oss-sec: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

259 messages starting Apr 01 26 and ending Apr 28 26
Date index | Thread index | Author index

• Re: [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Salvatore Bonaccorso (Apr 01)
• Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 01)
  • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler (Apr 02)
    • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
      • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer (Apr 02)
  • <Possible follow-ups>
  • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
    • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen (Apr 02)
      • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
      • Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso (Apr 03)
• Re: Multiple vulnerabilities in AppArmor Greg KH (Apr 01)
  • <Possible follow-ups>
  • Re: Re: Multiple vulnerabilities in AppArmor Salvatore Bonaccorso (Apr 03)
• [vim-security] Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.2.0280 Christian Brabandt (Apr 01)
• [oss-security][CVE-2026-5271] Python install manager script aliases search path hijack Alan Coopersmith (Apr 01)
• FW: libinput Security Advisory: multiple security issues in libinput Peter Hutterer (Apr 01)
• Announce: OpenSSH 10.3 released Damien Miller (Apr 02)
  • Re: Announce: OpenSSH 10.3 released Agostino Sarubbo (Apr 03)
    • Re: Announce: OpenSSH 10.3 released Salvatore Bonaccorso (Apr 03)
  • Re: Announce: OpenSSH 10.3 released Demi Marie Obenour (Apr 03)
    • Re: Announce: OpenSSH 10.3 released Damien Miller (Apr 06)
      • Re: Announce: OpenSSH 10.3 released Demi Marie Obenour (Apr 07)
      • Re: Announce: OpenSSH 10.3 released Damien Miller (Apr 07)
      • Re: Announce: OpenSSH 10.3 released Demi Marie Obenour (Apr 07)
• [ANNOUNCE] ATS is vulnerable to HTTP requests with body Masakazu Kitajo (Apr 02)
• [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord (Apr 02)
  • Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker (Apr 02)
    • Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker (Apr 02)
  • Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord (Apr 09)
• Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall (Apr 05)
  • Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall (Apr 07)
    • Re: Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall (Apr 08)
• CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon (Apr 06)
• CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon (Apr 06)
• libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 07)
  • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Christian Göttsche (Apr 07)
    • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer (Apr 08)
      • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 08)
      • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer (Apr 08)
      • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 09)
      • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Tianyu Chen (Apr 09)
  • Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 08)
• CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar (Apr 07)
• CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever (Apr 07)
• CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever (Apr 07)
• CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever (Apr 07)
• Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034 Jacob Walls (Apr 07)
• OpenSSL Security Advisory Tomas Mraz (Apr 07)
• [OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551) Jeremy Stanley (Apr 07)
• [vim-security] Netbeans command injection in Vim < v9.2.0316 Christian Brabandt (Apr 07)
• systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 07)
  • Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 08)
  • Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso (Apr 09)
    • Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 09)
      • Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Vincent Lefevre (Apr 10)
• Multiple CVEs disclosed in CUPS Alan Coopersmith (Apr 07)
  • Re: Multiple CVEs disclosed in CUPS Peter Gutmann (Apr 07)
    • Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS Schwedas, Sven (Apr 08)
• Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Solar Designer (Apr 07)
  • Re: Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Stuart D Gathman (Apr 08)
• Re: Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Solar Designer (Apr 07)
• CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id Robert Rothenberg (Apr 08)
• CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids Robert Rothenberg (Apr 08)
• PyCA cryptography 46.0.7 released, fixes CVE-2026-39892 Alan Coopersmith (Apr 08)
• Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith (Apr 08)
  • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer (Apr 09)
    • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand (Apr 17)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz (Apr 17)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James (Apr 17)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand (Apr 19)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Dimitri Ledkov (Apr 20)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Morten Linderud (Apr 20)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour (Apr 20)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Michael Orlitzky (Apr 21)
      • Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour (Apr 21)
• X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Markus Vervier (Apr 08)
  • Re: X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Solar Designer (Apr 09)
• libpng 1.6.57: Use-after-free vulnerability fixed: CVE-2026-34757 Cosmin Truta (Apr 08)
• 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Solar Designer (Apr 08)
  • Re: 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Simon McVittie (Apr 09)
• lftp 4.9.3 does not filter non-printable characters in the output to the terminal Vincent Lefevre (Apr 08)
• CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats (Apr 09)
• CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik (Apr 09)
• CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik (Apr 09)
• CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik (Apr 09)
• CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats (Apr 09)
• CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon (Apr 09)
• CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon (Apr 09)
• CVE-2026-24880: Apache Tomcat: Request smuggling via invalid chunk extension Mark Thomas (Apr 09)
• CVE-2026-25854: Apache Tomcat: Occasionally open redirect Mark Thomas (Apr 09)
• CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas (Apr 09)
• CVE-2026-29145: Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas (Apr 09)
• CVE-2026-29146: Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas (Apr 09)
• CVE-2026-32990: Apache Tomcat: Fix for CVE-2025-66614 is incomplete Mark Thomas (Apr 09)
• CVE-2026-34483: Apache Tomcat: Incomplete escaping of JSON access logs Mark Thomas (Apr 09)
• CVE-2026-34486: Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas (Apr 09)
• CVE-2026-34487: Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas (Apr 09)
• CVE-2026-34500: Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas (Apr 09)
• [OSSA-2026-006] OpenStack Skyline: DOM-based XSS in Skyline Console via unsanitized instance console log rendering (CVE-2026-pending) Goutham Pacha Ravi (Apr 09)
• CVE-2026-4631 [cockpit] Unauthenticated remote code execution due to SSH command-line argument injection Jelle van der Waa (Apr 10)
• CVE-2026-34477: Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Piotr Karwasz (Apr 10)
• CVE-2026-34478: Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Piotr Karwasz (Apr 10)
• CVE-2026-34479: Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz (Apr 10)
• CVE-2026-34480: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz (Apr 10)
• xdg-desktop-portal GHSA-rqr9-jwwf-wxgj: Trashing of arbitrary host files Simon McVittie (Apr 10)
• xdg-dbus-proxy CVE-2026-34080: Eavesdrop filter bypass allows message interception Simon McVittie (Apr 10)
• CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass Stig Palmquist (Apr 10)
• CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass Stig Palmquist (Apr 10)
• [kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server Vinayak Goyal (Apr 10)
• CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF Alan Coopersmith (Apr 10)
• CPython [CVE-2026-3446] Base64 decoding stops at first padded quad by default Alan Coopersmith (Apr 10)
• CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski (Apr 11)
  • Re: CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski (Apr 11)
• LibRaw 0.22.1 Release with security fixes Alan Coopersmith (Apr 11)
• Avahi: Reachable assertion in transport_flags_from_domain (CVE-2026-34933) Alan Coopersmith (Apr 11)
• GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith (Apr 11)
  • Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk (Apr 11)
    • Re: GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith (Apr 11)
  • Re: GNU tar: listing/extraction desynchronization allows hidden file injection Solar Designer (Apr 11)
    • Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk (Apr 11)
      • Re: GNU tar: listing/extraction desynchronization allows hidden file injection Paul Eggert (Apr 12)
• Security Audit of Hex, the Erlang package manager Alan Coopersmith (Apr 12)
  • Re: Security Audit of Hex, the Erlang package manager Alexander Patrakov (Apr 12)
    • Re: Security Audit of Hex, the Erlang package manager Alan Coopersmith (Apr 13)
• CVE-2026-35337: Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Richard Zowalla (Apr 12)
• CVE-2026-35565: Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Richard Zowalla (Apr 12)
• CVE-2026-5085: Solstice::Session versions through 1440 for Perl generates session ids insecurely Robert Rothenberg (Apr 13)
• CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke (Apr 13)
• CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Qiuxia Fan (Apr 13)
• CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Qiuxia Fan (Apr 13)
• CVE-2025-66236: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Rahul Vats (Apr 13)
• CVE-2026-33858: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Rahul Vats (Apr 13)
• CVE-2026-39816: Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService David Handermann (Apr 13)
• [oss-security][CVE-2026-6100] CPython: Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Alan Coopersmith (Apr 13)
