oss-security

Messages by Date

2025/06/03 Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
2025/06/03 [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Alan Coopersmith
2025/06/03 [oss-security] Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication Alan Coopersmith
2025/06/03 [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
2025/06/03 [oss-security] CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective Arnout Engelen
2025/06/02 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/02 [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/02 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/02 Re: [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
2025/06/02 Re: [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Leon Timmermans
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
2025/06/02 Re: [oss-security] Local information disclosure in apport and systemd-coredump Jelle van der Waa
2025/06/02 Re: [oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Anton Luka Šijanec
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
2025/06/01 [oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Hanno Böck
2025/05/30 [oss-security] CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Stig Palmquist
2025/05/30 [oss-security] CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar
2025/05/30 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/30 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/29 [oss-security] CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts Mark Thomas
2025/05/29 [oss-security] Local information disclosure in apport and systemd-coredump Qualys Security Advisory
2025/05/29 Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
2025/05/29 Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie
2025/05/28 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jakub Wilk
2025/05/28 [oss-security] how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) Solar Designer
2025/05/28 RE: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jounee Kim
2025/05/28 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/28 [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Andrei Pavel
2025/05/28 [oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory
2025/05/27 [oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL Daniel Stenberg
2025/05/27 [oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL Daniel Stenberg
2025/05/27 [oss-security] CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang
2025/05/27 [oss-security] CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang
2025/05/27 [oss-security] CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang
2025/05/27 [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
2025/05/27 [oss-security] Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices Xen . org security team
2025/05/25 [oss-security] CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. Tomasz Cedro
2025/05/23 [oss-security] CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs Alan Coopersmith
2025/05/23 Re: [oss-security] Perl 5.40 dir dup bug with threading: security consequences Stig Palmquist
2025/05/22 [oss-security] Perl 5.40 dir dup bug with threading: security consequences Vincent Lefevre
2025/05/22 [oss-security] CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use Tomas Mraz
2025/05/21 [oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure Nicki Křížek
2025/05/20 [oss-security] CVE-2025-3908: OpenVPN 3 Linux v24.1 released David Sommerseth
2025/05/20 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/19 [oss-security] Landlock news #5 Mickaël Salaün
2025/05/19 Re: [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Hanno Böck
2025/05/18 Re: [oss-security] describing affected systems Eli Schwartz
2025/05/17 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell
2025/05/17 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann
2025/05/16 RE: [oss-security] The GNU C Library security advisories update for 2025-05-16 Caveney, Seamus G
2025/05/16 Re: [oss-security] The GNU C Library security advisories update for 2025-05-16 Solar Designer
2025/05/16 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer
2025/05/16 [oss-security] The GNU C Library security advisories update for 2025-05-16 Carlos O'Donell
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell
2025/05/16 [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Alan Coopersmith
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/15 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Yogesh Mittal
2025/05/15 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 Adrian Perez de Castro
2025/05/15 [oss-security] Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
2025/05/15 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson
2025/05/14 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/05/14 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/05/14 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
2025/05/14 [oss-security] Re: EU Vulnerability Database gmane.io
2025/05/14 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/14 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/13 [oss-security] CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
2025/05/13 [oss-security] CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
2025/05/13 [oss-security] CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
2025/05/13 Re: [oss-security] EU Vulnerability Database Solar Designer
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler
2025/05/13 Re: [oss-security] EU Vulnerability Database Rolf Reintjes
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Simon McVittie
2025/05/13 Re: [oss-security] EU Vulnerability Database Stuart Henderson
2025/05/13 Re: [oss-security] EU Vulnerability Database Stuart Henderson
2025/05/13 [oss-security] EU Vulnerability Database Graeme Fowler
2025/05/13 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart
2025/05/13 Re: [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
2025/05/13 [oss-security] Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
2025/05/13 [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
2025/05/13 [oss-security] CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
2025/05/13 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
2025/05/12 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
2025/05/12 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston
2025/05/12 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
2025/05/12 [oss-security] CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
2025/05/12 [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
2025/05/12 [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/09 [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith
2025/05/09 [oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Alan Coopersmith
2025/05/09 [oss-security] CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
2025/05/09 [oss-security] CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty Valtteri Vuorikoski
2025/05/08 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jeremy Reeder
2025/05/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/05/08 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/05/08 [oss-security] OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs Jay Faulkner
2025/05/07 [oss-security] CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() Natalia Bidart
2025/05/06 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Alan Coopersmith
2025/05/06 [oss-security] Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory Alan Coopersmith
2025/05/06 [oss-security] CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
2025/05/02 [oss-security] CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js Alan Coopersmith
2025/05/02 [oss-security] CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
2025/04/29 [oss-security] PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH exchange Remi Gacogne
2025/04/28 [oss-security] CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve Mark Thomas
2025/04/28 [oss-security] CVE-2025-31650: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame Mark Thomas
2025/04/28 Re: [oss-security] Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Werner Koch
2025/04/25 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
2025/04/25 Re: [oss-security] CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c Solar Designer
2025/04/25 [oss-security] CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c xiaolin
2025/04/25 [oss-security] Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Jan Engelhardt
2025/04/25 [oss-security] CVE-2024-56430: openfhe: OpenFHE through 1.2.3 has a NULL pointer dereference bug xiaolin
2025/04/25 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jacob Bachmeyer
2025/04/24 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
2025/04/24 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Solar Designer
2025/04/24 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
2025/04/24 Re: [oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Qualys Security Advisory
2025/04/24 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jakub Wilk
2025/04/24 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
2025/04/24 [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow 田世林
2025/04/24 [oss-security] Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
2025/04/24 [oss-security] Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
2025/04/24 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Albert Veli
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
2025/04/23 [oss-security] CVE-2025-23016: Integer & buffer overflow in fastcgi < 2.4.5 Alan Coopersmith
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Jakub Wilk
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ricardo Branco
2025/04/23 [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
2025/04/22 [oss-security] CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset Hulk Lin
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jim P.
