oss-security

Messages by Date

2024/09/26 [oss-security] CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Slawomir Jaranowski
2024/09/26 Re: [oss-security] CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses LinkinStar
2024/09/25 Re: [oss-security] CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Jeffrey Walton
2024/09/25 Re: [oss-security] CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Demi Marie Obenour
2024/09/25 RE: [oss-security] CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Goldberg, Adam
2024/09/25 Re: [oss-security] CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Solar Designer
2024/09/25 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005 Adrian Perez de Castro
2024/09/25 Re: [oss-security] CVE-2024-42154: Linux kernel: tcp_metrics: validate source addr length Sandipan Roy
2024/09/25 [oss-security] CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Enxin Xie
2024/09/24 [oss-security] CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure Shilun Fan
2024/09/24 Re: [oss-security] CVE-2024-42154: Linux kernel: tcp_metrics: validate source addr length Solar Designer
2024/09/24 [oss-security] CVE-2024-42154: Linux kernel: tcp_metrics: validate source addr length Joel GUITTET
2024/09/24 [oss-security] CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability Heping Wang
2024/09/24 [oss-security] Xen Security Advisory 462 v2 (CVE-2024-45817) - x86: Deadlock in vlapic_error() Xen . org security team
2024/09/23 [oss-security] CVE-2024-38286: Apache Tomcat: Denial of Service Mark Thomas
2024/09/23 [oss-security] CVE-2024-46544: Apache Tomcat Connectors: mod_jk: local users can view and modify configuration Mark Thomas
2024/09/21 [oss-security] CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml Chao Gong
2024/09/20 [oss-security] Performance Co-Pilot (PCP): pmcd network daemon security issues and review results (CVE-2024-45769), (CVE-2024-45770) Matthias Gerstner
2024/09/17 [oss-security] CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list Karan Kumar
2024/09/17 [oss-security] CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack Karan Kumar
2024/09/11 [oss-security] CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji
2024/09/10 [oss-security] [SECURITY ADVISORY] curl: CVE-2024-8096: OCSP stapling bypass with GnuTLS Daniel Stenberg
2024/09/09 [oss-security] CVE-2024-6655 Library injection from CWD in GTK-2/GTK-3 Dimitrios Glynos
2024/09/07 [oss-security] Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20 Alan Coopersmith
2024/09/07 [oss-security] CVE-2024-45751: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92 David Gstir
2024/09/06 [oss-security] libpcap 1.10.5 released with two security fixes Alan Coopersmith
2024/09/06 [oss-security] CVE-2024-7012, CVE-2024-7923: Authentication bypass in Foreman & Pulpcore Christian Hoffmann
2024/09/06 [oss-security] CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes Ephraim Anierobi
2024/09/06 [oss-security] CVE-2024-45498: Apache Airflow: Command Injection in an example DAG Ephraim Anierobi
2024/09/06 Re: [oss-security] Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() Michael Ellerman
2024/09/05 [oss-security] Go 1.23.1 and Go 1.22.7 released with 3 security fixes Alan Coopersmith
2024/09/04 [oss-security] [OSSA-2024-003] OpenStack Ironic: Unvalidated image data passed to qemu-img (CVE-2024-44082) Brian Rosmaita
2024/09/04 [oss-security] CVE-2024-43402: Rust before 1.81.0 didn't fully fix argument escaping for batch files Pietro Albini
2024/09/04 [oss-security] Re: CVE-2024-45310: runc can be tricked into creating empty files/directories on host Aleksa Sarai
2024/09/04 [oss-security] Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05) Sergei G
2024/09/03 [oss-security] CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE Jacques Le Roux
2024/09/03 [oss-security] CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing) Jacques Le Roux
2024/09/03 [oss-security] CPython: [CVE-2024-6232] Regular-expression DoS when parsing TarFile headers Alan Coopersmith
2024/09/03 [oss-security] CVE-2024-6119: OpenSSL: Possible denial of service in X.509 name checks Tomas Mraz
2024/09/03 [oss-security] Django CVE-2024-45230 and CVE-2024-45231 Natalia Bidart
2024/09/03 Re: [oss-security] CVE-2024-45310: runc can be tricked into creating empty files/directories on host Mike O'Connor
2024/09/02 [oss-security] CVE-2024-45310: runc can be tricked into creating empty files/directories on host Aleksa Sarai
2024/09/02 Re: [oss-security] Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() Solar Designer
2024/09/02 [oss-security] Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init() 2639161967
2024/08/31 [oss-security] [vim-security] heap-buffer-overflow in Vim > 9.1.0038 && < 9.1.0707 Christian Brabandt
2024/08/26 [oss-security] CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions Eric Covener
2024/08/25 [oss-security] [vim-security] heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 Christian Brabandt
2024/08/23 Re: [oss-security] CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Fay Stegerman
2024/08/23 Re: [oss-security] CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Fay Stegerman
2024/08/22 Re: [oss-security] CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Fay Stegerman
2024/08/22 [oss-security] [vim-security] heap-buffer-overflow in do_search() in Vim < 9.1.0689 Christian Brabandt
2024/08/22 [oss-security] gh:facebook/rocksdb v9.5.2 - SupplyChainAttackPoC for Meta BB Andreas Stieger
2024/08/22 [oss-security] CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names Alan Coopersmith
2024/08/21 [oss-security] CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link Ephraim Anierobi
2024/08/21 [oss-security] CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability Jun Gao
2024/08/20 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer
2024/08/20 [oss-security] CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded secret in the express-session Junkai Xue
