oss-security  

Messages by Date

• 2025/10/17 [oss-security] CVE-2025-61735: Apache Kylin: Server-Side Request Forgery Li Yang
• 2025/10/17 Re: [oss-security] Linux kernel: KASAN: out-of-bounds Read in proc_pid_stack on RISC-V Solar Designer
• 2025/10/17 Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Demi Marie Obenour
• 2025/10/17 [oss-security] CVE-2025-61734: Apache Kylin: improper restriction of file read Li Yang
• 2025/10/17 Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/17 Re: [oss-security] BoringSSL private key loading is not constant time Alex Gaynor
• 2025/10/17 [oss-security] Fwd: Heads-up: Upcoming Samba security releases Douglas Bagnall
• 2025/10/17 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
• 2025/10/17 [oss-security] CVE-2025-47410: Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system William Hodges
• 2025/10/17 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
• 2025/10/17 Re: [oss-security] BoringSSL private key loading is not constant time Jacob Bachmeyer
• 2025/10/17 Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
• 2025/10/17 Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/16 Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Peter Gutmann
• 2025/10/14 Re: [oss-security] BoringSSL private key loading is not constant time Peter Gutmann
• 2025/10/14 Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/13 Re: [oss-security] Announce: OpenSSH 10.1 released David Leadbeater
• 2025/10/13 Re: [oss-security] BoringSSL private key loading is not constant time Peter Gutmann
• 2025/10/13 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0007 Adrian Perez de Castro
• 2025/10/13 Re: [oss-security] BoringSSL private key loading is not constant time Jeffrey Walton
• 2025/10/13 [oss-security] GHSL-2025-042: Use After Free (UAF) in Poppler - CVE-2025-52885 Alan Coopersmith
• 2025/10/13 Re: [oss-security] Announce: OpenSSH 10.1 released Demi Marie Obenour
• 2025/10/12 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
• 2025/10/09 [oss-security] CVE-2025-62228: Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers Leonard Xu
• 2025/10/05 [oss-security] Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros nightmare . yeah27
• 2025/10/03 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz
• 2025/10/03 [oss-security] fetchmail-SA-2025-01: SMTP AUTH denial of service Alan Coopersmith
• 2025/10/03 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
• 2025/10/02 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz
• 2025/10/02 Re: [oss-security] How to do secure coding and create secure software Eli Schwartz
• 2025/10/02 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
• 2025/10/02 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz
• 2025/10/01 [oss-security] Django CVE-2025-59681 and CVE-2025-59682 Jacob Walls
• 2025/10/01 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Emilio Pozuelo Monfort
• 2025/10/01 [oss-security] CVE-2025-61622: Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory Chaokun Yang
• 2025/09/30 [oss-security] malware in SoopSocks package on PyPi Alan Coopersmith
• 2025/09/30 Re: [oss-security] How to do secure coding and create secure software Solar Designer
• 2025/09/30 Re: [oss-security] Shellshock (was: How to do secure coding and create secure software) David A. Wheeler
• 2025/09/29 Re: [oss-security] How to do secure coding and create secure software Solar Designer
• 2025/09/28 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller
• 2025/09/28 Re: [oss-security] How to do secure coding and create secure software lists
• 2025/09/28 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
• 2025/09/28 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew
• 2025/09/28 Re: [oss-security] How to do secure coding and create secure software Amit
• 2025/09/28 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
• 2025/09/27 Re: [oss-security] How to do secure coding and create secure software Mats Wichmann
• 2025/09/27 Re: [oss-security] How to do secure coding and create secure software Michael Jumper
• 2025/09/27 Re: [oss-security] How to do secure coding and create secure software Jeremy Stanley
• 2025/09/27 Re: [oss-security] How to do secure coding and create secure software Solar Designer
• 2025/09/27 [oss-security] How to do secure coding and create secure software Amit
• 2025/09/27 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
• 2025/09/27 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
• 2025/09/27 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
• 2025/09/27 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
• 2025/09/27 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
• 2025/09/27 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
• 2025/09/26 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
• 2025/09/26 [oss-security] libtiff 4.7.0: Out-of-Bounds Write in TIFFReadRGBAImageOriented() (CVE-2025-9900) Christian Hoffmann
• 2025/09/25 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew
• 2025/09/25 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Jacob Bachmeyer
• 2025/09/25 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour
• 2025/09/25 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Matthew Fernandez
• 2025/09/25 [oss-security] CVE-2025-54831: Apache Airflow: Connection sensitive details exposed to users with READ permissions Kaxil Naik
• 2025/09/25 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
• 2025/09/24 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
• 2025/09/24 Re: [oss-security] Linux kernel: eBPF vulnerabilities Solar Designer
• 2025/09/24 [oss-security] CVE-2025-58457: Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Damien Diederen
• 2025/09/24 [oss-security] CVE-2025-48392: Apache IoTDB: DoS Vulnerability Haonan Hou
