oss-sec: by date
RSS Feed
About List
All Lists
Previous period
636 messages
starting Apr 01 26 and
ending May 20 26
Date index |
Thread index |
Author index
Wednesday, 01 April
Re: [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Salvatore Bonaccorso
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Re: Multiple vulnerabilities in AppArmor Greg KH
[vim-security] Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.2.0280 Christian Brabandt
[oss-security][CVE-2026-5271] Python install manager script aliases search path hijack Alan Coopersmith
FW: libinput Security Advisory: multiple security issues in libinput Peter Hutterer
Thursday, 02 April
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Announce: OpenSSH 10.3 released Damien Miller
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen
[ANNOUNCE] ATS is vulnerable to HTTP requests with body Masakazu Kitajo
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer
[libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
Friday, 03 April
Re: Announce: OpenSSH 10.3 released Agostino Sarubbo
Re: Announce: OpenSSH 10.3 released Salvatore Bonaccorso
Re: Re: Multiple vulnerabilities in AppArmor Salvatore Bonaccorso
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso
Re: Announce: OpenSSH 10.3 released Demi Marie Obenour
Sunday, 05 April
Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
Monday, 06 April
Re: Announce: OpenSSH 10.3 released Damien Miller
CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon
CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon
Tuesday, 07 April
Re: Announce: OpenSSH 10.3 released Demi Marie Obenour
Re: Announce: OpenSSH 10.3 released Damien Miller
Re: Announce: OpenSSH 10.3 released Demi Marie Obenour
libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar
CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever
CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever
CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever
Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034 Jacob Walls
OpenSSL Security Advisory Tomas Mraz
[OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551) Jeremy Stanley
[vim-security] Netbeans command injection in Vim < v9.2.0316 Christian Brabandt
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Christian Göttsche
systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
Multiple CVEs disclosed in CUPS Alan Coopersmith
Re: Multiple CVEs disclosed in CUPS Peter Gutmann
Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Solar Designer
Re: Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Solar Designer
Wednesday, 08 April
CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id Robert Rothenberg
CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids Robert Rothenberg
Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS Schwedas, Sven
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
Re: Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Stuart D Gathman
PyCA cryptography 46.0.7 released, fixes CVE-2026-39892 Alan Coopersmith
Re: Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith
X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Markus Vervier
libpng 1.6.57: Use-after-free vulnerability fixed: CVE-2026-34757 Cosmin Truta
4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Solar Designer
lftp 4.9.3 does not filter non-printable characters in the output to the terminal Vincent Lefevre
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
Thursday, 09 April
Re: 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Simon McVittie
CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats
CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik
CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik
CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Tianyu Chen
CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats
CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon
CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
CVE-2026-24880: Apache Tomcat: Request smuggling via invalid chunk extension Mark Thomas
CVE-2026-25854: Apache Tomcat: Occasionally open redirect Mark Thomas
CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas
CVE-2026-29145: Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas
CVE-2026-29146: Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas
CVE-2026-32990: Apache Tomcat: Fix for CVE-2025-66614 is incomplete Mark Thomas
CVE-2026-34483: Apache Tomcat: Incomplete escaping of JSON access logs Mark Thomas
CVE-2026-34486: Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas
CVE-2026-34487: Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas
CVE-2026-34500: Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas
[OSSA-2026-006] OpenStack Skyline: DOM-based XSS in Skyline Console via unsanitized instance console log rendering (CVE-2026-pending) Goutham Pacha Ravi
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
Re: X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Solar Designer
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer
Friday, 10 April
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Vincent Lefevre
CVE-2026-4631 [cockpit] Unauthenticated remote code execution due to SSH command-line argument injection Jelle van der Waa
