oss-security

Messages by Date

2025/07/03 [oss-security] CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
2025/07/02 [oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo Stefan Bühler
2025/07/02 [oss-security] CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference tianshuo han
2025/07/02 [oss-security] CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen
2025/07/01 [oss-security] CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper
2025/07/01 [oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery Xen . org security team
2025/06/30 [oss-security] CVE-2025-32463: sudo local privilege escalation via chroot option Todd C. Miller
2025/06/30 [oss-security] CVE-2025-32462: sudo local privilege escalation via host option Todd C. Miller
2025/06/29 [oss-security] CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming
2025/06/28 [oss-security] CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
2025/06/27 [oss-security] libssh 0.11.2 security and bugfix release Alan Coopersmith
2025/06/26 Re: [oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Jacob Bachmeyer
2025/06/26 [oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Sage [They / Them] McTaggart
2025/06/25 Re: [oss-security] xdg-open bypassing SameSite=Strict Gabriel Corona
2025/06/25 Re: [oss-security] xdg-open bypassing SameSite=Strict Simon McVittie
2025/06/25 Re: [oss-security] sox_ng fixes 20 CVEs in sox Martin Guy
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict Lucas Holt
2025/06/24 [oss-security] CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict Anton Luka Šijanec
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict grape mingijung
2025/06/24 [oss-security] sox_ng fixes 20 CVEs in sox Martin Guy
2025/06/23 [oss-security] CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Alan Coopersmith
2025/06/23 Re: [oss-security] xdg-open bypassing SameSite=Strict Solar Designer
2025/06/23 [oss-security] xdg-open bypassing SameSite=Strict grape mingijung
2025/06/20 Re: [oss-security] path traversal in tar extract in intel cve-bin-tool lists
2025/06/20 [oss-security] ClamAV 1.4.3 and 1.0.9 security patch versions published Alan Coopersmith
2025/06/20 Re: [oss-security] path traversal in tar extract in intel cve-bin-tool Jakub Wilk
2025/06/18 [oss-security] [kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks Rita Zhang
2025/06/18 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2025/06/17 Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk
2025/06/17 [oss-security] [ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a vulnerability in ESI processing Masakazu Kitajo
2025/06/17 Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie
2025/06/17 [oss-security] Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
2025/06/17 [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
2025/06/17 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2025/06/17 [oss-security] [kubernetes] Race Condition in Go allows Volume Deletion in older Kubernetes versions Craig Ingram
2025/06/17 [oss-security] pam: pam_namespace local privilege escalation (CVE-2025-6020) BAL-PETRE Olivier
2025/06/16 [oss-security] 5 security issues disclosed in libxml2 Alan Coopersmith
2025/06/16 [oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract Jonatan Männchen
2025/06/16 [oss-security] CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory
2025/06/16 [oss-security] CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows Mark Thomas
2025/06/16 [oss-security] CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources Mark Thomas
2025/06/16 [oss-security] CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS Mark Thomas
2025/06/14 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/14 [oss-security] CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. Tomasz Cedro
2025/06/14 [oss-security] CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. Tomasz Cedro
2025/06/13 [oss-security] sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806) Matthias Gerstner
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/10 [oss-security] CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2 Dennis Dast
2025/06/10 Re: [oss-security] Django CVE-2025-48432 (follow-up patch releases) Sebastian Pipping
2025/06/10 [oss-security] Re: Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce
2025/06/10 [oss-security] Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce
2025/06/10 Re: [oss-security] Local information disclosure in apport and systemd-coredump Zbigniew Jędrzejewski-Szmek
2025/06/09 [oss-security] CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration Luke Chen
2025/06/09 [oss-security] CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration Luke Chen
2025/06/09 [oss-security] CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability Luke Chen
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Bastian Blank
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin
2025/06/07 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
2025/06/06 [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz
2025/06/06 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
2025/06/06 Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
2025/06/06 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Jacob Bachmeyer
2025/06/06 [oss-security] Vulnerability in Jenkins Gatling Plugin Daniel Beck
2025/06/05 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Eli Schwartz
2025/06/05 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/05 [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/05 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/05 Re: [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
2025/06/05 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/05 Re: [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Sam James
2025/06/05 [oss-security] Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874 Alan Coopersmith
2025/06/05 [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/04 Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Jakub Wilk
2025/06/04 [oss-security] CVE-2025-48432: Django: Potential log injection via unescaped request path Natalia Bidart
2025/06/04 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Greg KH
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump David Fernandez Gonzalez
2025/06/03 [oss-security] [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop Daniel Stenberg
2025/06/03 Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Demi Marie Obenour
2025/06/03 Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Dave Walker
2025/06/03 Re: [oss-security] Local information disclosure in apport and systemd-coredump Marco Benatto
2025/06/03 Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
2025/06/03 [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Alan Coopersmith
2025/06/03 [oss-security] Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication Alan Coopersmith
2025/06/03 [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
2025/06/03 [oss-security] CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective Arnout Engelen
2025/06/02 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/02 [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/02 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/02 Re: [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