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Russ Allbery
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Mats Wichmann
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Thomas Ward
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
2025/04/21 [oss-security] 3 new CVE's in old branch of GNU mailman Alan Coopersmith
2025/04/19 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
2025/04/18 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
2025/04/18 [oss-security] libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724 Alan Coopersmith
2025/04/18 [oss-security] A bowlful of bugs in GNOME's libsoup Alan Coopersmith
2025/04/18 [oss-security] CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass Arnout Engelen
2025/04/18 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
2025/04/17 Re: [oss-security] Multiple vulnerabilities in libxml2 Nick Wellnhofer
2025/04/17 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
2025/04/17 Re: [oss-security] Multiple vulnerabilities in libxml2 Solar Designer
2025/04/17 [oss-security] Multiple vulnerabilities in libxml2 Nick Wellnhofer
2025/04/17 Re: [oss-security] CVE program averts swift end Jan Klopper
2025/04/16 Re: [oss-security] CVE program averts swift end Marco Moock
2025/04/16 [oss-security] CVE program averts swift end Rolf Reintjes
2025/04/16 Re: [oss-security] CVE program averts swift end Alan Coopersmith
2025/04/16 Re: [oss-security] CVE program averts swift end Brian Behlendorf
2025/04/16 [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
2025/04/16 [oss-security] CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong
2025/04/13 Re: [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
2025/04/13 Re: [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Solar Designer
2025/04/13 [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
2025/04/12 Re: [oss-security] Security audit of PHP Solar Designer
2025/04/12 Re: [oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Solar Designer
2025/04/12 [oss-security] Security audit of PHP Alan Coopersmith
2025/04/12 [oss-security] CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang
2025/04/11 [oss-security] CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson
2025/04/10 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
2025/04/10 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
2025/04/10 Re: [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Demi Marie Obenour
2025/04/10 [oss-security] Re: Announce: OpenSSH 10.0 released Damien Miller
2025/04/10 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck
2025/04/10 [oss-security] CVE-2025-31498: c-ares use-after-free Brad House
2025/04/10 [oss-security] Vulnerabilities in Jenkins Docker images Daniel Beck
2025/04/10 Re: [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Greg KH
2025/04/10 [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() ake...@akendo.eu
2025/04/10 Re: [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. LinkinStar
2025/04/09 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
2025/04/09 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
2025/04/09 [oss-security] xmlrpc-c bundles a (very old and) vulnerable copy of libexpat Sebastian Pipping
2025/04/09 [oss-security] CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
2025/04/09 [oss-security] CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
2025/04/09 [oss-security] Announce: OpenSSH 10.0 released Damien Miller
2025/04/08 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
2025/04/08 [oss-security] CVE-2025-30215: nats-server: Missing access controls for JS API Phil Pennock
2025/04/08 [oss-security] CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
2025/04/08 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
2025/04/07 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai
2025/04/07 [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
2025/04/07 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0003 Adrian Perez de Castro
2025/04/07 [oss-security] PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0 Otto Moerbeek
2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Jeffrey Walton
2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Solar Designer
2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Hanno Böck
2025/04/05 [oss-security] CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS David Sommerseth
2025/04/05 [oss-security] use-after-free (maybe?) in libspf2 Hanno Böck
2025/04/05 [oss-security] CVE-2025-30232: UAF in Exim 4.96 to 4.98.1 Valtteri Vuorikoski
2025/04/05 Re: [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
2025/04/04 [oss-security] CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data Alan Coopersmith
2025/04/04 [oss-security] pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946 Alan Coopersmith