oss-security

Messages by Date

2025/07/29 Re: [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Seth Larson
2025/07/28 Re: [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Mats Wichmann
2025/07/28 [oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset Alan Coopersmith
2025/07/24 [oss-security] CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
2025/07/24 Re: [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
2025/07/23 [oss-security] The GNU C Library security advisories update for 2025-07-23 Adhemerval Zanella Netto
2025/07/22 [oss-security] non-issues in dailyaidecheck script in Debian's packaging of AIDE Solar Designer
2025/07/22 Re: [oss-security] Fwd: Node.js security updates for all active release lines, July 2025 Solar Designer
2025/07/22 [oss-security] [kubernetes] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override Rita Zhang
2025/07/21 Re: [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution Moritz Bechler
2025/07/21 [oss-security] CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
2025/07/21 [oss-security] CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
2025/07/18 [oss-security] Re: CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
2025/07/18 [oss-security] CVE-2025-53817: Null pointer dereference in 7-Zip before 25.00 Jaras
2025/07/18 [oss-security] CVE-2025-53816: Memory corruption in 7-Zip before 25.00 Jaras
2025/07/16 [oss-security] Five new CVEs published for Cyberark Conjur OSS Andy Tinkham
2025/07/16 [oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) Everett B. Fulton
2025/07/16 [oss-security] CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Robert Rothenberg
2025/07/16 [oss-security] CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Robert Rothenberg
2025/07/16 [oss-security] CVE-2025-23267：A vulnerability in NVIDIA Container Toolkit can lead to container escape. liyajie
2025/07/16 [oss-security] Fwd: Node.js security updates for all active release lines, July 2025 Rafael Gonzaga
2025/07/16 [oss-security] CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution liyajie
2025/07/15 [oss-security] CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh
2025/07/15 [oss-security] [vim-security]: path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551 Christian Brabandt
2025/07/15 [oss-security] [vim-security] path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552 Christian Brabandt
2025/07/14 [oss-security] CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke
2025/07/13 [oss-security] https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning
2025/07/12 Re: [oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Kevin Backhouse
2025/07/11 [oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886 Alan Coopersmith
2025/07/11 [oss-security] PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33 Alan Coopersmith
2025/07/11 [oss-security] gnutls 3.8.10 fixes 4 CVEs Alan Coopersmith
2025/07/11 Re: [oss-security] 5 security issues disclosed in libxml2 Alan Coopersmith
2025/07/11 [oss-security] CVE-2025-48924: Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory
2025/07/10 [oss-security] CVE-2025-53506: Apache Tomcat: DoS via excessive h2 streams at connection start Mark Thomas
2025/07/10 [oss-security] CVE-2025-52520: Apache Tomcat: DoS via integer overflow in multipart file upload Mark Thomas
2025/07/10 [oss-security] CVE-2025-52434: Apache Tomcat: APR/Native Connector crash leading to DoS Mark Thomas
2025/07/10 [oss-security] CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener
2025/07/10 [oss-security] CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener
2025/07/10 [oss-security] CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener
2025/07/10 [oss-security] CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener
2025/07/10 [oss-security] CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener
2025/07/10 [oss-security] CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener
2025/07/10 [oss-security] CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener
2025/07/10 [oss-security] CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener
2025/07/10 [oss-security] CVE fixes in Apache HTTP Server 2.4.64 Solar Designer
2025/07/10 [oss-security] Release of pqcscan Vincent Berg
2025/07/09 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
2025/07/09 [oss-security] Opossum attack / Opportunistic HTTP (RFC 2817) insecure Hanno Böck
2025/07/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Salvatore Bonaccorso
2025/07/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/07/08 [oss-security] Go 1.24.5 & 1.23.11 fix CVE-2025-4674 Alan Coopersmith
2025/07/08 [oss-security] Multiple vulnerabilities fixed in Git Taylor Blau
2025/07/08 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/07/07 Re: [oss-security] Electric Charger Research Solar Designer
2025/07/07 [oss-security] Electric Charger Research Brandon Perry
2025/07/07 [oss-security] Re: CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges Cuong Duy
2025/07/06 [oss-security] CVE-2025-27446: Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges YuanSheng Wang
2025/07/05 Re: [oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo Salvatore Bonaccorso
2025/07/03 [oss-security] CVE-2025-53367: An exploitable OOB write in DjVuLibre Kevin Backhouse
2025/07/02 [oss-security] DoS segfault (NULL pointer deref) in SOPE / SOGo Stefan Bühler
2025/07/02 [oss-security] CVE-2025-38089: Linux kernel: NFS server remote DoS via NULL pointer dereference tianshuo han
2025/07/02 [oss-security] CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen
2025/07/01 [oss-security] CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper
2025/07/01 [oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect stubs exception handling for flags recovery Xen . org security team
2025/06/30 [oss-security] CVE-2025-32463: sudo local privilege escalation via chroot option Todd C. Miller
2025/06/30 [oss-security] CVE-2025-32462: sudo local privilege escalation via host option Todd C. Miller
2025/06/29 [oss-security] CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming
2025/06/28 [oss-security] CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
2025/06/27 [oss-security] libssh 0.11.2 security and bugfix release Alan Coopersmith
2025/06/26 Re: [oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Jacob Bachmeyer
2025/06/26 [oss-security] CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS Sage [They / Them] McTaggart
2025/06/25 Re: [oss-security] xdg-open bypassing SameSite=Strict Gabriel Corona
2025/06/25 Re: [oss-security] xdg-open bypassing SameSite=Strict Simon McVittie
2025/06/25 Re: [oss-security] sox_ng fixes 20 CVEs in sox Martin Guy
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict Lucas Holt
2025/06/24 [oss-security] CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict Anton Luka Šijanec
2025/06/24 Re: [oss-security] xdg-open bypassing SameSite=Strict grape mingijung
2025/06/24 [oss-security] sox_ng fixes 20 CVEs in sox Martin Guy
2025/06/23 [oss-security] CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module Alan Coopersmith
2025/06/23 Re: [oss-security] xdg-open bypassing SameSite=Strict Solar Designer
2025/06/23 [oss-security] xdg-open bypassing SameSite=Strict grape mingijung
2025/06/20 Re: [oss-security] path traversal in tar extract in intel cve-bin-tool lists
2025/06/20 [oss-security] ClamAV 1.4.3 and 1.0.9 security patch versions published Alan Coopersmith
2025/06/20 Re: [oss-security] path traversal in tar extract in intel cve-bin-tool Jakub Wilk
2025/06/18 [oss-security] [kubernetes] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks Rita Zhang
2025/06/18 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2025/06/17 Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk
2025/06/17 [oss-security] [ANNOUNCE] Apache Traffic Server has an ACL issue, and also has a vulnerability in ESI processing Masakazu Kitajo
2025/06/17 Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie
2025/06/17 [oss-security] Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
2025/06/17 [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory
2025/06/17 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
2025/06/17 [oss-security] [kubernetes] Race Condition in Go allows Volume Deletion in older Kubernetes versions Craig Ingram
2025/06/17 [oss-security] pam: pam_namespace local privilege escalation (CVE-2025-6020) BAL-PETRE Olivier
2025/06/16 [oss-security] 5 security issues disclosed in libxml2 Alan Coopersmith
2025/06/16 [oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract Jonatan Männchen
2025/06/16 [oss-security] CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory
2025/06/16 [oss-security] CVE-2025-49124: Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows Mark Thomas
2025/06/16 [oss-security] CVE-2025-49125: Apache Tomcat: Security constraint bypass for pre/post-resources Mark Thomas
2025/06/16 [oss-security] CVE-2025-48988: Apache Tomcat: FileUpload large number of parts with headers DoS Mark Thomas
2025/06/14 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/14 [oss-security] CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. Tomasz Cedro
2025/06/14 [oss-security] CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. Tomasz Cedro
2025/06/13 [oss-security] sslh: Remote Denial-of-Service Vulnerabilities (CVE-2025-46807, CVE-2025-46806) Matthias Gerstner
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Marc Deslauriers
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
2025/06/11 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/10 [oss-security] CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole < 25.04.2 Dennis Dast
2025/06/10 Re: [oss-security] Django CVE-2025-48432 (follow-up patch releases) Sebastian Pipping
2025/06/10 [oss-security] Re: Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce
2025/06/10 [oss-security] Django CVE-2025-48432 (follow-up patch releases) Sarah Boyce
2025/06/10 Re: [oss-security] Local information disclosure in apport and systemd-coredump Zbigniew Jędrzejewski-Szmek
2025/06/09 [oss-security] CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration Luke Chen
2025/06/09 [oss-security] CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration Luke Chen
2025/06/09 [oss-security] CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability Luke Chen
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Bastian Blank
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Sasha Levin
2025/06/07 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Simon McVittie
2025/06/07 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
2025/06/06 [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz
2025/06/06 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
2025/06/06 Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
2025/06/06 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Jacob Bachmeyer
2025/06/06 [oss-security] Vulnerability in Jenkins Gatling Plugin Daniel Beck
2025/06/05 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Eli Schwartz
