oss-security/2017/09/18/2 | 2017-09-18 13:18 | CVE-2017-9798 | 7.13 | 7.13 |
Linux Kernel | [vs] Qualys Security Advisory (CVE-2017-1000253) | 2017-09-20 09:28 | 2017-09-26 15:08 | http://www.openwall.com/lists/oss-security/2017/09/26/16 | 2017-09-26 15:08 | CVE-2017-1000253 | 6.24 | 6.24 |
Linux Kernel | [vs-plain] Bluetooth RCE in Linux Kernel - follow up | 2017-09-24 19:20 | 2017-09-27 17:39 | http://www.openwall.com/lists/oss-security/2017/09/27/10 | 2017-09-27 17:39 | CVE-2017-1000251 | 2.93 | 2.93 |
DNSMasq | [vs] DNSMasq Security vulnerabilities, public release October 2nd | 2017-09-25 20:59 | 2017-10-02 13:22 | http://www.openwall.com/lists/oss-security/2017/10/02/5 | 2017-10-02 15:47 | CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 | 6.68 | 6.78 |
Curl | [vs-plain] curl: FTP PWD response parser out of bounds read | 2017-09-25 08:26 | 2017-10-04 06:06 | http://www.openwall.com/lists/oss-security/2017/10/04/1 | 2017-10-04 06:06 | CVE-2017-1000254 | 8.90 | 8.90 |
Linux Kernel | [vs] CVE Request for powerpc kernel bug | 2017-10-03 00:49 | 2017-10-09 | http://www.openwall.com/lists/oss-security/2017/10/10/3 | 2017-10-10 04:00 | CVE-2017-1000255 | 5.97 | 7.13 |
wpa_supplicant | [vs] VU#228519 and wpa_supplicant/hostapd | 2017-10-10 08:08 | 2017-10-16 09:08 | http://www.openwall.com/lists/oss-security/2017/10/16/2 | 2017-10-16 09:08 | CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 | 6.04 | 6.04 |
Linux Kernel | [vs-plain] CVE-2017-5123 Linux kernel waitid() not calling access_ok() | 2017-10-09 19:06 | 2017-10-12 19:16 | http://www.openwall.com/lists/oss-security/2017/10/12/18 | 2017-10-12 20:02 | CVE-2017-5123 | 3.01 | 3.04 |
Curl | [vs-plain] curl: IMAP FETCH response out of bounds read | 2017-10-17 11:54 | 2017-10-23 06:07 | http://www.openwall.com/lists/oss-security/2017/10/23/1 | 2017-10-23 06:07 | CVE-2017-1000257 | 5.76 | 5.76 |
Wget | [vs] [FICORA #1010111] Vulnerability report | 2017-10-23 14:50 | 2017-10-27 08:21 | http://www.openwall.com/lists/oss-security/2017/10/27/1 | 2017-10-27 08:21 | CVE-2017-13089 CVE-2017-13090 | 3.73 | 3.73 |
PowerDNS | [vs] PowerDNS prenotification | 2017-11-20 14:01 | 2017-11-27 16:32 | http://www.openwall.com/lists/oss-security/2017/11/27/1 | 2017-11-27 16:32 | CVE-2017-15090 CVE-2017-15091 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 | 7.10 | 7.10 |
Curl | [vs-plain] (2/2) curl: FTP wildcard out of bounds read | 2017-11-21 08:16 | 2017-11-29 09:34 | http://www.openwall.com/lists/oss-security/2017/11/29/3 | 2017-11-29 09:34 | CVE-2017-8817 | 8.05 | 8.05 |
Curl | [vs-plain] curl: NTLM buffer overflow via integer overflow | 2017-11-21 08:15 | 2017-11-29 09:34 | http://www.openwall.com/lists/oss-security/2017/11/29/2 | 2017-11-29 09:34 | CVE-2017-8816 | 8.05 | 8.05 |
Linux Kernel | [vs-plain] Security Bug - transparent huge pages dirty bit | 2017-11-22 18:50 | 2017-11-30 00:32 | http://www.openwall.com/lists/oss-security/2017/11/30/1 | 2017-11-30 00:32 | CVE-2017-1000405 | 7.24 | 7.24 |
