oss-security mailing list
Recent messages:
- 2025/06/17 #7:
[ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a
vulnerability in ESI processing (Masakazu Kitajo <maskit@...che.org>)
- 2025/06/17 #6:
Re: CVE-2025-6019: LPE from allow_active to root in
libblockdev via udisks (Simon McVittie <smcv@...ian.org>)
- 2025/06/17 #5:
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via
udisks (Qualys Security Advisory <qsa@...lys.com>)
- 2025/06/17 #4:
CVE-2025-6019: LPE from allow_active to root in libblockdev via
udisks (Qualys Security Advisory <qsa@...lys.com>)
- 2025/06/17 #3:
Fwd: X.Org Security Advisory: multiple security issues X.Org X server
and Xwayland (Olivier Fourdan <ofourdan@...hat.com>)
- 2025/06/17 #2:
[kubernetes] Race Condition in Go allows Volume Deletion in older
Kubernetes versions (Craig Ingram <cjingram@...gle.com>)
- 2025/06/17 #1:
pam: pam_namespace local privilege escalation (CVE-2025-6020) (BAL-PETRE Olivier <Olivier.Bal-Petre@....gouv.fr>)
- 2025/06/16 #6:
5 security issues disclosed in libxml2 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/16 #5:
CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract (Jonatan Männchen <jonatan@...nnchen.ch>)
- 2025/06/16 #4:
CVE-2025-48976: Apache Commons FileUpload, Apache Commons
FileUpload: FileUpload DoS via part headers ("Gary D. Gregory" <ggregory@...che.org>)
- 2025/06/16 #3:
CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in
Tomcat installer for Windows (Mark Thomas <markt@...che.org>)
- 2025/06/16 #2:
CVE-2025-49125: Apache Tomcat: Security constraint bypass for
pre/post-resources (Mark Thomas <markt@...che.org>)
- 2025/06/16 #1:
CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with
headers DoS (Mark Thomas <markt@...che.org>)
- 2025/06/15 #1:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/14 #2:
CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls
buffers size. (Tomasz Cedro <cederom@...che.org>)
- 2025/06/14 #1:
CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.:
tools/bdf-converter: Fix loop termination condition. (Tomasz Cedro <cederom@...che.org>)
- 2025/06/13 #1:
sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807,
CVE-2025-46806) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/06/11 #5:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/11 #4:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Marc Deslauriers <marc.deslauriers@...onical.com>)
- 2025/06/11 #3:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
- 2025/06/11 #2:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Marc Deslauriers <marc.deslauriers@...onical.com>)
- 2025/06/11 #1:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/10 #5:
CVE-2025-49091: Konsole: Code execution from web browser using URL schemes
handled by KDE's KTelnetService and Konsole < … (Dennis Dast <dennis.dast@...ofnet.de>)
- 2025/06/10 #4:
Re: Django CVE-2025-48432 (follow-up patch releases) (Sebastian Pipping <sebastian@...ping.org>)
- 2025/06/10 #3:
Re: Django CVE-2025-48432 (follow-up patch releases) (Sarah Boyce <sarahboyce@...ngoproject.com>)
- 2025/06/10 #2:
Django CVE-2025-48432 (follow-up patch releases) (Sarah Boyce <sarahboyce@...ngoproject.com>)
- 2025/06/10 #1:
Re: Local information disclosure in apport and
systemd-coredump (Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>)
- 2025/06/09 #3:
CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service
attack via SASL JAAS JndiLoginModule configuration (Luke Chen <showuon@...che.org>)
- 2025/06/09 #2:
CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS
LdapLoginModule configuration (Luke Chen <showuon@...che.org>)
- 2025/06/09 #1:
CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF
vulnerability (Luke Chen <showuon@...che.org>)
- 2025/06/07 #5:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
- 2025/06/07 #4:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Bastian Blank <bblank@...nkmo.de>)
- 2025/06/07 #3:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
- 2025/06/07 #2:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
- 2025/06/07 #1:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Greg KH <greg@...ah.com>)
- 2025/06/06 #12:
Re: Re: Linux kernel: HFS+ filesystem implementation, issues,
exposure in distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/06 #11:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/06 #10:
Re: Local information disclosure in apport and
systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
- 2025/06/06 #9:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/06/06 #8:
Vulnerability in Jenkins Gatling Plugin (Daniel Beck <ml@...kweb.net>)
- 2025/06/06 #7:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Eli Schwartz <eschwartz@...too.org>)
- 2025/06/06 #6:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #5:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #4:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #3:
Re: CVE-2011-10007: File::Find::Rule through 0.34 for
Perl is vulnerable to Arbitrary Code Execution when `grep()` encount… (Timothy Legge <timlegge@...nsec.org>)
- 2025/06/06 #2:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #1:
Re: CVE-2011-10007: File::Find::Rule through 0.34
for Perl is vulnerable to Arbitrary Code Execution when `grep()`
encounters a cra… (Sam James <sam@...too.org>)
- 2025/06/05 #5:
Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673,
CVE-2025-0913, CVE-2025-22874 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/05 #4:
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable
to Arbitrary Code Execution when `grep()` encounters … (Timothy Legge <timlegge@...nsec.org>)
