oss-security  

Messages by Thread

• [oss-security] CVE-2026-49270: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire) Christopher L. Shannon
• [oss-security] CVE-2026-49157: Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default Christopher L. Shannon
• [oss-security] CVE-2026-46605: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal Christopher L. Shannon
• [oss-security] CVE-2026-45505: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass Christopher L. Shannon
• [oss-security] CVE-2026-42588: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector Christopher L. Shannon
• [oss-security] CVE-2026-42253: Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties Christopher L. Shannon
• [oss-security] CVE-2026-49298: Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Rahul Vats
• [oss-security] CVE-2026-48726: Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path Rahul Vats
• [oss-security] CVE-2026-46764: Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter Rahul Vats
• [oss-security] CVE-2026-45426: Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access Rahul Vats
• [oss-security] CVE-2026-45360: Apache Airflow: Arbitrary import in custom deadline-reference deserialization Rahul Vats
• [oss-security] CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator Rahul Vats
• [oss-security] CVE-2026-42358: Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets Rahul Vats
• [oss-security] CVE-2026-42360: Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking Rahul Vats
• [oss-security] CVE-2026-42252: Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern Rahul Vats
• [oss-security] CVE-2026-41084: Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation Rahul Vats
• [oss-security] CVE-2026-41017: Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy Rahul Vats
• [oss-security] CVE-2026-49267: Apache Airflow: No certificate validation on SMTP STARTTLS connections Rahul Vats
• [oss-security] CVE-2026-41014: Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints Rahul Vats
• [oss-security] CVE-2026-40963: Apache Airflow: DAG authorization bypass on /ui/structure/structure_data Rahul Vats
• [oss-security] CVE-2026-40961: Apache Airflow: Open Redirect Bypass Vulnerability Rahul Vats
• [oss-security] CVE-2026-40861: Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler Rahul Vats
• [oss-security] CVE-2025-70103: Heap-based Buffer Overflow in libjxl/cjxl via jxl::extras::DecodeImagePNM on crafted PBM file Alexander A. Shvedov
• [oss-security] CVE-2026-8594: Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters Robert Rothenberg
• [oss-security] CVE-2026-49361: Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability Jark Wu
• [oss-security] [vim-security] Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.565 Christian Brabandt
• [oss-security] CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local command execution) Abhinav Agarwal
• [oss-security] CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input Alexander
• [oss-security] CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git Thomas Wolf
• [oss-security] CVE-2026-44825: Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users Jan Høydahl
• [oss-security] [vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561 Christian Brabandt
  • [oss-security] [vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561 Christian Brabandt
• [oss-security] CVE-2026-48840: Exim 4.99.4: PROXY-protocol uninitialised-stack information disclosure Heiko Schlittermann
• [oss-security] CVE-2024-13745, EDK II: several issues with partition table measurements Maxim Suhanov
• [oss-security] CVE-2026-41565: CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers Stig Palmquist
• [oss-security] CVE-2026-9658: Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths Robert Rothenberg
• [oss-security] [OSSA-2026-016] OpenStack Neutron: Tagging policy bypass allows project readers to mutate tags (CVE-2026-pending) Goutham Pacha Ravi
• [oss-security] [OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394) Goutham Pacha Ravi
• [oss-security] Open Babel 3.2.0: 24 CVEs fixed across file-format parsers Geoffrey Hutchison
• [oss-security] Two security advisories for Cargo from Rust Alan Coopersmith
• [oss-security] Various memory access violations in 7-Zip Alan Coopersmith
• [oss-security] CVE-2025-48977: Apache Ignite: Rest Http default Arbitrary file read vulnerability zstan
• [oss-security] CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall manizada
• Re: [oss-security] Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Jacob Bachmeyer
  • Re: [oss-security] Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Solar Designer
• [oss-security] [OSSA-2026-014] OpenStack Swift: Swift proxy-server denial of service via truncated s3api chunked upload (CVE-2026-49017) Goutham Pacha Ravi
• [oss-security] ARTEMIS-5996: CVE-2026-40914: Apache Artemis, Apache ActiveMQ Artemis: Address routing-type can be updated by STOMP protocol user without the createAddress permission Justin Bertram
• [oss-security] CVE-2026-8450: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file() Stig Palmquist
• [oss-security] CVE-2026-48962: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob Stig Palmquist