Curl | [vs-plain] curl: SSL out of buffer access | 2017-11-24 09:19 | 2017-11-29 09:34 | http://www.openwall.com/lists/oss-security/2017/11/29/4 | 2017-11-29 09:34 | CVE-2017-8818 | 5.01 | 5.01 |
OpenStack | [vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2017-17051) | 2017-11-30 12:35 | 2017-12-05 16:50 | http://www.openwall.com/lists/oss-security/2017/12/05/5 | 2017-12-05 16:50 | CVE-2017-17051 | 5.18 | 5.18 |
Linux Kernel | [vs-plain] Info Leak in the Linux Kernel via Bluetooth | 2017-11-30 09:44 | 2017-12-06 16:23 | http://www.openwall.com/lists/oss-security/2017/12/06/3 | 2017-12-06 16:23 | 6.28 | 6.28 | |
Linux Kernel | [vs-plain] Security bug in DCCP socket | 2017-12-01 11:08 | 2017-12-04 20:27 | http://www.openwall.com/lists/oss-security/2017/12/05/1 | 2017-12-05 00:11 | CVE-2017-8824 | 3.39 | 3.54 |
PowerDNS | [vs] PowerDNS prenotification | 2017-12-04 14:43 | 2017-12-11 12:34 | http://www.openwall.com/lists/oss-security/2017/12/11/1 | 2017-12-11 12:34 | CVE-2017-15120 | 6.91 | 6.91 |
glibc | [vs] Qualys Security Advisory | 2017-12-05 14:59 | 2017-12-11 19:14 | http://www.openwall.com/lists/oss-security/2017/12/11/4 | 2017-12-11 19:14 | CVE-2017-1000408 CVE-2017-1000409 | 6.18 | 6.18 |
iscsi-initiator-utils | [vs] Bug report | 2017-12-11 16:21 | 2017-12-13 19:21 | http://www.openwall.com/lists/oss-security/2017/12/13/2 | 2017-12-13 19:21 | 2.13 | 2.13 | |
glibc | [vs] GNU libc issue (–throw-keyids) | 2017-12-31 13:46 | 2018-01-11 21:34 | http://www.openwall.com/lists/oss-security/2018/01/11/5 | 2018-01-11 21:34 | CVE-2018-1000001 | 11.33 | 11.33 |
dovecot | [vs] CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. | 2018-01-11 10:51 | 2018-01-25 09:35 | http://www.openwall.com/lists/oss-security/2018/01/25/4 | 2018-01-25 09:35 | CVE-2017-15132 | 13.95 | 13.95 |
Linux Kernel | [vs-plain] sound driver Conditional competition | 2018-01-12 01:19 | 2018-01-16 14:21 | http://www.openwall.com/lists/oss-security/2018/01/16/1 | 2018-01-16 14:21 | 4.54 | 4.54 | |
PowerDNS,knots | [vs] bug in DNS resolvers - DNSSEC validation | 2018-01-15 15:29 | 2018-01-22 00:00 | http://www.openwall.com/lists/oss-security/2018/02/09/1 | 2018-02-09 00:43 | CVE-2018-1000002 CVE-2018-1000003 | 6.35 | 24.38 |
Bind | Packager Notification for CVE-2017-3145 [vs] | 2018-01-15 20:58 | 2018-01-16 14:25 | http://www.openwall.com/lists/oss-security/2018/01/16/7 | 2018-01-16 14:25 | CVE-2017-3145 | 0.73 | 0.73 |
DHCP | [vs-plain] CVE-2017-3144: ISC DHCP can leak socket descriptors | 2018-01-15 21:12 | 2018-01-16 15:38 | http://www.openwall.com/lists/oss-security/2018/01/16/6 | 2018-01-16 15:38 | CVE-2017-3144 | 0.77 | 0.77 |
curl | [vs-plain] : curl: HTTP/2 trailer out-of-bounds read | 2018-01-17 09:36 | 2018-01-24 07:11 | http://www.openwall.com/lists/oss-security/2018/01/24/3 | 2018-01-24 07:11 | CVE-2018-1000005 | 6.90 | 6.90 |
InfoZip Unzip | [vs] SEC Consult SA-201801DD-0 :: Multiple vulnerabilities in InfoZip UnZip | 2018-01-17 20:54 | 2018-02-07 11:45 | http://www.openwall.com/lists/oss-security/2018/02/08/1 | 2018-02-08 07:19 | CVE-2018-1000035 CVE-2018-1000031 CVE-2018-1000032 CVE-2018-1000033 CVE-2018-1000034 | 20.62 | 21.43 |