- 2025/06/05 #3:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/05 #2:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/05 #1:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/04 #6:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Jakub Wilk <jwilk@...lk.net>)
- 2025/06/04 #5:
CVE-2025-48432: Django: Potential log injection via unescaped request path (Natalia Bidart <nataliabidart@...ngoproject.com>)
- 2025/06/04 #4:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Greg KH <gregkh@...uxfoundation.org>)
- 2025/06/04 #3:
Re: Local information disclosure in apport and
systemd-coredump (David Fernandez Gonzalez <david.fernandez.gonzalez@...cle.com>)
- 2025/06/04 #2:
[SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop (Daniel Stenberg <daniel@...x.se>)
- 2025/06/04 #1:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/03 #11:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Dave Walker <email@...iey.com>)
- 2025/06/03 #10:
Re: Local information disclosure in apport and systemd-coredump (Marco Benatto <mbenatto@...hat.com>)
- 2025/06/03 #9:
CVE-2024-47081: Netrc credential leak in PSF requests
library (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/03 #8:
Samba 4.21.6 fixes CVE-2025-0620 in SMB session
re-authentication (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/03 #7:
CVE-2025-46548: Apache Pekko Management, Apache Pekko Management,
Apache Pekko Management: management API basic authenticat… (Arnout Engelen <engelen@...che.org>)
- 2025/06/03 #6:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in
distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/03 #5:
Re: Local information disclosure in apport and
systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
- 2025/06/03 #4:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/03 #3:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/03 #2:
Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/03 #1:
Re: Re: CVE-2025-40909: Perl threads have a working
directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
- 2025/06/02 #7:
Re: Re: CVE-2025-40909: Perl threads have a working
directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
- 2025/06/02 #6:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Leon Timmermans <fawaka@...il.com>)
- 2025/06/02 #5:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
- 2025/06/02 #4:
Re: Local information disclosure in apport and
systemd-coredump (Jelle van der Waa <jelle@...aa.nl>)
- 2025/06/02 #3:
Re: Roundcube webmail: Post-Auth RCE via PHP Object
Deserialization reported by firs0v (Anton Luka Šijanec <anton@...anec.eu>)
- 2025/06/02 #2:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
- 2025/06/02 #1:
Roundcube webmail: Post-Auth RCE via PHP Object Deserialization
reported by firs0v (Hanno Böck <hanno@...eck.de>)
- 2025/05/30 #4:
CVE-2025-40909: Perl threads have a working directory race condition
where file operations may target unintended paths (Stig Palmquist <stig@...g.io>)
- 2025/05/30 #3:
CVE-2025-48912: Apache Superset: Improper authorization bypass on
row level security via SQL Injection (Daniel Gaspar <dpgaspar@...che.org>)
- 2025/05/30 #2:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/30 #1:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/29 #4:
CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI
scripts (Mark Thomas <markt@...che.org>)
- 2025/05/29 #3:
Local information disclosure in apport and systemd-coredump (Qualys Security Advisory <qsa@...lys.com>)
- 2025/05/29 #2:
Re: CVE-2025-5278: Heap Buffer Overflow in GNU
Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/29 #1:
Re: CVE-2025-5278: Heap Buffer Overflow in GNU
Coreutils sort (Simon McVittie <smcv@...ian.org>)
- 2025/05/28 #11:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jakub Wilk <jwilk@...lk.net>)
- 2025/05/28 #10:
how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) (Solar Designer <solar@...nwall.com>)
- 2025/05/28 #9:
RE: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jounee Kim <Jokim@...com>)
- 2025/05/28 #8:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/28 #7:
ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801,
CVE-2025-32802, CVE-2025-32803) (Andrei Pavel <andrei@....org>)
- 2025/05/28 #6:
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does
not suppresses an enum's declaredClass property by def… ("Gary D. Gregory" <ggregory@...che.org>)
- 2025/05/28 #5:
[SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL (Daniel Stenberg <daniel@...x.se>)
- 2025/05/28 #4:
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL (Daniel Stenberg <daniel@...x.se>)
- 2025/05/28 #3:
CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible
Character Bypass Leading to Arbitrary File Read (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/28 #2:
CVE-2025-27522: Apache InLong: JDBC Vulnerability during
verification processing (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/28 #1:
CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode
and backspace bypass (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/27 #2:
CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/27 #1:
Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464)
- WinPVDrivers: Excessive permissions on us… (Xen.org security team <security@....org…)
- 2025/05/26 #1:
CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and
UART DoS/RCE Vulnerabilities. (Tomasz Cedro <cederom@...che.org>)
- 2025/05/23 #2:
CVE-2025-48708: ghostscript can embed plaintext password in encrypted
PDFs (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/23 #1:
Re: Perl 5.40 dir dup bug with threading: security
consequences (Stig Palmquist <stig@...g.io>)
31234 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
