Messages by Thread
-
-
[oss-security] [ANNOUNCE] ATS is vulnerable to malformed requests, and also has ACL issues
Masakazu Kitajo
-
[oss-security] CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation
Philipp Zehnder
-
[oss-security] CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File
Velmurugan Periasamy
-
[oss-security] [vim-security] potential code execution with tar.vim and special crafted tar files
Christian Brabandt
-
[oss-security] CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC
Charles Zhang
-
[oss-security] Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through
Xen . org security team
-
[oss-security] GNU Emacs 30.1 released with 2 CVE fixes
Alan Coopersmith
-
[oss-security] CPAN Security Group is CNA for Perl and CPAN Modules
Stig Palmquist
-
[oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland
Olivier Fourdan
-
[oss-security] CVE-2025-26794: Exim: SQL injection
Heiko Schlittermann
-
[oss-security] OpenH264 Decoding Functions Heap Overflow Vulnerability
Alan Coopersmith
-
[oss-security] Exim: CVE-2025-26794: upcoming security release
Heiko Schlittermann
-
[oss-security] Announce: OpenSSH 9.9p2 released
Damien Miller
-
[oss-security] GRUB CVE disclosures
Jan Setje-Eilers
-
[oss-security] Multiple vulnerabilities in libxml2
Nick Wellnhofer
-
[oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
Qualys Security Advisory
-
[oss-security] Multiple Vulnerabilities in U-Boot
Richard Weinberger
-
[oss-security] Multiple Vulnerabilities in Barebox
Richard Weinberger
-
[oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection
Solar Designer
-
[oss-security] [vim-security] heap use-after-free in str_to_reg() in Vim <
Christian Brabandt
-
[oss-security] [CVE-2024-3220] CPython: Default mimetype known files writeable on Windows
Alan Coopersmith
-
[oss-security] CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
Xue Weiming
-
[oss-security] CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass)
Yupeng(Roc)
-
[oss-security] CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node
Nikita Amelchev
-
[oss-security] Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network.
upper.underflow
-
[oss-security] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv()
Rich Felker
-
[oss-security] [kubernetes] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API
Craig Ingram
-
[oss-security] CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Madhan Neethiraj
-
[oss-security] CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint
Arnout Engelen
-
[oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected
Tomas Mraz
-
[oss-security] CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Paulo Motta
-
[oss-security] Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Paulo Motta
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0001
Adrian Perez de Castro
-
[oss-security] CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability
Mingyang Liu
-
[oss-security] Fwd: libtasn1-4.20.0 released [fixes CVE-2024-12133]
Alan Coopersmith
-
[oss-security] Linux: kernel BUG at fs/ocfs2/refcounttree.c:2678 ocfs2_refcount_cal_cow_clusters in 6.13.0
Solar Designer
-
[oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531)
Matthias Gerstner
-
[oss-security] CVE-2024-37358: Apache James: denial of service through the use of IMAP literals
Benoit Tellier
-
[oss-security] CVE-2025-23419: nginx: Client certificate authentication bypass with TLSv1.3 and session resumption
Solar Designer
-
[oss-security] CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion
Benoit Tellier
-
[oss-security] Curl SSH Insufficient Host Identity Verification
Harry Sintonen
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow
Daniel Stenberg
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close
Daniel Stenberg
-
[oss-security] [SECURITY ADVISORY] curl: CVE-2025-0167: netrc and default credential leak
Daniel Stenberg
-
[oss-security] KL-001-2025-002: Checkmk NagVis Remote Code Execution
KoreLogic Disclosures
-
[oss-security] KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting
KoreLogic Disclosures
-
[oss-security] CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API
Mingyu Chen
-
[oss-security] CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Paulo Motta
-
[oss-security] CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Paulo Motta
-
[oss-security] ISC has disclosed two vulnerabilities in BIND 9 (CVE-2024-11187, CVE-2024-12705)
Matthijs Mekking
-
[oss-security] CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions
Ayush Saxena
-
[oss-security] CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util
Ayush Saxena
-
[oss-security] CVE-2025-24783: Apache Cocoon: continuations may not be private
Arnout Engelen
-
[oss-security] CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
Jason Gerlowski
-
[oss-security] CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access
Jason Gerlowski
-
[oss-security] 7-Zip Mark-of-the-Web Bypass Vulnerability on Windows platforms
Alan Coopersmith
-
[oss-security] dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222)
Matthias Gerstner
-
[oss-security] Oracle January 2025 Critical Patch Update
Solar Designer
-
[oss-security] CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak
Pedro Henrique Oliveira dos Santos
-
[oss-security] Open Virtual Network egress access control list bypass.