curl | [vs-plain] curl: HTTP authentication leak in redirects | 2018-01-19 22:06 | 2018-01-24 07:11 | http://www.openwall.com/lists/oss-security/2018/01/24/4 | 2018-01-24 07:11 | CVE-2018-1000007 | 4.38 | 4.38 |
quagga | [vs] Quagga security issues | 2018-02-10 11:16 | 2018-02-15 23:07 | http://www.openwall.com/lists/oss-security/2018/02/15/4 | 2018-02-15 23:07 | CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 | 5.49 | 5.49 |
dovecot | [vs] Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability | 2018-02-26 12:04 | 2018-03-01 06:51 | http://www.openwall.com/lists/oss-security/2018/03/01/2 | 2018-03-01 06:51 | CVE-2017-14461 | 2.78 | 2.78 |
dovecot | [vs] Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS | 2018-02-26 12:03 | 2018-03-01 06:51 | http://www.openwall.com/lists/oss-security/2018/03/01/3 | 2018-03-01 06:51 | CVE-2017-15130 | 2.78 | 2.78 |
DHCP,Bind | Multiple vulnerabilities in ISC products (ISC DHCP and BIND) will be disclosed 28 February 2018 [vs] | 2018-02-27 22:38 | 2018-02-28 20:29 | http://www.openwall.com/lists/oss-security/2018/02/28/1 | 2018-02-28 20:29 | CVE-2018-5734 CVE-2018-5732 CVE-2018-5733 | 0.91 | 0.91 |
389-ds | [vs] Remote DoS flaw in 389-ds-base | 2018-03-02 10:48 | 2018-03-06 03:56 | http://www.openwall.com/lists/oss-security/2018/03/06/2 | 2018-03-06 03:56 | CVE-2018-1054 | 3.71 | 3.71 |
curl | [vs-plain] : curl LDAP NULL pointer dereference | 2018-03-07 08:25 | 2018-03-14 06:55 | http://www.openwall.com/lists/oss-security/2018/03/14/2 | 2018-03-14 06:55 | CVE-2018-1000121 | 6.94 | 6.94 |
curl | Re: [vs-plain] curl: FTP path trickery leads to NIL byte out of bounds write | 2018-03-07 22:06 | 2018-03-14 06:55 | http://www.openwall.com/lists/oss-security/2018/03/14/1 | 2018-03-14 06:55 | CVE-2018-1000120 | 6.37 | 6.37 |
Linux Kernel | [vs-plain] CVE-2018-1068: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets | 2018-03-13 12:38 | 2018-03-16 09:30 | http://www.openwall.com/lists/oss-security/2018/03/16/1 | 2018-03-16 09:30:50 | CVE-2018-1068 | 2.87 | 2.87 |
pcs | [vs-plain] pcs: EMBARGOED CVE-2018-1079 and CVE-2018-1086 | 2018-03-26 09:12 | 2018-04-09 00:00 | http://www.openwall.com/lists/oss-security/2018/04/09/2 | 2018-04-09 11:28 | CVE-2018-1079 CVE-2018-1086 | 13.62 | 14.09 |
nghttp2 | [vs-plain] nghttp2 vulnerability | 2018-04-08 14:14 | 2018-04-12 15:20 | http://www.openwall.com/lists/oss-security/2018/04/12/4 | 2018-04-12 15:20 | CVE-2018-1000168 | 4.05 | 4.05 |
PackageKit | [vs] Multiple local root vulnerabilities involving PackageKit | 2018-04-09 14:06 | 2018-04-23 14:44 | http://www.openwall.com/lists/oss-security/2018/04/23/3 | 2018-04-23 14:44 | CVE-2018-1106 | 14.03 | 14.03 |
curl | [vs-plain] curl: RTSP RTP buffer over-read | 2018-03-08 15:57 | 2018-03-14 06:55 | http://www.openwall.com/lists/oss-security/2018/03/14/3 | 2018-03-14 06:55 | CVE-2018-1000122 | 5.62 | 5.62 |
gluster | [vs] gluster : privilege escalation on gluster server nodes | 2018-04-10 13:23 | 2018-04-18 12:24 | http://www.openwall.com/lists/oss-security/2018/04/18/1 | 2018-04-18 12:24 | CVE-2018-1088 | 7.96 | 7.96 |