• [oss-security] CVE-2026-48961: IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID Stig Palmquist
• [oss-security] CVE-2026-48959: IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward Stig Palmquist
• [oss-security] CVE-2025-15649: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date Stig Palmquist
• [oss-security] CVE-2026-8647: Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available Robert Rothenberg
• [oss-security] CVE-2026-46740: Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections Robert Rothenberg
• [oss-security] CVE-2026-40564: Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator Gyula Fora
• [oss-security] qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048) Matthias Gerstner
• [oss-security] CVE-2026-9538: Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header Stig Palmquist
• [oss-security] CVE-2026-42497: Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory Stig Palmquist
• [oss-security] CVE-2026-42496: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory Stig Palmquist
• [oss-security] CVE-2026-8376: Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds Timothy Legge
• [oss-security] CVE-2026-48589: Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow Lenny Primak
• [oss-security] CVE-2026-44598: Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials) Lenny Primak
• [oss-security] CVE-2026-43828: Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default Lenny Primak
• [oss-security] CVE-2026-43827: Apache Shiro: Session fixation: new session is not created after login by default Lenny Primak
• [oss-security] CVE-2026-42797: Apache Syncope: JexlContextBuilder Information Disclosure Francesco Chicchiriccò
• [oss-security] CVE-2026-42782: Apache Syncope: Post-auth RCE via Groovy static Francesco Chicchiriccò
• [oss-security] PuTTY 0.84 released with 3 minor security fixes Alan Coopersmith
• [oss-security] CVE-2026-46745: Apache Airflow FAB provider: [ Security Report ] LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token (ZDRES-223) Jens Scheffler
• [oss-security] CVE-2026-45361: Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default) Jens Scheffler
• [oss-security] root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Manopakorn Kooharueangrong
  • Re: [oss-security] root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Solar Designer
  • Re: [oss-security] root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Matt Christie
• [oss-security] Anthropic's coordinated vulnerability disclosure dashboard Alan Coopersmith
• [oss-security] CVE-2026-45249: Apache ECharts: XSS in Lines series tooltip rendering Zhongxiang Wang
• [oss-security] CVE-2026-9277: shell-quote before 1.8.4 command injection in quote() Akshat Sinha
• [oss-security] HPLIP: Potential Escalation of Privilege and Arbitrary Code Execution Alan Coopersmith
• [oss-security] [vim-security] Multiple Memory Safety Issues in Vim Spell File Parser affects Vim < 9.2.0513 Christian Brabandt
• [oss-security] illumos: 18118 SCTP frees wrong-size, and need to keep private options Dan McDonald
• [oss-security] CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository Colm O hEigeartaigh
• [oss-security] CVE-2026-44618: Apache CXF: XXE vulnerability in WS-Transfer functionality Colm O hEigeartaigh
• [oss-security] CVE-2026-44417: Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE) Colm O hEigeartaigh
• [oss-security] Vulnerabilities in golang.org/x/crypto Alan Coopersmith
• [oss-security] CVE-2026-5091: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks Robert Rothenberg
• [oss-security] CVE-2026-46473: Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand Robert Rothenberg
• [oss-security] CVE-2026-47243: Kata Containers runtime-rs 3.30: virtiofsd symlink escape Aurelien Bombo
• [oss-security] CVE-2026-48207: Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement Chaokun Yang
• [oss-security] Host ambiguous requests through NGINX $host and Debian's proxy_params gabriel . corona
  • Re: [oss-security] Host ambiguous requests through NGINX **$http_host** and Debian's proxy_params Gabriel Corona
  • Re: [oss-security] Host ambiguous requests through NGINX $host and Debian's proxy_params Gabriel Corona
• [oss-security] CVE-2026-45760: Apache Camel K: Camel K Cross-Namespace Build Deputy Attack Pasquale Congiusti
• [oss-security] CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Przemyslaw Frasunek
  • Re: [oss-security] CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Steffen Nurpmeso
  • Re: [oss-security] CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Przemyslaw Frasunek
• [oss-security] CVE-2026-47372: Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts Robert Rothenberg
• [oss-security] CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks Robert Rothenberg
• [oss-security] CVE-2026-4802 [cockpit] Arbitrary code execution in the logs page via a specially crafted link Jelle van der Waa
• [oss-security] PowerDNS Security Advisory 2026-06: Multiple Issues Miod Vallat
• [oss-security] ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950) Michał Kępień
• [oss-security] rsync 3.4.3 released: six CVEs (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232) Andrew Tridgell
