oss-security mailing list
Recent messages:
- 2025/05/28 #11:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jakub Wilk <jwilk@...lk.net>)
- 2025/05/28 #10:
how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) (Solar Designer <solar@...nwall.com>)
- 2025/05/28 #9:
RE: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Jounee Kim <Jokim@...com>)
- 2025/05/28 #8:
Re: ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/28 #7:
ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801,
CVE-2025-32802, CVE-2025-32803) (Andrei Pavel <andrei@....org>)
- 2025/05/28 #6:
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does
not suppresses an enum's declaredClass property by def… ("Gary D. Gregory" <ggregory@...che.org>)
- 2025/05/28 #5:
[SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL (Daniel Stenberg <daniel@...x.se>)
- 2025/05/28 #4:
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL (Daniel Stenberg <daniel@...x.se>)
- 2025/05/28 #3:
CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible
Character Bypass Leading to Arbitrary File Read (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/28 #2:
CVE-2025-27522: Apache InLong: JDBC Vulnerability during
verification processing (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/28 #1:
CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode
and backspace bypass (Charles Zhang <dockerzhang@...che.org>)
- 2025/05/27 #2:
CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/27 #1:
Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464)
- WinPVDrivers: Excessive permissions on us… (Xen.org security team <security@....org…)
- 2025/05/26 #1:
CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and
UART DoS/RCE Vulnerabilities. (Tomasz Cedro <cederom@...che.org>)
- 2025/05/23 #2:
CVE-2025-48708: ghostscript can embed plaintext password in encrypted
PDFs (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/23 #1:
Re: Perl 5.40 dir dup bug with threading: security
consequences (Stig Palmquist <stig@...g.io>)
- 2025/05/22 #2:
Perl 5.40 dir dup bug with threading: security consequences (Vincent Lefevre <vincent@...c17.net>)
- 2025/05/22 #1:
CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use (Tomas Mraz <tomas@...nssl.org>)
- 2025/05/21 #1:
CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure (Nicki Křížek <nicki@....org>)
- 2025/05/20 #2:
CVE-2025-3908: OpenVPN 3 Linux v24.1 released (David Sommerseth <dazo@...ephia.org>)
- 2025/05/20 #1:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/19 #2:
Landlock news #5 (Mickaël Salaün <mic@...ikod.net>)
- 2025/05/19 #1:
Re: CPython CVE-2025-4516: Use-after-free crash
using bytes.decode("unicode_escape", error="ignore|replace") (Hanno Böck <hanno@...eck.de>)
- 2025/05/18 #1:
Re: describing affected systems (Eli Schwartz <eschwartz@...too.org>)
- 2025/05/17 #5:
Re: describing affected systems (was: screen: Multiple
Security Issues in Screen (mostly affecting release 5.0.0 and se… (Taylor R Campbell <riastradh@...BSD.org…)
- 2025/05/17 #4:
Re: describing affected systems (was: screen:
Multiple Security Issues in Screen (mostly affecting release 5.0.0 and
s… (Jan Schaumann <jschauma@...meister.org>)
- 2025/05/17 #3:
RE: The GNU C Library security advisories update for
2025-05-16 ("Caveney, Seamus G" <sgcaveney@...ttleschools.org>)
- 2025/05/17 #2:
Re: The GNU C Library security advisories update for 2025-05-16 (Solar Designer <solar@...nwall.com>)
- 2025/05/17 #1:
Re: describing affected systems (was: screen: Multiple
Security Issues in Screen (mostly affecting release 5.0.0 and setui… (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/05/16 #7:
The GNU C Library security advisories update for 2025-05-16 (Carlos O'Donell <carlos@...hat.com>)
- 2025/05/16 #6:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Eli Schwartz <eschwartz@...too.org>)
- 2025/05/16 #5:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Taylor R Campbell <riastradh@...BSD.org>)
- 2025/05/16 #4:
CPython CVE-2025-4516: Use-after-free crash using