OpenSSL | [vs-plain] OpenSSL: RSA key generation follows several non constant time code paths | 2018-04-11 08:03 | 2018-04-16 16:46 | http://www.openwall.com/lists/oss-security/2018/04/16/3 | 2018-04-16 16:46 | 5.36 | 5.36 | |
Linux Kernel | [vs-plain] [CVE request] Linux ptrace() bug leading to DoS or possibly corruption | 2018-04-17 14:25 | 2018-05-01 15:35 | http://www.openwall.com/lists/oss-security/2018/05/01/3 | 2018-05-01 15:35 | CVE-2018-1000199 | 14.05 | 14.05 |
Linux Kernel | [vs-plain] NULL pointer dereference on oom kill of large mlocked process | 2018-04-18 01:09 | 2018-04-24 22:48 | http://www.openwall.com/lists/oss-security/2018/04/24/3 | 2018-04-24 22:48 | CVE-2018-1000200 | 6.90 | 6.90 |
Ghostscript | [vs-plain] CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow | 2018-04-18 14:26 | 2018-04-19 22:22 | http://www.openwall.com/lists/oss-security/2018/04/19/5 | 2018-04-19 22:22 | CVE-2018-10194 | 1.33 | 1.33 |
Knot Resolver | [vs] Knot Resolver 2.3.0 security release | 2018-04-19 18:55 | 2018-04-23 12:30 | http://www.openwall.com/lists/oss-security/2018/04/23/2 | 2018-04-23 12:30 | CVE-2018-1110 | 3.73 | 3.73 |
quassecore | [vs-plain] quassecore RCE and DDOS | 2018-04-22 15:04 | 2018-04-24 21:28 | http://www.openwall.com/lists/oss-security/2018/04/27/1 | 2018-04-26 22:39 | 2.27 | 4.32 | |
Linux Kernel | [vs-plain] [VS] Linux kernel: memory corruption during exception handling leading to DoS | 2018-04-24 10:19 | 2018-05-08 17:35 | http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.openwall.com/lists/oss-security/2018/05/08/4 | 2018-05-08 17:35 | CVE-2018-8897 CVE-2018-1087 | 14.30 | 14.30 |
curl | [vs-plain] curl (1/2): FTP shutdown response buffer overflow | 2018-05-07 10:46 | 2018-05-16 06:25 | http://www.openwall.com/lists/oss-security/2018/05/16/1 | 2018-05-16 06:25 | CVE-2018-1000300 | 8.82 | 8.82 |
curl | [vs-plain] curl (2/2): RTSP bad headers buffer over-read | 2018-05-07 10:46 | 2018-05-16 06:25 | http://www.openwall.com/lists/oss-security/2018/05/16/2 | 2018-05-16 06:25 | CVE-2018-1000301 | 8.82 | 8.82 |
procps-ng | [vs] Qualys Security Advisory | 2018-05-05 01:10 | 2018-05-17 17:17 | http://www.openwall.com/lists/oss-security/2018/05/17/1 | 2018-05-17 17:17 | CVE-2018-1120 CVE-2018-1121 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 | 12.67 | 12.67 |
Bind | [vs-plain] Multiple BIND CVEs for disclosure on 16 May 2018 | 2018-05-15 22:25 | 2018-05-18 22:08 | http://www.openwall.com/lists/oss-security/2018/05/18/2 | 2018-05-18 22:08 | CVE-2018-5736 CVE-2018-5737 | 2.99 | 2.99 |
Prosody | [vs] prosody: insufficient stream header validation | 2018-05-28 13:44 | 2018-05-31 18:31 | http://www.openwall.com/lists/oss-security/2018/05/31/2 | 2018-05-31 18:31 | CVE-2018-10847 | 3.20 | 3.20 |
pppd | [vs] Buffer Overflow in pppd EAP-TLS implementation | 2018-06-06 15:10 | 2018-06-11 18:57 | http://www.openwall.com/lists/oss-security/2018/06/11/1 | 2018-06-11 18:57 | CVE-2018-11574 | 5.16 | 5.16 |
