oss-sec: by author
RSS Feed
About List
All Lists
Previous period
289 messages
starting May 15 25 and
ending Apr 24 25
Date index |
Thread index |
Author index
Adrian Perez de Castro
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 Adrian Perez de Castro (May 15)
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0003 Adrian Perez de Castro (Apr 07)
akendo () akendo eu
CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() akendo () akendo eu (Apr 10)
Alan Coopersmith
CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith (May 27)
A bowlful of bugs in GNOME's libsoup Alan Coopersmith (Apr 18)
Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication Alan Coopersmith (Jun 03)
CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Alan Coopersmith (May 16)
Re: CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Alan Coopersmith (May 06)
CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data Alan Coopersmith (Apr 04)
Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith (May 09)
CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Alan Coopersmith (May 09)
CVE-2025-23016: Integer & buffer overflow in fastcgi < 2.4.5 Alan Coopersmith (Apr 23)
Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874 Alan Coopersmith (Jun 05)
CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Alan Coopersmith (Jun 23)
pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946 Alan Coopersmith (Apr 04)
Re: CVE program averts swift end Alan Coopersmith (Apr 16)
3 new CVE's in old branch of GNU mailman Alan Coopersmith (Apr 21)
5 security issues disclosed in libxml2 Alan Coopersmith (Jun 16)
libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724 Alan Coopersmith (Apr 18)
Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory Alan Coopersmith (May 06)
libssh 0.11.2 security and bugfix release Alan Coopersmith (Jun 27)
CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js Alan Coopersmith (May 02)
Security audit of PHP Alan Coopersmith (Apr 12)
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith (May 29)
CVE-2024-47081: Netrc credential leak in PSF requests library Alan Coopersmith (Jun 03)
CVE-2025-3155 GNOME Yelp: Arbitrary file read by abusing ghelp scheme Alan Coopersmith (Apr 04)
ClamAV 1.4.3 and 1.0.9 security patch versions published Alan Coopersmith (Jun 20)
Albert Veli
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli (May 12)
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli (May 13)
Re: vulnerabilities in busybox tar and cpio tools Albert Veli (Apr 24)
Andrea Cosentino
CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino (Apr 01)
Andrei Pavel
ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Andrei Pavel (May 28)
Andrew Cooper
Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper (May 13)
Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper (Apr 08)
Anton Luka Šijanec
Re: xdg-open bypassing SameSite=Strict Anton Luka Šijanec (Jun 24)
Re: Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Anton Luka Šijanec (Jun 02)
Arnout Engelen
CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective Arnout Engelen (Jun 03)
CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass Arnout Engelen (Apr 18)
CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen (May 09)
Arthur Mongodin
Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Arthur Mongodin (Apr 01)
Asad Ahmed
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed (May 15)
VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed (May 13)
Attila Szasz
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz (Jun 03)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz (Jun 06)
Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz (Jun 06)
BAL-PETRE Olivier
pam: pam_namespace local privilege escalation (CVE-2025-6020) BAL-PETRE Olivier (Jun 17)
Bastian Blank
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Bastian Blank (Jun 07)
Bernhard Rosenkränzer
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 07)
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer (Apr 09)
Brad House
CVE-2025-31498: c-ares use-after-free Brad House (Apr 08)
Brian Behlendorf
Re: CVE program averts swift end Brian Behlendorf (Apr 16)
Carlos O'Donell
The GNU C Library security advisories update for 2025-05-16 Carlos O'Donell (May 16)
Caveney, Seamus G
RE: The GNU C Library security advisories update for 2025-05-16 Caveney, Seamus G (May 16)
Chao Gong
CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong (Apr 16)
Charles Zhang
CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang (May 27)
CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang (May 27)
CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang (May 27)
Christopher L. Shannon
CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon (May 06)
Craig Ingram
[kubernetes] Race Condition in Go allows Volume Deletion in older Kubernetes versions Craig Ingram (Jun 17)
Damien Miller
Announce: OpenSSH 10.0 released Damien Miller (Apr 09)
Re: Announce: OpenSSH 10.0 released Damien Miller (Apr 09)
Daniel Beck
Vulnerability in Jenkins Gatling Plugin Daniel Beck (Jun 06)
Vulnerabilities in Jenkins Docker images Daniel Beck (Apr 10)
Daniel Gaspar
CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar (May 12)
CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar (May 30)
Daniel Stenberg
[SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop Daniel Stenberg (Jun 03)
[SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL Daniel Stenberg (May 27)