CVE-2026-34477: Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Piotr Karwasz
CVE-2026-34478: Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Piotr Karwasz
CVE-2026-34479: Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
CVE-2026-34480: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
xdg-desktop-portal GHSA-rqr9-jwwf-wxgj: Trashing of arbitrary host files Simon McVittie
xdg-dbus-proxy CVE-2026-34080: Eavesdrop filter bypass allows message interception Simon McVittie
CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass Stig Palmquist
CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass Stig Palmquist
[kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server Vinayak Goyal
CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF Alan Coopersmith
CPython [CVE-2026-3446] Base64 decoding stops at first padded quad by default Alan Coopersmith
Saturday, 11 April
CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski
Re: CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski
LibRaw 0.22.1 Release with security fixes Alan Coopersmith
Avahi: Reachable assertion in transport_flags_from_domain (CVE-2026-34933) Alan Coopersmith
GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Solar Designer
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk
Sunday, 12 April
Security Audit of Hex, the Erlang package manager Alan Coopersmith
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Paul Eggert
CVE-2026-35337: Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Richard Zowalla
CVE-2026-35565: Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Richard Zowalla
Re: Security Audit of Hex, the Erlang package manager Alexander Patrakov
Monday, 13 April
CVE-2026-5085: Solstice::Session versions through 1440 for Perl generates session ids insecurely Robert Rothenberg
CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Qiuxia Fan
CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Qiuxia Fan
CVE-2025-66236: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Rahul Vats
CVE-2026-33858: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Rahul Vats
CVE-2026-39816: Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService David Handermann
Re: Security Audit of Hex, the Erlang package manager Alan Coopersmith
[oss-security][CVE-2026-6100] CPython: Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Alan Coopersmith
[oss-security][CVE-2026-4786] CPython: Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Alan Coopersmith
CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks Robert Rothenberg
CVE-2026-31923: Apache APISIX: Openid-connect `tls_verify` field is disabled by default Abhishek Choudhary
CVE-2026-31924: Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Abhishek Choudhary
CVE-2026-31908: Apache APISIX: forward auth plugin allows header injection Abhishek Choudhary
CVE-2026-33929: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr
wolfSSL ML-DSA: same-process heap reuse exposes private signing material, enabling signature forgery Abhinav Agarwal
wolfSSL 5.9.1 CVE and non-CVE fixes Solar Designer
Tuesday, 14 April
[disclosure] Multiple unpatched CVEs in libav (unmaintained FFmpeg fork, last update 2019) yangjincheng1998
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
[OSSA-2026-007] OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean (CVE PENDING) Goutham Pacha Ravi
CVE-2025-54550: Apache Airflow: RCE by race condition in example_xcom dag Jarek Potiuk
CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. Kai Wan
Wednesday, 15 April
CVE-2026-25219: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Jarek Potiuk
CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Robert Rothenberg
Re: CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Jacques Deguest
[oss-security][CVE-2026-5713] CPython: Out-of-bounds read/write during remote debugging when connecting to malicious target Alan Coopersmith
[vim-security] Command injection via backtick expansion in tag filenames in Vim < v9.2.0357 Christian Brabandt
7 vulnerabilities disclosed & patched in jq Alan Coopersmith
Re: Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Alan Coopersmith
Re: 7 vulnerabilities disclosed & patched in jq Collin Funk
UAF in rsync 3.4.1 and below Przemyslaw Frasunek
Thursday, 16 April
cosmic-greeter: Unsafe File System Operations in User Home Directories (CVE-2026-25704) Matthias Gerstner
Re: UAF in rsync 3.4.1 and below Alan Coopersmith
CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 yangjincheng1998
Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
CVE-2026-31987: Apache Airflow: JWT token appearing in logs Rahul Vats
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Alan Coopersmith
Re: UAF in rsync 3.4.1 and below Salvatore Bonaccorso
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Solar Designer
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
Friday, 17 April
CVE-2026-33557: Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication Luke Chen
CVE-2026-33558: Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output Luke Chen
CVE-2025-66335: Apache Doris MCP Server: MCP SQL inject Mingyu Chen
CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error Rahul Vats
