oss-security  

Messages by Date

• 2025/03/12 Re: [oss-security] [vim-security] potential data loss with zip.vim and special crafted zip files in Vim < v9.1.1198 Solar Designer
• 2025/03/12 [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Douglas Bagnall
• 2025/03/12 [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Michel Lind
• 2025/03/12 [oss-security] [vim-security] potential data loss with zip.vim and special crafted zip files in Vim < v9.1.1198 Christian Brabandt
• 2025/03/12 [oss-security] FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Carsten Ziegeler
• 2025/03/12 [oss-security] CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters Andrea Cosentino
• 2025/03/12 [oss-security] Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) Matthias Gerstner
• 2025/03/11 Re: [oss-security] CVE-2025-1937+more: Numerous memory-safety issues in Firefox & Thunderbird Moritz Mühlenhoff
• 2025/03/11 [oss-security] [SBA-ADV-20241209-01] CVE-2024-13918: Laravel 11.9.0-11.35.1 Reflected XSS via Request Parameter in Debug-Mode Error Page SBA Research Security Advisory
• 2025/03/11 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/11 [oss-security] CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
• 2025/03/11 [oss-security] CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Pierre Villard
• 2025/03/10 Re: [oss-security] CVE-2025-1937+more: Numerous memory-safety issues in Firefox & Thunderbird Jacob Bachmeyer
• 2025/03/10 [oss-security] CVE-2025-1937+more: Numerous memory-safety issues in Firefox & Thunderbird Valtteri Vuorikoski
• 2025/03/10 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory
• 2025/03/09 [oss-security] CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering Andrea Cosentino
• 2025/03/07 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/07 [oss-security] Go CVE-2025-22870: proxy bypass using IPv6 zone IDs Alan Coopersmith
• 2025/03/07 [oss-security] CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE Jacques Le Roux
• 2025/03/06 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/06 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Buherátor
• 2025/03/06 [oss-security] CVE-2025-26699: Django: Potential denial-of-service in django.utils.text.wrap() Sarah Boyce
• 2025/03/06 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Taylor R Campbell
• 2025/03/06 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Bastian Blank
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/03/05 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/03/05 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/05 [oss-security] Multiple vulnerabilities in Jenkins Kevin Guerroudj
• 2025/03/05 [oss-security] [ANNOUNCE] ATS is vulnerable to malformed requests, and also has ACL issues Masakazu Kitajo
• 2025/03/03 [oss-security] CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation Philipp Zehnder
• 2025/03/03 [oss-security] CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File Velmurugan Periasamy
• 2025/03/02 [oss-security] [vim-security] potential code execution with tar.vim and special crafted tar files Christian Brabandt
• 2025/03/01 Re: [oss-security] Re: GNU Emacs 30.1 released with 2 CVE fixes Max Nikulin
• 2025/03/01 Re: [oss-security] Re: GNU Emacs 30.1 released with 2 CVE fixes Henrik Ahlgren
• 2025/02/27 [oss-security] CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC Charles Zhang
• 2025/02/27 Re: [oss-security] Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Demi Marie Obenour
• 2025/02/27 [oss-security] Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Teddy Astie
• 2025/02/27 [oss-security] Re: GNU Emacs 30.1 released with 2 CVE fixes Max Nikulin
• 2025/02/27 [oss-security] Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Xen . org security team
• 2025/02/26 [oss-security] GNU Emacs 30.1 released with 2 CVE fixes Alan Coopersmith
• 2025/02/25 [oss-security] CPAN Security Group is CNA for Perl and CPAN Modules Stig Palmquist
• 2025/02/25 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
• 2025/02/24 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Dmitry Belyavskiy
• 2025/02/24 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Solar Designer
• 2025/02/24 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Dmitry Belyavskiy
• 2025/02/21 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Solar Designer
• 2025/02/21 Re: [oss-security] CVE-2025-26794: Exim: SQL injection Solar Designer
• 2025/02/21 [oss-security] CVE-2025-26794: Exim: SQL injection Heiko Schlittermann
• 2025/02/21 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory
• 2025/02/21 [oss-security] OpenH264 Decoding Functions Heap Overflow Vulnerability Alan Coopersmith
• 2025/02/21 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Jordy Zomer
• 2025/02/20 Re: [oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection Solar Designer
• 2025/02/19 [oss-security] Exim: CVE-2025-26794: upcoming security release Heiko Schlittermann
• 2025/02/18 [oss-security] Announce: OpenSSH 9.9p2 released Damien Miller
• 2025/02/18 [oss-security] GRUB CVE disclosures Jan Setje-Eilers
• 2025/02/18 [oss-security] Multiple vulnerabilities in libxml2 Nick Wellnhofer
• 2025/02/18 [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory
• 2025/02/17 [oss-security] Multiple Vulnerabilities in U-Boot Richard Weinberger
• 2025/02/17 [oss-security] Multiple Vulnerabilities in Barebox Richard Weinberger
• 2025/02/16 Re: [oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection James Addison
• 2025/02/16 [oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection Solar Designer
• 2025/02/16 [oss-security] [vim-security] heap use-after-free in str_to_reg() in Vim < Christian Brabandt
• 2025/02/14 [oss-security] [CVE-2024-3220] CPython: Default mimetype known files writeable on Windows Alan Coopersmith
• 2025/02/14 [oss-security] CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Xue Weiming
• 2025/02/14 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Daniel Gutson
• 2025/02/14 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Nick Wellnhofer
• 2025/02/14 [oss-security] CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) Yupeng(Roc)
• 2025/02/14 Re: [oss-security] Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network. sjw
• 2025/02/14 [oss-security] CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node Nikita Amelchev
• 2025/02/13 [oss-security] Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network. upper.underflow
• 2025/02/13 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Daniel Gutson
• 2025/02/13 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker
• 2025/02/13 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker
• 2025/02/13 [oss-security] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker
• 2025/02/13 [oss-security] [kubernetes] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API Craig Ingram
• 2025/02/12 [oss-security] CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Madhan Neethiraj
• 2025/02/12 [oss-security] CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint Arnout Engelen
• 2025/02/11 Re: [oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected sjw
• 2025/02/11 [oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected Tomas Mraz
• 2025/02/11 [oss-security] CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Paulo Motta
• 2025/02/11 [oss-security] Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
• 2025/02/09 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0001 Adrian Perez de Castro
• 2025/02/07 [oss-security] CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability Mingyang Liu
• 2025/02/07 [oss-security] Re: pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) Jacob Bachmeyer
• 2025/02/06 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/02/06 Re: [oss-security] AMD Microcode Signature Verification Vulnerability trinity pointard
• 2025/02/06 Re: [oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) Douglas R. Reno
• 2025/02/06 [oss-security] Fwd: libtasn1-4.20.0 released [fixes CVE-2024-12133] Alan Coopersmith
• 2025/02/06 [oss-security] Linux: kernel BUG at fs/ocfs2/refcounttree.c:2678 ocfs2_refcount_cal_cow_clusters in 6.13.0 Solar Designer
• 2025/02/06 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow Fay Stegerman
• 2025/02/06 [oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) Matthias Gerstner
• 2025/02/06 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow Daniel Stenberg
• 2025/02/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/02/05 [oss-security] CVE-2024-37358: Apache James: denial of service through the use of IMAP literals Benoit Tellier
• 2025/02/05 [oss-security] CVE-2025-23419: nginx: Client certificate authentication bypass with TLSv1.3 and session resumption Solar Designer
• 2025/02/05 [oss-security] CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion Benoit Tellier
• 2025/02/05 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close Demi Marie Obenour
• 2025/02/05 [oss-security] Curl SSH Insufficient Host Identity Verification Harry Sintonen
• 2025/02/05 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow Daniel Stenberg