• 2025/09/24 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
• 2025/09/24 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller
• 2025/09/23 Re: [oss-security] Linux kernel: eBPF vulnerabilities Solar Designer
• 2025/09/23 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
• 2025/09/23 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Todd C. Miller
• 2025/09/22 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer
• 2025/09/22 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Solar Designer
• 2025/09/22 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Pedro Sampaio
• 2025/09/22 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0006 Adrian Perez de Castro
• 2025/09/22 [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller
• 2025/09/20 [oss-security] Xen Security Advisory 472 v2 (CVE-2025-27466,CVE-2025-58142,CVE-2025-58143) - Mutiple vulnerabilities in the Viridian interface Xen . org security team
• 2025/09/20 [oss-security] CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Chen Xia
• 2025/09/19 [oss-security] CVE-2025-59355: Apache Linkis: Password Exposure Chen Xia
• 2025/09/18 [oss-security] CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified Robert Rothenberg
• 2025/09/18 [oss-security] CVE-2025-58364 cups: Remote DoS via null dereference Zdenek Dohnal
• 2025/09/18 [oss-security] PowerDNS Security Advisory 2025-05 for DNSdist: Denial of service via crafted DoH exchange Remi Gacogne
• 2025/09/17 [oss-security] CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg
• 2025/09/17 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg
• 2025/09/17 [oss-security] Multiple vulnerabilities in Jenkins Daniel Beck
• 2025/09/16 [oss-security] [kubernetes] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks Rita Zhang
• 2025/09/16 [oss-security] libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770) Sebastian Pipping
• 2025/09/15 [oss-security] CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Chaokun Yang
• 2025/09/15 [oss-security] [CVE-2025-38501] Linux kernel: KSMBD service DoS by TCP handshake tianshuo han
• 2025/09/11 [oss-security] Xen Security Advisory 474 v2 (CVE-2025-58146) - XAPI UTF-8 string handling Xen . org security team
• 2025/09/11 [oss-security] CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate Zdenek Dohnal
• 2025/09/10 [oss-security] ISC has disclosed one vulnerability in Stork (CVE-2025-8696) Ben Scott
• 2025/09/10 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Emilio Pozuelo Monfort
• 2025/09/09 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg
• 2025/09/09 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path Daniel Stenberg
• 2025/09/09 [oss-security] Xen Security Advisory 473 v2 (CVE-2025-58144,CVE-2025-58145) - Arm issues with page refcounting Xen . org security team
• 2025/09/08 [oss-security] CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg
• 2025/09/07 [oss-security] CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger
• 2025/09/07 [oss-security] CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases Sarah Boyce
• 2025/09/06 [oss-security] CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang
• 2025/09/06 [oss-security] CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong
• 2025/09/06 [oss-security] CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong
• 2025/09/05 [oss-security] SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] Alan Coopersmith
• 2025/09/05 [oss-security] SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965] Alan Coopersmith
• 2025/09/03 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
• 2025/09/03 [oss-security] CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai
• 2025/09/03 [oss-security] CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai
• 2025/08/28 Re: [oss-security] CVE-2025-8067 - UDisks Solar Designer
• 2025/08/28 [oss-security] CVE-2025-58047: DoS in Volto (Plone CMS) Maurits van Rees (Plone)
• 2025/08/28 [oss-security] CVE-2025-8067 - UDisks Marco Benatto
• 2025/08/27 [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-40779) Ben Scott
• 2025/08/26 Re: [oss-security] libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Solar Designer
• 2025/08/26 [oss-security] libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Dhiraj Mishra
• 2025/08/22 [oss-security] CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key Alan Coopersmith
• 2025/08/22 [oss-security] CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz
• 2025/08/22 [oss-security] CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz
• 2025/08/22 [oss-security] CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang
• 2025/08/20 Re: [oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Hanno Böck
• 2025/08/20 Re: [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Nick Tait
• 2025/08/20 [oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
• 2025/08/20 [oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
• 2025/08/19 [oss-security] Security pre-notification policy for vLLM project Huzaifa Sidhpurwala
• 2025/08/19 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour
• 2025/08/19 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Martin Storsjö
• 2025/08/19 Re: [oss-security] blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Ali Polatel
• 2025/08/19 Re: [oss-security] blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Simon McVittie
• 2025/08/18 Re: [oss-security] blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Jacob Bachmeyer
• 2025/08/18 Re: [oss-security] RSYNC: 6 vulnerabilities Alan Coopersmith
• 2025/08/18 [oss-security] CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen
• 2025/08/17 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
• 2025/08/17 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name David A. Wheeler