2024/08/20 [oss-security] CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution Vulnerability ShunFeng Cai
2024/08/20 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso
2024/08/19 Re: [oss-security] AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) David A. Wheeler
2024/08/19 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer
2024/08/18 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann
2024/08/17 Re: [oss-security] AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) Alfredo Ortega
2024/08/17 [oss-security] Landlock Houdini fix: CVE-2024-42318 Mickaël Salaün
2024/08/17 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer
2024/08/16 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0004 Adrian Perez de Castro
2024/08/16 [oss-security] AI Cyber Challenge (AIxCC) semi-final results from DEF CON 32 (2024) David A. Wheeler
2024/08/16 [oss-security] Unbound 1.21.0 released with multiple security fixes Alan Coopersmith
2024/08/16 [oss-security] [kubernetes] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass Craig Ingram
2024/08/16 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton
2024/08/16 [oss-security] Heads-up: there are two versions of Intel microcode update IPU 2024.3 Samuel Verschelde
2024/08/16 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer
2024/08/16 Re: [oss-security] collision confounders (was: feedback requested regarding deprecation of TLS 1.0/1.1) Jacob Bachmeyer
2024/08/15 [oss-security] [vim-security] use-after-free in alist_add() in Vim < v9.1.0678 Christian Brabandt
2024/08/15 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann
2024/08/15 [oss-security] Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message Aki Tuomi
2024/08/15 [oss-security] Dovecot CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive Aki Tuomi
2024/08/15 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer
2024/08/15 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Hanno Böck
2024/08/14 Re: [oss-security] Tracking down a lost CVE request (MITRE) Michael Orlitzky
2024/08/14 Re: [oss-security] Tracking down a lost CVE request (MITRE) Mark Esler
2024/08/14 [oss-security] flatpak CVE-2024-42472: Access to files outside sandbox for apps using persistent= (--persist) Simon McVittie
2024/08/14 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn
2024/08/14 [oss-security] CVE-2024-7347: nginx: ngx_http_mp4_module: Worker process crash by using a specially crafted mp4 file Solar Designer
2024/08/14 [oss-security] Xen Security Advisory 461 v2 (CVE-2024-31146) - PCI device pass-through with shared resources Xen . org security team
2024/08/14 [oss-security] Xen Security Advisory 460 v2 (CVE-2024-31145) - error handling in x86 IOMMU identity mapping Xen . org security team
2024/08/14 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Mike O'Connor
2024/08/12 [oss-security] CVE-2024-41909: Apache MINA SSHD: integrity check bypass Arnout Engelen
2024/08/12 [oss-security] CVE-2024-42008 and more: XSS vulnerabilities in Roundcube webmail Valtteri Vuorikoski
2024/08/11 [oss-security] CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL Solar Designer
2024/08/09 [oss-security] CVE-2024-30188: Apache DolphinScheduler: Resource File Read And Write Vulnerability ShunFeng Cai
2024/08/09 [oss-security] CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution ShunFeng Cai
2024/08/09 [oss-security] CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use Enxin Xie
2024/08/09 [oss-security] CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link Enxin Xie
2024/08/09 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jens Timmerman
2024/08/09 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Peter Gutmann
2024/08/09 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jacob Bachmeyer
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 steffen
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso
2024/08/08 [oss-security] KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal KoreLogic Disclosures
2024/08/08 [oss-security] KL-001-2024-005: Open WebUI Stored Cross-Site Scripting KoreLogic Disclosures
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Duncan Grisby
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour
2024/08/08 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Pat Gunn
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Solar Designer
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 niekt0
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Dan Kegel
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Steffen Nurpmeso
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jeffrey Walton
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Chad Sheridan
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman
2024/08/07 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Bob Friesenhahn
2024/08/07 [oss-security] Multiple vulnerabilities in Jenkins Daniel Beck
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Jan Engelhardt
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Alex Gaynor
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Demi Marie Obenour
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Clemens Lang
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Stuart Henderson
2024/08/06 [oss-security] CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access Rohit Yadav
2024/08/06 [oss-security] CVE-2024-42062: Apache CloudStack: User Key Exposure to Domain Admins Rohit Yadav
2024/08/06 Re: [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Marco Moock
2024/08/06 [oss-security] Tracking down a lost CVE request (MITRE) Michael Orlitzky
2024/08/06 [oss-security] Django CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 Sarah Boyce
2024/08/06 [oss-security] feedback requested regarding deprecation of TLS 1.0/1.1 Neil Horman
2024/08/05 [oss-security] CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL) Haonan Hou
2024/08/04 [oss-security] CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow Jarek Potiuk