• 2025/02/05 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close Daniel Stenberg
• 2025/02/05 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0167: netrc and default credential leak Daniel Stenberg
• 2025/02/04 [oss-security] KL-001-2025-002: Checkmk NagVis Remote Code Execution KoreLogic Disclosures
• 2025/02/04 [oss-security] KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting KoreLogic Disclosures
• 2025/02/04 [oss-security] CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API Mingyu Chen
• 2025/02/04 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/02/03 [oss-security] CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Paulo Motta
• 2025/02/03 [oss-security] CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
• 2025/01/29 Re: [oss-security] Oracle January 2025 Critical Patch Update John Haxby
• 2025/01/29 [oss-security] ISC has disclosed two vulnerabilities in BIND 9 (CVE-2024-11187, CVE-2024-12705) Matthijs Mekking
• 2025/01/28 [oss-security] CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions Ayush Saxena
• 2025/01/28 [oss-security] CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util Ayush Saxena
• 2025/01/28 Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Pete Allor
• 2025/01/28 Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Florian Weimer
• 2025/01/27 Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Pete Allor
• 2025/01/27 Re: [oss-security] issue with stuck Mitre CVE requests Pete Allor
• 2025/01/27 Re: [oss-security] issue with stuck Mitre CVE requests Johannes Segitz
• 2025/01/27 Re: [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Bruce Lowenthal
• 2025/01/27 [oss-security] CVE-2025-24783: Apache Cocoon: continuations may not be private Arnout Engelen
• 2025/01/26 Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Florian Weimer
• 2025/01/26 Re: [oss-security] dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) U.Mutlu
• 2025/01/26 [oss-security] CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files Jason Gerlowski
• 2025/01/26 [oss-security] CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access Jason Gerlowski
• 2025/01/25 Re: [oss-security] Oracle January 2025 Critical Patch Update Sam James
• 2025/01/25 Re: [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Douglas R. Reno
• 2025/01/25 Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Pete Allor
• 2025/01/24 Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Greg KH
• 2025/01/24 Re: [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Solar Designer
• 2025/01/24 Re: [oss-security] issue with stuck Mitre CVE requests Mark Esler
• 2025/01/24 [oss-security] 7-Zip Mark-of-the-Web Bypass Vulnerability on Windows platforms Alan Coopersmith
• 2025/01/24 [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089 Alan Coopersmith
• 2025/01/24 [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Bruce Lowenthal
• 2025/01/24 [oss-security] dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222) Matthias Gerstner
• 2025/01/23 Re: [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Douglas R. Reno
• 2025/01/23 Re: [oss-security] Oracle January 2025 Critical Patch Update Solar Designer
• 2025/01/23 [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Solar Designer
• 2025/01/23 Re: [oss-security] issue with stuck Mitre CVE requests Pete Allor
• 2025/01/23 Re: [oss-security] Oracle January 2025 Critical Patch Update Alan Coopersmith
• 2025/01/23 [oss-security] Re: [External] : Fwd: [oss-security] Oracle January 2025 Critical Patch Update Bruce Lowenthal
• 2025/01/23 Re: [oss-security] Oracle January 2025 Critical Patch Update John Haxby
• 2025/01/23 Re: [oss-security] issue with stuck Mitre CVE requests Matthias Gerstner
• 2025/01/23 [oss-security] Re: CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Qualys Security Advisory
• 2025/01/22 [oss-security] Oracle January 2025 Critical Patch Update Solar Designer
• 2025/01/22 [oss-security] CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak Pedro Henrique Oliveira dos Santos
• 2025/01/22 [oss-security] Re: Open Virtual Network egress access control list bypass. Mark Michelson
• 2025/01/22 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
• 2025/01/22 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Tavis Ormandy
• 2025/01/22 Re: [oss-security] issue with stuck Mitre CVE requests Pedro Sampaio
• 2025/01/22 Re: [oss-security] issue with stuck Mitre CVE requests Johannes Segitz
• 2025/01/22 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Demi Marie Obenour