CVE-2026-32690: Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Rahul Vats
CVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Rahul Vats
CVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Rahul Vats
CVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Rahul Vats
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
cups: 8 various moderate vulnerabilities Zdenek Dohnal
ngtcp2: qlog_parameters_set_transport_params_stack_overflow [CVE-2026-40170] Alan Coopersmith
Xen Security Advisory 488 v1 - x86: Floating Point Divider State Sampling Xen . org security team
CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Jarek Potiuk
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz
lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James
Saturday, 18 April
Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Solar Designer
CVE-2026-41113: RCE in sagredo fork of qmail Alan Coopersmith
Sunday, 19 April
[CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Pico 🧬
Re: [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Alan Coopersmith
Re: CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 Sam James
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
Monday, 20 April
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Dimitri Ledkov
[ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil
[ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil
Re: [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil
Re: [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Morten Linderud
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives Alan Coopersmith
The GNU C Library security advisories update for 2026-04-20 Carlos O'Donell
Tuesday, 21 April
Libgcrypt security releases 1.12.2, 1.11.3, 1.10.x Valtteri Vuorikoski
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Michael Orlitzky
Fwd: X.Org Security Advisory: CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord() Olivier Fourdan
CVE-2026-40706: ntfs-3g 2022.10.3: Heap buffer overflow Rostislav
CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Robert Rothenberg
CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt Robert Rothenberg
Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James
Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James
Re: UAF in rsync 3.4.1 and below Sam James
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
Wednesday, 22 April
[SECURITY] CVE-2026-40542: Apache HttpClient 5.6 SCRAM-SHA-256 mutual authentication bypass Arturo Bernal
CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit Matthias Klumpp
Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Steffen Nurpmeso
[vim-security] OS Command Injection in netrw affects Vim < 9.2.0383 Christian Brabandt
Thursday, 23 April
PowerDNS Security Advisory 2026-03 for PowerDNS Recursor: Multiple issues Otto Moerbeek
CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking Stig Palmquist
PowerDNS Authoritative Server 4.9.14 and 5.0.4 released Miod Vallat
CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Christopher L. Shannon
CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Christopher L. Shannon
CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia Christopher L. Shannon
CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. Wenjun Ruan
CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC Wenjun Ruan
Friday, 24 April
CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats
CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats
rust-openssl-v0.10.78 fixes 5 CVEs Alan Coopersmith
Saturday, 25 April
bubblewrap CVE-2026-41163: Privilege escalation if setuid root, via ptrace Simon McVittie
CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla
CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla
Sunday, 26 April
libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy) Sebastian Pipping
CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino
CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino
CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino
CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino
CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino
CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino
CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino
CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino
CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino
Monday, 27 April
plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) Matthias Gerstner
uriparser 1.0.1 fixes CVE-2026-42371 (integer overflow) Sebastian Pipping
CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny
ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny
CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters Robert Rothenberg
[OSSA-2026-008] Ironic: Command Injection in IPMI Console Implementations (CVE pending) Jay Faulkner
[oss-security][CVE-2026-6357] pip self-update functionality can import newly installed modules after wheel installation Alan Coopersmith
CVE-2026-40355, CVE-2026-40356: MIT krb5 1.18+ Unauthenticated Network read overrun and null pointer dereference Cem Onat Karagun
CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer
CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer
CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer
CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer
CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer
CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer
CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer
CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer
[oss-security][CVE-2026-3087] shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Alan Coopersmith
Tuesday, 28 April
Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction Xen . org security team
Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command Xen . org security team
Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file Xen . org security team
Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping Xen . org security team
Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver Xen . org security team
Coordinated Disclosure in the LLM Age Jeremy Stanley
The GNU C Library security advisories update for 2026-04-28 Carlos O'Donell
CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen
Xen Security Advisory 489 v1 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
Re: Coordinated Disclosure in the LLM Age Greg Dahlman
[SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 MOHAMED AZIZ RAHMOUNI
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Alan Coopersmith
CVE-2026-40560: Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Ellenor Bjornsdottir
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Solar Designer
Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Jacob Bachmeyer
Re: Coordinated Disclosure in the LLM Age Peter Gutmann
[ADVISORY] curl: CVE-2026-4873: connection reuse ignores TLS requirement Daniel Stenberg
[ADVISORY] curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection Daniel Stenberg
[ADVISORY] curl: CVE-2026-5773: wrong reuse of SMB connection Daniel Stenberg
[ADVISORY] curl: CVE-2026-6429: netrc credential leak with reused proxy connection Daniel Stenberg
[ADVISORY] curl: CVE-2026-6253: proxy credentials leak over redirect-to proxy Daniel Stenberg
[ADVISORY] curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust Daniel Stenberg
[ADVISORY] curl: CVE-2026-6276: stale custom cookie host causes cookie leak Daniel Stenberg
[ADVISORY] curl: CVE-2026-7168: cross-proxy Digest auth state leak Daniel Stenberg
Wednesday, 29 April
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Coordinated Disclosure in the LLM Age Lucas Holt
CVE-2026-7111: Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption Stig Palmquist
Xen Security Advisory 489 v2 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
Re: Coordinated Disclosure in the LLM Age Jeremy Stanley
Re: Coordinated Disclosure in the LLM Age Willy Tarreau
Re: Coordinated Disclosure in the LLM Age Renaud Allard
Re: Coordinated Disclosure in the LLM Age Clemens Lang
CVE-2026-31431: CopyFail: linux local privilege scalation Jan Schaumann
Re: Coordinated Disclosure in the LLM Age Brian May
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eddie Chapman
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting Robert Rothenberg
OSSA-2026-008: OpenStack Ironic: Command Injection in Ironic IPMI Console Implementations (CVE-2026-42510) - errata 1 Goutham Pacha Ravi
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Zube
gnutls 3.8.13 released with 12 CVE fixes and more Alan Coopersmith
inetutils-2.8 released with 2 CVE fixes Alan Coopersmith
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Aaron Rainbolt
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
[CVE-2026-37555] libsndfile IMA-ADPCM integer overflow (incomplete fix for CVE-2022-33065) Feng Ning
Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Sam James
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
Thursday, 30 April
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Salvatore Bonaccorso
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
Re: Coordinated Disclosure in the LLM Age Greg KH
Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Roman Medina-Heigl Hernandez
CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely Robert Rothenberg
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
Exim 4.99.2 fixes 4 CVEs Solar Designer
Re: 10+ CVEs in GStreamer Solar Designer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
Friday, 01 May
CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Valtteri Vuorikoski
Prosody XMPP server security advisory 2026-04-31 (multiple vulnerabilities) Matthew Wild
CVE-2026-42402: Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS Colm O hEigeartaigh
CVE-2026-42403: Apache Neethi: Circular Policy Reference Infinite Loop Colm O hEigeartaigh
CVE-2026-42404: Apache Neethi: Unrestricted HTTP Redirect Following in Policy References Colm O hEigeartaigh
Re: 10+ CVEs in GStreamer Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
Re: Exim 4.99.2 fixes 4 CVEs Florian Weimer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Alan Coopersmith
Re: 10+ CVEs in GStreamer Kevin Backhouse
Re: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Shrader, David Lee
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
CVE-2026-40682: Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor Richard Zowalla
