oss-security mailing list
Recent messages:
- 2025/06/09 #3:
CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service
attack via SASL JAAS JndiLoginModule configuration (Luke Chen <showuon@...che.org>)
- 2025/06/09 #2:
CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS
LdapLoginModule configuration (Luke Chen <showuon@...che.org>)
- 2025/06/09 #1:
CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF
vulnerability (Luke Chen <showuon@...che.org>)
- 2025/06/07 #5:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
- 2025/06/07 #4:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Bastian Blank <bblank@...nkmo.de>)
- 2025/06/07 #3:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
- 2025/06/07 #2:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
- 2025/06/07 #1:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Greg KH <greg@...ah.com>)
- 2025/06/06 #12:
Re: Re: Linux kernel: HFS+ filesystem implementation, issues,
exposure in distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/06 #11:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/06 #10:
Re: Local information disclosure in apport and
systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
- 2025/06/06 #9:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/06/06 #8:
Vulnerability in Jenkins Gatling Plugin (Daniel Beck <ml@...kweb.net>)
- 2025/06/06 #7:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Eli Schwartz <eschwartz@...too.org>)
- 2025/06/06 #6:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #5:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #4:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #3:
Re: CVE-2011-10007: File::Find::Rule through 0.34 for
Perl is vulnerable to Arbitrary Code Execution when `grep()` encount… (Timothy Legge <timlegge@...nsec.org>)
- 2025/06/06 #2:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #1:
Re: CVE-2011-10007: File::Find::Rule through 0.34
for Perl is vulnerable to Arbitrary Code Execution when `grep()`
encounters a cra… (Sam James <sam@...too.org>)
- 2025/06/05 #5:
Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673,
CVE-2025-0913, CVE-2025-22874 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/05 #4:
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable
to Arbitrary Code Execution when `grep()` encounters … (Timothy Legge <timlegge@...nsec.org>)
- 2025/06/05 #3:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/05 #2:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/05 #1:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/04 #6:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Jakub Wilk <jwilk@...lk.net>)
- 2025/06/04 #5:
CVE-2025-48432: Django: Potential log injection via unescaped request path (Natalia Bidart <nataliabidart@...ngoproject.com>)
- 2025/06/04 #4:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Greg KH <gregkh@...uxfoundation.org>)
- 2025/06/04 #3:
Re: Local information disclosure in apport and
systemd-coredump (David Fernandez Gonzalez <david.fernandez.gonzalez@...cle.com>)
- 2025/06/04 #2:
[SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop (Daniel Stenberg <daniel@...x.se>)
- 2025/06/04 #1:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/03 #11:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Dave Walker <email@...iey.com>)
- 2025/06/03 #10:
Re: Local information disclosure in apport and systemd-coredump (Marco Benatto <mbenatto@...hat.com>)
- 2025/06/03 #9:
CVE-2024-47081: Netrc credential leak in PSF requests
library (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/03 #8:
Samba 4.21.6 fixes CVE-2025-0620 in SMB session
re-authentication (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/03 #7:
CVE-2025-46548: Apache Pekko Management, Apache Pekko Management,
Apache Pekko Management: management API basic authenticat… (Arnout Engelen <engelen@...che.org>)
- 2025/06/03 #6:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in
distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/03 #5:
Re: Local information disclosure in apport and
systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
- 2025/06/03 #4:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/03 #3:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/03 #2:
Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/03 #1:
Re: Re: CVE-2025-40909: Perl threads have a working
directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
- 2025/06/02 #7:
Re: Re: CVE-2025-40909: Perl threads have a working
directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
- 2025/06/02 #6:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Leon Timmermans <fawaka@...il.com>)
- 2025/06/02 #5:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
- 2025/06/02 #4:
Re: Local information disclosure in apport and
systemd-coredump (Jelle van der Waa <jelle@...aa.nl>)
- 2025/06/02 #3:
Re: Roundcube webmail: Post-Auth RCE via PHP Object
Deserialization reported by firs0v (Anton Luka Šijanec <anton@...anec.eu>)
- 2025/06/02 #2:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
- 2025/06/02 #1:
Roundcube webmail: Post-Auth RCE via PHP Object Deserialization
reported by firs0v (Hanno Böck <hanno@...eck.de>)
- 2025/05/30 #4:
CVE-2025-40909: Perl threads have a working directory race condition
where file operations may target unintended paths (Stig Palmquist <stig@...g.io>)
- 2025/05/30 #3:
CVE-2025-48912: Apache Superset: Improper authorization bypass on
row level security via SQL Injection (Daniel Gaspar <dpgaspar@...che.org>)
- 2025/05/30 #2:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/30 #1:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/29 #4:
CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI
scripts (Mark Thomas <markt@...che.org>)
- 2025/05/29 #3:
Local information disclosure in apport and systemd-coredump (Qualys Security Advisory <qsa@...lys.com>)
- 2025/05/29 #2:
Re: CVE-2025-5278: Heap Buffer Overflow in GNU
Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/29 #1:
Re: CVE-2025-5278: Heap Buffer Overflow in GNU
Coreutils sort (Simon McVittie <smcv@...ian.org>)
- 2025/05/28 #11:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jakub Wilk <jwilk@...lk.net>)
- 2025/05/28 #10:
how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) (Solar Designer <solar@...nwall.com>)
- 2025/05/28 #9:
RE: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jounee Kim <Jokim@...com>)
- 2025/05/28 #8:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/28 #7:
ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801,
CVE-2025-32802, CVE-2025-32803) (Andrei Pavel <andrei@....org>)
- 2025/05/28 #6:
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does
not suppresses an enum's declaredClass property by def… ("Gary D. Gregory" <ggregory@...che.org>)
- 2025/05/28 #5:
[SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL (Daniel Stenberg <daniel@...x.se>)
- 2025/05/28 #4:
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL (Daniel Stenberg <daniel@...x.se>)
- 2025/05/28 #3:
CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible
Character Bypass Leading to Arbitrary File Read (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/28 #2:
CVE-2025-27522: Apache InLong: JDBC Vulnerability during
verification processing (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/28 #1:
CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode
and backspace bypass (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/27 #2:
CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/27 #1:
Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464)
- WinPVDrivers: Excessive permissions on us… (Xen.org security team <security@....org…)
- 2025/05/26 #1:
CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and
UART DoS/RCE Vulnerabilities. (Tomasz Cedro <cederom@...che.org>)
- 2025/05/23 #2:
CVE-2025-48708: ghostscript can embed plaintext password in encrypted
PDFs (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/23 #1:
Re: Perl 5.40 dir dup bug with threading: security
consequences (Stig Palmquist <stig@...g.io>)
- 2025/05/22 #2:
Perl 5.40 dir dup bug with threading: security consequences (Vincent Lefevre <vincent@...c17.net>)
- 2025/05/22 #1:
CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use (Tomas Mraz <tomas@...nssl.org>)
- 2025/05/21 #1:
CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure (Nicki Křížek <nicki@....org>)
- 2025/05/20 #2:
CVE-2025-3908: OpenVPN 3 Linux v24.1 released (David Sommerseth <dazo@...ephia.org>)
- 2025/05/20 #1:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/19 #2:
Landlock news #5 (Mickaël Salaün <mic@...ikod.net>)
- 2025/05/19 #1:
Re: CPython CVE-2025-4516: Use-after-free crash
using bytes.decode("unicode_escape", error="ignore|replace") (Hanno Böck <hanno@...eck.de>)
- 2025/05/18 #1:
Re: describing affected systems (Eli Schwartz <eschwartz@...too.org>)
- 2025/05/17 #5:
Re: describing affected systems (was: screen: Multiple
Security Issues in Screen (mostly affecting release 5.0.0 and se… (Taylor R Campbell <riastradh@...BSD.org…)
- 2025/05/17 #4:
Re: describing affected systems (was: screen:
Multiple Security Issues in Screen (mostly affecting release 5.0.0 and
s… (Jan Schaumann <jschauma@...meister.org>)
- 2025/05/17 #3:
RE: The GNU C Library security advisories update for
2025-05-16 ("Caveney, Seamus G" <sgcaveney@...ttleschools.org>)
- 2025/05/17 #2:
Re: The GNU C Library security advisories update for 2025-05-16 (Solar Designer <solar@...nwall.com>)
- 2025/05/17 #1:
Re: describing affected systems (was: screen: Multiple
Security Issues in Screen (mostly affecting release 5.0.0 and setui… (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/05/16 #7:
The GNU C Library security advisories update for 2025-05-16 (Carlos O'Donell <carlos@...hat.com>)
- 2025/05/16 #6:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Eli Schwartz <eschwartz@...too.org>)
- 2025/05/16 #5:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Taylor R Campbell <riastradh@...BSD.org>)
- 2025/05/16 #4:
CPython CVE-2025-4516: Use-after-free crash using
bytes.decode("unicode_escape", error="ignore|replace") (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/16 #3:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Eli Schwartz <eschwartz@...too.org>)
- 2025/05/16 #2:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Jan Schaumann <jschauma@...meister.org>)
- 2025/05/16 #1:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/15 #4:
Re: Fwd: Node.js security updates for all active
release lines, May 2025 (Yogesh Mittal <ymittal@...hat.com>)
- 2025/05/15 #3:
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 (Adrian Perez de Castro <aperez@...lia.com>)
- 2025/05/15 #2:
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack (Asad Ahmed <asadsa@...nish-software.com>)
- 2025/05/15 #1:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Stuart Henderson <stu@...cehopper.org>)
- 2025/05/14 #10:
Re: Fwd: Node.js security updates for all active release lines, May 2025 (Solar Designer <solar@...nwall.com>)
- 2025/05/14 #9:
Fwd: Node.js security updates for all active release lines, May
2025 (Rafael Gonzaga <work@...aelgss.dev>)
- 2025/05/14 #8:
Multiple vulnerabilities in Jenkins plugins (Kevin Guerroudj <kguerroudj@...udbees.com>)
31207 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.