oss-security  

Messages by Date

• 2025/04/09 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
• 2025/04/09 [oss-security] xmlrpc-c bundles a (very old and) vulnerable copy of libexpat Sebastian Pipping
• 2025/04/09 [oss-security] CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
• 2025/04/09 [oss-security] CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
• 2025/04/09 [oss-security] Announce: OpenSSH 10.0 released Damien Miller
• 2025/04/08 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/04/08 [oss-security] CVE-2025-30215: nats-server: Missing access controls for JS API Phil Pennock
• 2025/04/08 [oss-security] CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
• 2025/04/08 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
• 2025/04/07 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai
• 2025/04/07 [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
• 2025/04/07 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0003 Adrian Perez de Castro
• 2025/04/07 [oss-security] PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0 Otto Moerbeek
• 2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Jeffrey Walton
• 2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Solar Designer
• 2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Hanno Böck
• 2025/04/05 [oss-security] CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS David Sommerseth
• 2025/04/05 [oss-security] use-after-free (maybe?) in libspf2 Hanno Böck
• 2025/04/05 [oss-security] CVE-2025-30232: UAF in Exim 4.96 to 4.98.1 Valtteri Vuorikoski
• 2025/04/05 Re: [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
• 2025/04/04 [oss-security] CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data Alan Coopersmith
• 2025/04/04 [oss-security] pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946 Alan Coopersmith
• 2025/04/04 [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif
• 2025/04/04 [oss-security] CVE-2025-3155 GNOME Yelp: Arbitrary file read by abusing ghelp scheme Alan Coopersmith
• 2025/04/04 [oss-security] CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message Gary D. Gregory
• 2025/04/04 [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Enxin Xie
• 2025/04/03 [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
• 2025/04/03 [oss-security] Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
• 2025/04/02 [oss-security] Multiple vulnerabilities in Jenkins and Jenkins plugins Kevin Guerroudj
• 2025/04/02 [oss-security] [ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages Masakazu Kitajo
• 2025/04/02 [oss-security] CVE-2025-27556: Django: Potential DoS in LoginView, LogoutView, and set_language() on Windows Natalia Bidart
• 2025/04/01 Re: [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Jacob Bachmeyer
• 2025/04/01 Re: [oss-security] Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Solar Designer
• 2025/04/01 [oss-security] CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux
• 2025/04/01 [oss-security] CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino
• 2025/04/01 [oss-security] Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Arthur Mongodin
• 2025/03/31 [oss-security] CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
• 2025/03/31 [oss-security] CVE-2025-27427: Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission Justin Bertram
• 2025/03/29 [oss-security] CVE-2025-31160 Atop 2.11 heap problems Gerlof Langeveld
• 2025/03/28 Re: [oss-security] atop: Heap corruption Alan Coopersmith
• 2025/03/27 [oss-security] CVE-2024-56325: Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required siddharth teotia
• 2025/03/27 [oss-security] wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149) Wolfgang Frisch
• 2025/03/27 [oss-security] Three bypasses of Ubuntu's unprivileged user namespace restrictions Qualys Security Advisory
• 2025/03/26 Re: [oss-security] atop: Heap corruption Solar Designer
• 2025/03/26 [oss-security] CVE-2025-30067: Apache Kylin: The remote code execution via jdbc url Li Yang
• 2025/03/26 [oss-security] CVE-2024-48944: Apache Kylin: SSRF vulnerability in the diagnosis api Li Yang
• 2025/03/26 Re: [oss-security] atop: Heap corruption Mark Steward
• 2025/03/26 Re: [oss-security] atop: Heap corruption Thomas Ward
• 2025/03/26 Re: [oss-security] atop: Heap corruption Alan Coopersmith
• 2025/03/26 [oss-security] atop: Heap corruption Solar Designer
• 2025/03/26 Re: [oss-security] CVE-2025-29927: Authorization Bypass in Next.js Middleware Alan Coopersmith
• 2025/03/24 [oss-security] CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT Gary D. Gregory
