oss-sec: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

217 messages starting Jul 01 25 and ending Sep 27 25
Date index | Thread index | Author index

• Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery Xen . org security team (Jul 01)
• CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper (Jul 01)
• CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen (Jul 02)
• CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference tianshuo han (Jul 02)
• DoS segfault (NULL pointer deref) in SOPE / SOGo Stefan Bühler (Jul 02)
  • Re: DoS segfault (NULL pointer deref) in SOPE / SOGo Salvatore Bonaccorso (Jul 05)
• CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse (Jul 03)
  • Re: CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse (Jul 18)
• CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges YuanSheng Wang (Jul 06)
  • Re: CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges Cuong Duy (Jul 07)
• Electric Charger Research Brandon Perry (Jul 07)
  • Re: Electric Charger Research Solar Designer (Jul 07)
• Xen Security Advisory 471 v1 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks Xen . org security team (Jul 08)
• Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga (Jul 08)
  • Re: Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer (Jul 08)
    • Re: Fwd: Node.js security updates for all active release lines, May 2025 Salvatore Bonaccorso (Jul 08)
• Multiple vulnerabilities fixed in Git Taylor Blau (Jul 08)
• Go 1.24.5 & 1.23.11 fix CVE-2025-4674 Alan Coopersmith (Jul 08)
• Opossum attack / Opportunistic HTTP (RFC 2817) insecure Hanno Böck (Jul 09)
• Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj (Jul 09)
  • <Possible follow-ups>
  • Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj (Sep 03)
• Release of pqcscan Vincent Berg (Jul 10)
• CVE fixes in Apache HTTP Server 2.4.64 Solar Designer (Jul 10)
• CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener (Jul 10)
• CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener (Jul 10)
• CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener (Jul 10)
• CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener (Jul 10)
• CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener (Jul 10)
• CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener (Jul 10)
• CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener (Jul 10)
• CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener (Jul 10)
• CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS Mark Thomas (Jul 10)
• CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload Mark Thomas (Jul 10)
• CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start Mark Thomas (Jul 10)
• CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory (Jul 11)
• Re: 5 security issues disclosed in libxml2 Alan Coopersmith (Jul 11)
• gnutls 3.8.10 fixes 4 CVEs Alan Coopersmith (Jul 11)
• PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33 Alan Coopersmith (Jul 11)
• GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Alan Coopersmith (Jul 11)
  • Re: GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Kevin Backhouse (Jul 12)
• https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning (Jul 13)
• CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke (Jul 14)
• [vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552 Christian Brabandt (Jul 15)
• [vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551 Christian Brabandt (Jul 15)
• CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh (Jul 15)
• CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie (Jul 16)
  • Re: CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution Moritz Bechler (Jul 21)
    • Re: CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie (Jul 24)
• Fwd: Node.js security updates for all active release lines, July 2025 Rafael Gonzaga (Jul 16)
  • Re: Fwd: Node.js security updates for all active release lines, July 2025 Solar Designer (Jul 22)
• CVE-2025-23267：A vulnerability in NVIDIA Container Toolkit can lead to container escape. liyajie (Jul 16)
• CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Robert Rothenberg (Jul 16)
• CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Robert Rothenberg (Jul 16)
• ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) Everett B. Fulton (Jul 16)
• Five new CVEs published for Cyberark Conjur OSS Andy Tinkham (Jul 16)
  • Re: Five new CVEs published for Cyberark Conjur OSS Solar Designer (Aug 07)
• CVE-2025-53816: Memory corruption in 7-Zip before 25.00 Jaras (Jul 18)
• CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00 Jaras (Jul 18)
• CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne (Jul 21)
• CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne (Jul 21)
• [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override Rita Zhang (Jul 22)
• non-issues in dailyaidecheck script in Debian's packaging of AIDE Solar Designer (Jul 22)
• The GNU C Library security advisories update for 2025-07-23 Adhemerval Zanella Netto (Jul 23)
• CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener (Jul 24)
• Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Alan Coopersmith (Jul 28)
  • Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Mats Wichmann (Jul 28)
    • Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Seth Larson (Jul 29)
• CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen (Jul 30)
• CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez (Jul 30)
• CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez (Jul 30)
• Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci (Jul 31)
• WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005 Adrian Perez de Castro (Aug 01)