2025/06/02 Re: [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Leon Timmermans
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
2025/06/02 Re: [oss-security] Local information disclosure in apport and systemd-coredump Jelle van der Waa
2025/06/02 Re: [oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Anton Luka Šijanec
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
2025/06/01 [oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Hanno Böck
2025/05/30 [oss-security] CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Stig Palmquist
2025/05/30 [oss-security] CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar
2025/05/30 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/30 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/29 [oss-security] CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts Mark Thomas
2025/05/29 [oss-security] Local information disclosure in apport and systemd-coredump Qualys Security Advisory
2025/05/29 Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
2025/05/29 Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie
2025/05/28 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jakub Wilk
2025/05/28 [oss-security] how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) Solar Designer
2025/05/28 RE: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jounee Kim
2025/05/28 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/28 [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Andrei Pavel
2025/05/28 [oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory
2025/05/27 [oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL Daniel Stenberg
2025/05/27 [oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL Daniel Stenberg
2025/05/27 [oss-security] CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang
2025/05/27 [oss-security] CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang
2025/05/27 [oss-security] CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang
2025/05/27 [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
2025/05/27 [oss-security] Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices Xen . org security team
2025/05/25 [oss-security] CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. Tomasz Cedro
2025/05/23 [oss-security] CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs Alan Coopersmith
2025/05/23 Re: [oss-security] Perl 5.40 dir dup bug with threading: security consequences Stig Palmquist
2025/05/22 [oss-security] Perl 5.40 dir dup bug with threading: security consequences Vincent Lefevre
2025/05/22 [oss-security] CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use Tomas Mraz
2025/05/21 [oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure Nicki Křížek
2025/05/20 [oss-security] CVE-2025-3908: OpenVPN 3 Linux v24.1 released David Sommerseth
2025/05/20 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/19 [oss-security] Landlock news #5 Mickaël Salaün
2025/05/19 Re: [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Hanno Böck
2025/05/18 Re: [oss-security] describing affected systems Eli Schwartz
2025/05/17 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell
2025/05/17 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann
2025/05/16 RE: [oss-security] The GNU C Library security advisories update for 2025-05-16 Caveney, Seamus G
2025/05/16 Re: [oss-security] The GNU C Library security advisories update for 2025-05-16 Solar Designer
2025/05/16 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer
2025/05/16 [oss-security] The GNU C Library security advisories update for 2025-05-16 Carlos O'Donell
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell
2025/05/16 [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Alan Coopersmith
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/15 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Yogesh Mittal
2025/05/15 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 Adrian Perez de Castro
2025/05/15 [oss-security] Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
2025/05/15 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson
2025/05/14 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/05/14 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/05/14 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
2025/05/14 [oss-security] Re: EU Vulnerability Database gmane.io
2025/05/14 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/14 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/13 [oss-security] CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
2025/05/13 [oss-security] CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
2025/05/13 [oss-security] CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
2025/05/13 Re: [oss-security] EU Vulnerability Database Solar Designer
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler
2025/05/13 Re: [oss-security] EU Vulnerability Database Rolf Reintjes
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Simon McVittie
2025/05/13 Re: [oss-security] EU Vulnerability Database Stuart Henderson
2025/05/13 Re: [oss-security] EU Vulnerability Database Stuart Henderson
2025/05/13 [oss-security] EU Vulnerability Database Graeme Fowler
2025/05/13 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart
2025/05/13 Re: [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
2025/05/13 [oss-security] Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
2025/05/13 [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
2025/05/13 [oss-security] CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
2025/05/13 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
2025/05/12 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
2025/05/12 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston
2025/05/12 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
2025/05/12 [oss-security] CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
2025/05/12 [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
2025/05/12 [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/09 [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith
2025/05/09 [oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Alan Coopersmith
2025/05/09 [oss-security] CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
2025/05/09 [oss-security] CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty Valtteri Vuorikoski
2025/05/08 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jeremy Reeder
2025/05/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/05/08 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/05/08 [oss-security] OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs Jay Faulkner
2025/05/07 [oss-security] CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() Natalia Bidart
2025/05/06 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Alan Coopersmith
2025/05/06 [oss-security] Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory Alan Coopersmith
2025/05/06 [oss-security] CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
2025/05/02 [oss-security] CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js Alan Coopersmith
2025/05/02 [oss-security] CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
2025/04/29 [oss-security] PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH exchange Remi Gacogne
2025/04/28 [oss-security] CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve Mark Thomas

Earlier messages