• 2025/03/24 [oss-security] [kubernetes] Multiple vulnerabilities in ingress-nginx Tabitha Sable
• 2025/03/24 Re: [oss-security] [kubernetes] Multiple vulnerabilities in ingress-nginx Kevin Daudt
• 2025/03/24 [oss-security] CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges Josh Thompson
• 2025/03/24 [oss-security] CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form Josh Thompson
• 2025/03/23 [oss-security] CVE-2025-29927: Authorization Bypass in Next.js Middleware Alan Coopersmith
• 2025/03/21 [oss-security] Mercurial 6.9.4 fixes CVE-2025-2361: XSS in hgweb Alan Coopersmith
• 2025/03/21 [oss-security] CVE-2025-26796: Apache Oozie: XSS in Oozie Web Console Arnout Engelen
• 2025/03/20 [oss-security] [kubernetes] CVE-2024-7598: Network restriction bypass via race condition during namespace termination Craig Ingram
• 2025/03/20 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0002 Adrian Perez de Castro
• 2025/03/19 [oss-security] CVE-2024-54016: compression bomb attack in Apache Seata Server Min Ji
• 2025/03/19 [oss-security] CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting Adarsh Sanjeev
• 2025/03/19 [oss-security] CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server Min Ji
• 2025/03/19 [oss-security] CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function Elad Kalif
• 2025/03/19 [oss-security] Multiple vulnerabilities in Jenkins plugins Daniel Beck
• 2025/03/18 Re: [oss-security] tj-action/changed-files GitHub action was compromised Jacob Bachmeyer
• 2025/03/18 [oss-security] Re: tj-action/changed-files GitHub action was compromised Mark Esler
• 2025/03/15 [oss-security] tj-action/changed-files GitHub action was compromised Mark Esler
• 2025/03/15 Re: [oss-security] expat vulnerability CVE-2024-8176 / impact of recursion stack overflow vulnerabilities Qualys Security Advisory
• 2025/03/15 [oss-security] [SBA-ADV-20241209-02] CVE-2024-13919: Laravel 11.9.0-11.35.1 Reflected XSS via Route Parameter in Debug-Mode Error Page SBA Research Security Advisory
• 2025/03/15 [oss-security] PHP security releases 8.4.5, 8.3.19, 8.2.28, 8.1.32 Alan Coopersmith
• 2025/03/14 [oss-security] expat vulnerability CVE-2024-8176 / impact of recursion stack overflow vulnerabilities Hanno Böck
• 2025/03/14 [oss-security] [CVE-2024-8176] Long linear chains of entities crash Expat with stack overflow due to use of unlimited recursion Alan Coopersmith
• 2025/03/14 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Michel Lind
• 2025/03/14 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Marc Deslauriers
• 2025/03/14 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Marc Deslauriers
• 2025/03/13 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Michel Lind
• 2025/03/13 [oss-security] [kubernetes] CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access Vellore Rajakumar, Sri Saran Balaji
• 2025/03/13 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Vulnerability Disclosure
• 2025/03/13 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Salvatore Bonaccorso
• 2025/03/13 [oss-security] Triton Product Security announcement: Debian 12 LX image from 2024-07 has static SSH keys Dan McDonald
• 2025/03/13 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Marc Deslauriers
• 2025/03/13 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Jonathan Wright
• 2025/03/13 Re: [oss-security] [vim-security] potential data loss with zip.vim and special crafted zip files in Vim < v9.1.1198 Christian Brabandt
• 2025/03/12 Re: [oss-security] [vim-security] potential data loss with zip.vim and special crafted zip files in Vim < v9.1.1198 Eli Schwartz
• 2025/03/12 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/12 Re: [oss-security] [vim-security] potential data loss with zip.vim and special crafted zip files in Vim < v9.1.1198 Solar Designer
• 2025/03/12 [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Douglas Bagnall
• 2025/03/12 [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Michel Lind
• 2025/03/12 [oss-security] [vim-security] potential data loss with zip.vim and special crafted zip files in Vim < v9.1.1198 Christian Brabandt
• 2025/03/12 [oss-security] FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Carsten Ziegeler
• 2025/03/12 [oss-security] CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters Andrea Cosentino
• 2025/03/12 [oss-security] Below: World Writable Directory in /var/log/below Allows Local Privilege Escalation (CVE-2025-27591) Matthias Gerstner
• 2025/03/11 Re: [oss-security] CVE-2025-1937+more: Numerous memory-safety issues in Firefox & Thunderbird Moritz Mühlenhoff
