oss-security

Messages by Date

2025/09/07 [oss-security] CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger
2025/09/07 [oss-security] CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases Sarah Boyce
2025/09/06 [oss-security] CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang
2025/09/06 [oss-security] CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong
2025/09/06 [oss-security] CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong
2025/09/05 [oss-security] SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] Alan Coopersmith
2025/09/05 [oss-security] SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965] Alan Coopersmith
2025/09/03 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
2025/09/03 [oss-security] CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai
2025/09/03 [oss-security] CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai
2025/08/28 Re: [oss-security] CVE-2025-8067 - UDisks Solar Designer
2025/08/28 [oss-security] CVE-2025-58047: DoS in Volto (Plone CMS) Maurits van Rees (Plone)
2025/08/28 [oss-security] CVE-2025-8067 - UDisks Marco Benatto
2025/08/27 [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-40779) Ben Scott
2025/08/26 Re: [oss-security] libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Solar Designer
2025/08/26 [oss-security] libssh2 Base64 Encoding Heap Overflow in Known Hosts SHA1 Hash Processing Dhiraj Mishra
2025/08/22 [oss-security] CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key Alan Coopersmith
2025/08/22 [oss-security] CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz
2025/08/22 [oss-security] CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz
2025/08/22 [oss-security] CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang
2025/08/20 Re: [oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Hanno Böck
2025/08/20 Re: [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Nick Tait
2025/08/20 [oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
2025/08/20 [oss-security] CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
2025/08/19 [oss-security] Security pre-notification policy for vLLM project Huzaifa Sidhpurwala
2025/08/19 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour
2025/08/19 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Martin Storsjö
2025/08/19 Re: [oss-security] blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Ali Polatel
2025/08/19 Re: [oss-security] blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Simon McVittie
2025/08/18 Re: [oss-security] blocking weird file names (was: xterm terminal crash due to malicious character sequences in file name) Jacob Bachmeyer
2025/08/18 Re: [oss-security] RSYNC: 6 vulnerabilities Alan Coopersmith
2025/08/18 [oss-security] CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen
2025/08/17 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/08/17 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name David A. Wheeler
2025/08/17 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
2025/08/17 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Erik Auerswald
2025/08/16 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Solar Designer
2025/08/16 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
2025/08/16 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Collin Funk
2025/08/16 Re: [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith
2025/08/15 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Jordan Glover
2025/08/15 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Demi Marie Obenour
2025/08/14 [oss-security] CVE-2025-54409 - aide (>= 0.13 <= 0.19.1): null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS) Hannes von Haugwitz
2025/08/14 [oss-security] CVE-2025-54389 - aide (<= 0.19.1): improper output neutralization (potential AIDE detection bypass) Hannes von Haugwitz
2025/08/14 [oss-security] CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
2025/08/14 [oss-security] CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
2025/08/14 [oss-security] CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
2025/08/14 [oss-security] CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
2025/08/14 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Martin Storsjö
2025/08/14 Re: [oss-security] Question about (in)security of fdk-aac-free in linux distros Sam James
2025/08/13 [oss-security] Question about (in)security of fdk-aac-free in linux distros Jordan Glover
2025/08/13 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Erik Auerswald
2025/08/13 Re: [oss-security] xterm terminal crash due to malicious character sequences in file name Thomas Dickey
2025/08/13 [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames Alan Coopersmith
2025/08/13 [oss-security] CVE-2025-53859: nginx: ngx_mail_smtp_module buffer over-read potentially resulting in sensitive information leak Solar Designer
2025/08/13 [oss-security] xterm terminal crash due to malicious character sequences in file name Vincent Lefevre
2025/08/13 [oss-security] CVE-2025-55668: Apache Tomcat: session fixation via rewrite valve Mark Thomas
2025/08/13 [oss-security] CVE-2025-48989: Apache Tomcat: h2 DoS - Made You Reset Mark Thomas
2025/08/13 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jens-Wolfhard Schicke-Uffmann
2025/08/11 [oss-security] CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing
2025/08/11 [oss-security] CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Robert Rothenberg
2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Vincent Lefevre
2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
2025/08/11 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
