oss-security  

Messages by Date

• 2026/05/05 Re: [oss-security] CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Solar Designer
• 2026/05/05 [oss-security] vm2: sandbox escape in NodeVM with nesting:true (CVE-2026-44007) Akshat Sinha
• 2026/05/05 [oss-security] [OSSA-2026-010] Ironic: Credential Forwarding to Arbitrary Endpoints via iDrac Configuration Molds Feature (CVE-2026-42997) Jay Faulkner
• 2026/05/05 [oss-security] CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() Eric Covener
• 2026/05/05 [oss-security] Django CVE-2026-5766, CVE-2026-35192, and CVE-2026-6907 Sarah Boyce
• 2026/05/05 [oss-security] [OSSA-2026-009] Horizon: Unauthenticated session flood via login redirect storage (CVE-2026-43002) Goutham Pacha Ravi
• 2026/05/05 [oss-security] CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response Eric Covener
• 2026/05/04 Re: [oss-security] [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Solar Designer
• 2026/05/04 [oss-security] CVE-2026-43870: Apache Thrift: Node.js web_server.js multi-vulnerability Jens Geyer
• 2026/05/04 [oss-security] CVE-2026-43869: Apache Thrift: TSSLTransportFactory.java hostname verification Jens Geyer
• 2026/05/04 [oss-security] CVE-2026-43868: Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern Jens Geyer
• 2026/05/04 [oss-security] Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
• 2026/05/04 [oss-security] Nix/Lix: local privilege escalation in daemon process Martin Weinelt
• 2026/05/04 [oss-security] Local privilege escalation in Lix and Nix Thomas GERBET
• 2026/05/04 Re: [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd
• 2026/05/04 Re: [oss-security] Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Salvatore Bonaccorso
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/04 Re: [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH
• 2026/05/04 [oss-security] Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James
• 2026/05/04 [oss-security] Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James
• 2026/05/04 Re: [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd
• 2026/05/04 [oss-security] CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line Eric Covener
• 2026/05/04 [oss-security] CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash Eric Covener
• 2026/05/04 [oss-security] CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack Eric Covener
• 2026/05/04 [oss-security] CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Eric Covener
• 2026/05/04 [oss-security] CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset Eric Covener
• 2026/05/04 [oss-security] CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr Eric Covener
• 2026/05/04 [oss-security] CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() Eric Covener
• 2026/05/04 [oss-security] CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) Eric Covener
• 2026/05/04 [oss-security] CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions Eric Covener
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/04 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
• 2026/05/04 Re: [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Jeroen Roovers
• 2026/05/04 Re: [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg Kroah-Hartman
• 2026/05/04 [oss-security] Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov
• 2026/05/04 Re: [oss-security] uutils coreutils CVEs Eli Schwartz
• 2026/05/04 Re: [oss-security] uutils coreutils CVEs cyber security
• 2026/05/04 Re: [oss-security] uutils coreutils CVEs Jakub Wilk
• 2026/05/03 [oss-security] Fwd: mutt 2.3.2 released Sam James
• 2026/05/03 Re: [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
• 2026/05/03 [oss-security] Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
• 2026/05/03 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
• 2026/05/03 [oss-security] [vim-security] OS Command Injection via 'path' completion affects Vim < 9.2.0435 Christian Brabandt
• 2026/05/03 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Peter Gutmann
• 2026/05/03 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Paul Ducklin
• 2026/05/03 [oss-security] CVE-2026-40563: Apache Atlas: Script injection allows access to unintended data Pinal Shah
• 2026/05/03 [oss-security] Re: CVE request: io_uring zcrx freelist OOB write Greg KH
• 2026/05/03 [oss-security] CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
• 2026/05/03 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/03 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Simon McVittie
• 2026/05/02 [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation nightmare . yeah27
• 2026/05/02 [oss-security] syzkaller "Reporting Linux kernel bugs" out of date Solar Designer
• 2026/05/02 [oss-security] CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Malik, Vaibhav
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Collin Funk
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alexander Bochmann
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/02 [oss-security] Re: uutils coreutils CVEs Collin Funk
• 2026/05/02 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Brian May
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
• 2026/05/02 [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
• 2026/05/02 [oss-security] CVE-2026-42812: Apache Polaris: No protection on `write.metadata.path` Jean-Baptiste Onofré
• 2026/05/02 [oss-security] CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Jean-Baptiste Onofré
• 2026/05/02 [oss-security] CVE-2026-42810: Apache Polaris: Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. Jean-Baptiste Onofré
• 2026/05/02 [oss-security] CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location Jean-Baptiste Onofré
• 2026/05/02 Re: [oss-security] uutils coreutils CVEs Jan Schaumann
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/02 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/02 [oss-security] Ubuntu back up, In Saturday after DDoS attacks cyber security
• 2026/05/02 [oss-security] uutils coreutils CVEs Collin Funk
• 2026/05/01 [oss-security] Security audit of rust-coreutils Alan Coopersmith
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
• 2026/05/01 [oss-security] CVE-2026-42440: Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader Richard Zowalla
• 2026/05/01 [oss-security] CVE-2026-42027: Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader Richard Zowalla
• 2026/05/01 [oss-security] CVE-2026-40682: Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor Richard Zowalla
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/01 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
• 2026/05/01 [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
• 2026/05/01 [oss-security] Re: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Shrader, David Lee
• 2026/05/01 Re: [oss-security] 10+ CVEs in GStreamer Kevin Backhouse
• 2026/05/01 Re: [oss-security] CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Alan Coopersmith
