oss-security mailing list

Follow @Openwall on Twitter for new release announcements and other news

oss-security mailing list

	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	92	75	93	105	94	69
2024	80	100	178	197	72	47	128	107	58	52	87	44
2023	69	62	100	107	99	78	87	60	122	198	86	101
2022	116	50	47	79	83	58	77	86	76	70	95	108
2021	92	91	98	90	88	59	61	82	49	76	60	47
2020	52	47	38	82	70	67	76	64	71	85	90	66
2019	102	48	49	86	51	103	107	80	71	75	67	70
2018	122	81	84	81	71	104	71	135	78	120	75	84
2017	252	278	171	171	209	278	225	157	214	162	196	93
2016	258	207	271	183	267	193	214	184	287	294	257	241
2015	377	336	355	319	277	243	266	197	195	206	205	208
2014	214	252	249	211	183	317	273	201	413	485	382	318
2013	217	323	246	258	200	201	260	265	163	203	182	199
2012	333	189	294	216	234	128	150	207	234	192	191	161
2011	153	169	318	354	159	224	258	164	137	203	241	146
2010	72	96	123	118	115	142	119	144	203	84	187	139
2009	89	81	75	114	96	59	84	99	102	122	108	74
2008		104	103	143	136	112	150	125	127	123	128	107

Recent messages:

2025/06/16 #6: 5 security issues disclosed in libxml2 (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/06/16 #5: CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract (Jonatan Männchen <jonatan@...nnchen.ch>)
2025/06/16 #4: CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers ("Gary D. Gregory" <ggregory@...che.org>)
2025/06/16 #3: CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows (Mark Thomas <markt@...che.org>)
2025/06/16 #2: CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources (Mark Thomas <markt@...che.org>)
2025/06/16 #1: CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS (Mark Thomas <markt@...che.org>)
2025/06/15 #1: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/14 #2: CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. (Tomasz Cedro <cederom@...che.org>)
2025/06/14 #1: CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. (Tomasz Cedro <cederom@...che.org>)
2025/06/13 #1: sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806) (Matthias Gerstner <mgerstner@...e.de>)
2025/06/11 #5: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
2025/06/11 #4: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Marc Deslauriers <marc.deslauriers@...onical.com>)
2025/06/11 #3: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
2025/06/11 #2: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Marc Deslauriers <marc.deslauriers@...onical.com>)
2025/06/11 #1: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
2025/06/10 #5: CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < … (Dennis Dast <dennis.dast@...ofnet.de>)
2025/06/10 #4: Re: Django CVE-2025-48432 (follow-up patch releases) (Sebastian Pipping <sebastian@...ping.org>)
2025/06/10 #3: Re: Django CVE-2025-48432 (follow-up patch releases) (Sarah Boyce <sarahboyce@...ngoproject.com>)
2025/06/10 #2: Django CVE-2025-48432 (follow-up patch releases) (Sarah Boyce <sarahboyce@...ngoproject.com>)
2025/06/10 #1: Re: Local information disclosure in apport and systemd-coredump (Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>)
2025/06/09 #3: CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration (Luke Chen <showuon@...che.org>)
2025/06/09 #2: CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration (Luke Chen <showuon@...che.org>)
2025/06/09 #1: CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability (Luke Chen <showuon@...che.org>)
2025/06/07 #5: Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
2025/06/07 #4: Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros (Bastian Blank <bblank@...nkmo.de>)
2025/06/07 #3: Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
2025/06/07 #2: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
2025/06/07 #1: Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros (Greg KH <greg@...ah.com>)
2025/06/06 #12: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros (Attila Szasz <szasza.contact@...il.com>)
2025/06/06 #11: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Attila Szasz <szasza.contact@...il.com>)
2025/06/06 #10: Re: Local information disclosure in apport and systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
2025/06/06 #9: Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Jacob Bachmeyer <jcb62281@...il.com>)
2025/06/06 #8: Vulnerability in Jenkins Gatling Plugin (Daniel Beck <ml@...kweb.net>)
2025/06/06 #7: Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Eli Schwartz <eschwartz@...too.org>)
2025/06/06 #6: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
2025/06/06 #5: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
2025/06/06 #4: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/06 #3: Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encount… (Timothy Legge <timlegge@...nsec.org>)
2025/06/06 #2: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/06 #1: Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a cra… (Sam James <sam@...too.org>)
2025/06/05 #5: Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874 (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/06/05 #4: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters … (Timothy Legge <timlegge@...nsec.org>)
2025/06/05 #3: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/05 #2: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/05 #1: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/04 #6: Re: CVE-2024-47081: Netrc credential leak in PSF requests library (Jakub Wilk <jwilk@...lk.net>)
2025/06/04 #5: CVE-2025-48432: Django: Potential log injection via unescaped request path (Natalia Bidart <nataliabidart@...ngoproject.com>)
2025/06/04 #4: Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Greg KH <gregkh@...uxfoundation.org>)
2025/06/04 #3: Re: Local information disclosure in apport and systemd-coredump (David Fernandez Gonzalez <david.fernandez.gonzalez@...cle.com>)
2025/06/04 #2: [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop (Daniel Stenberg <daniel@...x.se>)
2025/06/04 #1: Re: CVE-2024-47081: Netrc credential leak in PSF requests library (Demi Marie Obenour <demiobenour@...il.com>)
2025/06/03 #11: Re: CVE-2024-47081: Netrc credential leak in PSF requests library (Dave Walker <email@...iey.com>)
2025/06/03 #10: Re: Local information disclosure in apport and systemd-coredump (Marco Benatto <mbenatto@...hat.com>)
2025/06/03 #9: CVE-2024-47081: Netrc credential leak in PSF requests library (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/06/03 #8: Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/06/03 #7: CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authenticat… (Arnout Engelen <engelen@...che.org>)
2025/06/03 #6: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Attila Szasz <szasza.contact@...il.com>)
2025/06/03 #5: Re: Local information disclosure in apport and systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
2025/06/03 #4: Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
2025/06/03 #3: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
2025/06/03 #2: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
2025/06/03 #1: Re: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
2025/06/02 #7: Re: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
2025/06/02 #6: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths (Leon Timmermans <fawaka@...il.com>)
2025/06/02 #5: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
2025/06/02 #4: Re: Local information disclosure in apport and systemd-coredump (Jelle van der Waa <jelle@...aa.nl>)
2025/06/02 #3: Re: Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v (Anton Luka Šijanec <anton@...anec.eu>)
2025/06/02 #2: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
2025/06/02 #1: Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v (Hanno Böck <hanno@...eck.de>)
2025/05/30 #4: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths (Stig Palmquist <stig@...g.io>)
2025/05/30 #3: CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection (Daniel Gaspar <dpgaspar@...che.org>)
2025/05/30 #2: Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
2025/05/30 #1: Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
2025/05/29 #4: CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts (Mark Thomas <markt@...che.org>)
2025/05/29 #3: Local information disclosure in apport and systemd-coredump (Qualys Security Advisory <qsa@...lys.com>)
2025/05/29 #2: Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/05/29 #1: Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort (Simon McVittie <smcv@...ian.org>)
2025/05/28 #11: Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jakub Wilk <jwilk@...lk.net>)
2025/05/28 #10: how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) (Solar Designer <solar@...nwall.com>)
2025/05/28 #9: RE: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jounee Kim <Jokim@...com>)
2025/05/28 #8: Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
2025/05/28 #7: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Andrei Pavel <andrei@....org>)
2025/05/28 #6: CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by def… ("Gary D. Gregory" <ggregory@...che.org>)
2025/05/28 #5: [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL (Daniel Stenberg <daniel@...x.se>)
2025/05/28 #4: [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL (Daniel Stenberg <daniel@...x.se>)
2025/05/28 #3: CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read (Charles Zhang <dockerzhang@...che.org>)
2025/05/28 #2: CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing (Charles Zhang <dockerzhang@...che.org>)
2025/05/28 #1: CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass (Charles Zhang <dockerzhang@...che.org>)
2025/05/27 #2: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/05/27 #1: Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on us… (Xen.org security team <security@....org…)
2025/05/26 #1: CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. (Tomasz Cedro <cederom@...che.org>)
2025/05/23 #2: CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs (Alan Coopersmith <alan.coopersmith@...cle.com>)
2025/05/23 #1: Re: Perl 5.40 dir dup bug with threading: security consequences (Stig Palmquist <stig@...g.io>)
2025/05/22 #2: Perl 5.40 dir dup bug with threading: security consequences (Vincent Lefevre <vincent@...c17.net>)
2025/05/22 #1: CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use (Tomas Mraz <tomas@...nssl.org>)
2025/05/21 #1: CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure (Nicki Křížek <nicki@....org>)
2025/05/20 #2: CVE-2025-3908: OpenVPN 3 Linux v24.1 released (David Sommerseth <dazo@...ephia.org>)
2025/05/20 #1: Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
2025/05/19 #2: Landlock news #5 (Mickaël Salaün <mic@...ikod.net>)
2025/05/19 #1: Re: CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") (Hanno Böck <hanno@...eck.de>)

31227 messages

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.