Messages by Thread
-
[oss-security] CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
Eric Covener
-
[oss-security] The GNU C Library security advisories update for 2025-07-23
Adhemerval Zanella Netto
-
[oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE
Solar Designer
-
[oss-security] [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
Rita Zhang
-
[oss-security] CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly
Andy Seaborne
-
[oss-security] CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI
Andy Seaborne
-
[oss-security] CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00
Jaras
-
[oss-security] CVE-2025-53816: Memory corruption in 7-Zip before 25.00
Jaras
-
[oss-security] Five new CVEs published for Cyberark Conjur OSS
Andy Tinkham
-
[oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777)
Everett B. Fulton
-
[oss-security] CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Robert Rothenberg
-
[oss-security] CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely
Robert Rothenberg
-
[oss-security] CVE-2025-23267:A vulnerability in NVIDIA Container Toolkit can lead to container escape.
liyajie
-
[oss-security] Fwd: Node.js security updates for all active release lines, July 2025
Rafael Gonzaga
-
[oss-security] CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution
liyajie
-
[oss-security] CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs
Colm O hEigeartaigh
-
[oss-security] [vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551
Christian Brabandt
-
[oss-security] [vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552
Christian Brabandt
-
[oss-security] CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons
Julian Reschke
-
[oss-security] https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read
PJ Fanning
-
[oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886
Alan Coopersmith
-
[oss-security] PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33
Alan Coopersmith
-
[oss-security] gnutls 3.8.10 fixes 4 CVEs
Alan Coopersmith
-
[oss-security] CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Gary D. Gregory
-
[oss-security] CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start
Mark Thomas
-
[oss-security] CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload
Mark Thomas
-
[oss-security] CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS
Mark Thomas
-
[oss-security] CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase
Eric Covener
-
[oss-security] CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack
Eric Covener
-
[oss-security] CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption
Eric Covener
-
[oss-security] CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service
Eric Covener
-
[oss-security] CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping
Eric Covener
-
[oss-security] CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths
Eric Covener
-
[oss-security] CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header
Eric Covener
-
[oss-security] CVE-2024-42516: Apache HTTP Server: HTTP response splitting
Eric Covener
-
[oss-security] CVE fixes in Apache HTTP Server 2.4.64
Solar Designer
-
[oss-security] Release of pqcscan
Vincent Berg
-
[oss-security] Opossum attack / Opportunistic HTTP (RFC 2817) insecure
Hanno Böck
-
[oss-security] Go 1.24.5 & 1.23.11 fix CVE-2025-4674
Alan Coopersmith
-
[oss-security] Multiple vulnerabilities fixed in Git
Taylor Blau
-
[oss-security] Electric Charger Research
Brandon Perry
-
[oss-security] CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges
YuanSheng Wang
-
[oss-security] CVE-2025-53367: An exploitable OOB write in DjVuLibre
Kevin Backhouse
-
[oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo
Stefan Bühler
-
[oss-security] CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference
tianshuo han
-
[oss-security] CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect
Junxu Chen
-
[oss-security] CVE-2024-35164: Apache Guacamole: Improper input validation of console codes
Michael Jumper
-
[oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery
Xen . org security team
-
[oss-security] CVE-2025-32463: sudo local privilege escalation via chroot option
Todd C. Miller
-
[oss-security] CVE-2025-32462: sudo local privilege escalation via host option
Todd C. Miller
-
[oss-security] CVE-2024-39954: Apache EventMesh Runtime: SSRF
Xue Weiming
-
[oss-security] CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server
Min Ji
-
[oss-security] libssh 0.11.2 security and bugfix release
Alan Coopersmith
-
[oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
Sage [They / Them] McTaggart
-
[oss-security] CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator
Elad Kalif
-
[oss-security] sox_ng fixes 20 CVEs in sox
Martin Guy
-
[oss-security] CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module
Alan Coopersmith
-
[oss-security] xdg-open bypassing SameSite=Strict
grape mingijung
-
[oss-security] ClamAV 1.4.3 and 1.0.9 security patch versions published
Alan Coopersmith
-
[oss-security] [kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks
Rita Zhang
-
[oss-security] [ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a vulnerability in ESI processing
Masakazu Kitajo
-
[oss-security] Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks
Qualys Security Advisory
-
[oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks
Qualys Security Advisory
-
[oss-security] [kubernetes] Race Condition in Go allows Volume Deletion in older Kubernetes versions
Craig Ingram
-
[oss-security] pam: pam_namespace local privilege escalation (CVE-2025-6020)
BAL-PETRE Olivier
-
[oss-security] 5 security issues disclosed in libxml2
Alan Coopersmith
-
[oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract
Jonatan Männchen
-
[oss-security] CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
Gary D. Gregory
-
[oss-security] CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows
Mark Thomas
-
[oss-security] CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources
Mark Thomas
-
[oss-security] CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS
Mark Thomas
-
[oss-security] CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.