• Linux kernel: eBPF vulnerabilities Solar Designer (Aug 02)
  • Re: Linux kernel: eBPF vulnerabilities Demi Marie Obenour (Aug 03)
  • Re: Linux kernel: eBPF vulnerabilities Solar Designer (Sep 23)
    • Re: Linux kernel: eBPF vulnerabilities Willy Tarreau (Sep 24)
      • Re: Linux kernel: eBPF vulnerabilities Solar Designer (Sep 24)
• CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning (Aug 03)
• CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning (Aug 03)
• CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning (Aug 03)
• StarDict sends the user's X11 selection to the network Vincent Lefevre (Aug 04)
  • Re: StarDict sends the user's X11 selection to the network Maytham Alsudany (Aug 08)
• CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin (Aug 05)
• CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12 Alan Coopersmith (Aug 06)
• CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji (Aug 07)
• CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh (Aug 07)
• CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 09)
  • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer (Aug 09)
    • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 10)
      • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer (Aug 10)
      • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 11)
      • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer (Aug 11)
      • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun (Aug 11)
      • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jens-Wolfhard Schicke-Uffmann (Aug 13)
      • Re: CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Vincent Lefevre (Aug 11)
• [vim-security] heap use-after-free was found in Vim < 9.1.1400 Christian Brabandt (Aug 10)
• [vim-security] A double-free was found in Vim >v9.1.1231 and < 9.1.1406 Christian Brabandt (Aug 10)
• CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Robert Rothenberg (Aug 11)
• CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing (Aug 11)
• CVE-2025-48989: Apache Tomcat: h2 DoS - Made You Reset Mark Thomas (Aug 13)
• CVE-2025-55668: Apache Tomcat: session fixation via rewrite valve Mark Thomas (Aug 13)
• xterm terminal crash due to malicious character sequences in file name Vincent Lefevre (Aug 13)
  • Re: xterm terminal crash due to malicious character sequences in file name Thomas Dickey (Aug 13)
  • Re: xterm terminal crash due to malicious character sequences in file name Erik Auerswald (Aug 13)
    • Re: xterm terminal crash due to malicious character sequences in file name Collin Funk (Aug 16)
      • Re: xterm terminal crash due to malicious character sequences in file name Vincent Lefevre (Aug 16)
      • Re: xterm terminal crash due to malicious character sequences in file name Solar Designer (Aug 16)
      • Re: xterm terminal crash due to malicious character sequences in file name Erik Auerswald (Aug 17)
      • Re: xterm terminal crash due to malicious character sequences in file name Vincent Lefevre (Aug 17)
      • Re: xterm terminal crash due to malicious character sequences in file name David A. Wheeler (Aug 17)
      • Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Jacob Bachmeyer (Aug 18)
      • Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Simon McVittie (Aug 19)
      • Re: blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Ali Polatel (Aug 19)
• CVE-2025-53859: nginx: ngx_mail_smtp_module buffer over-read potentially resulting in sensitive information leak Solar Designer (Aug 13)
• HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith (Aug 13)
  • Re: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith (Aug 16)
    • Re: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Nick Tait (Aug 20)
• Question about (in)security of fdk-aac-free in linux distros Jordan Glover (Aug 13)
  • Re: Question about (in)security of fdk-aac-free in linux distros Sam James (Aug 14)
    • Re: Question about (in)security of fdk-aac-free in linux distros Martin Storsjö (Aug 14)
      • Re: Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour (Aug 15)
      • Re: Question about (in)security of fdk-aac-free in linux distros Jordan Glover (Aug 15)
      • Re: Question about (in)security of fdk-aac-free in linux distros Martin Storsjö (Aug 19)
      • Re: Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour (Aug 19)
• CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar (Aug 14)
• CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar (Aug 14)
• CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar (Aug 14)
• CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar (Aug 14)
• CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass) Hannes von Haugwitz (Aug 14)
• CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS) Hannes von Haugwitz (Aug 14)
• Re: Local information disclosure in apport and systemd-coredump Solar Designer (Aug 17)
• CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen (Aug 18)
• Re: RSYNC: 6 vulnerabilities Alan Coopersmith (Aug 18)
• Security pre-notification policy for vLLM project Huzaifa Sidhpurwala (Aug 19)
• CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison (Aug 20)
  • Re: CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Hanno Böck (Aug 20)
  • <Possible follow-ups>
  • CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison (Aug 20)
• CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang (Aug 22)
• CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz (Aug 22)
• CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz (Aug 22)
• CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key Alan Coopersmith (Aug 22)
• libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Dhiraj Mishra (Aug 26)
