oss-security mailing list
Recent messages:
- 2025/06/30 #3:
CVE-2025-32463: sudo local privilege escalation via chroot option ("Todd C. Miller" <Todd.Miller@...o.ws>)
- 2025/06/30 #2:
CVE-2025-32462: sudo local privilege escalation via host option ("Todd C. Miller" <Todd.Miller@...o.ws>)
- 2025/06/30 #1:
CVE-2024-39954: Apache EventMesh Runtime: SSRF (Xue Weiming <mikexue@...che.org>)
- 2025/06/28 #1:
CVE-2025-32897: Apache Seata (incubating): Deserialization of
untrusted Data in Apache Seata Server (Min Ji <jimin@...che.org>)
- 2025/06/27 #2:
libssh 0.11.2 security and bugfix release (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/27 #1:
Re: CVE-2025-52555 Ceph: CephFS Permission Escalation
Vulnerability in Ceph Fuse mounted FS (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/06/26 #1:
CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in
Ceph Fuse mounted FS ("Sage [They / Them] McTaggart" <amctagga@...hat.com>)
- 2025/06/25 #1:
Re: sox_ng fixes 20 CVEs in sox (Martin Guy <martinwguy@...il.com>)
- 2025/06/24 #8:
Re: xdg-open bypassing SameSite=Strict (Lucas Holt <luke@...lishgames.com>)
- 2025/06/24 #7:
Re: xdg-open bypassing SameSite=Strict (Gabriel Corona <gabriel.corona@...e.fr>)
- 2025/06/24 #6:
Re: xdg-open bypassing SameSite=Strict (Anton Luka Šijanec <anton@...anec.eu>)
- 2025/06/24 #5:
Re: xdg-open bypassing SameSite=Strict (grape mingijung <mingijung.grape@...il.com>)
- 2025/06/24 #4:
sox_ng fixes 20 CVEs in sox (Martin Guy <martinwguy@...il.com>)
- 2025/06/24 #3:
CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL
injection in CopyFromExternalStageToSnowflakeOperator (Elad Kalif <eladkal@...che.org>)
- 2025/06/24 #2:
Re: xdg-open bypassing SameSite=Strict (Simon McVittie <smcv@...ian.org>)
- 2025/06/24 #1:
CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1
MODERATE) affecting the tarfile module (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/23 #2:
Re: xdg-open bypassing SameSite=Strict (Solar Designer <solar@...nwall.com>)
- 2025/06/23 #1:
xdg-open bypassing SameSite=Strict (grape mingijung <mingijung.grape@...il.com>)
- 2025/06/20 #3:
Re: path traversal in tar extract in intel
cve-bin-tool (lists@...atla.org.uk)
- 2025/06/20 #2:
ClamAV 1.4.3 and 1.0.9 security patch versions
published (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/20 #1:
Re: path traversal in tar extract in intel
cve-bin-tool (Jakub Wilk <jwilk@...lk.net>)
- 2025/06/19 #1:
[kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource
allocation authorization checks (Rita Zhang <rita.z.zhang@...il.com>)
- 2025/06/18 #2:
Fwd: X.Org Security Advisory: multiple security issues X.Org X server
and Xwayland (Olivier Fourdan <ofourdan@...hat.com>)
- 2025/06/18 #1:
Re: CVE-2025-6019: LPE from allow_active to root in
libblockdev via udisks (Jakub Wilk <jwilk@...lk.net>)
- 2025/06/17 #7:
[ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a
vulnerability in ESI processing (Masakazu Kitajo <maskit@...che.org>)
- 2025/06/17 #6:
Re: CVE-2025-6019: LPE from allow_active to root in
libblockdev via udisks (Simon McVittie <smcv@...ian.org>)
- 2025/06/17 #5:
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via
udisks (Qualys Security Advisory <qsa@...lys.com>)
- 2025/06/17 #4:
CVE-2025-6019: LPE from allow_active to root in libblockdev via
udisks (Qualys Security Advisory <qsa@...lys.com>)
- 2025/06/17 #3:
Fwd: X.Org Security Advisory: multiple security issues X.Org X server
and Xwayland (Olivier Fourdan <ofourdan@...hat.com>)
- 2025/06/17 #2:
[kubernetes] Race Condition in Go allows Volume Deletion in older
Kubernetes versions (Craig Ingram <cjingram@...gle.com>)
- 2025/06/17 #1:
pam: pam_namespace local privilege escalation (CVE-2025-6020) (BAL-PETRE Olivier <Olivier.Bal-Petre@....gouv.fr>)
- 2025/06/16 #6:
5 security issues disclosed in libxml2 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/16 #5:
CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract (Jonatan Männchen <jonatan@...nnchen.ch>)
