oss-sec: by date
RSS Feed
About List
All Lists
Previous period
251 messages
starting Jul 01 25 and
ending Sep 30 25
Date index |
Thread index |
Author index
Tuesday, 01 July
Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery Xen . org security team
CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper
Wednesday, 02 July
CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen
CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference tianshuo han
DoS segfault (NULL pointer deref) in SOPE / SOGo Stefan Bühler
Thursday, 03 July
CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
Saturday, 05 July
Re: DoS segfault (NULL pointer deref) in SOPE / SOGo Salvatore Bonaccorso
Sunday, 06 July
CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges YuanSheng Wang
Monday, 07 July
Re: CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges Cuong Duy
Electric Charger Research Brandon Perry
Re: Electric Charger Research Solar Designer
Tuesday, 08 July
Xen Security Advisory 471 v1 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks Xen . org security team
Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
Multiple vulnerabilities fixed in Git Taylor Blau
Go 1.24.5 & 1.23.11 fix CVE-2025-4674 Alan Coopersmith
Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
Re: Fwd: Node.js security updates for all active release lines, May 2025 Salvatore Bonaccorso
Wednesday, 09 July
Opossum attack / Opportunistic HTTP (RFC 2817) insecure Hanno Böck
Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
Thursday, 10 July
Release of pqcscan Vincent Berg
CVE fixes in Apache HTTP Server 2.4.64 Solar Designer
CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener
CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener
CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener
CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener
CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener
CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener
CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener
CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener
CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS Mark Thomas
CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload Mark Thomas
CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start Mark Thomas
Friday, 11 July
CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory
Re: 5 security issues disclosed in libxml2 Alan Coopersmith
gnutls 3.8.10 fixes 4 CVEs Alan Coopersmith
PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33 Alan Coopersmith
GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Alan Coopersmith
Saturday, 12 July
Re: GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Kevin Backhouse
Sunday, 13 July
https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning
Monday, 14 July
CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke
Tuesday, 15 July
[vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552 Christian Brabandt
[vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551 Christian Brabandt
CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh
Wednesday, 16 July
CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
Fwd: Node.js security updates for all active release lines, July 2025 Rafael Gonzaga
CVE-2025-23267:A vulnerability in NVIDIA Container Toolkit can lead to container escape. liyajie
CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Robert Rothenberg
CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Robert Rothenberg
ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) Everett B. Fulton
Five new CVEs published for Cyberark Conjur OSS Andy Tinkham
Friday, 18 July
CVE-2025-53816: Memory corruption in 7-Zip before 25.00 Jaras
CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00 Jaras
Re: CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
Monday, 21 July
CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
Re: CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution Moritz Bechler
Tuesday, 22 July
[kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override Rita Zhang
Re: Fwd: Node.js security updates for all active release lines, July 2025 Solar Designer
non-issues in dailyaidecheck script in Debian's packaging of AIDE Solar Designer
Wednesday, 23 July
The GNU C Library security advisories update for 2025-07-23 Adhemerval Zanella Netto
Thursday, 24 July
Re: CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
Monday, 28 July
Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Alan Coopersmith
Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Mats Wichmann
Tuesday, 29 July
Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Seth Larson
Wednesday, 30 July
CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen
CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez
CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez
Thursday, 31 July
Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci
Friday, 01 August
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005 Adrian Perez de Castro
Saturday, 02 August
Linux kernel: eBPF vulnerabilities Solar Designer
Sunday, 03 August
Re: Linux kernel: eBPF vulnerabilities Demi Marie Obenour
CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning
CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning
CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning
Monday, 04 August
StarDict sends the user's X11 selection to the network Vincent Lefevre
Tuesday, 05 August
CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin
Wednesday, 06 August
CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12 Alan Coopersmith
Thursday, 07 August
CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh
Re: Five new CVEs published for Cyberark Conjur OSS Solar Designer
Friday, 08 August
Re: StarDict sends the user's X11 selection to the network Maytham Alsudany
Saturday, 09 August
CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
Sunday, 10 August
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
[vim-security] heap use-after-free was found in Vim < 9.1.1400 Christian Brabandt
[vim-security] A double-free was found in Vim >v9.1.1231 and < 9.1.1406 Christian Brabandt
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
Monday, 11 August
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Vincent Lefevre
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Robert Rothenberg
CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing
Wednesday, 13 August
Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jens-Wolfhard Schicke-Uffmann
CVE-2025-48989: Apache Tomcat: h2 DoS - Made You Reset Mark Thomas
CVE-2025-55668: Apache Tomcat: session fixation via rewrite valve Mark Thomas
xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
CVE-2025-53859: nginx: ngx_mail_smtp_module buffer over-read potentially resulting in sensitive information leak Solar Designer
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith
Re: xterm terminal crash due to malicious character sequences in file name Thomas Dickey
Re: xterm terminal crash due to malicious character sequences in file name Erik Auerswald
Question about (in)security of fdk-aac-free in linux distros Jordan Glover
Thursday, 14 August
Re: Question about (in)security of fdk-aac-free in linux distros Sam James
Re: Question about (in)security of fdk-aac-free in linux distros Martin Storsjö
CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass) Hannes von Haugwitz
CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS) Hannes von Haugwitz
Friday, 15 August
Re: Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour
Re: Question about (in)security of fdk-aac-free in linux distros Jordan Glover
Saturday, 16 August
Re: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith
Re: xterm terminal crash due to malicious character sequences in file name Collin Funk
Re: xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
Re: xterm terminal crash due to malicious character sequences in file name Solar Designer
Sunday, 17 August
Re: xterm terminal crash due to malicious character sequences in file name Erik Auerswald
Re: xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
Re: xterm terminal crash due to malicious character sequences in file name David A. Wheeler
Re: Local information disclosure in apport and systemd-coredump Solar Designer
Monday, 18 August
CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen
Re: RSYNC: 6 vulnerabilities Alan Coopersmith
Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Jacob Bachmeyer
Tuesday, 19 August
Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Simon McVittie
Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Ali Polatel
Re: Question about (in)security of fdk-aac-free in linux distros Martin Storsjö
Re: Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour
Security pre-notification policy for vLLM project Huzaifa Sidhpurwala
Wednesday, 20 August
CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
Re: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Nick Tait
Re: CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Hanno Böck
Friday, 22 August
CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang
CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz
CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz
CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key Alan Coopersmith
Tuesday, 26 August
libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Dhiraj Mishra
Re: libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Solar Designer
Wednesday, 27 August
ISC has disclosed one vulnerability in Kea (CVE-2025-40779) Ben Scott
Thursday, 28 August
CVE-2025-8067 - UDisks Marco Benatto
Xen Security Advisory 471 v2 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks Xen . org security team
CVE-2025-58047: DoS in Volto (Plone CMS) Maurits van Rees (Plone)
Re: CVE-2025-8067 - UDisks Solar Designer
Wednesday, 03 September
CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai
CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai
CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases Sarah Boyce
Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
Thursday, 04 September
CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang
Friday, 05 September
SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965] Alan Coopersmith
SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] Alan Coopersmith
Saturday, 06 September
CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger
CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong
CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong
Monday, 08 September
CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg
CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified Robert Rothenberg
CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg
Tuesday, 09 September
Xen Security Advisory 472 v2 (CVE-2025-27466,CVE-2025-58142,CVE-2025-58143) - Mutiple vulnerabilities in the Viridian interface Xen . org security team
Xen Security Advisory 473 v2 (CVE-2025-58144,CVE-2025-58145) - Arm issues with page refcounting Xen . org security team