• 2025/01/22 [oss-security] Open Virtual Network egress access control list bypass. Mark Michelson
• 2025/01/22 [oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Qualys Security Advisory
• 2025/01/22 Re: [oss-security] issue with stuck Mitre CVE requests Greg KH
• 2025/01/22 [oss-security] issue with stuck Mitre CVE requests Matthias Gerstner
• 2025/01/21 [oss-security] AMD Microcode Signature Verification Vulnerability Tavis Ormandy
• 2025/01/21 [oss-security] CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition Viraj Jasani
• 2025/01/21 [oss-security] CERT/CC VU#199397 - Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4) Alan Coopersmith
• 2025/01/21 [oss-security] CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts Viraj Jasani
• 2025/01/21 [oss-security] CVE-2025-23195: Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie Viraj Jasani
• 2025/01/21 [oss-security] Fwd: Node.js security updates for all active release lines, January 2025 Rafael Gonzaga
• 2025/01/21 [oss-security] Node.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085 Jan Schaumann
• 2025/01/21 [oss-security] CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost Velmurugan Periasamy
• 2025/01/21 [oss-security] CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input Velmurugan Periasamy
• 2025/01/21 Re: [oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Christian Brabandt
• 2025/01/20 Re: [oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Eli Schwartz
• 2025/01/20 [oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043 Christian Brabandt
• 2025/01/20 [oss-security] CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files Colm O hEigeartaigh
• 2025/01/20 [oss-security] CVE-2024-13176: OpenSSL: Timing side-channel in ECDSA signature computation Tomas Mraz
• 2025/01/20 [oss-security] fdroidserver AllowedAPKSigningKeys certificate pinning fundamentally unreliable Fay Stegerman
• 2025/01/18 Re: [oss-security] git: 2 vulnerabilities fixed Salvatore Bonaccorso
• 2025/01/18 [oss-security] WriteFreely exposes database credentials though insecure file permissions Fay Stegerman
• 2025/01/17 [oss-security] Go 1.23.5 and Go 1.22.11 are released with 2 security fixes Alan Coopersmith
• 2025/01/16 Re: [oss-security] Re: pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) Russ Allbery
• 2025/01/16 Re: [oss-security] pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) Steffen Nurpmeso
• 2025/01/16 [oss-security] Re: pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) Matthias Gerstner
• 2025/01/15 [oss-security] Re: pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) Jacob Bachmeyer
• 2025/01/15 [oss-security] [kubernetes] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API Vellore Rajakumar, Sri Saran Balaji
• 2025/01/15 [oss-security] Session (a fork of the Signal private messaging app) is sus Soatok Dreamseeker
• 2025/01/15 [oss-security] pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013) Matthias Gerstner
• 2025/01/14 Re: [oss-security] RSYNC: 6 vulnerabilities Alan Coopersmith
• 2025/01/14 Re: [oss-security] RSYNC: 6 vulnerabilities Jan Schaumann
• 2025/01/14 [oss-security] Fwd: Node.js security updates for all active release lines, January 2025 Rafael Gonzaga
• 2025/01/14 [oss-security] git: 2 vulnerabilities fixed Johannes Schindelin
• 2025/01/14 [oss-security] RSYNC: 6 vulnerabilities Nick Tait
• 2025/01/14 [oss-security] CVE-2024-56374: Django: Potential denial-of-service vulnerability in IPv6 validation Natalia Bidart
• 2025/01/14 [oss-security] CVE-2024-45627: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Heping Wang
• 2025/01/13 [oss-security] CVE-2025-22828: Apache CloudStack: Unauthorised access to annotations Nux
• 2025/01/11 [oss-security] [vim-security] heap-buffer-overflow in Vim < 9.1.1003 Christian Brabandt
• 2025/01/08 [oss-security] "/bin/sh: The Biggest Unix Security Loophole" paper from 1984 Alan Coopersmith
• 2025/01/08 [oss-security] CVE-2024-45033: Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli Elad Kalif
• 2025/01/07 [oss-security] CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode Maxim Solodovnik
• 2025/01/07 Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization Solar Designer
• 2025/01/06 Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization Demi Marie Obenour
• 2025/01/06 Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization Greg KH
• 2025/01/04 Re: [oss-security] Xen Security Advisory 466 v3 (CVE-2024-53241) - Xen hypercall page unsafe against speculative attacks Solar Designer

• Earlier messages
• Later messages