Linux Kernel | [vs-plain] Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl. | 2018-06-08 10:21 | 2018-06-08 19:38 | http://www.openwall.com/lists/oss-security/2018/06/08/1 | 2018-06-08 19:38 | CVE-2018-1000204 | 0.39 | 0.39 |
Bind | [vs] BIND vulnerability CVE-2018-5738 will be announce 12 June 2018 | 2018-06-08 21:22 | 2018-06-13 00:07 | http://www.openwall.com/lists/oss-security/2018/06/13/1 | 2018-06-13 00:07 | CVE-2018-5738 | 4.11 | 4.11 |
gluster | [vs] gluster : privilege escalation on gluster server nodes when TLS is enabled | 2018-06-12 13:34 | 2018-06-20 19:58 | http://www.openwall.com/lists/oss-security/2018/06/20/1 | 2018-06-20 19:58 | CVE-2018-10841 | 8.27 | 8.27 |
Intel CPU | [vs-plain] CVE-2018-3665 | 2018-06-13 17:48 | 2018-06-15 14:55 | http://www.openwall.com/lists/oss-security/2018/06/15/5 | 2018-06-15 14:55 | CVE-2018-3665 | 1.88 | 1.88 |
Git-annex | [vs] git-annex vulnerability | 2018-06-15 16:10 | 2018-06-26 16:02 | http://www.openwall.com/lists/oss-security/2018/06/26/4 | 2018-06-26 16:02 | CVE-2018-10857 CVE-2018-10859 | 10.99 | 10.99 |
curl | [vs-plain] curl: SMTP send heap buffer overflow | 2018-07-01 12:37 | 2018-07-11 06:06 | https://www.openwall.com/lists/oss-security/2018/07/11/1 | 2018-07-11 06:06 | CVE-2018-0500 | 9.73 | 9.73 |
qutebrowser | [vs] qutebrowser: Remote code execution | 2018-07-09 22:21 | 2018-07-11 15:34 | https://www.openwall.com/lists/oss-security/2018/07/11/7 | 2018-07-11 15:34 | CVE-2018-10895 | 1.72 | 1.72 |
kea | [vs] Kea DHCP vulnerability CVE-2018-5739 will be announce 11 July 2018 | 2018-07-11 01:36 | 2018-07-11 23:00 | https://www.openwall.com/lists/oss-security/2018/07/11/8 | 2018-07-11 23:00 | CVE-2018-5739 | 0.89 | 0.89 |
Network Manager VPNC | [vs-plain] CVE-2018-10900 NetworkManager-vpnc local authenticated root | 2018-07-17 06:58 | 2018-07-20 11:38 | https://www.openwall.com/lists/oss-security/2018/07/20/3 | 2018-07-20 11:38 | CVE-2018-10900 | 3.19 | 3.19 |
fuse | [vs] FUSE user_allow_other restriction may be bypassed | 2018-07-18 19:27 | 2018-07-24 00:11 | https://www.openwall.com/lists/oss-security/2018/07/24/1 | 2018-07-24 00:11 | CVE-2018-10906 | 5.20 | 5.20 |
OpenStack | [vs-plain] [pre-OSSA] Vulnerability in OpenStack Keystone (CVE-2018-14432) | 2018-07-20 16:32 | 2018-07-25 18:00 | https://www.openwall.com/lists/oss-security/2018/07/25/2 | 2018-07-25 18:00 | CVE-2018-14432 | 5.06 | 5.06 |
Linux Kernel | [vs-plain] Remote Linux kernel DoS (fixed in stable) | 2018-07-27 18:51 | 2018-08-08 15:44 | https://www.openwall.com/lists/oss-security/2018/08/08/5 | 2018-08-08 15:44 | CVE 2018-5390 | 11.87 | 11.87 |
Knot Resolver | [vs] Knot Resolver 2.4.1 security release + CVE request | 2018-08-01 14:47 | 2018-08-09 06:06 | https://www.openwall.com/lists/oss-security/2018/08/09/2 | 2018-08-09 06:06 | CVE-2018-10920 | 7.64 | 7.64 |
Linux Kernel | [vs-plain] CVE-2017-18344: Linux kernel: meltdown-like vulnerability in the timer subsystem | 2018-08-02 13:01 | 2018-08-02 18:57 | http://www.openwall.com/lists/oss-security/2018/08/02/3 | 2018-08-02 18:57 | CVE-2017-18344 | 0.25 | 0.25 |
brtfs | [vs-plain] btrfsmaintenance: CVE-2018-14722 | 2018-08-07 11:25 | 2018-08-14 15:57 | https://www.openwall.com/lists/oss-security/2018/08/14/7 | 2018-08-14 15:57 | CVE-2018-14722 | 7.19 | 7.19 |