• 2025/08/17 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
• 2025/08/17 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Erik Auerswald
• 2025/08/16 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Solar Designer
• 2025/08/16 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
• 2025/08/16 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Collin Funk
• 2025/08/16 Re: [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith
• 2025/08/15 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Jordan Glover
• 2025/08/15 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour
• 2025/08/14 [oss-security] CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS) Hannes von Haugwitz
• 2025/08/14 [oss-security] CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass) Hannes von Haugwitz
• 2025/08/14 [oss-security] CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
• 2025/08/14 [oss-security] CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
• 2025/08/14 [oss-security] CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
• 2025/08/14 [oss-security] CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
• 2025/08/14 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Martin Storsjö
• 2025/08/14 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Sam James
• 2025/08/13 [oss-security] Question about (in)security of fdk-aac-free in linux distros Jordan Glover
• 2025/08/13 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Erik Auerswald
• 2025/08/13 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Thomas Dickey
• 2025/08/13 [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith
• 2025/08/13 [oss-security] CVE-2025-53859: nginx: ngx_mail_smtp_module buffer over-read potentially resulting in sensitive information leak Solar Designer
• 2025/08/13 [oss-security] xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
• 2025/08/13 [oss-security] CVE-2025-55668: Apache Tomcat: session fixation via rewrite valve Mark Thomas
• 2025/08/13 [oss-security] CVE-2025-48989: Apache Tomcat: h2 DoS - Made You Reset Mark Thomas
• 2025/08/13 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jens-Wolfhard Schicke-Uffmann
• 2025/08/11 [oss-security] CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing
• 2025/08/11 [oss-security] CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Robert Rothenberg
• 2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
• 2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Vincent Lefevre
• 2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
• 2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
• 2025/08/10 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
• 2025/08/10 [oss-security] [vim-security] A double-free was found in Vim >v9.1.1231 and < 9.1.1406 Christian Brabandt
• 2025/08/10 [oss-security] [vim-security] heap use-after-free was found in Vim < 9.1.1400 Christian Brabandt
• 2025/08/10 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
• 2025/08/09 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
• 2025/08/09 [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
• 2025/08/08 [oss-security] Re: StarDict sends the user's X11 selection to the network Maytham Alsudany
• 2025/08/07 Re: [oss-security] Five new CVEs published for Cyberark Conjur OSS Solar Designer
• 2025/08/07 [oss-security] CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
• 2025/08/07 [oss-security] CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh
• 2025/08/06 [oss-security] CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12 Alan Coopersmith
• 2025/08/05 [oss-security] CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin
• 2025/08/04 [oss-security] StarDict sends the user's X11 selection to the network Vincent Lefevre
• 2025/08/03 [oss-security] CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning
• 2025/08/03 [oss-security] CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning
• 2025/08/03 [oss-security] CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning
• 2025/08/03 Re: [oss-security] Linux kernel: eBPF vulnerabilities Demi Marie Obenour
• 2025/08/02 [oss-security] Linux kernel: eBPF vulnerabilities Solar Designer
• 2025/08/01 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005 Adrian Perez de Castro
• 2025/07/31 [oss-security] Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci
• 2025/07/30 [oss-security] CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez
• 2025/07/30 [oss-security] CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez
• 2025/07/30 [oss-security] CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen
• 2025/07/29 Re: [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Seth Larson
• 2025/07/28 Re: [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Mats Wichmann
• 2025/07/28 [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Alan Coopersmith
• 2025/07/24 [oss-security] CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
• 2025/07/24 Re: [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
• 2025/07/23 [oss-security] The GNU C Library security advisories update for 2025-07-23 Adhemerval Zanella Netto
• 2025/07/22 [oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE Solar Designer
• 2025/07/22 Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2025 Solar Designer
• 2025/07/22 [oss-security] [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override Rita Zhang
• 2025/07/21 Re: [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution Moritz Bechler
• 2025/07/21 [oss-security] CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
• 2025/07/21 [oss-security] CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
• 2025/07/18 [oss-security] Re: CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse

• Earlier messages
• Later messages