• 2025/03/11 [oss-security] [SBA-ADV-20241209-01] CVE-2024-13918: Laravel 11.9.0-11.35.1 Reflected XSS via Request Parameter in Debug-Mode Error Page SBA Research Security Advisory
• 2025/03/11 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/11 [oss-security] CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
• 2025/03/11 [oss-security] CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Pierre Villard
• 2025/03/10 Re: [oss-security] CVE-2025-1937+more: Numerous memory-safety issues in Firefox & Thunderbird Jacob Bachmeyer
• 2025/03/10 [oss-security] CVE-2025-1937+more: Numerous memory-safety issues in Firefox & Thunderbird Valtteri Vuorikoski
• 2025/03/10 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory
• 2025/03/09 [oss-security] CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering Andrea Cosentino
• 2025/03/07 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/07 [oss-security] Go CVE-2025-22870: proxy bypass using IPv6 zone IDs Alan Coopersmith
• 2025/03/07 [oss-security] CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE Jacques Le Roux
• 2025/03/06 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/06 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Buherátor
• 2025/03/06 [oss-security] CVE-2025-26699: Django: Potential denial-of-service in django.utils.text.wrap() Sarah Boyce
• 2025/03/06 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Taylor R Campbell
• 2025/03/06 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Bastian Blank
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/03/05 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/03/05 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/03/05 [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
• 2025/03/05 [oss-security] Multiple vulnerabilities in Jenkins Kevin Guerroudj
• 2025/03/05 [oss-security] [ANNOUNCE] ATS is vulnerable to malformed requests, and also has ACL issues Masakazu Kitajo
• 2025/03/03 [oss-security] CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation Philipp Zehnder
• 2025/03/03 [oss-security] CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File Velmurugan Periasamy
• 2025/03/02 [oss-security] [vim-security] potential code execution with tar.vim and special crafted tar files Christian Brabandt
• 2025/03/01 Re: [oss-security] Re: GNU Emacs 30.1 released with 2 CVE fixes Max Nikulin
• 2025/03/01 Re: [oss-security] Re: GNU Emacs 30.1 released with 2 CVE fixes Henrik Ahlgren
• 2025/02/27 [oss-security] CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC Charles Zhang
• 2025/02/27 Re: [oss-security] Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Demi Marie Obenour
• 2025/02/27 [oss-security] Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Teddy Astie
• 2025/02/27 [oss-security] Re: GNU Emacs 30.1 released with 2 CVE fixes Max Nikulin
• 2025/02/27 [oss-security] Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Xen . org security team
• 2025/02/26 [oss-security] GNU Emacs 30.1 released with 2 CVE fixes Alan Coopersmith
• 2025/02/25 [oss-security] CPAN Security Group is CNA for Perl and CPAN Modules Stig Palmquist
• 2025/02/25 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
• 2025/02/24 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Dmitry Belyavskiy
• 2025/02/24 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Solar Designer
• 2025/02/24 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Dmitry Belyavskiy
• 2025/02/21 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Solar Designer
• 2025/02/21 Re: [oss-security] CVE-2025-26794: Exim: SQL injection Solar Designer
• 2025/02/21 [oss-security] CVE-2025-26794: Exim: SQL injection Heiko Schlittermann
• 2025/02/21 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory
• 2025/02/21 [oss-security] OpenH264 Decoding Functions Heap Overflow Vulnerability Alan Coopersmith
• 2025/02/21 Re: [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Jordy Zomer
• 2025/02/20 Re: [oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection Solar Designer
• 2025/02/19 [oss-security] Exim: CVE-2025-26794: upcoming security release Heiko Schlittermann
• 2025/02/18 [oss-security] Announce: OpenSSH 9.9p2 released Damien Miller
• 2025/02/18 [oss-security] GRUB CVE disclosures Jan Setje-Eilers
• 2025/02/18 [oss-security] Multiple vulnerabilities in libxml2 Nick Wellnhofer
• 2025/02/18 [oss-security] MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory
• 2025/02/17 [oss-security] Multiple Vulnerabilities in U-Boot Richard Weinberger
• 2025/02/17 [oss-security] Multiple Vulnerabilities in Barebox Richard Weinberger
• 2025/02/16 Re: [oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection James Addison
