oss-sec: by date
RSS Feed
About List
All Lists
Previous period
289 messages
starting Apr 01 25 and
ending Jun 30 25
Date index |
Thread index |
Author index
Tuesday, 01 April
Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Arthur Mongodin
CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino
CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux
Re: Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Solar Designer
Re: CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Jacob Bachmeyer
Wednesday, 02 April
CVE-2025-27556: Django: Potential DoS in LoginView, LogoutView, and set_language() on Windows Natalia Bidart
Multiple vulnerabilities in Jenkins and Jenkins plugins Kevin Guerroudj
[ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages Masakazu Kitajo
CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS David Sommerseth
Thursday, 03 April
XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
Friday, 04 April
CVE-2025-3155 GNOME Yelp: Arbitrary file read by abusing ghelp scheme Alan Coopersmith
CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif
pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946 Alan Coopersmith
CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data Alan Coopersmith
Sunday, 06 April
Re: CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Hanno Böck
Re: CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Solar Designer
Re: CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Jeffrey Walton
Monday, 07 April
PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0 Otto Moerbeek
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0003 Adrian Perez de Castro
CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
Tuesday, 08 April
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
CVE-2025-31498: c-ares use-after-free Brad House
Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
CVE-2025-30215: nats-server: Missing access controls for JS API Phil Pennock
Wednesday, 09 April
Announce: OpenSSH 10.0 released Damien Miller
CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
xmlrpc-c bundles a (very old and) vulnerable copy of libexpat Sebastian Pipping
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
Re: Announce: OpenSSH 10.0 released Damien Miller
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
Re: CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
Thursday, 10 April
Vulnerabilities in Jenkins Docker images Daniel Beck
Re: CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. LinkinStar
CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() akendo () akendo eu
Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Greg KH
Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Demi Marie Obenour
Friday, 11 April
CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson
Saturday, 12 April
CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang
Security audit of PHP Alan Coopersmith
Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Solar Designer
Re: Security audit of PHP Solar Designer
Sunday, 13 April
CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
Re: CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Solar Designer
Re: CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
Wednesday, 16 April
CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong
CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
CVE program averts swift end Rolf Reintjes
Re: CVE program averts swift end Marco Moock
Re: CVE program averts swift end Brian Behlendorf
Re: CVE program averts swift end Alan Coopersmith
Thursday, 17 April
Re: CVE program averts swift end Olle E. Johansson
Re: CVE program averts swift end Jan Klopper
Multiple vulnerabilities in libxml2 Nick Wellnhofer
Re: Multiple vulnerabilities in libxml2 Solar Designer
Re: Multiple vulnerabilities in libxml2 Nick Wellnhofer
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
Friday, 18 April
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass Arnout Engelen
A bowlful of bugs in GNOME's libsoup Alan Coopersmith
libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724 Alan Coopersmith
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
Saturday, 19 April
Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
Monday, 21 April
3 new CVE's in old branch of GNU mailman Alan Coopersmith
Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
Re: 3 new CVE's in old branch of GNU mailman Thomas Ward
Re: 3 new CVE's in old branch of GNU mailman Mats Wichmann
Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
Re: 3 new CVE's in old branch of GNU mailman Russ Allbery
Re: 3 new CVE's in old branch of GNU mailman Jim P.
Tuesday, 22 April
CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset Hulk Lin
Wednesday, 23 April
vulnerabilities in busybox tar and cpio tools Ian Norton
Re: vulnerabilities in busybox tar and cpio tools Ricardo Branco
Re: vulnerabilities in busybox tar and cpio tools Jakub Wilk
CVE-2025-23016: Integer & buffer overflow in fastcgi < 2.4.5 Alan Coopersmith
Re: vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
Re: vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
Thursday, 24 April
Re: vulnerabilities in busybox tar and cpio tools Albert Veli
Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow 田世林
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jakub Wilk
Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Qualys Security Advisory
Re: vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
Re: vulnerabilities in busybox tar and cpio tools Solar Designer
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
Friday, 25 April
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jacob Bachmeyer
CVE-2024-56430: openfhe: OpenFHE through 1.2.3 has a NULL pointer dereference bug xiaolin
CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c xiaolin
Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Jan Engelhardt
Re: CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c Solar Designer
Re: vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
Monday, 28 April
Re: Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Werner Koch
CVE-2025-31650: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame Mark Thomas
CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve Mark Thomas
Tuesday, 29 April
PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH exchange Remi Gacogne
Friday, 02 May
CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js Alan Coopersmith
Tuesday, 06 May
CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory Alan Coopersmith
Re: CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Alan Coopersmith
Wednesday, 07 May
CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() Natalia Bidart
Thursday, 08 May
OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs Jay Faulkner
Re: 3 new CVE's in old branch of GNU mailman Jeremy Reeder
Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
Friday, 09 May
CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty Valtteri Vuorikoski
CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Alan Coopersmith
Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith
Monday, 12 May
screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
Xen Security Advisory 469 v1 - x86: Indirect Target Selection Xen . org security team
Xen Security Advisory 469 v2 (CVE-2024-28956) - x86: Indirect Target Selection Xen . org security team
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
Tuesday, 13 May
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart
EU Vulnerability Database Graeme Fowler
Re: EU Vulnerability Database Stuart Henderson
Re: EU Vulnerability Database Stuart Henderson
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Simon McVittie
Re: EU Vulnerability Database Rolf Reintjes
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler
Re: EU Vulnerability Database Solar Designer
CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
Wednesday, 14 May
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
Re: EU Vulnerability Database gmane.io
Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
Thursday, 15 May
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 Adrian Perez de Castro
Re: Fwd: Node.js security updates for all active release lines, May 2025 Yogesh Mittal
Friday, 16 May
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Alan Coopersmith
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
The GNU C Library security advisories update for 2025-05-16 Carlos O'Donell
Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer
Re: The GNU C Library security advisories update for 2025-05-16 Solar Designer
RE: The GNU C Library security advisories update for 2025-05-16 Caveney, Seamus G
Saturday, 17 May
Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann
Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell
Sunday, 18 May
Re: describing affected systems Eli Schwartz
Monday, 19 May
Re: CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Hanno Böck
Landlock news #5 Mickaël Salaün
Tuesday, 27 May
Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices Xen . org security team
CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang
CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang
CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL Daniel Stenberg
[SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL Daniel Stenberg
Wednesday, 28 May
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory
ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Andrei Pavel
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
RE: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jounee Kim
how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) Solar Designer
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jakub Wilk
Thursday, 29 May
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
Local information disclosure in apport and systemd-coredump Qualys Security Advisory
CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts Mark Thomas
Friday, 30 May
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar
CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Stig Palmquist
Sunday, 01 June
Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Hanno Böck
Monday, 02 June
Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
Re: Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Anton Luka Šijanec
Re: Local information disclosure in apport and systemd-coredump Jelle van der Waa
Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Leon Timmermans
Re: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
Re: Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Tuesday, 03 June
Re: Local information disclosure in apport and systemd-coredump Vegard Nossum
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective Arnout Engelen
Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication Alan Coopersmith
CVE-2024-47081: Netrc credential leak in PSF requests library Alan Coopersmith
Re: Local information disclosure in apport and systemd-coredump Marco Benatto
Re: CVE-2024-47081: Netrc credential leak in PSF requests library Dave Walker
Re: CVE-2024-47081: Netrc credential leak in PSF requests library Demi Marie Obenour
[SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop Daniel Stenberg
Wednesday, 04 June
Re: Local information disclosure in apport and systemd-coredump David Fernandez Gonzalez
Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Greg KH
CVE-2025-48432: Django: Potential log injection via unescaped request path Natalia Bidart
Re: CVE-2024-47081: Netrc credential leak in PSF requests library Jakub Wilk
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Thursday, 05 June
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874 Alan Coopersmith
Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Sam James
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Eli Schwartz
Friday, 06 June
Vulnerability in Jenkins Gatling Plugin Daniel Beck
Re: Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Jacob Bachmeyer
Re: Local information disclosure in apport and systemd-coredump Vegard Nossum
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz
Saturday, 07 June
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Bastian Blank
Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin
Monday, 09 June
CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability Luke Chen
CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration Luke Chen
CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration Luke Chen
Tuesday, 10 June
Re: Local information disclosure in apport and systemd-coredump Zbigniew Jędrzejewski-Szmek
Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce
Re: Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce
Re: Django CVE-2025-48432 (follow-up patch releases) Sebastian Pipping
CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2 Dennis Dast
Wednesday, 11 June
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
Friday, 13 June
sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806) Matthias Gerstner
Saturday, 14 June
CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. Tomasz Cedro
CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. Tomasz Cedro
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Monday, 16 June
CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS Mark Thomas
CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources Mark Thomas
CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows Mark Thomas
CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory
CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract Jonatan Männchen
5 security issues disclosed in libxml2 Alan Coopersmith
Tuesday, 17 June
pam: pam_namespace local privilege escalation (CVE-2025-6020) BAL-PETRE Olivier
[kubernetes] Race Condition in Go allows Volume Deletion in older Kubernetes versions Craig Ingram
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie
[ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a vulnerability in ESI processing Masakazu Kitajo
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk
Wednesday, 18 June
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
[kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks Rita Zhang
Friday, 20 June
Re: path traversal in tar extract in intel cve-bin-tool Jakub Wilk
ClamAV 1.4.3 and 1.0.9 security patch versions published Alan Coopersmith
Re: path traversal in tar extract in intel cve-bin-tool lists
Monday, 23 June
xdg-open bypassing SameSite=Strict grape mingijung
Re: xdg-open bypassing SameSite=Strict Solar Designer
CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Alan Coopersmith
Tuesday, 24 June
Re: xdg-open bypassing SameSite=Strict Simon McVittie
CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif
sox_ng fixes 20 CVEs in sox Martin Guy
Re: xdg-open bypassing SameSite=Strict grape mingijung
Re: xdg-open bypassing SameSite=Strict Anton Luka Šijanec
Re: xdg-open bypassing SameSite=Strict Gabriel Corona
Re: xdg-open bypassing SameSite=Strict Lucas Holt
Wednesday, 25 June
Re: sox_ng fixes 20 CVEs in sox Martin Guy
Thursday, 26 June
CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Sage [They / Them] McTaggart
Re: CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Jacob Bachmeyer
Friday, 27 June
libssh 0.11.2 security and bugfix release Alan Coopersmith
Saturday, 28 June
CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
Sunday, 29 June
CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming
Monday, 30 June
CVE-2025-32462: sudo local privilege escalation via host option Todd C. Miller
CVE-2025-32463: sudo local privilege escalation via chroot option Todd C. Miller