• [oss-security][CVE-2026-4786] CPython: Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Alan Coopersmith (Apr 13)
• CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks Robert Rothenberg (Apr 13)
• CVE-2026-31923: Apache APISIX: Openid-connect `tls_verify` field is disabled by default Abhishek Choudhary (Apr 13)
• CVE-2026-31924: Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Abhishek Choudhary (Apr 13)
• CVE-2026-31908: Apache APISIX: forward auth plugin allows header injection Abhishek Choudhary (Apr 13)
• CVE-2026-33929: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr (Apr 13)
• wolfSSL ML-DSA: same-process heap reuse exposes private signing material, enabling signature forgery Abhinav Agarwal (Apr 13)
• wolfSSL 5.9.1 CVE and non-CVE fixes Solar Designer (Apr 13)
• [disclosure] Multiple unpatched CVEs in libav (unmaintained FFmpeg fork, last update 2019) yangjincheng1998 (Apr 14)
• Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan (Apr 14)
  • Re: Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Alan Coopersmith (Apr 15)
• [OSSA-2026-007] OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean (CVE PENDING) Goutham Pacha Ravi (Apr 14)
• CVE-2025-54550: Apache Airflow: RCE by race condition in example_xcom dag Jarek Potiuk (Apr 14)
• CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. Kai Wan (Apr 14)
• CVE-2026-25219: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Jarek Potiuk (Apr 15)
• CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Robert Rothenberg (Apr 15)
  • Re: CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Jacques Deguest (Apr 15)
• [oss-security][CVE-2026-5713] CPython: Out-of-bounds read/write during remote debugging when connecting to malicious target Alan Coopersmith (Apr 15)
• [vim-security] Command injection via backtick expansion in tag filenames in Vim < v9.2.0357 Christian Brabandt (Apr 15)
• 7 vulnerabilities disclosed & patched in jq Alan Coopersmith (Apr 15)
  • Re: 7 vulnerabilities disclosed & patched in jq Collin Funk (Apr 15)
• UAF in rsync 3.4.1 and below Przemyslaw Frasunek (Apr 15)
  • Re: UAF in rsync 3.4.1 and below Alan Coopersmith (Apr 16)
    • Re: UAF in rsync 3.4.1 and below Salvatore Bonaccorso (Apr 16)
      • Re: UAF in rsync 3.4.1 and below Sam James (Apr 21)
• cosmic-greeter: Unsafe File System Operations in User Home Directories (CVE-2026-25704) Matthias Gerstner (Apr 16)
• CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 yangjincheng1998 (Apr 16)
  • Re: CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 Sam James (Apr 19)
• Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998 (Apr 16)
  • Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Alan Coopersmith (Apr 16)
    • Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998 (Apr 16)
      • Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Solar Designer (Apr 16)
      • Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998 (Apr 16)
• CVE-2026-31987: Apache Airflow: JWT token appearing in logs Rahul Vats (Apr 16)
• Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security (Apr 16)
  • Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security (Apr 18)
    • Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security (Apr 18)
      • Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Solar Designer (Apr 18)
• CVE-2026-33557: Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication Luke Chen (Apr 17)
• CVE-2026-33558: Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output Luke Chen (Apr 17)
• CVE-2025-66335: Apache Doris MCP Server: MCP SQL inject Mingyu Chen (Apr 17)
• CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error Rahul Vats (Apr 17)
• CVE-2026-32690: Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Rahul Vats (Apr 17)
• CVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Rahul Vats (Apr 17)
• CVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Rahul Vats (Apr 17)
• CVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Rahul Vats (Apr 17)
• cups: 8 various moderate vulnerabilities Zdenek Dohnal (Apr 17)
• ngtcp2: qlog_parameters_set_transport_params_stack_overflow [CVE-2026-40170] Alan Coopersmith (Apr 17)
• Xen Security Advisory 488 v1 - x86: Floating Point Divider State Sampling Xen . org security team (Apr 17)
• CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Jarek Potiuk (Apr 17)
• lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal (Apr 17)
  • Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal (Apr 18)
• CVE-2026-41113: RCE in sagredo fork of qmail Alan Coopersmith (Apr 18)
• [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Pico 🧬 (Apr 19)
  • Re: [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Alan Coopersmith (Apr 19)
• [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil (Apr 20)
  • Re: [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil (Apr 20)
• [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil (Apr 20)
  • Re: [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil (Apr 20)
• Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives Alan Coopersmith (Apr 20)
• The GNU C Library security advisories update for 2026-04-20 Carlos O'Donell (Apr 20)
• Libgcrypt security releases 1.12.2, 1.11.3, 1.10.x Valtteri Vuorikoski (Apr 21)