bytes.decode("unicode_escape", error="ignore|replace") (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/16 #3:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Eli Schwartz <eschwartz@...too.org>)
- 2025/05/16 #2:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Jan Schaumann <jschauma@...meister.org>)
- 2025/05/16 #1:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/15 #4:
Re: Fwd: Node.js security updates for all active
release lines, May 2025 (Yogesh Mittal <ymittal@...hat.com>)
- 2025/05/15 #3:
WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 (Adrian Perez de Castro <aperez@...lia.com>)
- 2025/05/15 #2:
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack (Asad Ahmed <asadsa@...nish-software.com>)
- 2025/05/15 #1:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Stuart Henderson <stu@...cehopper.org>)
- 2025/05/14 #10:
Re: Fwd: Node.js security updates for all active release lines, May 2025 (Solar Designer <solar@...nwall.com>)
- 2025/05/14 #9:
Fwd: Node.js security updates for all active release lines, May
2025 (Rafael Gonzaga <work@...aelgss.dev>)
- 2025/05/14 #8:
Multiple vulnerabilities in Jenkins plugins (Kevin Guerroudj <kguerroudj@...udbees.com>)
- 2025/05/14 #7:
Re: EU Vulnerability Database ("gmane.io" <wwd.smartmachine.stp@...teo.org>)
- 2025/05/14 #6:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/14 #5:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/14 #4:
CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in
IoTDB OpenID Authentication (Haonan Hou <haonan@...che.org>)
- 2025/05/14 #3:
CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive
Information in IoTDB JDBC driver (Haonan Hou <haonan@...che.org>)
- 2025/05/14 #2:
CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted
URI of User-defined function (Haonan Hou <haonan@...che.org>)
- 2025/05/14 #1:
Re: EU Vulnerability Database (Solar Designer <solar@...nwall.com>)
- 2025/05/13 #16:
Re: screen: Multiple Security Issues in Screen (mostly
affecting release 5.0.0 and setuid-root installations) (Mark Esler <mark.esler@...inguard.dev>)
- 2025/05/13 #15:
Re: EU Vulnerability Database (Rolf Reintjes <rolf.reintjes@....de>)
- 2025/05/13 #14:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) (Simon McVittie <smcv@...ian.org>)
- 2025/05/13 #13:
Re: EU Vulnerability Database (Stuart Henderson <stu@...cehopper.org>)
- 2025/05/13 #12:
Re: EU Vulnerability Database (Stuart Henderson <stu@...cehopper.org>)
- 2025/05/13 #11:
EU Vulnerability Database (Graeme Fowler <graeme@...emef.net>)
- 2025/05/13 #10:
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 (Dave Hart <davehart@...il.com>)
- 2025/05/13 #9:
Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request
Smuggling Attack (Marco Benatto <mbenatto@...hat.com>)
- 2025/05/13 #8:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) ("Dr. Thomas Orgis" <thomas.orgis@...-hamburg.de>)
- 2025/05/13 #7:
Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege
Injection (Andrew Cooper <andrew.cooper3@...rix.com>)
- 2025/05/13 #6:
Re: screen: Multiple Security Issues in Screen
(mostly affecting release 5.0.0 and setuid-root installations) ("Dr. Thomas Orgis" <thomas.orgis@...-hamburg.de>)
- 2025/05/13 #5:
VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack (Asad Ahmed <asadsa@...nish-software.com>)
- 2025/05/13 #4:
CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during
C++ LZO Decompression (Dongjoon Hyun <dongjoon@...che.org>)
- 2025/05/13 #3:
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 (Albert Veli <albert.veli@...il.com>)
- 2025/05/13 #2:
Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools (Solar Designer <solar@...nwall.com>)
- 2025/05/13 #1:
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 (Matt Johnston <matt@....asn.au>)
- 2025/05/12 #6:
Re: Dropbear SSH 2025.88 fixes CVE-2025-47203 (Albert Veli <albert.veli@...il.com>)
- 2025/05/12 #5:
Xen Security Advisory 469 v2 (CVE-2024-28956) - x86: Indirect
Target Selection (Xen.org security team <security@....org>)
- 2025/05/12 #4:
Xen Security Advisory 469 v1 - x86: Indirect Target Selection (Xen.org security team <security@....org>)