  • Re: libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Solar Designer (Aug 26)
• ISC has disclosed one vulnerability in Kea (CVE-2025-40779) Ben Scott (Aug 27)
• CVE-2025-8067 - UDisks Marco Benatto (Aug 28)
  • Re: CVE-2025-8067 - UDisks Solar Designer (Aug 28)
• Xen Security Advisory 471 v2 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks Xen . org security team (Aug 28)
• CVE-2025-58047: DoS in Volto (Plone CMS) Maurits van Rees (Plone) (Aug 28)
• CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai (Sep 03)
• CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai (Sep 03)
• CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases Sarah Boyce (Sep 03)
• CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang (Sep 04)
• SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965] Alan Coopersmith (Sep 05)
• SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] Alan Coopersmith (Sep 05)
• CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger (Sep 06)
• CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong (Sep 06)
• CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong (Sep 06)
• CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg (Sep 08)
• CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified Robert Rothenberg (Sep 08)
• CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg (Sep 08)
• Xen Security Advisory 472 v2 (CVE-2025-27466,CVE-2025-58142,CVE-2025-58143) - Mutiple vulnerabilities in the Viridian interface Xen . org security team (Sep 09)
• Xen Security Advisory 473 v2 (CVE-2025-58144,CVE-2025-58145) - Arm issues with page refcounting Xen . org security team (Sep 09)
• Xen Security Advisory 474 v2 (CVE-2025-58146) - XAPI UTF-8 string handling Xen . org security team (Sep 09)
• [SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path Daniel Stenberg (Sep 09)
• [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg (Sep 09)
  • Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Emilio Pozuelo Monfort (Sep 10)
    • Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg (Sep 10)
• ISC has disclosed one vulnerability in Stork (CVE-2025-8696) Ben Scott (Sep 10)
• CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate Zdenek Dohnal (Sep 11)
• CVE-2025-58364 cups: Remote DoS via null dereference Zdenek Dohnal (Sep 11)
• CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Chaokun Yang (Sep 15)
• [CVE-2025-38501] Linux kernel: KSMBD service DoS by TCP handshake tianshuo han (Sep 15)
• [kubernetes] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks Rita Zhang (Sep 16)
• libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770) Sebastian Pipping (Sep 16)
• Multiple vulnerabilities in Jenkins Daniel Beck (Sep 17)
• PowerDNS Security Advisory 2025-05 for DNSdist: Denial of service via crafted DoH exchange Remi Gacogne (Sep 18)
• CVE-2025-59355: Apache Linkis: Password Exposure Chen Xia (Sep 19)
• CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Chen Xia (Sep 19)
• CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 22)
  • Re: CVE-2023-51767: a bogus CVE in OpenSSH Stuart D Gathman (Sep 22)
    • Re: CVE-2023-51767: a bogus CVE in OpenSSH Pedro Sampaio (Sep 22)
  • Re: CVE-2023-51767: a bogus CVE in OpenSSH Solar Designer (Sep 22)
    • Re: process exit statuses (was: CVE-2023-51767) Simon McVittie (Sep 23)
    • Re: CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 23)
    • Re: CVE-2023-51767: a bogus CVE in OpenSSH Todd C. Miller (Sep 23)
    • Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew (Sep 23)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 23)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 24)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 24)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 25)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 25)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 26)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 27)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 27)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 27)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 27)
      • Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
    • Message not available
      • Re: CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 24)
  • Re: CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 22)
• WebKitGTK and WPE WebKit Security Advisory WSA-2025-0006 Adrian Perez de Castro (Sep 22)
• Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer (Sep 23)
  • Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT (Sep 25)
    • Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Matthew Fernandez (Sep 25)
    • Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Jacob Bachmeyer (Sep 25)
• CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Haonan Hou (Sep 24)
• CVE-2025-48392: Apache IoTDB: DoS Vulnerability Haonan Hou (Sep 24)
• CVE-2025-58457: Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Damien Diederen (Sep 24)
• libexpat 2.7.3 improves fixes to CVE-2024-8176 and CVE-2025-59375 Sebastian Pipping (Sep 24)
• CVE-2025-54831: Apache Airflow: Connection sensitive details exposed to users with READ permissions Kaxil Naik (Sep 25)
• libtiff 4.7.0: Out-of-Bounds Write in TIFFReadRGBAImageOriented() (CVE-2025-9900) Christian Hoffmann (Sep 26)
• How to do secure coding and create secure software Amit (Sep 27)
  • Re: How to do secure coding and create secure software Solar Designer (Sep 27)
    • Re: How to do secure coding and create secure software Jeremy Stanley (Sep 27)
  • Re: How to do secure coding and create secure software Michael Jumper (Sep 27)
  • Re: How to do secure coding and create secure software Mats Wichmann (Sep 27)

Previous period

Next period