• Fwd: X.Org Security Advisory: CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord() Olivier Fourdan (Apr 21)
• CVE-2026-40706: ntfs-3g 2022.10.3: Heap buffer overflow Rostislav (Apr 21)
• CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Robert Rothenberg (Apr 21)
  • Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James (Apr 21)
    • Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James (Apr 21)
      • Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Steffen Nurpmeso (Apr 22)
• CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt Robert Rothenberg (Apr 21)
• [SECURITY] CVE-2026-40542: Apache HttpClient 5.6 SCRAM-SHA-256 mutual authentication bypass Arturo Bernal (Apr 22)
• CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit Matthias Klumpp (Apr 22)
• [vim-security] OS Command Injection in netrw affects Vim < 9.2.0383 Christian Brabandt (Apr 22)
• PowerDNS Security Advisory 2026-03 for PowerDNS Recursor: Multiple issues Otto Moerbeek (Apr 23)
• CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking Stig Palmquist (Apr 23)
• PowerDNS Authoritative Server 4.9.14 and 5.0.4 released Miod Vallat (Apr 23)
• CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Christopher L. Shannon (Apr 23)
• CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Christopher L. Shannon (Apr 23)
• CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia Christopher L. Shannon (Apr 23)
• CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. Wenjun Ruan (Apr 23)
• CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC Wenjun Ruan (Apr 23)
• CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats (Apr 24)
• CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats (Apr 24)
• rust-openssl-v0.10.78 fixes 5 CVEs Alan Coopersmith (Apr 24)
• bubblewrap CVE-2026-41163: Privilege escalation if setuid root, via ptrace Simon McVittie (Apr 25)
• CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla (Apr 25)
• CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla (Apr 25)
• libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy) Sebastian Pipping (Apr 26)
• CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino (Apr 26)
• CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino (Apr 26)
• CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino (Apr 26)
• CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino (Apr 26)
• CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino (Apr 26)
• CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino (Apr 26)
• CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino (Apr 26)
• CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino (Apr 26)
• CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino (Apr 26)
• plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) Matthias Gerstner (Apr 27)
• uriparser 1.0.1 fixes CVE-2026-42371 (integer overflow) Sebastian Pipping (Apr 27)
• CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny (Apr 27)
• ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny (Apr 27)
• CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters Robert Rothenberg (Apr 27)
• [OSSA-2026-008] Ironic: Command Injection in IPMI Console Implementations (CVE pending) Jay Faulkner (Apr 27)
• [oss-security][CVE-2026-6357] pip self-update functionality can import newly installed modules after wheel installation Alan Coopersmith (Apr 27)
• CVE-2026-40355, CVE-2026-40356: MIT krb5 1.18+ Unauthenticated Network read overrun and null pointer dereference Cem Onat Karagun (Apr 27)
• CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer (Apr 27)
• CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer (Apr 27)
• CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer (Apr 27)
• CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer (Apr 27)
• CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer (Apr 27)
• CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer (Apr 27)
• CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer (Apr 27)
• CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer (Apr 27)
• [oss-security][CVE-2026-3087] shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Alan Coopersmith (Apr 27)
• Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction Xen . org security team (Apr 28)
• Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command Xen . org security team (Apr 28)
• Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file Xen . org security team (Apr 28)
• Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping Xen . org security team (Apr 28)
• Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver Xen . org security team (Apr 28)
• Coordinated Disclosure in the LLM Age Jeremy Stanley (Apr 28)
  • Re: Coordinated Disclosure in the LLM Age Greg Dahlman (Apr 28)
• The GNU C Library security advisories update for 2026-04-28 Carlos O'Donell (Apr 28)
• CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen (Apr 28)
• Xen Security Advisory 489 v1 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team (Apr 28)
• [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 MOHAMED AZIZ RAHMOUNI (Apr 28)
  • Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy (Apr 28)
  • Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy (Apr 28)
  • Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Alan Coopersmith (Apr 28)

Previous period

Next period