Mark Michelson
-
[oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert()
Qualys Security Advisory
-
[oss-security] issue with stuck Mitre CVE requests
Matthias Gerstner
-
[oss-security] AMD Microcode Signature Verification Vulnerability
Tavis Ormandy
-
[oss-security] CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
Viraj Jasani
-
[oss-security] CERT/CC VU#199397 - Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
Alan Coopersmith
-
[oss-security] CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
Viraj Jasani
-
[oss-security] CVE-2025-23195: Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
Viraj Jasani
-
[oss-security] Node.js security updates: CVE-2025-23083, CVE-2025-23084, CVE-2025-23085
Jan Schaumann
-
[oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Alan Coopersmith
-
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Greg KH
-
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Pete Allor
-
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Florian Weimer
-
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Pete Allor
-
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Florian Weimer
-
Re: [oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089
Pete Allor
-
[oss-security] CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
Velmurugan Periasamy
-
[oss-security] CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Velmurugan Periasamy
-
[oss-security] Subject: [vim-security] segmentation fault in win_line() in Vim < 9.1.1043
Christian Brabandt
-
[oss-security] CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files
Colm O hEigeartaigh
-
[oss-security] CVE-2024-13176: OpenSSL: Timing side-channel in ECDSA signature computation
Tomas Mraz
-
[oss-security] fdroidserver AllowedAPKSigningKeys certificate pinning fundamentally unreliable
Fay Stegerman
-
[oss-security] WriteFreely exposes database credentials though insecure file permissions
Fay Stegerman
-
[oss-security] Go 1.23.5 and Go 1.22.11 are released with 2 security fixes
Alan Coopersmith
-
[oss-security] [kubernetes] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API
Vellore Rajakumar, Sri Saran Balaji
-
[oss-security] Session (a fork of the Signal private messaging app) is sus
Soatok Dreamseeker
-
[oss-security] pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)
Matthias Gerstner
-
[oss-security] Fwd: Node.js security updates for all active release lines, January 2025
Rafael Gonzaga
-
[oss-security] git: 2 vulnerabilities fixed
Johannes Schindelin
-
[oss-security] RSYNC: 6 vulnerabilities
Nick Tait
-
[oss-security] CVE-2024-56374: Django: Potential denial-of-service vulnerability in IPv6 validation
Natalia Bidart
-
[oss-security] CVE-2024-45627: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability
Heping Wang
-
[oss-security] CVE-2025-22828: Apache CloudStack: Unauthorised access to annotations
Nux
-
[oss-security] [vim-security] heap-buffer-overflow in Vim < 9.1.1003
Christian Brabandt
-
[oss-security] "/bin/sh: The Biggest Unix Security Loophole" paper from 1984
Alan Coopersmith
-
[oss-security] CVE-2024-45033: Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli
Elad Kalif
-
[oss-security] CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode
Maxim Solodovnik
-
Re: [oss-security] Linux: general protection fault in __vmx_vcpu_run with nested virtualization
Greg KH
-
[oss-security] iTerm2 < 3.5.11 logs input/ouput to /tmp/framer.txt on remote host
Jan Schaumann
-
[oss-security] Another fdroidserver AllowedAPKSigningKeys certificate pinning bypass
Fay Stegerman
-
[oss-security] CVE-2024-56512: Apache NiFi: Missing Complete Authorization for Parameter and Service References
David Handermann
-
[oss-security] CVE-2024-40896 Analysis: libxml2 XXE due to type confusion
Yair Mizrahi
-
[oss-security] CVE-2024-52046: Apache MINA: MINA applications using unbounded deserialization may allow RCE
Emmanuel LĂ©charny
-
[oss-security] CVE-2024-43441: Apache HugeGraph-Server: Fixed JWT Token(Secret)
Imba Jin
-
[oss-security] CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments
Eric Friedrich
-
[oss-security] CVE-2024-23945: Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
Stamatis Zampetakis
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008
Adrian Perez de Castro
-
[oss-security] Fwd: Operational Notification: BIND 9.20 defect in QPzone implementation
Solar Designer
-
[oss-security] CVE-2024-56337: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Mark Thomas
-
[oss-security] SSSD: Weaknesses in Privilege Separation due to Issues in Privileged Helper Programs
Matthias Gerstner