2025/08/10 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
2025/08/10 [oss-security] [vim-security] A double-free was found in Vim >v9.1.1231 and < 9.1.1406 Christian Brabandt
2025/08/10 [oss-security] [vim-security] heap use-after-free was found in Vim < 9.1.1400 Christian Brabandt
2025/08/10 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
2025/08/09 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Jacob Bachmeyer
2025/08/09 [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution lunbun
2025/08/08 [oss-security] Re: StarDict sends the user's X11 selection to the network Maytham Alsudany
2025/08/07 Re: [oss-security] Five new CVEs published for Cyberark Conjur OSS Solar Designer
2025/08/07 [oss-security] CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
2025/08/07 [oss-security] CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh
2025/08/06 [oss-security] CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12 Alan Coopersmith
2025/08/05 [oss-security] CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin
2025/08/04 [oss-security] StarDict sends the user's X11 selection to the network Vincent Lefevre
2025/08/03 [oss-security] CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning
2025/08/03 [oss-security] CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning
2025/08/03 [oss-security] CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning
2025/08/03 Re: [oss-security] Linux kernel: eBPF vulnerabilities Demi Marie Obenour
2025/08/02 [oss-security] Linux kernel: eBPF vulnerabilities Solar Designer
2025/08/01 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005 Adrian Perez de Castro
2025/07/31 [oss-security] Rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration (CVSS v4.0 Score: 9.3 / Critical) Sandro Gauci
2025/07/30 [oss-security] CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez
2025/07/30 [oss-security] CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez
2025/07/30 [oss-security] CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen
2025/07/29 Re: [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Seth Larson
2025/07/28 Re: [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Mats Wichmann
2025/07/28 [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Alan Coopersmith
2025/07/24 [oss-security] CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
2025/07/24 Re: [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
2025/07/23 [oss-security] The GNU C Library security advisories update for 2025-07-23 Adhemerval Zanella Netto
2025/07/22 [oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE Solar Designer
2025/07/22 Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2025 Solar Designer
2025/07/22 [oss-security] [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override Rita Zhang
2025/07/21 Re: [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution Moritz Bechler
2025/07/21 [oss-security] CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
2025/07/21 [oss-security] CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
2025/07/18 [oss-security] Re: CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
2025/07/18 [oss-security] CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00 Jaras
2025/07/18 [oss-security] CVE-2025-53816: Memory corruption in 7-Zip before 25.00 Jaras
2025/07/16 [oss-security] Five new CVEs published for Cyberark Conjur OSS Andy Tinkham
2025/07/16 [oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) Everett B. Fulton
2025/07/16 [oss-security] CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Robert Rothenberg
2025/07/16 [oss-security] CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Robert Rothenberg
2025/07/16 [oss-security] CVE-2025-23267：A vulnerability in NVIDIA Container Toolkit can lead to container escape. liyajie
2025/07/16 [oss-security] Fwd: Node.js security updates for all active release lines, July 2025 Rafael Gonzaga
2025/07/16 [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
2025/07/15 [oss-security] CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh
2025/07/15 [oss-security] [vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551 Christian Brabandt
2025/07/15 [oss-security] [vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552 Christian Brabandt
2025/07/14 [oss-security] CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke
2025/07/13 [oss-security] https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning
2025/07/12 Re: [oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Kevin Backhouse
2025/07/11 [oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Alan Coopersmith
2025/07/11 [oss-security] PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33 Alan Coopersmith
2025/07/11 [oss-security] gnutls 3.8.10 fixes 4 CVEs Alan Coopersmith
2025/07/11 Re: [oss-security] 5 security issues disclosed in libxml2 Alan Coopersmith
2025/07/11 [oss-security] CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory
2025/07/10 [oss-security] CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start Mark Thomas
2025/07/10 [oss-security] CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload Mark Thomas
2025/07/10 [oss-security] CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS Mark Thomas
2025/07/10 [oss-security] CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener
2025/07/10 [oss-security] CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener
2025/07/10 [oss-security] CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener
2025/07/10 [oss-security] CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener
2025/07/10 [oss-security] CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener
2025/07/10 [oss-security] CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener
2025/07/10 [oss-security] CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener
2025/07/10 [oss-security] CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener
2025/07/10 [oss-security] CVE fixes in Apache HTTP Server 2.4.64 Solar Designer
2025/07/10 [oss-security] Release of pqcscan Vincent Berg
2025/07/09 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
2025/07/09 [oss-security] Opossum attack / Opportunistic HTTP (RFC 2817) insecure Hanno Böck
2025/07/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Salvatore Bonaccorso
2025/07/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/07/08 [oss-security] Go 1.24.5 & 1.23.11 fix CVE-2025-4674 Alan Coopersmith
2025/07/08 [oss-security] Multiple vulnerabilities fixed in Git Taylor Blau
2025/07/08 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/07/07 Re: [oss-security] Electric Charger Research Solar Designer
2025/07/07 [oss-security] Electric Charger Research Brandon Perry
2025/07/07 [oss-security] Re: CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges Cuong Duy
2025/07/06 [oss-security] CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges YuanSheng Wang
2025/07/05 Re: [oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo Salvatore Bonaccorso
2025/07/03 [oss-security] CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
2025/07/02 [oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo Stefan Bühler
2025/07/02 [oss-security] CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference tianshuo han
2025/07/02 [oss-security] CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen
2025/07/01 [oss-security] CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper
2025/07/01 [oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery Xen . org security team
2025/06/30 [oss-security] CVE-2025-32463: sudo local privilege escalation via chroot option Todd C. Miller
2025/06/30 [oss-security] CVE-2025-32462: sudo local privilege escalation via host option Todd C. Miller
2025/06/29 [oss-security] CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming
2025/06/28 [oss-security] CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
2025/06/27 [oss-security] libssh 0.11.2 security and bugfix release Alan Coopersmith
2025/06/26 Re: [oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Jacob Bachmeyer
2025/06/26 [oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Sage [They / Them] McTaggart
2025/06/25 Re: [oss-security] xdg-open bypassing SameSite=Strict Gabriel Corona
2025/06/25 Re: [oss-security] xdg-open bypassing SameSite=Strict Simon McVittie
2025/06/25 Re: [oss-security] sox_ng fixes 20 CVEs in sox Martin Guy
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict Lucas Holt
2025/06/24 [oss-security] CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict Anton Luka Šijanec
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict grape mingijung
2025/06/24 [oss-security] sox_ng fixes 20 CVEs in sox Martin Guy
2025/06/23 [oss-security] CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Alan Coopersmith
2025/06/23 Re: [oss-security] xdg-open bypassing SameSite=Strict Solar Designer
2025/06/23 [oss-security] xdg-open bypassing SameSite=Strict grape mingijung
2025/06/20 Re: [oss-security] path traversal in tar extract in intel cve-bin-tool lists
2025/06/20 [oss-security] ClamAV 1.4.3 and 1.0.9 security patch versions published Alan Coopersmith
2025/06/20 Re: [oss-security] path traversal in tar extract in intel cve-bin-tool Jakub Wilk
2025/06/18 [oss-security] [kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks Rita Zhang
2025/06/18 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2025/06/17 Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk
2025/06/17 [oss-security] [ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a vulnerability in ESI processing Masakazu Kitajo
2025/06/17 Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie
2025/06/17 [oss-security] Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
2025/06/17 [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
2025/06/17 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2025/06/17 [oss-security] [kubernetes] Race Condition in Go allows Volume Deletion in older Kubernetes versions Craig Ingram
2025/06/17 [oss-security] pam: pam_namespace local privilege escalation (CVE-2025-6020) BAL-PETRE Olivier
2025/06/16 [oss-security] 5 security issues disclosed in libxml2 Alan Coopersmith
2025/06/16 [oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract Jonatan Männchen
2025/06/16 [oss-security] CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory
2025/06/16 [oss-security] CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows Mark Thomas
2025/06/16 [oss-security] CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources Mark Thomas
2025/06/16 [oss-security] CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS Mark Thomas
2025/06/14 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/14 [oss-security] CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. Tomasz Cedro
2025/06/14 [oss-security] CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. Tomasz Cedro
2025/06/13 [oss-security] sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806) Matthias Gerstner
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/10 [oss-security] CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2 Dennis Dast
2025/06/10 Re: [oss-security] Django CVE-2025-48432 (follow-up patch releases) Sebastian Pipping

Earlier messages