Mark Esler

Qualys oss-security reports

Qualys writes excellent security reports and analysis. Their method and formatting is exemplary for anyone wishing to learn to write clear and concise security reports.

Here are all of Qualys’ Security advisories submitted to the oss-security mailing list, including “short write-ups” (e.g. 2022-01-10), and third-party analysis (2023-02-02) not listed on Qualys’ website.

The titles have been simplified to unify archive listing.

The email discussion and followup is worthwhile. In the future I may add mbox files (but need an archive).

Download a local copy of the txt files with:

wget -A txt -r --no-parent https://markesler.com/notes/qualys-oss-security-reports/

update 2024-11-19: I had the privilege of coordinating on behalf of Qualys for LPEs in needrestart. Their empathy and deftness were humbling.

Reports

• 2024-11-19 LPEs in needrestart [Q] [oss] [local]
• 2024-07-01 glibc-based linux sshd RCE [Q] [oss] [local]
• 2024-01-30 glibc qsort() OOB read and write [Q] [oss] [local]
• 2024-01-30 glibc syslog() heap overflow [Q] [oss] [local]
• 2023-10-03 glibc ld.so LPE [Q] [oss] [local]
• 2023-07-19 openssh forwarded ssh-agent RCE [Q] [oss] [local]
• 2023-06-06 renderdoc LPE and RCE [Q] [oss] [local]
• 2023-03-15 openbsd libskey stack overflow [NA] [oss] [local]
• 2023-02-02 openssh double-free analysis [NA] [oss] [local]
• 2022-11-30 snap-confine mkdir LPE race chains [Q] [oss] [local]
• 2022-10-24 multipathd symlink LPE [Q] [oss] [local]
• 2022-08-29 linux nft_object() UAF [NA] [oss] [local]
• 2022-02-17 snap-confine LPE race chain in mount [Q] [oss] [local]
• 2022-01-25 linux slab OOB write [NA] [oss] [local]
• 2022-01-25 polkit pkexec LPE [Q] [oss] [local]
• 2022-01-24 glibc memleak and buffer under/overflow [NA] [oss] [local]
• 2022-01-24 util-linux libmount SUIDs [NA] [oss] [local]
• 2022-01-10 systemd-tmpfiles recursion DoS [NA] [oss] [local]
• 2021-07-20 linux OOB FS write to LPE [Q] [oss] [local]
• 2021-07-20 systemd stack exhaustion DoS [Q] [oss] [local]
• 2021-05-04 exim vulnerabilities [Q] [oss] [local]
• 2021-01-26 sudo heap overflow [Q] [oss] [local]
• 2020-05-19 qmail RCE [Q] [oss] [local]
• 2020-02-24 opensmtpd local information leak [Q] [oss] [local]
• 2020-02-24 opensmtpd LPE and RCE [Q] [oss] [local]
• 2019-12-11 openbsd dynamic loader LPE [Q] [oss] [local]
• 2019-12-04 openbsd authentication vulnerabilities [Q] [oss] [local]
• 2019-06-05 exim RCE [Q] [oss] [local]
• 2019-01-09 systemd-journald exploit [Q] [oss] [local]
• 2018-09-25 linux create_elf_tables() int overflow [Q] [oss] [local]
• 2018-08-27 openssh another username enumeration [NA] [oss] [local]
• 2018-08-15 openssh username enumeration [NA] [oss] [local]
• 2018-05-17 procps-ng audit report [Q] [oss] [local]
• 2017-12-13 iscsiuio overflow [NA] [oss] [local]
• 2017-12-11 glibc ld.so buffer overflow [Q] [oss] [local]
• 2017-09-26 linux PIE/stack corruption [Q] [oss] [local]
• 2017-06-19 stack clash [Q] [oss] [local]
• 2017-05-30 sudo get_process_ttyname() LPE [Q] [oss] [local]
• 2016-01-14 openssh client info leak and heap overflow [Q] [oss] [local]
• 2015-10-15 libressl memory leak and buffer overflow [Q] [oss] [local]
• 2015-10-02 opensmtpd audit report [Q] [oss] [local]
• 2015-07-23 libuser DoS and LPE [Q] [oss] [local]
• 2015-01-27 glibc gethostbyname buffer overflow [Q] [oss] [local]