oss-sec: by author
RSS Feed
About List
All Lists
Previous period
251 messages
starting Jul 23 25 and
ending Sep 11 25
Date index |
Thread index |
Author index
Adhemerval Zanella Netto
The GNU C Library security advisories update for 2025-07-23 Adhemerval Zanella Netto (Jul 23)
Adiletta, Andrew
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew (Sep 23)
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew (Sep 28)
Adrian Perez de Castro
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005 Adrian Perez de Castro (Aug 01)
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0006 Adrian Perez de Castro (Sep 22)
Alan Coopersmith
Re: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith (Aug 16)
PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33 Alan Coopersmith (Jul 11)
CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key Alan Coopersmith (Aug 22)
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith (Aug 13)
CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12 Alan Coopersmith (Aug 06)
SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] Alan Coopersmith (Sep 05)
malware in SoopSocks package on PyPi Alan Coopersmith (Sep 30)
Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Alan Coopersmith (Jul 28)
SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965] Alan Coopersmith (Sep 05)
Re: RSYNC: 6 vulnerabilities Alan Coopersmith (Aug 18)
Go 1.24.5 & 1.23.11 fix CVE-2025-4674 Alan Coopersmith (Jul 08)
gnutls 3.8.10 fixes 4 CVEs Alan Coopersmith (Jul 11)
Re: 5 security issues disclosed in libxml2 Alan Coopersmith (Jul 11)
GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Alan Coopersmith (Jul 11)
Ali Polatel
Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Ali Polatel (Aug 19)
Amit
Re: How to do secure coding and create secure software Amit (Sep 29)
How to do secure coding and create secure software Amit (Sep 27)
Re: How to do secure coding and create secure software Amit (Sep 28)
Re: How to do secure coding and create secure software Amit (Sep 29)
Re: How to do secure coding and create secure software Amit (Sep 30)
Andy Seaborne
CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne (Jul 21)
CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne (Jul 21)
Andy Tinkham
Five new CVEs published for Cyberark Conjur OSS Andy Tinkham (Jul 16)
Arnout Engelen
CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen (Jul 30)
CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen (Aug 18)
Ben Scott
ISC has disclosed one vulnerability in Stork (CVE-2025-8696) Ben Scott (Sep 10)
ISC has disclosed one vulnerability in Kea (CVE-2025-40779) Ben Scott (Aug 27)
Brandon Perry
Electric Charger Research Brandon Perry (Jul 07)
Chao Gong
CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong (Sep 06)
CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong (Sep 06)
Chaokun Yang
CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Chaokun Yang (Sep 15)
CVE-2025-61622: Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory Chaokun Yang (Sep 29)
Chen Xia
CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Chen Xia (Sep 19)
CVE-2025-59355: Apache Linkis: Password Exposure Chen Xia (Sep 19)
Christian Brabandt
[vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551 Christian Brabandt (Jul 15)
[vim-security] heap use-after-free was found in Vim < 9.1.1400 Christian Brabandt (Aug 10)
[vim-security] A double-free was found in Vim >v9.1.1231 and < 9.1.1406 Christian Brabandt (Aug 10)
[vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552 Christian Brabandt (Jul 15)
Christian Hoffmann
libtiff 4.7.0: Out-of-Bounds Write in TIFFReadRGBAImageOriented() (CVE-2025-9900) Christian Hoffmann (Sep 26)
Collin Funk
Re: xterm terminal crash due to malicious character sequences in file name Collin Funk (Aug 16)
Colm O hEigeartaigh
CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh (Aug 07)
CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh (Jul 15)
Cuong Duy
Re: CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges Cuong Duy (Jul 07)
Damien Diederen
CVE-2025-58457: Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Damien Diederen (Sep 24)
Damien Miller
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 28)
Re: CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 24)
CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 22)
Dan Cross
Re: How to do secure coding and create secure software Dan Cross (Sep 29)
Re: How to do secure coding and create secure software Dan Cross (Sep 29)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Sep 17)
Daniel Gaspar
CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar (Aug 14)
CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar (Aug 14)
CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar (Aug 14)
CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar (Aug 14)
Daniel Stenberg
[SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg (Sep 09)
[SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path Daniel Stenberg (Sep 09)
Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg (Sep 10)
David A. Wheeler