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL Daniel Stenberg (May 27)
Dave Hart
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart (May 13)
Dave Walker
Re: CVE-2024-47081: Netrc credential leak in PSF requests library Dave Walker (Jun 03)
David Fernandez Gonzalez
Re: Local information disclosure in apport and systemd-coredump David Fernandez Gonzalez (Jun 04)
David M. Johnson
CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson (Apr 11)
David Sommerseth
CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS David Sommerseth (Apr 02)
Demi Marie Obenour
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 11)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 02)
Re: CVE-2024-47081: Netrc credential leak in PSF requests library Demi Marie Obenour (Jun 03)
Re: vulnerabilities in busybox tar and cpio tools Demi Marie Obenour (Apr 25)
Re: vulnerabilities in busybox tar and cpio tools Demi Marie Obenour (Apr 24)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour (Jun 11)
Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Demi Marie Obenour (Apr 10)
Dennis Dast
CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2 Dennis Dast (Jun 10)
Domenico Francesco Bruscino
CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino (Apr 09)
Dongjoon Hyun
CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun (May 13)
Dr. Thomas Orgis
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis (May 13)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis (May 13)
Elad Kalif
CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif (Jun 24)
CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif (Apr 04)
Eli Schwartz
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
Re: describing affected systems Eli Schwartz (May 18)
Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Eli Schwartz (Jun 05)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
Fabian Bäumer
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer (Apr 19)
CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer (Apr 16)
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer (Apr 18)
Florian Weimer
Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer (Jun 02)
Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer (Jun 02)
Gabriel Corona
Re: xdg-open bypassing SameSite=Strict Gabriel Corona (Jun 24)
Gang Wu
CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu (May 02)
Gary D. Gregory
CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory (Jun 16)
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory (May 28)
gmane.io
Re: EU Vulnerability Database gmane.io (May 14)
Graeme Fowler
EU Vulnerability Database Graeme Fowler (May 13)
grape mingijung
xdg-open bypassing SameSite=Strict grape mingijung (Jun 23)
Re: xdg-open bypassing SameSite=Strict grape mingijung (Jun 24)
Greg KH
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH (Jun 07)
Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Greg KH (Jun 04)
Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Greg KH (Apr 10)
Hailin Wang
CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang (Apr 12)
Hanno Böck
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck (Apr 07)
Re: CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Hanno Böck (May 19)
Re: CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Hanno Böck (Apr 06)
Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Hanno Böck (Jun 01)
Haonan Hou
CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou (May 13)
CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou (May 13)
CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou (May 13)
Hulk Lin
CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset Hulk Lin (Apr 22)
Ian Norton
vulnerabilities in busybox tar and cpio tools Ian Norton (Apr 23)
Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton (Apr 24)
Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton (Apr 24)
Jacob Bachmeyer
Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Jacob Bachmeyer (Jun 06)
Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer (May 16)
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jacob Bachmeyer (Apr 25)
Re: CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Jacob Bachmeyer (Jun 26)
Re: CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Jacob Bachmeyer (Apr 01)
Jacques Le Roux
CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux (Apr 01)
Jakub Wilk
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jakub Wilk (Apr 24)
Re: CVE-2024-47081: Netrc credential leak in PSF requests library Jakub Wilk (Jun 04)
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk (Jun 17)
Re: vulnerabilities in busybox tar and cpio tools Jakub Wilk (Apr 23)
Re: path traversal in tar extract in intel cve-bin-tool Jakub Wilk (Jun 20)
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jakub Wilk (May 28)
Jan Engelhardt
Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Jan Engelhardt (Apr 25)
Jan Klopper
Re: CVE program averts swift end Jan Klopper (Apr 17)
Jan Schaumann
Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann (May 17)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann (May 16)
Jay Faulkner
OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs Jay Faulkner (May 08)
Jeffrey Walton
Re: CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Jeffrey Walton (Apr 06)
Jelle van der Waa
Re: Local information disclosure in apport and systemd-coredump Jelle van der Waa (Jun 02)
Jeremy Reeder
Re: 3 new CVE's in old branch of GNU mailman Jeremy Reeder (May 08)
Jim P.