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/01 Re: [oss-security] Exim 4.99.2 fixes 4 CVEs Florian Weimer
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/01 Re: [oss-security] 10+ CVEs in GStreamer Demi Marie Obenour
• 2026/05/01 [oss-security] CVE-2026-42404: Apache Neethi: Unrestricted HTTP Redirect Following in Policy References Colm O hEigeartaigh
• 2026/05/01 [oss-security] CVE-2026-42403: Apache Neethi: Circular Policy Reference Infinite Loop Colm O hEigeartaigh
• 2026/05/01 [oss-security] CVE-2026-42402: Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS Colm O hEigeartaigh
• 2026/05/01 [oss-security] Prosody XMPP server security advisory 2026-04-31 (multiple vulnerabilities) Matthew Wild
• 2026/05/01 [oss-security] CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Valtteri Vuorikoski
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
• 2026/04/30 Re: [oss-security] 10+ CVEs in GStreamer Solar Designer
• 2026/04/30 [oss-security] Exim 4.99.2 fixes 4 CVEs Solar Designer
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
• 2026/04/30 [oss-security] CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely Robert Rothenberg
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Roman Medina-Heigl Hernandez
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
• 2026/04/30 Re: [oss-security] Coordinated Disclosure in the LLM Age Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Salvatore Bonaccorso
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
• 2026/04/29 Re: [oss-security] lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Sam James
• 2026/04/29 [oss-security] Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
• 2026/04/29 [oss-security] [CVE-2026-37555] libsndfile IMA-ADPCM integer overflow (incomplete fix for CVE-2022-33065) Feng Ning
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Aaron Rainbolt
• 2026/04/29 [oss-security] inetutils-2.8 released with 2 CVE fixes Alan Coopersmith
• 2026/04/29 [oss-security] gnutls 3.8.13 released with 12 CVE fixes and more Alan Coopersmith
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Zube
• 2026/04/29 [oss-security] OSSA-2026-008: OpenStack Ironic: Command Injection in Ironic IPMI Console Implementations (CVE-2026-42510) - errata 1 Goutham Pacha Ravi
• 2026/04/29 [oss-security] CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting Robert Rothenberg
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eddie Chapman
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Brian May
• 2026/04/29 [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Jan Schaumann
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Clemens Lang
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Renaud Allard
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Willy Tarreau
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Jeremy Stanley
• 2026/04/29 [oss-security] Xen Security Advisory 489 v2 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
• 2026/04/29 [oss-security] CVE-2026-7111: Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption Stig Palmquist
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Lucas Holt
• 2026/04/29 [oss-security] Multiple vulnerabilities in Jenkins plugins Daniel Beck
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-7168: cross-proxy Digest auth state leak Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-6276: stale custom cookie host causes cookie leak Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-6253: proxy credentials leak over redirect-to proxy Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-6429: netrc credential leak with reused proxy connection Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-5773: wrong reuse of SMB connection Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-4873: connection reuse ignores TLS requirement Daniel Stenberg
• 2026/04/28 Re: [oss-security] Coordinated Disclosure in the LLM Age Peter Gutmann
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Jacob Bachmeyer
• 2026/04/28 Re: [oss-security] Coordinated Disclosure in the LLM Age Jacob Bachmeyer
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Solar Designer
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Ellenor Bjornsdottir
• 2026/04/28 [oss-security] CVE-2026-40560: Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Alan Coopersmith
• 2026/04/28 [oss-security] Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
• 2026/04/28 [oss-security] Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
• 2026/04/28 Re: [oss-security] Coordinated Disclosure in the LLM Age Greg Dahlman
• 2026/04/28 [oss-security] Xen Security Advisory 489 v1 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
• 2026/04/28 [oss-security] CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen
• 2026/04/28 [oss-security] The GNU C Library security advisories update for 2026-04-28 Carlos O'Donell
• 2026/04/28 [oss-security] Coordinated Disclosure in the LLM Age Jeremy Stanley
• 2026/04/28 [oss-security] Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction Xen . org security team
• 2026/04/27 [oss-security][CVE-2026-3087] shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Alan Coopersmith
• 2026/04/27 [oss-security] CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer
• 2026/04/27 [oss-security] CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-40355, CVE-2026-40356: MIT krb5 1.18+ Unauthenticated Network read overrun and null pointer dereference Cem Onat Karagun
• 2026/04/27 [oss-security][CVE-2026-6357] pip self-update functionality can import newly installed modules after wheel installation Alan Coopersmith
• 2026/04/27 [oss-security] [OSSA-2026-008] Ironic: Command Injection in IPMI Console Implementations (CVE pending) Jay Faulkner
• 2026/04/27 [oss-security] CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny
• 2026/04/27 [oss-security] CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters Robert Rothenberg
• 2026/04/27 [oss-security] ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny
• 2026/04/27 [oss-security] uriparser 1.0.1 fixes CVE-2026-42371 (integer overflow) Sebastian Pipping
• 2026/04/27 [oss-security] plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) Matthias Gerstner
• 2026/04/26 [oss-security] CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino
• 2026/04/26 [oss-security] libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy) Sebastian Pipping
• 2026/04/25 [oss-security] CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla
• 2026/04/25 [oss-security] CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla
• 2026/04/25 [oss-security] bubblewrap CVE-2026-41163: Privilege escalation if setuid root, via ptrace Simon McVittie
• 2026/04/24 [oss-security] rust-openssl-v0.10.78 fixes 5 CVEs Alan Coopersmith
• 2026/04/24 [oss-security] CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats
• 2026/04/24 [oss-security] CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats

• Earlier messages