- 2025/06/16 #4:
CVE-2025-48976: Apache Commons FileUpload, Apache Commons
FileUpload: FileUpload DoS via part headers ("Gary D. Gregory" <ggregory@...che.org>)
- 2025/06/16 #3:
CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in
Tomcat installer for Windows (Mark Thomas <markt@...che.org>)
- 2025/06/16 #2:
CVE-2025-49125: Apache Tomcat: Security constraint bypass for
pre/post-resources (Mark Thomas <markt@...che.org>)
- 2025/06/16 #1:
CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with
headers DoS (Mark Thomas <markt@...che.org>)
- 2025/06/15 #1:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/14 #2:
CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls
buffers size. (Tomasz Cedro <cederom@...che.org>)
- 2025/06/14 #1:
CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.:
tools/bdf-converter: Fix loop termination condition. (Tomasz Cedro <cederom@...che.org>)
- 2025/06/13 #1:
sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807,
CVE-2025-46806) (Matthias Gerstner <mgerstner@...e.de>)
- 2025/06/11 #5:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/11 #4:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Marc Deslauriers <marc.deslauriers@...onical.com>)
- 2025/06/11 #3:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
- 2025/06/11 #2:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Marc Deslauriers <marc.deslauriers@...onical.com>)
- 2025/06/11 #1:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/10 #5:
CVE-2025-49091: Konsole: Code execution from web browser using URL schemes
handled by KDE's KTelnetService and Konsole < … (Dennis Dast <dennis.dast@...ofnet.de>)
- 2025/06/10 #4:
Re: Django CVE-2025-48432 (follow-up patch releases) (Sebastian Pipping <sebastian@...ping.org>)
- 2025/06/10 #3:
Re: Django CVE-2025-48432 (follow-up patch releases) (Sarah Boyce <sarahboyce@...ngoproject.com>)
- 2025/06/10 #2:
Django CVE-2025-48432 (follow-up patch releases) (Sarah Boyce <sarahboyce@...ngoproject.com>)
- 2025/06/10 #1:
Re: Local information disclosure in apport and
systemd-coredump (Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>)
- 2025/06/09 #3:
CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service
attack via SASL JAAS JndiLoginModule configuration (Luke Chen <showuon@...che.org>)
- 2025/06/09 #2:
CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS
LdapLoginModule configuration (Luke Chen <showuon@...che.org>)
- 2025/06/09 #1:
CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF
vulnerability (Luke Chen <showuon@...che.org>)
- 2025/06/07 #5:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
- 2025/06/07 #4:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Bastian Blank <bblank@...nkmo.de>)
- 2025/06/07 #3:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Sasha Levin <sashal@...nel.org>)
- 2025/06/07 #2:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Simon McVittie <smcv@...ian.org>)
- 2025/06/07 #1:
Re: Re: Re: Linux kernel: HFS+ filesystem
implementation, issues, exposure in distros (Greg KH <greg@...ah.com>)
- 2025/06/06 #12:
Re: Re: Linux kernel: HFS+ filesystem implementation, issues,
exposure in distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/06 #11:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/06 #10:
Re: Local information disclosure in apport and
systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
- 2025/06/06 #9:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Jacob Bachmeyer <jcb62281@...il.com>)
- 2025/06/06 #8:
Vulnerability in Jenkins Gatling Plugin (Daniel Beck <ml@...kweb.net>)
- 2025/06/06 #7:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Eli Schwartz <eschwartz@...too.org>)
- 2025/06/06 #6:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #5:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #4:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #3:
Re: CVE-2011-10007: File::Find::Rule through 0.34 for