CVE-2026-42027: Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader Richard Zowalla
CVE-2026-42440: Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader Richard Zowalla
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Security audit of rust-coreutils Alan Coopersmith
Saturday, 02 May
uutils coreutils CVEs Collin Funk
Ubuntu back up, In Saturday after DDoS attacks cyber security
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: uutils coreutils CVEs Jan Schaumann
CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location Jean-Baptiste Onofré
CVE-2026-42810: Apache Polaris: Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. Jean-Baptiste Onofré
CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Jean-Baptiste Onofré
CVE-2026-42812: Apache Polaris: No protection on `write.metadata.path` Jean-Baptiste Onofré
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Brian May
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alexander Bochmann
Re: uutils coreutils CVEs Collin Funk
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Collin Funk
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Malik, Vaibhav
CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
syzkaller "Reporting Linux kernel bugs" out of date Solar Designer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation nightmare . yeah27
Sunday, 03 May
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Simon McVittie
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Peter Gutmann
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
Re: CVE request: io_uring zcrx freelist OOB write Greg KH
CVE-2026-40563: Apache Atlas: Script injection allows access to unintended data Pinal Shah
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Paul Ducklin
[vim-security] OS Command Injection via 'path' completion affects Vim < 9.2.0435 Christian Brabandt
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
Fwd: mutt 2.3.2 released Sam James
Monday, 04 May
Re: uutils coreutils CVEs Jakub Wilk
Re: uutils coreutils CVEs cyber security
Re: uutils coreutils CVEs Eli Schwartz
Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg Kroah-Hartman
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Jeroen Roovers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions Eric Covener
CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) Eric Covener
CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() Eric Covener
CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr Eric Covener
CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset Eric Covener
CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Eric Covener
CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack Eric Covener
CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash Eric Covener
CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line Eric Covener
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd
Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James
Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
Re: Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Salvatore Bonaccorso
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd
Local privilege escalation in Lix and Nix Thomas GERBET
Nix/Lix: local privilege escalation in daemon process Martin Weinelt
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
CVE-2026-43868: Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern Jens Geyer
CVE-2026-43869: Apache Thrift: TSSLTransportFactory.java hostname verification Jens Geyer
CVE-2026-43870: Apache Thrift: Node.js web_server.js multi-vulnerability Jens Geyer
Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Solar Designer
Tuesday, 05 May
CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response Eric Covener
[OSSA-2026-009] Horizon: Unauthenticated session flood via login redirect storage (CVE-2026-43002) Goutham Pacha Ravi
Django CVE-2026-5766, CVE-2026-35192, and CVE-2026-6907 Sarah Boyce
CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() Eric Covener
[OSSA-2026-010] Ironic: Credential Forwarding to Arbitrary Endpoints via iDrac Configuration Molds Feature (CVE-2026-42997) Jay Faulkner
vm2: sandbox escape in NodeVM with nesting:true (CVE-2026-44007) Akshat Sinha
Re: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Solar Designer
Security audit of Paramiko completed, fixes coming in 5.0 release Alan Coopersmith
CVE-2026-40010: Apache Wicket: possible session fixation using AuthenticatedWebSession Pedro Henrique Oliveira dos Santos
CVE-2026-42509: Apache Wicket: crafted strings can break out of the JavaScript sequence Pedro Henrique Oliveira dos Santos
CVE-2026-43646: Apache Wicket: crafted URLs can bypass PackageResourceGuard Pedro Henrique Oliveira dos Santos
CVE-2026-43975: Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager Pedro Henrique Oliveira dos Santos
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Wednesday, 06 May
CVE-2026-5081: Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure Robert Rothenberg
CVE-2026-40562: Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence Robert Rothenberg
Vulnerability fixes in Tor 0.4.9.7 Sam James
Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption Solar Designer