- 2025/05/12 #3:
CVE-2025-27696: Apache Superset: Improper authorization leading to
resource ownership takeover (Daniel Gaspar <dpgaspar@...che.org>)
- 2025/05/12 #2:
CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools (VMware PSIRT <vmware.psirt@...adcom.com>)
- 2025/05/12 #1:
screen: Multiple Security Issues in Screen (mostly affecting release
5.0.0 and setuid-root installations) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/05/09 #4:
Dropbear SSH 2025.88 fixes CVE-2025-47203 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/09 #3:
CVE-2025-4207: PostgreSQL GB18030 encoding validation
can read one byte past end of allocation for text that fails vali… (Alan Coopersmith <alan.coopersmith@...c…)
- 2025/05/09 #2:
CVE-2025-46392: Apache Commons Configuration: StackOverflowError
loading untrusted configuration (Arnout Engelen <engelen@...che.org>)
- 2025/05/09 #1:
CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty (Valtteri Vuorikoski <vuori@...com.org>)
- 2025/05/08 #4:
Re: Fwd: Node.js security updates for all active release lines, May 2025 (Solar Designer <solar@...nwall.com>)
- 2025/05/08 #3:
Fwd: Node.js security updates for all active release lines, May
2025 (Rafael Gonzaga <work@...aelgss.dev>)
- 2025/05/08 #2:
Re: 3 new CVE's in old branch of GNU mailman (Jeremy Reeder <jeremy.reeder@...pros.com>)
- 2025/05/08 #1:
OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs (Jay Faulkner <jay@....cc>)
- 2025/05/07 #1:
CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() (Natalia Bidart <nataliabidart@...ngoproject.com>)
- 2025/05/06 #3:
Re: CVE-2025-27363: out of bounds write in FreeType <=
2.13.0 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/06 #2:
Go 1.24.3 fixes CVE-2025-22873: os: Root permits
access to parent directory (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/06 #1:
CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause
excessive memory allocation ("Christopher L. Shannon" <cshannon@...che.org>)
- 2025/05/02 #2:
CVE-2025-47153: out-of-bounds access in some 32-bit
builds of Node.js (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/05/02 #1:
CVE-2025-46762: Apache Parquet Java: Potential malicious code
execution from trusted packages in the parquet-avro module when readi… (Gang Wu <gangwu@...che.org>)
- 2025/04/29 #1:
PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH
exchange (Remi Gacogne <remi.gacogne@...erdns.com>)
- 2025/04/28 #3:
CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve (Mark Thomas <markt@...che.org>)
- 2025/04/28 #2:
CVE-2025-31650: Apache Tomcat: DoS via malformed HTTP/2
PRIORITY_UPDATE frame (Mark Thomas <markt@...che.org>)
- 2025/04/28 #1:
Re: Re: Trailing dot in Cygwin filenames [was:
failed to clone iptables,ipset,nftables] (Werner Koch <wk@...pg.org>)
- 2025/04/25 #7:
Re: vulnerabilities in busybox tar and cpio tools (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/04/25 #6:
Re: CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c (Solar Designer <solar@...nwall.com>)
- 2025/04/25 #5:
Re: Trailing dot in Cygwin filenames [was: failed to clone
iptables,ipset,nftables] (Jan Engelhardt <ej@...i.de>)
- 2025/04/25 #4:
CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c ("xiaolin" <dongxiaolin@...pin.org>)
- 2025/04/25 #3:
CVE-2024-56430: openfhe: OpenFHE through 1.2.3 has a NULL pointer dereference bug ("xiaolin" <dongxiaolin@...pin.org>)
- 2025/04/25 #2:
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front
Matter Buffer Overflow (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/04/25 #1:
Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow (Solar Designer <solar@...nwall.com>)
- 2025/04/24 #9:
Re: vulnerabilities in busybox tar and cpio tools (Solar Designer <solar@...nwall.com>)
- 2025/04/24 #8:
Re: vulnerabilities in busybox tar and cpio tools (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/04/24 #7:
Re: CVE-2025-0395: Buffer overflow in the GNU C
Library's assert() (Qualys Security Advisory <qsa@...lys.com>)
31150 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