Bind | [vs] BIND vulnerability CVE-2018-5740 will be announced 08 August 2018 | 2018-08-07 21:44 | CVE-2018-5740 | 54.09 | 54.09 | |||
cobbler | [vs] CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC | 2018-08-08 18:06 | 2018-08-09 15:42 | https://www.openwall.com/lists/oss-security/2018/08/09/9 | 2018-08-09 15:42 | CVE-2018-10931 | 0.90 | 0.90 |
Spice | [vs] spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling | 2018-08-10 03:16 | 2018-08-16 23:51 | http://www.openwall.com/lists/oss-security/2018/08/17/1 | 2018-08-17 00:51 | CVE-2018-10873 | 6.86 | 6.90 |
OpenSSH | [vs-plain] OpenSSH Username Enumeration | 2018-08-15 14:48 | 2018-08-15 16:05 | https://www.openwall.com/lists/oss-security/2018/08/15/5 | 2018-08-15 16:05 | 0.05 | 0.05 | |
Linux Kernel | [vs-plain] CVE-2018-10902 - double free in midi subsystem. | 2018-08-20 09:07 | 2018-08-21 12:29 | https://www.openwall.com/lists/oss-security/2018/08/21/1 | 2018-08-21 12:29 | CVE-2018-10902 | 1.14 | 1.14 |
Ghostscript | [vs-plain] More Ghostscript Issues | 2018-08-21 00:56 | 2018-08-21 12:46 | http://www.openwall.com/lists/oss-security/2018/08/21/2 | 2018-08-21 12:46 | 0.49 | 0.49 | |
gluster | [vs] glusterfs : various flaws | 2018-08-22 14:45 | 2018-09-04 08:31 | https://www.openwall.com/lists/oss-security/2018/09/04/1 | 2018-09-04 08:31 | CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10924 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 | 12.74 | 12.74 |
OpenSSH | [vs-plain] Another OpenSSH Username Enumeration | 2018-08-24 16:10 | 2018-08-27 16:27 | http://www.openwall.com/lists/oss-security/2018/08/27/2 | 2018-08-27 16:27 | CVE-2018-15919 | 3.01 | 3.01 |
curl | [vs-plain] curl: NTLM password overflow via integer overflow | 2018-08-27 05:55 | 2018-09-05 05:55 | https://www.openwall.com/lists/oss-security/2018/09/05/1 | 2018-09-05 05:55 | CVE-2018-14618 | 9.00 | 9.00 |
Linux Kernel | [vs] CVE-2018-6554 and CVE-2018-6555 | 2018-08-29 16:58 | 2018-09-04 16:47 | https://www.openwall.com/lists/oss-security/2018/09/04/2 | 2018-09-04 16:47 | CVE-2018-6554 CVE-2018-6555 | 5.99 | 5.99 |
Linux Kernel | [vs] CVE-2018-14633: security flaw in iscsi target code | 2018-09-10 09:25 | 2018-09-24 10:03 | https://www.openwall.com/lists/oss-security/2018/09/24/2 | 2018-09-24 10:03 | CVE-2018-14633 | 14.03 | 14.03 |
Linux Kernel | [vs] CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() | 2018-09-17 10:21 | 2018-09-18 10:02 | https://www.openwall.com/lists/oss-security/2018/09/18/1 | 2018-09-18 10:02 | CVE-2018-14641 | 0.99 | 0.99 |
Linux Kernel | [vs-plain] potential local priviledge escalation bug in vmacache code | 2018-09-18 13:29 | 2018-09-18 14:54 | https://www.openwall.com/lists/oss-security/2018/09/18/4 | 2018-09-18 14:54 | 0.06 | 0.06 | |
Linux Kernel | [vs-plain] Integer overflow in Linux's create_elf_tables() (CVE-2018-14634) | 2018-09-18 15:58 | 2018-09-25 17:07 | https://www.openwall.com/lists/oss-security/2018/09/25/4 | 2018-09-25 17:07 | CVE-2018-14634 | 7.05 | 7.05 |