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH
Thursday, 07 May
XSS in Postorius (Mailman 3) 1.3.13 and earlier Alyssa Ross
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption Sam James
Re: CVE request: io_uring zcrx freelist OOB write Solar Designer
[OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213, CVE-2026-40214) Goutham Pacha Ravi
Re: CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
Dirty Frag: Universal Linux LPE Hyunwoo Kim
[vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 Christian Brabandt
Re: Dirty Frag: Universal Linux LPE Sandipan Roy
Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe
Copy Fail 2 / Dirty Frag — n-day from public commit, not embargo break SiCk
Re: CVE request: io_uring zcrx freelist OOB write Benjamin Hays
Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov
Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe
Re: CVE request: io_uring zcrx freelist OOB write Solar Designer
Re: XSS in Postorius (Mailman 3) 1.3.13 and earlier Demi Marie Obenour
Re: Dirty Frag: Universal Linux LPE Daniel Tang
Friday, 08 May
Re: Dirty Frag: Universal Linux LPE Greg KH
Re: Dirty Frag: Universal Linux LPE Greg KH
Re: XSS in Postorius (Mailman 3) 1.3.13 and earlier Sebastian Pipping
Re: CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
Re: Dirty Frag: Universal Linux LPE Bernhard R. Link
CVE-2013-10075: Apache::Session versions through 1.94 for Perl re-creates deleted sessions Robert Rothenberg
Re: Copy Fail 2 / Dirty Frag — n-day from public commit, not embargo break Sam James
Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe
Re: Re: Dirty Frag: Universal Linux LPE Kalin KOZHUHAROV
BioPython 1.87 fixes CVE-2025-68463 (XXE, SSRF) Sebastian Pipping
CVE-2026-6659: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts Robert Rothenberg
Re: Re: Dirty Frag: Universal Linux LPE Greg Dahlman
Re: Re: Dirty Frag: Universal Linux LPE Emily Shepherd
Go 1.26.3 and Go 1.25.10 are released with 11 security fixes Alan Coopersmith
CVE-2025-66170: Apache CloudStack: Any user can list backups that they should not have access to Piotr P. Karwasz
CVE-2025-66171: Apache CloudStack: Any user can create a new VM from backups they should not have access to Piotr P. Karwasz
CVE-2025-66172: Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to Piotr P. Karwasz
CVE-2025-66467: Apache CloudStack: MinIO policy remains intact on bucket deletion Piotr P. Karwasz
CVE-2025-69233: Apache CloudStack: Domain/account resources limits not honored Piotr P. Karwasz
CVE-2026-25077: Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates Piotr P. Karwasz
CVE-2026-25199: Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access Piotr P. Karwasz
Saturday, 09 May
uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping
Sunday, 10 May
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Solar Designer
CVE-2026-43826: Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL Shahar Epstein
CVE-2026-41018: Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL Shahar Epstein
CVE-2026-45179: Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses Robert Rothenberg
CVE-2026-45180: Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids Robert Rothenberg
CVE-2026-45190: Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass Stig Palmquist
CVE-2026-45191: Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass Stig Palmquist
CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Stig Palmquist
Monday, 11 May
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API (CVE-2026-44931) Matthias Gerstner
Re: CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Stig Palmquist
CVE-2026-5084: WebDyne::Session versions through 2.075 for Perl generates the session id insecurely Stig Palmquist
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x
[OSSA-2026-012] Ironic: Remote Code Execution when Anaconda driver enabled (CVE-2026-44916) Jay Faulkner
[oss-security][CVE-2026-7210] Cpython: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Alan Coopersmith
CVE Request: Fail-open authentication in hathor-wallet-headless <= 0.38.0 (vendor declined to fix) Emiliano Solazzi G.
dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Alan Coopersmith
OpenSSL ARM64 SM2 scalar multiplication timing side-channel (no CVE) Abhinav Agarwal
Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Alan Coopersmith
Re: [oss-security][CVE-2026-7210] Cpython: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Sebastian Pipping
CVE-2022-4988: Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries Robert Rothenberg
CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys Robert Rothenberg
libexpat 2.8.1 fixes CVE-2026-45186 (denial of service) Sebastian Pipping
CVE-2026-7010: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values Stig Palmquist
Re: Coordinated Disclosure in the LLM Age Tim Shephard
Public security analysis and LLM-assisted variant discovery Tim Shephard
Tuesday, 12 May
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping
[EXIM-Security-2026-05-01.1] Security Release 4.99.3 Heiko Schlittermann
Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3 Heiko Schlittermann
Dovecot Security Advisory OXDC-2026-0002 Aki Tuomi