2024/08/04 [oss-security] CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code Jacques Le Roux
2024/08/03 Re: [oss-security] Neat VNC Security Vulnerability Salvatore Bonaccorso
2024/08/02 Re: [oss-security] Neat VNC Security Vulnerability Andri Yngvason
2024/08/02 Re: [oss-security] Neat VNC Security Vulnerability Solar Designer
2024/08/02 RE: [oss-security] Neat VNC Security Vulnerability Dane Bouchie
2024/08/02 RE: [oss-security] Neat VNC Security Vulnerability Dane Bouchie
2024/08/02 Re: [oss-security] Neat VNC Security Vulnerability Solar Designer
2024/08/02 [oss-security] CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability Charles Zhang
2024/08/02 [oss-security] CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability Heping Wang
2024/08/02 [oss-security] CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability Heping Wang
2024/08/01 Re: [oss-security] CPython CVE-2024-6923: Email header injection due to unquoted newlines Hanno Böck
2024/08/01 [oss-security] Neat VNC Security Vulnerability Andri Yngvason
2024/08/01 [oss-security] CPython CVE-2024-6923: Email header injection due to unquoted newlines Alan Coopersmith
2024/08/01 [oss-security] [vim-security] double-free in dialog_changed() in Vim < v9.1.0648 Christian Brabandt
2024/08/01 [oss-security] [vim-security] use-after-free in tagstack_clear_entry() in Vim < v9.1.0647 Christian Brabandt
2024/07/31 Re: [oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076) Valtteri Vuorikoski
2024/07/31 [oss-security] [SECURITY ADVISORY] curl: CVE-2024-7264 ASN.1 date parser overread Daniel Stenberg
2024/07/30 Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann
2024/07/30 [oss-security] CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass Jun Gao
2024/07/29 [oss-security] Fwd: [Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection Alan Coopersmith
2024/07/29 Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez
2024/07/29 Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Florian Weimer
2024/07/28 Re: [oss-security] Announce: OpenSSH 9.8 released Solar Designer
2024/07/28 Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems Solar Designer
2024/07/28 Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Solar Designer
2024/07/27 Re: [oss-security] linux kernel: virtio-net host dos Salvatore Bonaccorso
2024/07/26 Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Alan Coopersmith
2024/07/26 Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Solar Designer
2024/07/26 [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow Alan Coopersmith
2024/07/25 [oss-security] CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode David M. Johnson
2024/07/25 [oss-security] [ANNOUNCE] Apache Traffic Server is vulnerable to request smuggling and DoS Masakazu Kitajo
2024/07/24 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str Demi Marie Obenour
2024/07/24 [oss-security] inux kernel: virtio-net host dos John Haxby
2024/07/24 [oss-security] CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader James Turton
2024/07/23 [oss-security] [SECURITY ADVISORY] curl: CVE-2024-6874: macidn punycode buffer overread Daniel Stenberg
2024/07/23 [oss-security] [SECURITY ADVISORY] curl: CVE-2024-6197: freeing stack buffer in utf8asn1str Daniel Stenberg
2024/07/23 Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG Michel Lind
2024/07/23 [oss-security] CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information Yupeng Fu
2024/07/23 Re: [oss-security] linux-distros application for CentOS Project's Hyperscale SIG Solar Designer
2024/07/23 [oss-security] CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Andrew Lamb
2024/07/23 [oss-security] [OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767) Jeremy Stanley
2024/07/23 [oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076) Aram Sargsyan
2024/07/22 [oss-security] GNU C Library version 2.40 released with 5 CVE fixes Alan Coopersmith
2024/07/22 [oss-security] CVE-2024-29070: Apache StreamPark: session not invalidated after logout Huajie Wang
2024/07/22 [oss-security] CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields Francesco Chicchiriccò
2024/07/22 [oss-security] CVE-2024-34457: Apache StreamPark IDOR Vulnerability Huajie Wang
2024/07/22 [oss-security] CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data Rongtong Jin
2024/07/19 Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2024 Yogesh Mittal
2024/07/19 [oss-security] CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion Rohit Yadav
2024/07/19 [oss-security] [ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion Abhishek Kumar
2024/07/18 [oss-security] CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients Colm O hEigeartaigh
2024/07/18 [oss-security] CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE Colm O hEigeartaigh
2024/07/18 [oss-security] CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter Colm O hEigeartaigh
2024/07/18 [oss-security] CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability Huajie Wang
2024/07/17 [oss-security] CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows Eric Covener
2024/07/17 [oss-security] CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener
2024/07/17 [oss-security] Python Infrastructure Admin Token Leaked Through Docker Hub Andrii Polkovnychenko [EXT]
2024/07/17 [oss-security] CVE-2024-29120: Apache StreamPark: Information leakage vulnerability Huajie Wang
2024/07/17 [oss-security] [kubernetes] CVE-2024-5321: Incorrect permissions on Windows containers logs Craig Ingram
2024/07/17 [oss-security] CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution Huajie Wang
2024/07/17 [oss-security] CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution Huajie Wang
2024/07/16 [oss-security] CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process Dominik Riemer
2024/07/16 [oss-security] CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload Dominik Riemer
2024/07/16 [oss-security] CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts Dominik Riemer