Messages by Thread
-
-
[oss-security] libtiff 4.7.0: Out-of-Bounds Write in TIFFReadRGBAImageOriented() (CVE-2025-9900)
Christian Hoffmann
-
[oss-security] CVE-2025-54831: Apache Airflow: Connection sensitive details exposed to users with READ permissions
Kaxil Naik
-
[oss-security] CVE-2025-58457: Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Damien Diederen
-
[oss-security] CVE-2025-48392: Apache IoTDB: DoS Vulnerability
Haonan Hou
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0006
Adrian Perez de Castro
-
[oss-security] CVE-2023-51767: a bogus CVE in OpenSSH
Damien Miller
-
[oss-security] Xen Security Advisory 472 v2 (CVE-2025-27466,CVE-2025-58142,CVE-2025-58143) - Mutiple vulnerabilities in the Viridian interface
Xen . org security team
-
[oss-security] CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
Chen Xia
-
[oss-security] CVE-2025-59355: Apache Linkis: Password Exposure
Chen Xia
-
[oss-security] CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified
Robert Rothenberg
-
[oss-security] CVE-2025-58364 cups: Remote DoS via null dereference
Zdenek Dohnal
-
[oss-security] PowerDNS Security Advisory 2025-05 for DNSdist: Denial of service via crafted DoH exchange
Remi Gacogne
-
[oss-security] CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
Robert Rothenberg
-
[oss-security] [kubernetes] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks
Rita Zhang
-
[oss-security] libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770)
Sebastian Pipping
-
[oss-security] CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data
Chaokun Yang
-
[oss-security] [CVE-2025-38501] Linux kernel: KSMBD service DoS by TCP handshake
tianshuo han
-
[oss-security] Xen Security Advisory 474 v2 (CVE-2025-58146) - XAPI UTF-8 string handling
Xen . org security team
-
[oss-security] CVE-2025-58060 cups: Authentication bypass with AuthType Negotiate
Zdenek Dohnal
-
[oss-security] ISC has disclosed one vulnerability in Stork (CVE-2025-8696)
Ben Scott
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask
Daniel Stenberg
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path
Daniel Stenberg
-
[oss-security] Xen Security Advisory 473 v2 (CVE-2025-58144,CVE-2025-58145) - Arm issues with page refcounting
Xen . org security team
-
[oss-security] CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
Robert Rothenberg
-
[oss-security] CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory
Marcel Reutegger
-
[oss-security] CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases
Sarah Boyce
-
[oss-security] CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution
Huajie Wang
-
[oss-security] CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability
Chao Gong
-
[oss-security] CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response
Chao Gong
-
[oss-security] SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709]
Alan Coopersmith
-
[oss-security] SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965]
Alan Coopersmith
-
[oss-security] CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions
Lidong Dai
-
[oss-security] CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack
Lidong Dai
-
[oss-security] CVE-2025-58047: DoS in Volto (Plone CMS)
Maurits van Rees (Plone)
-
[oss-security] CVE-2025-8067 - UDisks
Marco Benatto
-
[oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-40779)
Ben Scott
-
[oss-security] libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing
Dhiraj Mishra
-
[oss-security] CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key
Alan Coopersmith
-
[oss-security] CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout
Piotr Karwasz
-
[oss-security] CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout
Piotr Karwasz
-
[oss-security] CVE-2024-48988: Apache StreamPark: SQL injection vulnerability
Huajie Wang
-
[oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA
Tim Allison
-
[oss-security] Security pre-notification policy for vLLM project
Huzaifa Sidhpurwala
-
[oss-security] CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE
Arnout Engelen
-
[oss-security] CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS)
Hannes von Haugwitz
-
[oss-security] CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass)
Hannes von Haugwitz
-
[oss-security] CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API
Daniel Gaspar
-
[oss-security] CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions
Daniel Gaspar
-
[oss-security] CVE-2025-55672: Apache Superset: Store XSS on charts metadata
Daniel Gaspar
-
[oss-security] CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts
Daniel Gaspar
-
[oss-security] Question about (in)security of fdk-aac-free in linux distros
Jordan Glover
-
[oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Alan Coopersmith
-
[oss-security] CVE-2025-53859: nginx: ngx_mail_smtp_module buffer over-read potentially resulting in sensitive information leak
Solar Designer
-
[oss-security] xterm terminal crash due to malicious character sequences in file name
Vincent Lefevre
-
[oss-security] CVE-2025-55668: Apache Tomcat: session fixation via rewrite valve
Mark Thomas
-
[oss-security] CVE-2025-48989: Apache Tomcat: h2 DoS - Made You Reset