Xen Security Advisory 474 v2 (CVE-2025-58146) - XAPI UTF-8 string handling Xen . org security team
[SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path Daniel Stenberg
[SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg
Wednesday, 10 September
Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg
Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Emilio Pozuelo Monfort
ISC has disclosed one vulnerability in Stork (CVE-2025-8696) Ben Scott
Thursday, 11 September
CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate Zdenek Dohnal
CVE-2025-58364 cups: Remote DoS via null dereference Zdenek Dohnal
Monday, 15 September
CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Chaokun Yang
[CVE-2025-38501] Linux kernel: KSMBD service DoS by TCP handshake tianshuo han
Tuesday, 16 September
[kubernetes] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks Rita Zhang
libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770) Sebastian Pipping
Wednesday, 17 September
Multiple vulnerabilities in Jenkins Daniel Beck
Thursday, 18 September
PowerDNS Security Advisory 2025-05 for DNSdist: Denial of service via crafted DoH exchange Remi Gacogne
Friday, 19 September
CVE-2025-59355: Apache Linkis: Password Exposure Chen Xia
CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Chen Xia
Monday, 22 September
CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller
Re: CVE-2023-51767: a bogus CVE in OpenSSH Stuart D Gathman
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0006 Adrian Perez de Castro
Re: CVE-2023-51767: a bogus CVE in OpenSSH Pedro Sampaio
Re: CVE-2023-51767: a bogus CVE in OpenSSH Solar Designer
Re: CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
Tuesday, 23 September
Re: process exit statuses (was: CVE-2023-51767) Simon McVittie
Re: CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
Re: CVE-2023-51767: a bogus CVE in OpenSSH Todd C. Miller
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew
Re: Linux kernel: eBPF vulnerabilities Solar Designer
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
Wednesday, 24 September
Re: Linux kernel: eBPF vulnerabilities Willy Tarreau
Re: CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Haonan Hou
CVE-2025-48392: Apache IoTDB: DoS Vulnerability Haonan Hou
CVE-2025-58457: Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Damien Diederen
libexpat 2.7.3 improves fixes to CVE-2024-8176 and CVE-2025-59375 Sebastian Pipping
Re: Linux kernel: eBPF vulnerabilities Solar Designer
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
Thursday, 25 September
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
CVE-2025-54831: Apache Airflow: Connection sensitive details exposed to users with READ permissions Kaxil Naik
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Matthew Fernandez
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Jacob Bachmeyer
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
Friday, 26 September
libtiff 4.7.0: Out-of-Bounds Write in TIFFReadRGBAImageOriented() (CVE-2025-9900) Christian Hoffmann
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
Saturday, 27 September
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
How to do secure coding and create secure software Amit
Re: How to do secure coding and create secure software Solar Designer
Re: How to do secure coding and create secure software Jeremy Stanley
Re: How to do secure coding and create secure software Michael Jumper
Re: How to do secure coding and create secure software Mats Wichmann
Sunday, 28 September
Re: How to do secure coding and create secure software Amit
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
Re: How to do secure coding and create secure software Jeremy Stanley
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
Re: How to do secure coding and create secure software Katie
Re: How to do secure coding and create secure software Eli Schwartz
Re: How to do secure coding and create secure software Jeffrey Walton
Re: How to do secure coding and create secure software Lucas Holt
Re: How to do secure coding and create secure software lists
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller
Monday, 29 September
Re: How to do secure coding and create secure software Amit
CVE-2025-61622: Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory Chaokun Yang
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
Re: How to do secure coding and create secure software Jeremy Stanley
Re: How to do secure coding and create secure software David A. Wheeler
Re: How to do secure coding and create secure software Amit
[Security Advisory] open-vm-tools: Local privilege escalation (CVE-2025-41244) VMware PSIRT
Re: How to do secure coding and create secure software Dan Cross
Re: How to do secure coding and create secure software Dan Cross
Re: How to do secure coding and create secure software Solar Designer
Re: How to do secure coding and create secure software Jacob Bachmeyer
Re: How to do secure coding and create secure software Solar Designer
Tuesday, 30 September
Re: Shellshock (was: How to do secure coding and create secure software) David A. Wheeler
OpenSSL Security Advisory Tomas Mraz
FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin Marco Benatto
CVE-2025-61733: Apache Kylin: Authentication bypass Li Yang
CVE-2025-61734: Apache Kylin: improper restriction of file read Li Yang
CVE-2025-61735: Apache Kylin: Server-Side Request Forgery Li Yang
Re: How to do secure coding and create secure software Amit
Re: How to do secure coding and create secure software Solar Designer
malware in SoopSocks package on PyPi Alan Coopersmith