2025/06/05 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/05 [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/05 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/05 Re: [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
2025/06/05 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/05 Re: [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Sam James
2025/06/05 [oss-security] Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874 Alan Coopersmith
2025/06/05 [oss-security] CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/04 Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Jakub Wilk
2025/06/04 [oss-security] CVE-2025-48432: Django: Potential log injection via unescaped request path Natalia Bidart
2025/06/04 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Greg KH
2025/06/04 Re: [oss-security] Local information disclosure in apport and systemd-coredump David Fernandez Gonzalez
2025/06/03 [oss-security] [SECURITY AVISORY] curl: CVE-2025-5399: WebSocket endless loop Daniel Stenberg
2025/06/03 Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Demi Marie Obenour
2025/06/03 Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Dave Walker
2025/06/03 Re: [oss-security] Local information disclosure in apport and systemd-coredump Marco Benatto
2025/06/03 Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
2025/06/03 [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library Alan Coopersmith
2025/06/03 [oss-security] Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication Alan Coopersmith
2025/06/03 [oss-security] Re: Linux kernel: HFS+ filesystem implementation issues, exposure in distros Attila Szasz
2025/06/03 [oss-security] CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective Arnout Engelen
2025/06/02 Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
2025/06/02 [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Solar Designer
2025/06/02 Re: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros Demi Marie Obenour
2025/06/02 Re: [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
2025/06/02 Re: [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Vincent Lefevre
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Leon Timmermans
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
2025/06/02 Re: [oss-security] Local information disclosure in apport and systemd-coredump Jelle van der Waa
2025/06/02 Re: [oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Anton Luka Šijanec
2025/06/02 [oss-security] Re: CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Florian Weimer
2025/06/01 [oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v Hanno Böck
2025/05/30 [oss-security] CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths Stig Palmquist
2025/05/30 [oss-security] CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar
2025/05/30 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/30 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/29 [oss-security] CVE-2025-46701: Apache Tomcat: Security constraint bypass for CGI scripts Mark Thomas
2025/05/29 [oss-security] Local information disclosure in apport and systemd-coredump Qualys Security Advisory
2025/05/29 Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
2025/05/29 Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie
2025/05/28 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jakub Wilk
2025/05/28 [oss-security] how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) Solar Designer
2025/05/28 RE: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jounee Kim
2025/05/28 Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
2025/05/28 [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Andrei Pavel
2025/05/28 [oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory
2025/05/27 [oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL Daniel Stenberg
2025/05/27 [oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL Daniel Stenberg
2025/05/27 [oss-security] CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang
2025/05/27 [oss-security] CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang
2025/05/27 [oss-security] CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang
2025/05/27 [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
2025/05/27 [oss-security] Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices Xen . org security team
2025/05/25 [oss-security] CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. Tomasz Cedro
2025/05/23 [oss-security] CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs Alan Coopersmith
2025/05/23 Re: [oss-security] Perl 5.40 dir dup bug with threading: security consequences Stig Palmquist
2025/05/22 [oss-security] Perl 5.40 dir dup bug with threading: security consequences Vincent Lefevre
2025/05/22 [oss-security] CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use Tomas Mraz
2025/05/21 [oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure Nicki Křížek
2025/05/20 [oss-security] CVE-2025-3908: OpenVPN 3 Linux v24.1 released David Sommerseth
2025/05/20 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/19 [oss-security] Landlock news #5 Mickaël Salaün
2025/05/19 Re: [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Hanno Böck
2025/05/18 Re: [oss-security] describing affected systems Eli Schwartz
2025/05/17 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell
2025/05/17 Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann
2025/05/16 RE: [oss-security] The GNU C Library security advisories update for 2025-05-16 Caveney, Seamus G
2025/05/16 Re: [oss-security] The GNU C Library security advisories update for 2025-05-16 Solar Designer

Earlier messages