• 2025/02/16 [oss-security] CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection Solar Designer
• 2025/02/16 [oss-security] [vim-security] heap use-after-free in str_to_reg() in Vim < Christian Brabandt
• 2025/02/14 [oss-security] [CVE-2024-3220] CPython: Default mimetype known files writeable on Windows Alan Coopersmith
• 2025/02/14 [oss-security] CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Xue Weiming
• 2025/02/14 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Daniel Gutson
• 2025/02/14 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Nick Wellnhofer
• 2025/02/14 [oss-security] CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) Yupeng(Roc)
• 2025/02/14 Re: [oss-security] Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network. sjw
• 2025/02/14 [oss-security] CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node Nikita Amelchev
• 2025/02/13 [oss-security] Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network. upper.underflow
• 2025/02/13 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Daniel Gutson
• 2025/02/13 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker
• 2025/02/13 [oss-security] Re: [musl] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker
• 2025/02/13 [oss-security] CVE-2025-26519: musl libc: input-controlled out-of-bounds write primitive in iconv() Rich Felker
• 2025/02/13 [oss-security] [kubernetes] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API Craig Ingram
• 2025/02/12 [oss-security] CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Madhan Neethiraj
• 2025/02/12 [oss-security] CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint Arnout Engelen
• 2025/02/11 Re: [oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected sjw
• 2025/02/11 [oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected Tomas Mraz
• 2025/02/11 [oss-security] CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Paulo Motta
• 2025/02/11 [oss-security] Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
• 2025/02/09 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0001 Adrian Perez de Castro
• 2025/02/07 [oss-security] CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability Mingyang Liu
• 2025/02/07 [oss-security] Re: pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) Jacob Bachmeyer
• 2025/02/06 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/02/06 Re: [oss-security] AMD Microcode Signature Verification Vulnerability trinity pointard
• 2025/02/06 Re: [oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) Douglas R. Reno
• 2025/02/06 [oss-security] Fwd: libtasn1-4.20.0 released [fixes CVE-2024-12133] Alan Coopersmith
• 2025/02/06 [oss-security] Linux: kernel BUG at fs/ocfs2/refcounttree.c:2678 ocfs2_refcount_cal_cow_clusters in 6.13.0 Solar Designer
• 2025/02/06 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow Fay Stegerman
• 2025/02/06 [oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531) Matthias Gerstner
• 2025/02/06 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow Daniel Stenberg
• 2025/02/05 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer
• 2025/02/05 [oss-security] CVE-2024-37358: Apache James: denial of service through the use of IMAP literals Benoit Tellier
• 2025/02/05 [oss-security] CVE-2025-23419: nginx: Client certificate authentication bypass with TLSv1.3 and session resumption Solar Designer
• 2025/02/05 [oss-security] CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion Benoit Tellier
• 2025/02/05 Re: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close Demi Marie Obenour
• 2025/02/05 [oss-security] Curl SSH Insufficient Host Identity Verification Harry Sintonen
• 2025/02/05 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow Daniel Stenberg
• 2025/02/05 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close Daniel Stenberg
• 2025/02/05 [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0167: netrc and default credential leak Daniel Stenberg
• 2025/02/04 [oss-security] KL-001-2025-002: Checkmk NagVis Remote Code Execution KoreLogic Disclosures
• 2025/02/04 [oss-security] KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting KoreLogic Disclosures
• 2025/02/04 [oss-security] CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API Mingyu Chen
• 2025/02/04 Re: [oss-security] AMD Microcode Signature Verification Vulnerability Solar Designer
• 2025/02/03 [oss-security] CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Paulo Motta
• 2025/02/03 [oss-security] CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta

• Earlier messages
• Later messages