[<prev month] [next month>] [year] [list]
oss-security mailing list - 2026/06
Messages by day:
June 1 (13 messages)
June 2 (13 messages)
June 3 (18 messages)
June 4 (17 messages)
June 6 (7 messages)
June 7 (1 message)
June 8 (17 messages)
June 9 (15 messages)
June 10 (22 messages)
June 11 (12 messages)
June 12 (5 messages)
June 13 (22 messages)
June 14 (5 messages)
June 15 (11 messages)
June 16 (13 messages)
June 17 (10 messages)
June 18 (7 messages)
June 19 (16 messages)
June 20 (7 messages)
June 21 (2 messages)
June 22 (7 messages)
June 23 (11 messages)
June 24 (9 messages)
June 25 (11 messages)
June 26 (8 messages)
June 27 (8 messages)
June 28 (2 messages)
June 29 (26 messages)
- Symlink Traversal Privilege Escalation via getfattr/setfattr,
getfacl/setfacl/chacl, libacl (Andreas Gruenbacher <agruenba@...hat.com>)
- Re: Symlink Traversal Privilege Escalation via
getfattr/setfattr, getfacl/setfacl/chacl, libacl (Michael Orlitzky <michael@...itzky.com>)
- CVE-2023-0645: libjxl/cjxl out-of-bounds read in EXIF metadata
parsing ("Alexander A. Shvedov" <shvedov@....fr>)
- CVE-2025-70099: lwext4 NULL pointer dereference in
ext4_dir_en_get_name_len (shvedov@....com)
- CVE-2025-70100: lwext4 divide-by-zero in ext4_block_set_lb_size (shvedov@....com)
- CVE-2025-70101: lwext4 out-of-bounds read in ext4_ext_binsearch_idx (shvedov@....com)
- CVE-2026-49432: Apache ActiveMQ, Apache ActiveMQ All, Apache
ActiveMQ Stomp: STOMP negative content-length enables deni… ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-49434: Apache ActiveMQ Broker, Apache ActiveMQ, Apache
ActiveMQ All: LdapNetworkConnector instantiates denied … ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-49877: Apache ActiveMQ: Authenticated web users retain
admin access by default in the Web Console ("Christopher L. Shannon" <cshannon@...che.org>)
- CVE-2026-50734: Apache ActiveMQ Client, Apache ActiveMQ, Apache
ActiveMQ All: Pre-authentication OpenWire memory-alloca… ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-50750: Apache ActiveMQ Broker, Apache ActiveMQ, Apache
ActiveMQ All: Pre-authentication OpenWire DoS following… ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-52760: Apache ActiveMQ, Apache ActiveMQ Web Console:
Stored XSS via Unescaped values in ActiveMQ Web Console ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-53916: Apache ActiveMQ, Apache ActiveMQ All, Apache
ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec… ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-53917: Apache ActiveMQ, Apache ActiveMQ All, Apache
ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory … ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-54475: Apache ActiveMQ Broker, Apache ActiveMQ All,
Apache ActiveMQ: Temporary destination ownership takeover ("Christopher L. Shannon" <cshannon@...c…)
- CVE-2026-56017: JavaScript::Minifier::XS versions before 0.16 for
Perl crash with a NULL pointer dereference when the firs… (Robert Rothenberg <rrwo@...nsec.org>)
- CVE-2026-56018: JavaScript::Minifier::XS versions before 0.16 for
Perl leak memory on every call to minify(), allowing unb… (Robert Rothenberg <rrwo@...nsec.org>)
- CVE-2026-13593: CSS::Minifier::XS versions before 0.14 for Perl have
a memory leak when the entire document is minified aw… (Robert Rothenberg <rrwo@...nsec.org>)
- CVE-2026-13758: CryptX versions before 0.088_001 for Perl
compare AEAD authentication tags in non-constant time in the streaming
… (Stig Palmquist <stig@...g.io>)
- CVE-2026-50229: Apache Tomcat: XSS in number guess example (Mark Thomas <markt@...che.org>)
- CVE-2026-53404: Apache Tomcat: Bad ornext processing in RewriteValve (Mark Thomas <markt@...che.org>)
- CVE-2026-53434: Apache Tomcat: Invalid CRL configuration doesn't
trigger failure for FFM Connector (Mark Thomas <markt@...che.org>)
- CVE-2026-55276: Apache Tomcat: Logged effective web.xml is incomplete (Mark Thomas <markt@...che.org>)
- CVE-2026-55955: Apache Tomcat: EncryptInterceptor not protected
against replay attacks (Mark Thomas <markt@...che.org>)
- CVE-2026-55956: Apache Tomcat: Security constraints for default
servlet ignored method (Mark Thomas <markt@...che.org>)
- CVE-2026-55957: Apache Tomcat: Authentication bypass with JNDIRealm
and GSSAPI authenticated bind (Mark Thomas <markt@...che.org>)
June 30 (4 messages)
319 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.