Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives

Latest Posts

Re: check_icmp (Monitoring Plugins): host-count overflow leads to heap buffer overflow in setuid-root binary Michael Orlitzky (Jul 01)
If anyone was wondering, nagios-plugins has the same problem.

Fix: https://github.com/nagios-plugins/nagios-plugins/pull/833

CVE-2026-54161: NUT upsmon: remote OS command injection via ups.alarm in NOTIFYCMD - fixed in PR #3499 (affects 2.8.3–2.8.5) pro Err0r (Jul 01)
Hello,

A remote OS command injection (CWE-78) in Network UPS Tools (NUT) upsmon,
affecting 2.8.3, 2.8.4 and 2.8.5 (and pre-fix git master). Not affected:
2.8.2 and earlier.

CVE-2026-54161
Advisory:
https://github.com/networkupstools/nut/security/advisories/GHSA-mjgp-j4gm-6qg5
Fix: https://github.com/networkupstools/nut/pull/3499

## Detail
When a monitored UPS reports ALARM and the operator has NOTIFYCMD set with
"NOTIFYFLAG ALARM...

Vinyl Cache / Varnish Cache HTTP/2 parsing deficiency [CVE-2026-50052] Alan Coopersmith (Jul 01)
https://vinyl-cache.org/security/VSV00019.html says:

[See https://vinyl-cache.org/security/VSV00019.html for full details.]

https://blog.calif.io/p/mad-bugs-my-cousin-vinyl-cve-2026 provides the story of
how it was found by the researcher.

Fwd: libevent 2.1.13-stable contains several security fixes Alan Coopersmith (Jul 01)
[None of the GHSA's list CVE id's at this time. -alan-]

-------- Forwarded Message --------
Subject: libevent 2.1.13-stable
Date: Wed, 1 Jul 2026 05:31:52 -0700
From: Kevin Bowling <kevin.bowling () kev009 com>
To: distributions () lists linux dev

https://github.com/libevent/libevent/releases/tag/release-2.1.13-stable
(and https://github.com/libevent/libevent/releases/tag/release-2.2.2-alpha)
are primarily security releases and...

CVE-2025-15646: HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion Robert Rothenberg (Jul 01)
========================================================================
CVE-2025-15646                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2025-15646
  Distribution:  HTML-Gumbo
      Versions:  before 0.19

      MetaCPAN:  https://metacpan.org/dist/HTML-Gumbo
      VCS Repo: ...

CVE-2026-56016: CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources Robert Rothenberg (Jul 01)
========================================================================
CVE-2026-56016                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2026-56016
  Distribution:  CGI-Session
      Versions:  before 4.49

      MetaCPAN:  https://metacpan.org/dist/CGI-Session
      VCS Repo: ...

check_icmp (Monitoring Plugins): host-count overflow leads to heap buffer overflow in setuid-root binary Holger Weiß (Jul 01)
We released Monitoring Plugins 3.0.1, which fixes a security issue in
the check_icmp plugin.

Product: Monitoring Plugins (check_icmp)
Date: 2026-07-01
Severity: High (CVSS 3.1: 7.0, CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE: requested, not yet assigned
CWE: CWE-190 (Integer Overflow or Wraparound),
CWE-787 (Out-of-bounds Write)
Affected: check_icmp 3.0.0 (introduced in v3.0.0-rc1)
Fixed in: Monitoring...

CVE-2026-54399: Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration Oleg Kalnichevski (Jul 01)
Severity: important

Affected versions:

- Apache HttpComponents Core (org.apache.httpcomponents.core5:httpcore5) 5.5-beta1
- Apache HttpComponents Core (org.apache.httpcomponents.core5:httpcore5) 5.4.2

Description:

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and
earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory...

CVE-2026-54428: Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK Oleg Kalnichevski (Jul 01)
Severity: Important

Affected versions:

- Apache HttpComponents Core (org.apache.httpcomponents.core5:httpcore5-h2) 5.5-beta1
- Apache HttpComponents Core (org.apache.httpcomponents.core5:httpcore5-h2) 5.4.2

Description:

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2
and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory...

Re: hostapd: OOB write in Wi-Fi 7 MLD association parsing (pre-auth DoS) Abhinav Agarwal (Jul 01)
MITRE assigned CVE-2026-58374 with a CVSS score of 6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

-- Abhinav

OFFIS DCMTK: 5 CISA-coordinated DICOM vulnerabilities Abhinav Agarwal (Jul 01)
CISA has published an advisory for five vulnerabilities in OFFIS DCMTK
(DICOM Toolkit), affecting DCMTK <= 3.7.0:

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01

Fix status:

The fixes are in upstream DCMTK master but not any release as of today
https://github.com/DCMTK/dcmtk/releases/tag/latest

Vulnerabilities and fixes:

1. CVE-2026-50003 - bit-preserving C-GET path traversal - CVSS v3.1:
9.8 Critical
Fix:...

CVE-2026-13766: DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers Robert Rothenberg (Jun 30)
========================================================================
CVE-2026-13766                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2026-13766
  Distribution:  DBIx-QuickORM
      Versions:  before 0.000026

      MetaCPAN:  https://metacpan.org/dist/DBIx-QuickORM
      VCS Repo: ...

CVE-2026-57079 through CVE-2026-57082: Multiple vulnerabilities in Net::BitTorrent versions through 2.0.1 for Perl Robert Rothenberg (Jun 30)
========================================================================
CVE-2026-57079                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2026-57079
  Distribution:  Net-BitTorrent
      Versions:  through 2.0.1

      MetaCPAN:  https://metacpan.org/dist/Net-BitTorrent
      VCS Repo: ...

CVE-2025-53648: Apache Gravitino: SQL misconfiguration can access or truncate files Jerry Shao (Jun 30)
Severity: low

Affected versions:

- Apache Gravitino (org.apache.gravitino:catalog-jdbc-common) 0.5.0 before 1.0.0

Description:

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate
files.
Users are recommended to upgrade to version 1.0.0, which fixes this issue.

Credit:

A1kaid@ThreatBook VulTeam (reporter)
Le1a@ThreatBook VulTeam (finder)

References:...

hostapd: OOB write in Wi-Fi 7 MLD association parsing (pre-auth DoS) Abhinav Agarwal (Jun 29)
A Wi-Fi 7 / IEEE 802.11be MLD parsing issue in hostapd AP mode has
been fixed upstream:

https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt

Issue:
Missing link ID validation in hostapd_process_ml_assoc_req()
(src/ap/ieee802_11_eht.c). link_id is masked with 0x000f
(values 0-15), but links[] only has valid entries 0..14
(MAX_NUM_MLD_LINKS=15). A crafted Per-STA Profile with
link_id=15 can write past the end of links[]...

More Lists

Dozens of other network security lists are archived at SecLists.Org.