CVE-2026-8368: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects Stig Palmquist
CVE-2026-43512: Apache Tomcat: Digest authenticator will authenticate any unknown user Mark Thomas
CVE-2026-43513: Apache Tomcat: LockOutRealm treats user names as case-sensitive Mark Thomas
CVE-2026-43514: Apache Tomcat: AJP secret compared in non-constant time Mark Thomas
CVE-2026-43515: Apache Tomcat: Security constraints not correctly applied Mark Thomas
CVE-2026-41284: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling Mark Thomas
CVE-2026-41293: Apache Tomcat: HTTP/2 request headers not validated Mark Thomas
CVE-2026-42498: Apache Tomcat: WebSocket authentication header exposure Mark Thomas
Xen Security Advisory 490 v1 (CVE-2025-54518) - x86: CPU Opcode Cache corruption Xen . org security team
CVE-2026-5089: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read Robert Rothenberg
Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Ilia
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Joshua Windle
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Ilia
Re: Coordinated Disclosure in the LLM Age Willy Tarreau
Fwd: [siren] [Security Advisory] Severity: CRITICAL - Malicious Compromise of OpenSearch Pre-Release npm Packages Alan Coopersmith
Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Sam James
Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3 Sam James
CVE-2026-5958: GNU sed: TOCTOU race in sed -i --follow-symlinks Solar Designer
CVE-2026-41326: Kata Containers: CopyFile Policy Subversion via Symlinks Solar Designer
Wednesday, 13 May
Linux kernel LPE ("fragnesia", copyfail 3.0) Sam James
CVE-2026-8463: Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input Stig Palmquist
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Greg KH
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Solar Designer
NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945 Alan Coopersmith
CVE-2026-8500: Web::Passwd versions through 0.03 for Perl is vulnerable to RCE Robert Rothenberg
[oss-security][CVE-2026-8328] CPython: FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address Alan Coopersmith
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Jan Schaumann
Re: [vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 Tianyu Chen
Thursday, 14 May
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Salvatore Bonaccorso
CVE-2026-45205: Apache Commons Configuration: StackOverflowError for YAML input with cycles Gary D. Gregory
[vim-security] Command Injection in tar.vim affects Vim < 9.2.479 Christian Brabandt
[vim-security] Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename affects Vim < 9.2.480 Christian Brabandt
CVE-2026-8612: WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution Stig Palmquist
Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso
Friday, 15 May
Re: Coordinated Disclosure in the LLM Age Yves-Alexis Perez
Re: Coordinated Disclosure in the LLM Age Greg KH
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function David Gonzalez
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James
Re: Coordinated Disclosure in the LLM Age Santiago Ruano Rincón
Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour
Sv: Coordinated Disclosure in the LLM Age Markus Klyver
CVE-2026-8454: Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge
CVE-2026-8503: Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids Robert Rothenberg
CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge
CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand Robert Rothenberg
Security Advisory: Multiple Vulnerabilities in llama.cpp GGUF Format Parsers 135266653
CVE-2026-35194: Apache Flink: Remote code execution via SQL injection in code generation Martijn Visser
libpng-apng: Chunk-smuggling vulnerability in push-mode APNG parser: CVE-2026-40930 Cosmin Truta
netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later Alan Coopersmith
PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released with security fixes Alan Coopersmith
Poppy: XPC Observability & Fault Injection Stuart Thomas
Re: Poppy: XPC Observability & Fault Injection Solar Designer
CVE-2026-8700: Crypt::DSA versions before 1.20 for Perl generate seeds using rand Timothy Legge
CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified Timothy Legge
Sv: Coordinated Disclosure in the LLM Age ROI AI
Saturday, 16 May
Re: Coordinated Disclosure in the LLM Age Greg KH
Recent Kernel exploits, attack surface reduction, example IPSEC Hanno Böck
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Valtteri Vuorikoski
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Agostino Sarubbo
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Bernhard R. Link
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Lionel Debroux
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Jeffrey Walton
CVE-2026-46719: Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections Robert Rothenberg
Sunday, 17 May
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Donald Buczek
CVE-2026-46720: Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections Robert Rothenberg
[vim-security] Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name affects Vim < 9.2.495 Christian Brabandt