Mark Thomas
-
[oss-security] CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service
Wang Weibing
-
[oss-security] CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Robert Rothenberg
-
[oss-security] [vim-security] A double-free was found in Vim >v9.1.1231 and < 9.1.1406
Christian Brabandt
-
[oss-security] [vim-security] heap use-after-free was found in Vim < 9.1.1400
Christian Brabandt
-
[oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
lunbun
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
Jacob Bachmeyer
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
lunbun
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
Jacob Bachmeyer
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
lunbun
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
Jacob Bachmeyer
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
lunbun
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
Jens-Wolfhard Schicke-Uffmann
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
lunbun
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
Solar Designer
-
Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution
Vincent Lefevre
-
[oss-security] CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server
Min Ji
-
[oss-security] CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE
Colm O hEigeartaigh
-
[oss-security] CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12
Alan Coopersmith
-
[oss-security] CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin
Nicolas Malin
-
[oss-security] StarDict sends the user's X11 selection to the network
Vincent Lefevre
-
[oss-security] CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH
PJ Fanning
-
[oss-security] CVE-2024-41177: Apache Zeppelin: XSS in the Helium module
PJ Fanning
-
[oss-security] CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
PJ Fanning
-
[oss-security] Linux kernel: eBPF vulnerabilities
Solar Designer
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005
Adrian Perez de Castro
-
[oss-security] Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical)
Sandro Gauci
-
[oss-security] CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin
Juan Pablo Santos Rodríguez
-
[oss-security] CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing
Juan Pablo Santos Rodríguez
-
[oss-security] CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs
Arnout Engelen
-
[oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset
Alan Coopersmith
-
[oss-security] CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
Eric Covener
-
[oss-security] The GNU C Library security advisories update for 2025-07-23
Adhemerval Zanella Netto
-
[oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE
Solar Designer
-
[oss-security] [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
Rita Zhang
-
[oss-security] CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly
Andy Seaborne
-
[oss-security] CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI
Andy Seaborne
-
[oss-security] CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00
Jaras
-
[oss-security] CVE-2025-53816: Memory corruption in 7-Zip before 25.00
Jaras
-
[oss-security] Five new CVEs published for Cyberark Conjur OSS
Andy Tinkham
-
[oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777)
Everett B. Fulton
-
[oss-security] CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Robert Rothenberg
-
[oss-security] CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely
Robert Rothenberg
-
[oss-security] CVE-2025-23267:A vulnerability in NVIDIA Container Toolkit can lead to container escape.
liyajie
-
[oss-security] Fwd: Node.js security updates for all active release lines, July 2025
Rafael Gonzaga
-
[oss-security] CVE-2025-30761:A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution
liyajie
-
[oss-security] CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs
Colm O hEigeartaigh
-
[oss-security] [vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551
Christian Brabandt
-
[oss-security] [vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552
Christian Brabandt
-
[oss-security] CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons
Julian Reschke
-
[oss-security] https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read
PJ Fanning
-
[oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886
Alan Coopersmith
-
[oss-security] PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33
Alan Coopersmith
-
[oss-security] gnutls 3.8.10 fixes 4 CVEs
Alan Coopersmith
-
[oss-security] CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Gary D. Gregory
-
[oss-security] CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start
Mark Thomas
-
[oss-security] CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload
Mark Thomas
-
[oss-security] CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS
Mark Thomas
-
[oss-security] CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase
Eric Covener
-
[oss-security] CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack
Eric Covener
-
[oss-security] CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption
Eric Covener
-
[oss-security] CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service
Eric Covener