Perl is vulnerable to Arbitrary Code Execution when `grep()` encount… (Timothy Legge <timlegge@...nsec.org>)
- 2025/06/06 #2:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/06 #1:
Re: CVE-2011-10007: File::Find::Rule through 0.34
for Perl is vulnerable to Arbitrary Code Execution when `grep()`
encounters a cra… (Sam James <sam@...too.org>)
- 2025/06/05 #5:
Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673,
CVE-2025-0913, CVE-2025-22874 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/05 #4:
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable
to Arbitrary Code Execution when `grep()` encounters … (Timothy Legge <timlegge@...nsec.org>)
- 2025/06/05 #3:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/05 #2:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/05 #1:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/04 #6:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Jakub Wilk <jwilk@...lk.net>)
- 2025/06/04 #5:
CVE-2025-48432: Django: Potential log injection via unescaped request path (Natalia Bidart <nataliabidart@...ngoproject.com>)
- 2025/06/04 #4:
Re: Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Greg KH <gregkh@...uxfoundation.org>)
- 2025/06/04 #3:
Re: Local information disclosure in apport and
systemd-coredump (David Fernandez Gonzalez <david.fernandez.gonzalez@...cle.com>)
- 2025/06/04 #2:
[SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop (Daniel Stenberg <daniel@...x.se>)
- 2025/06/04 #1:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/03 #11:
Re: CVE-2024-47081: Netrc credential leak in PSF
requests library (Dave Walker <email@...iey.com>)
- 2025/06/03 #10:
Re: Local information disclosure in apport and systemd-coredump (Marco Benatto <mbenatto@...hat.com>)
- 2025/06/03 #9:
CVE-2024-47081: Netrc credential leak in PSF requests
library (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/03 #8:
Samba 4.21.6 fixes CVE-2025-0620 in SMB session
re-authentication (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2025/06/03 #7:
CVE-2025-46548: Apache Pekko Management, Apache Pekko Management,
Apache Pekko Management: management API basic authenticat… (Arnout Engelen <engelen@...che.org>)
- 2025/06/03 #6:
Re: Linux kernel: HFS+ filesystem implementation issues, exposure in
distros (Attila Szasz <szasza.contact@...il.com>)
- 2025/06/03 #5:
Re: Local information disclosure in apport and
systemd-coredump (Vegard Nossum <vegard.nossum@...cle.com>)
- 2025/06/03 #4:
Re: Local information disclosure in apport and systemd-coredump (Solar Designer <solar@...nwall.com>)
- 2025/06/03 #3:
Re: Linux kernel: HFS+ filesystem implementation
issues, exposure in distros (Demi Marie Obenour <demiobenour@...il.com>)
- 2025/06/03 #2:
Linux kernel: HFS+ filesystem implementation issues, exposure in distros (Solar Designer <solar@...nwall.com>)
- 2025/06/03 #1:
Re: Re: CVE-2025-40909: Perl threads have a working
directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
- 2025/06/02 #7:
Re: Re: CVE-2025-40909: Perl threads have a working
directory race condition where file operations may target unintended p… (Vincent Lefevre <vincent@...c17.net>)
- 2025/06/02 #6:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Leon Timmermans <fawaka@...il.com>)
- 2025/06/02 #5:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
- 2025/06/02 #4:
Re: Local information disclosure in apport and
systemd-coredump (Jelle van der Waa <jelle@...aa.nl>)
- 2025/06/02 #3:
Re: Roundcube webmail: Post-Auth RCE via PHP Object
Deserialization reported by firs0v (Anton Luka Šijanec <anton@...anec.eu>)
- 2025/06/02 #2:
Re: CVE-2025-40909: Perl threads have a working directory race
condition where file operations may target unintended paths (Florian Weimer <fweimer@...hat.com>)
- 2025/06/02 #1:
Roundcube webmail: Post-Auth RCE via PHP Object Deserialization
reported by firs0v (Hanno Böck <hanno@...eck.de>)
31258 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.