Re: How to do secure coding and create secure software David A. Wheeler (Sep 29)
Re: xterm terminal crash due to malicious character sequences in file name David A. Wheeler (Aug 17)
Re: Shellshock (was: How to do secure coding and create secure software) David A. Wheeler (Sep 30)
Demi Marie Obenour
Re: Linux kernel: eBPF vulnerabilities Demi Marie Obenour (Aug 03)
Re: Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour (Aug 19)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 26)
Re: Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour (Aug 15)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 25)
Dhiraj Mishra
libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Dhiraj Mishra (Aug 26)
Eli Schwartz
Re: How to do secure coding and create secure software Eli Schwartz (Sep 28)
Emilio Pozuelo Monfort
Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Emilio Pozuelo Monfort (Sep 10)
Eric Covener
CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener (Jul 10)
CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener (Jul 10)
CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener (Jul 24)
CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener (Jul 10)
CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener (Jul 10)
CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener (Jul 10)
CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener (Jul 10)
CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener (Jul 10)
CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener (Jul 10)
Erik Auerswald
Re: xterm terminal crash due to malicious character sequences in file name Erik Auerswald (Aug 17)
Re: xterm terminal crash due to malicious character sequences in file name Erik Auerswald (Aug 13)
Everett B. Fulton
ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) Everett B. Fulton (Jul 16)
Gary D. Gregory
CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory (Jul 11)
Hannes von Haugwitz
CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS) Hannes von Haugwitz (Aug 14)
CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass) Hannes von Haugwitz (Aug 14)
Hanno Böck
Opossum attack / Opportunistic HTTP (RFC 2817) insecure Hanno Böck (Jul 09)
Re: CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Hanno Böck (Aug 20)
Haonan Hou
CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Haonan Hou (Sep 24)
CVE-2025-48392: Apache IoTDB: DoS Vulnerability Haonan Hou (Sep 24)
Huajie Wang
CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang (Sep 04)
CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang (Aug 22)
Huzaifa Sidhpurwala
Security pre-notification policy for vLLM project Huzaifa Sidhpurwala (Aug 19)
Jacob Bachmeyer
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 27)
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer (Aug 10)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 24)
Re: CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 22)
Re: How to do secure coding and create secure software Jacob Bachmeyer (Sep 29)
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Jacob Bachmeyer (Sep 25)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 27)
Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Jacob Bachmeyer (Aug 18)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 23)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 25)
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer (Aug 09)
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer (Aug 11)
Jaras
CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00 Jaras (Jul 18)
CVE-2025-53816: Memory corruption in 7-Zip before 25.00 Jaras (Jul 18)
Jeffrey Walton
Re: How to do secure coding and create secure software Jeffrey Walton (Sep 28)
Jens-Wolfhard Schicke-Uffmann
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jens-Wolfhard Schicke-Uffmann (Aug 13)
Jeremy Stanley
Re: How to do secure coding and create secure software Jeremy Stanley (Sep 28)
Re: How to do secure coding and create secure software Jeremy Stanley (Sep 27)
Re: How to do secure coding and create secure software Jeremy Stanley (Sep 29)
Jordan Glover
Re: Question about (in)security of fdk-aac-free in linux distros Jordan Glover (Aug 15)
Question about (in)security of fdk-aac-free in linux distros Jordan Glover (Aug 13)
Juan Pablo Santos Rodríguez
CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez (Jul 30)
CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez (Jul 30)
Julian Reschke
CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke (Jul 14)
Junxu Chen
CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen (Jul 02)
Katie
Re: How to do secure coding and create secure software Katie (Sep 28)
Kaxil Naik
CVE-2025-54831: Apache Airflow: Connection sensitive details exposed to users with READ permissions Kaxil Naik (Sep 25)
Kevin Backhouse
Re: GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Kevin Backhouse (Jul 12)
CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse (Jul 03)
Re: CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse (Jul 18)
Kevin Guerroudj
Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj (Sep 03)
Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj (Jul 09)
Lidong Dai
CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai (Sep 03)
CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai (Sep 03)
lists
Re: How to do secure coding and create secure software lists (Sep 28)
liyajie
Re: CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie (Jul 24)
CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie (Jul 16)
CVE-2025-23267:A vulnerability in NVIDIA Container Toolkit can lead to container escape. liyajie (Jul 16)
Li Yang
CVE-2025-61734: Apache Kylin: improper restriction of file read Li Yang (Sep 30)
CVE-2025-61733: Apache Kylin: Authentication bypass Li Yang (Sep 30)
CVE-2025-61735: Apache Kylin: Server-Side Request Forgery Li Yang (Sep 30)
Lucas Holt
Re: How to do secure coding and create secure software Lucas Holt (Sep 28)
lunbun
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 11)
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 10)
CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 09)
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 11)
Marcel Reutegger
CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger (Sep 06)
Marco Benatto
FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin Marco Benatto (Sep 30)
CVE-2025-8067 - UDisks Marco Benatto (Aug 28)
Mark Thomas
CVE-2025-55668: Apache Tomcat: session fixation via rewrite valve Mark Thomas (Aug 13)
CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS Mark Thomas (Jul 10)
CVE-2025-48989: Apache Tomcat: h2 DoS - Made You Reset Mark Thomas (Aug 13)
CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start Mark Thomas (Jul 10)
CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload Mark Thomas (Jul 10)
Martin Storsjö
Re: Question about (in)security of fdk-aac-free in linux distros Martin Storsjö (Aug 14)
Re: Question about (in)security of fdk-aac-free in linux distros Martin Storsjö (Aug 19)
Mats Wichmann
Re: How to do secure coding and create secure software Mats Wichmann (Sep 27)
Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Mats Wichmann (Jul 28)
Matthew Fernandez
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Matthew Fernandez (Sep 25)
Maurits van Rees (Plone)
CVE-2025-58047: DoS in Volto (Plone CMS) Maurits van Rees (Plone) (Aug 28)
Maytham Alsudany
Re: StarDict sends the user's X11 selection to the network Maytham Alsudany (Aug 08)
Michael Jumper
CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper (Jul 01)
Re: How to do secure coding and create secure software Michael Jumper (Sep 27)
Min Ji
CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji (Aug 07)
Moritz Bechler
Re: CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution Moritz Bechler (Jul 21)
Nick Tait
Re: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Nick Tait (Aug 20)
Nicolas Malin
CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin (Aug 05)
Pedro Sampaio
Re: CVE-2023-51767: a bogus CVE in OpenSSH Pedro Sampaio (Sep 22)
Peter Gutmann
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 24)
Re: CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 23)
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 29)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 27)
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 27)
Piotr Karwasz
CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz (Aug 22)
CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz (Aug 22)
PJ Fanning
CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning (Aug 03)
CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning (Aug 03)
https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning (Jul 13)
CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning (Aug 03)
Rafael Gonzaga
Fwd: Node.js security updates for all active release lines, July 2025 Rafael Gonzaga (Jul 16)
Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga (Jul 08)
Remi Gacogne
PowerDNS Security Advisory 2025-05 for DNSdist: Denial of service via crafted DoH exchange Remi Gacogne (Sep 18)
Rita Zhang
[kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override Rita Zhang (Jul 22)
[kubernetes] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks Rita Zhang (Sep 16)
Robert Rothenberg
CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Robert Rothenberg (Jul 16)
CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg (Sep 08)
CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Robert Rothenberg (Jul 16)
CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg (Sep 08)
CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Robert Rothenberg (Aug 11)
CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified Robert Rothenberg (Sep 08)
Salvatore Bonaccorso
Re: DoS segfault (NULL pointer deref) in SOPE / SOGo Salvatore Bonaccorso (Jul 05)
Re: Fwd: Node.js security updates for all active release lines, May 2025 Salvatore Bonaccorso (Jul 08)
Sam James
Re: Question about (in)security of fdk-aac-free in linux distros Sam James (Aug 14)
Sandro Gauci
Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci (Jul 31)
Sarah Boyce
CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases Sarah Boyce (Sep 03)
Sebastian Pipping
libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770) Sebastian Pipping (Sep 16)
libexpat 2.7.3 improves fixes to CVE-2024-8176 and CVE-2025-59375 Sebastian Pipping (Sep 24)
Seth Larson
Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Seth Larson (Jul 29)
Simon McVittie
Re: process exit statuses (was: CVE-2023-51767) Simon McVittie (Sep 23)
Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Simon McVittie (Aug 19)
Solar Designer
Re: Fwd: Node.js security updates for all active release lines, July 2025 Solar Designer (Jul 22)
Re: Linux kernel: eBPF vulnerabilities Solar Designer (Sep 23)
Re: Five new CVEs published for Cyberark Conjur OSS Solar Designer (Aug 07)
Re: How to do secure coding and create secure software Solar Designer (Sep 30)
CVE fixes in Apache HTTP Server 2.4.64 Solar Designer (Jul 10)
Re: Electric Charger Research Solar Designer (Jul 07)
Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer (Jul 08)
Re: Local information disclosure in apport and systemd-coredump Solar Designer (Aug 17)
Re: How to do secure coding and create secure software Solar Designer (Sep 29)
CVE-2025-53859: nginx: ngx_mail_smtp_module buffer over-read potentially resulting in sensitive information leak Solar Designer (Aug 13)
Re: CVE-2023-51767: a bogus CVE in OpenSSH Solar Designer (Sep 22)
Linux kernel: eBPF vulnerabilities Solar Designer (Aug 02)
Re: libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Solar Designer (Aug 26)
non-issues in dailyaidecheck script in Debian's packaging of AIDE Solar Designer (Jul 22)
Re: xterm terminal crash due to malicious character sequences in file name Solar Designer (Aug 16)
Re: Linux kernel: eBPF vulnerabilities Solar Designer (Sep 24)
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer (Sep 23)
Re: How to do secure coding and create secure software Solar Designer (Sep 27)
Re: CVE-2025-8067 - UDisks Solar Designer (Aug 28)
Re: How to do secure coding and create secure software Solar Designer (Sep 29)
Stefan Bühler
DoS segfault (NULL pointer deref) in SOPE / SOGo Stefan Bühler (Jul 02)
Stuart D Gathman
Re: CVE-2023-51767: a bogus CVE in OpenSSH Stuart D Gathman (Sep 22)
Taylor Blau
Multiple vulnerabilities fixed in Git Taylor Blau (Jul 08)
Theo de Raadt
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 28)
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 29)
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 29)
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 28)
Thomas Dickey
Re: xterm terminal crash due to malicious character sequences in file name Thomas Dickey (Aug 13)
tianshuo han
[CVE-2025-38501] Linux kernel: KSMBD service DoS by TCP handshake tianshuo han (Sep 15)
CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference tianshuo han (Jul 02)
Tim Allison
CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison (Aug 20)
CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison (Aug 20)
Todd C. Miller
Re: CVE-2023-51767: a bogus CVE in OpenSSH Todd C. Miller (Sep 23)
Tomas Mraz
OpenSSL Security Advisory Tomas Mraz (Sep 30)
Vincent Berg
Release of pqcscan Vincent Berg (Jul 10)
Vincent Lefevre
xterm terminal crash due to malicious character sequences in file name Vincent Lefevre (Aug 13)
StarDict sends the user's X11 selection to the network Vincent Lefevre (Aug 04)
Re: xterm terminal crash due to malicious character sequences in file name Vincent Lefevre (Aug 17)
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Vincent Lefevre (Aug 11)
Re: xterm terminal crash due to malicious character sequences in file name Vincent Lefevre (Aug 16)
VMware PSIRT
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT (Sep 25)
[Security Advisory] open-vm-tools: Local privilege escalation (CVE-2025-41244) VMware PSIRT (Sep 29)
Wang Weibing
CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing (Aug 11)
Willy Tarreau
Re: Linux kernel: eBPF vulnerabilities Willy Tarreau (Sep 24)
Xen . org security team
Xen Security Advisory 473 v2 (CVE-2025-58144,CVE-2025-58145) - Arm issues with page refcounting Xen . org security team (Sep 09)
Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery Xen . org security team (Jul 01)
Xen Security Advisory 471 v1 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks Xen . org security team (Jul 08)
Xen Security Advisory 474 v2 (CVE-2025-58146) - XAPI UTF-8 string handling Xen . org security team (Sep 09)
Xen Security Advisory 471 v2 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks Xen . org security team (Aug 28)
Xen Security Advisory 472 v2 (CVE-2025-27466,CVE-2025-58142,CVE-2025-58143) - Mutiple vulnerabilities in the Viridian interface Xen . org security team (Sep 09)
YuanSheng Wang
CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges YuanSheng Wang (Jul 06)
Zdenek Dohnal
CVE-2025-58364 cups: Remote DoS via null dereference Zdenek Dohnal (Sep 11)
CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate Zdenek Dohnal (Sep 11)