Re: 3 new CVE's in old branch of GNU mailman Jim P. (Apr 21)
Jonatan Männchen
CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract Jonatan Männchen (Jun 16)
Jounee Kim
RE: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jounee Kim (May 28)
Kevin Guerroudj
Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj (May 14)
Multiple vulnerabilities in Jenkins and Jenkins plugins Kevin Guerroudj (Apr 02)
Lari Hotari
CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari (Apr 09)
Leon Timmermans
Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Leon Timmermans (Jun 02)
LinkinStar
Re: CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. LinkinStar (Apr 10)
lists
Re: path traversal in tar extract in intel cve-bin-tool lists (Jun 20)
Lucas Holt
Re: xdg-open bypassing SameSite=Strict Lucas Holt (Jun 24)
Luke Chen
CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration Luke Chen (Jun 09)
CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration Luke Chen (Jun 09)
CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability Luke Chen (Jun 09)
Marc Deslauriers
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers (Jun 11)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers (Jun 11)
Marco Benatto
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto (May 13)
Re: Local information disclosure in apport and systemd-coredump Marco Benatto (Jun 03)
Marco Moock
Re: CVE program averts swift end Marco Moock (Apr 16)
Mark Esler
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler (May 13)
Mark Thomas
CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources Mark Thomas (Jun 16)
CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows Mark Thomas (Jun 16)
CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS Mark Thomas (Jun 16)
CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts Mark Thomas (May 29)
CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve Mark Thomas (Apr 28)
CVE-2025-31650: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame Mark Thomas (Apr 28)
Martin Guy
Re: sox_ng fixes 20 CVEs in sox Martin Guy (Jun 25)
sox_ng fixes 20 CVEs in sox Martin Guy (Jun 24)
Masakazu Kitajo
[ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a vulnerability in ESI processing Masakazu Kitajo (Jun 17)
[ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages Masakazu Kitajo (Apr 02)
Mats Wichmann
Re: 3 new CVE's in old branch of GNU mailman Mats Wichmann (Apr 21)
Matthias Gerstner
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner (May 30)
sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806) Matthias Gerstner (Jun 13)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 16)
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner (May 30)
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner (May 28)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 12)
Matt Johnston
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston (May 12)
Mickaël Salaün
Landlock news #5 Mickaël Salaün (May 19)
Mingcong Bai
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai (Apr 07)
Min Ji
CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji (Jun 28)
Natalia Bidart
CVE-2025-48432: Django: Potential log injection via unescaped request path Natalia Bidart (Jun 04)
CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() Natalia Bidart (May 07)
CVE-2025-27556: Django: Potential DoS in LoginView, LogoutView, and set_language() on Windows Natalia Bidart (Apr 02)
Nick Wellnhofer
Multiple vulnerabilities in libxml2 Nick Wellnhofer (Apr 17)
Re: Multiple vulnerabilities in libxml2 Nick Wellnhofer (Apr 17)
Olivier Fourdan
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan (Jun 18)
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan (Jun 17)
Olle E. Johansson
Re: CVE program averts swift end Olle E. Johansson (Apr 17)
Otto Moerbeek
PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0 Otto Moerbeek (Apr 07)
Phil Pennock
CVE-2025-30215: nats-server: Missing access controls for JS API Phil Pennock (Apr 08)
PJ Fanning
CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning (Apr 08)
Qualys Security Advisory
Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Qualys Security Advisory (Apr 24)
Local information disclosure in apport and systemd-coredump Qualys Security Advisory (May 29)
CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory (Jun 17)
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory (Jun 17)
Rafael Gonzaga
Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga (May 08)
Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga (May 14)
Remi Gacogne
PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH exchange Remi Gacogne (Apr 29)
Ricardo Branco
Re: vulnerabilities in busybox tar and cpio tools Ricardo Branco (Apr 23)
Rita Zhang
[kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks Rita Zhang (Jun 18)
Rolf Reintjes
CVE program averts swift end Rolf Reintjes (Apr 16)
Re: EU Vulnerability Database Rolf Reintjes (May 13)
Russ Allbery
Re: 3 new CVE's in old branch of GNU mailman Russ Allbery (Apr 21)
Sage [They / Them] McTaggart
CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Sage [They / Them] McTaggart (Jun 26)
Salvatore Bonaccorso
Re: vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso (Apr 23)
Re: vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso (Apr 23)
Sam James
Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)
Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Sam James (Jun 05)
XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)
Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)
Sarah Boyce
Re: Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce (Jun 10)
Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce (Jun 10)
Sasha Levin
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin (Jun 07)
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin (Jun 07)
Sebastian Pipping
xmlrpc-c bundles a (very old and) vulnerable copy of libexpat Sebastian Pipping (Apr 09)
Re: Django CVE-2025-48432 (follow-up patch releases) Sebastian Pipping (Jun 10)
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping (Apr 09)
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping (Apr 09)
Simon McVittie
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie (Jun 07)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie (Jun 11)
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie (May 29)
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie (Jun 17)
Re: xdg-open bypassing SameSite=Strict Simon McVittie (Jun 24)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Simon McVittie (May 13)
Solar Designer
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer (May 12)
Re: vulnerabilities in busybox tar and cpio tools Solar Designer (Apr 24)
Re: CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c Solar Designer (Apr 25)
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer (Apr 17)
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer (Apr 24)
Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer (May 14)
Re: The GNU C Library security advisories update for 2025-05-16 Solar Designer (May 16)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 04)
Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 02)
how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) Solar Designer (May 28)
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer (Apr 18)
Re: Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Solar Designer (Apr 01)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 05)
Re: xdg-open bypassing SameSite=Strict Solar Designer (Jun 23)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 05)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 04)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 14)
Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer (May 08)
Re: CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Solar Designer (Apr 13)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 02)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 04)
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer (Apr 24)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Jun 05)
Re: CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Solar Designer (Apr 06)
Re: Security audit of PHP Solar Designer (Apr 12)
Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Solar Designer (Apr 12)
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer (Jun 05)
Re: Multiple vulnerabilities in libxml2 Solar Designer (Apr 17)
Re: EU Vulnerability Database Solar Designer (May 13)
Stig Palmquist
CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Stig Palmquist (May 30)
Re: CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist (Apr 13)
CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist (Apr 13)
Stuart Henderson
Re: EU Vulnerability Database Stuart Henderson (May 13)
Re: EU Vulnerability Database Stuart Henderson (May 13)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson (May 15)
Taylor R Campbell
Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell (May 17)
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell (May 16)
Thomas Ward
Re: 3 new CVE's in old branch of GNU mailman Thomas Ward (Apr 21)
Timothy Legge
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge (Jun 05)
Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge (Jun 05)
Todd C. Miller
CVE-2025-32462: sudo local privilege escalation via host option Todd C. Miller (Jun 30)
CVE-2025-32463: sudo local privilege escalation via chroot option Todd C. Miller (Jun 30)
Tomasz Cedro
CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. Tomasz Cedro (Jun 14)
CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. Tomasz Cedro (Jun 14)
Valtteri Vuorikoski
Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty Valtteri Vuorikoski (May 09)
Vegard Nossum
Re: Local information disclosure in apport and systemd-coredump Vegard Nossum (Jun 03)
Re: Local information disclosure in apport and systemd-coredump Vegard Nossum (Jun 06)
Vincent Lefevre
Re: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre (Jun 02)
Re: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre (Jun 02)
VMware PSIRT
CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT (May 12)
Werner Koch
Re: Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Werner Koch (Apr 28)
Xen . org security team
Xen Security Advisory 469 v2 (CVE-2024-28956) - x86: Indirect Target Selection Xen . org security team (May 12)
Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices Xen . org security team (May 27)
Xen Security Advisory 469 v1 - x86: Indirect Target Selection Xen . org security team (May 12)
xiaolin
CVE-2024-56430: openfhe: OpenFHE through 1.2.3 has a NULL pointer dereference bug xiaolin (Apr 25)
CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c xiaolin (Apr 25)
Xue Weiming
CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming (Jun 29)
Yogesh Mittal
Re: Fwd: Node.js security updates for all active release lines, May 2025 Yogesh Mittal (May 15)
Zbigniew Jędrzejewski-Szmek
Re: Local information disclosure in apport and systemd-coredump Zbigniew Jędrzejewski-Szmek (Jun 10)
李亚杰
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰 (Apr 08)
CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰 (Apr 07)
田世林
CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow 田世林 (Apr 24)