[vim-security] Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex affects Vim < 9.2.0496 Christian Brabandt
CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws Timothy Legge
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs Timothy Legge
CVE-2026-8788: Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections Robert Rothenberg
Monday, 18 May
Re: CVE request experience Fabian Keil
CVE-2026-31431 Copy Fail Linux LPE - new public exploit Andrei Berestov
On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
Tuesday, 19 May
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie
Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Marcus Meissner
Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Hanno Böck
Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Steffen Nurpmeso
PinTheft Linux LPE Sam James
[SBA-ADV-20260126-02] CVE-2026-42329: DFIR-IRIS before 2.4.28 Open Redirect SBA Research Security Advisory
[SBA-ADV-20260126-03] CVE-2026-42538: DFIR-IRIS before 2.4.28 Insecure File Upload SBA Research Security Advisory
[SBA-ADV-20260126-04] CVE-2026-42539: DFIR-IRIS before 2.4.28 Excessive Data Exposure SBA Research Security Advisory
[SBA-ADV-20260128-01] CVE-2026-42540: DFIR-IRIS before 2.4.28 Mass Assignment SBA Research Security Advisory
[SBA-ADV-20260128-03] CVE-2026-42543: DFIR-IRIS before 2.4.28 Cross-Site Request Forgery (CSRF) SBA Research Security Advisory
[SBA-ADV-20260128-05] CVE-2026-42547: DFIR-IRIS before 2.4.28 Alerts Can be Falsely Attributed to Customers SBA Research Security Advisory
CVE-2026-47323: Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering Andrea Cosentino
CVE-2026-29207: Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component Jacopo Cappellato
CVE-2026-29220: Apache OFBiz: Low-Privilege LFI in Content Component Jacopo Cappellato
CVE-2026-29226: Apache OFBiz: Low-Privilege SSRF in Content Component Jacopo Cappellato
CVE-2026-31378: Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution Jacopo Cappellato
CVE-2026-31379: Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager Jacopo Cappellato
CVE-2026-31380: Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass Jacopo Cappellato
CVE-2026-31387: Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation Jacopo Cappellato
CVE-2026-31388: Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature Jacopo Cappellato
CVE-2026-31906: Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters Jacopo Cappellato
CVE-2026-31909: Apache OFBiz: Unauthenticated Shipment Label Image Disclosure Jacopo Cappellato
CVE-2026-31910: Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access Jacopo Cappellato
CVE-2026-31986: Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection Jacopo Cappellato
CVE-2026-35086: Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services Jacopo Cappellato
CVE-2026-41919: Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction Jacopo Cappellato
CVE-2026-45187: Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs Jacopo Cappellato
CVE-2026-45434: Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE Jacopo Cappellato
CVE-2026-46586: Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution Jacopo Cappellato
Re: PinTheft Linux LPE Sam James
Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith
Re: PinTheft Linux LPE Sam James
Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro
CVE-2026-27173: Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Vincent Beck
CVE-2026-42526: Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends Vincent Beck
Re: PinTheft Linux LPE Jelle van der Waa
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona
[OSSA-2026-013] Ironic: Denial of Service via specially crafted deployment requests (CVE-2026-44919) Jay Faulkner
CVE-2026-5090: Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected Robert Rothenberg
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
CVE-2026-41054: haveged — privilege escalation via command socket Jiri Hladky
PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt
Heads-up: Upcoming Samba security releases (2026-05-26) Douglas Bagnall
Wednesday, 20 May
QEMU CXL Memory Corruption Vulnerability ("QEMUtiny") Brett Sheffield
Unbound: 1.25.1 addresses multiple CVE items Yorgos Thessalonikefs
rsync 3.4.3 released: six CVEs (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232) Andrew Tridgell
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Simon McVittie
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona
ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950) Michał Kępień
PowerDNS Security Advisory 2026-06: Multiple Issues Miod Vallat
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) gabriel . corona
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Multiple vulnerabilities in AppArmor Qualys Security Advisory
Re: Coordinated Disclosure in the LLM Age Alan Coopersmith
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Demi Marie Obenour
CVE-2026-4802 [cockpit] Arbitrary code execution in the logs page via a specially crafted link Jelle van der Waa
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona
CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks Robert Rothenberg