Tomasz Cedro
-
[oss-security] CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
Tomasz Cedro
-
[oss-security] sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806)
Matthias Gerstner
-
[oss-security] CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2
Dennis Dast
-
[oss-security] Django CVE-2025-48432 (follow-up patch releases)
Sarah Boyce
-
[oss-security] CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
Luke Chen
-
[oss-security] CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
Luke Chen
-
[oss-security] CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability
Luke Chen
-
[oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros
Attila Szasz
-
[oss-security] Vulnerability in Jenkins Gatling Plugin
Daniel Beck
-
[oss-security] Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874
Alan Coopersmith
-
[oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name
Timothy Legge
-
[oss-security] CVE-2025-48432: Django: Potential log injection via unescaped request path
Natalia Bidart
-
[oss-security] [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop
Daniel Stenberg
-
[oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library
Alan Coopersmith
-
[oss-security] Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication
Alan Coopersmith
-
[oss-security] CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective
Arnout Engelen
-
[oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Solar Designer
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Demi Marie Obenour
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Solar Designer
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Attila Szasz
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Simon McVittie
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Marc Deslauriers
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Simon McVittie
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Marc Deslauriers
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Demi Marie Obenour
-
Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Demi Marie Obenour
-
[oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Attila Szasz
-
Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Greg KH
-
[oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Solar Designer
-
Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Eli Schwartz
-
Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros
Jacob Bachmeyer
-
[oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v
Hanno Böck
-
[oss-security] CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths
Stig Palmquist
-
[oss-security] CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection
Daniel Gaspar
-
[oss-security] CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts
Mark Thomas
-
[oss-security] Local information disclosure in apport and systemd-coredump
Qualys Security Advisory
-
[oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
Andrei Pavel
-
Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
Matthias Gerstner
-
Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
Jakub Wilk
-
Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
Matthias Gerstner
-
Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
Matthias Gerstner
-
RE: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
Jounee Kim
-
[oss-security] how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803))
Solar Designer
-
[oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
Gary D. Gregory
-
[oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL
Daniel Stenberg
-
[oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL
Daniel Stenberg
-
[oss-security] CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Charles Zhang
-
[oss-security] CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing
Charles Zhang
-
[oss-security] CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass
Charles Zhang
-
[oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort
Alan Coopersmith
-
[oss-security] Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices
Xen . org security team
-
[oss-security] CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.
Tomasz Cedro
-
[oss-security] CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs
Alan Coopersmith
-
[oss-security] Perl 5.40 dir dup bug with threading: security consequences
Vincent Lefevre
-
[oss-security] CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use
Tomas Mraz
-
[oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure
Nicki Křížek
-
[oss-security] CVE-2025-3908: OpenVPN 3 Linux v24.1 released
David Sommerseth
-
[oss-security] Landlock news #5
Mickaël Salaün
-
[oss-security] The GNU C Library security advisories update for 2025-05-16
Carlos O'Donell
-
[oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace")
Alan Coopersmith
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004
Adrian Perez de Castro
-
[oss-security] CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
Haonan Hou
-
[oss-security] CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver
Haonan Hou
-
[oss-security] CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Haonan Hou
-
[oss-security] EU Vulnerability Database
Graeme Fowler
-
[oss-security] Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection
Andrew Cooper
-
[oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack
Asad Ahmed