• [oss-security] Unbound: 1.25.1 addresses multiple CVE items Yorgos Thessalonikefs
• [oss-security] QEMU CXL Memory Corruption Vulnerability ("QEMUtiny") Brett Sheffield
• [oss-security] PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt
  • Re: [oss-security] PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Simon McVittie
  • Re: [oss-security] PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona
  • Re: [oss-security] PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona
  • [oss-security] Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt
• [oss-security] CVE-2026-5090: Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected Robert Rothenberg
• [oss-security] [OSSA-2026-013] Ironic: Denial of Service via specially crafted deployment requests (CVE-2026-44919) Jay Faulkner
• [oss-security] CVE-2026-42526: Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends Vincent Beck
• [oss-security] CVE-2026-27173: Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Vincent Beck
• [oss-security] Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro
  • [oss-security] Re: Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro
  • [oss-security] Re: Evince/Atril/Xreader command injection CVE-2026-46529 Wolfgang
• [oss-security] Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith
  • Re: [oss-security] Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith
• [oss-security] CVE-2026-46586: Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution Jacopo Cappellato
• [oss-security] CVE-2026-45434: Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE Jacopo Cappellato
• [oss-security] CVE-2026-45187: Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs Jacopo Cappellato
• [oss-security] CVE-2026-41919: Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction Jacopo Cappellato
• [oss-security] CVE-2026-35086: Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services Jacopo Cappellato
• [oss-security] CVE-2026-31986: Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection Jacopo Cappellato
• [oss-security] CVE-2026-31910: Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access Jacopo Cappellato
• [oss-security] CVE-2026-31909: Apache OFBiz: Unauthenticated Shipment Label Image Disclosure Jacopo Cappellato
• [oss-security] CVE-2026-31906: Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters Jacopo Cappellato
• [oss-security] CVE-2026-31388: Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature Jacopo Cappellato
• [oss-security] CVE-2026-31387: Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation Jacopo Cappellato
• [oss-security] CVE-2026-31380: Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass Jacopo Cappellato
• [oss-security] CVE-2026-31379: Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager Jacopo Cappellato
• [oss-security] CVE-2026-31378: Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution Jacopo Cappellato
• [oss-security] CVE-2026-29226: Apache OFBiz: Low-Privilege SSRF in Content Component Jacopo Cappellato
• [oss-security] CVE-2026-29220: Apache OFBiz: Low-Privilege LFI in Content Component Jacopo Cappellato
• [oss-security] CVE-2026-29207: Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component Jacopo Cappellato
• [oss-security] CVE-2026-47323: Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering Andrea Cosentino
• [oss-security] [SBA-ADV-20260128-05] CVE-2026-42547: DFIR-IRIS before 2.4.28 Alerts Can be Falsely Attributed to Customers SBA Research Security Advisory
• [oss-security] [SBA-ADV-20260128-03] CVE-2026-42543: DFIR-IRIS before 2.4.28 Cross-Site Request Forgery (CSRF) SBA Research Security Advisory
• [oss-security] [SBA-ADV-20260128-01] CVE-2026-42540: DFIR-IRIS before 2.4.28 Mass Assignment SBA Research Security Advisory
• [oss-security] [SBA-ADV-20260126-04] CVE-2026-42539: DFIR-IRIS before 2.4.28 Excessive Data Exposure SBA Research Security Advisory
• [oss-security] [SBA-ADV-20260126-03] CVE-2026-42538: DFIR-IRIS before 2.4.28 Insecure File Upload SBA Research Security Advisory
• [oss-security] [SBA-ADV-20260126-02] CVE-2026-42329: DFIR-IRIS before 2.4.28 Open Redirect SBA Research Security Advisory
• [oss-security] PinTheft Linux LPE Sam James
  • Re: [oss-security] PinTheft Linux LPE Sam James
  • Re: [oss-security] PinTheft Linux LPE Sam James
  • Re: [oss-security] PinTheft Linux LPE Jelle van der Waa
  • Re: [oss-security] PinTheft Linux LPE Marcus Meissner
• [oss-security] Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Marcus Meissner
  • Re: [oss-security] Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Hanno Böck
  • Re: [oss-security] Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Steffen Nurpmeso
  • [oss-security] Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 nightmare . yeah27
  • Re: [oss-security] Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Jeffrey Walton
  • [oss-security] CVE-2026-41054: haveged — privilege escalation via command socket Jiri Hladky
• [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Demi Marie Obenour
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Steffen Nurpmeso
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) gabriel . corona
  • Re: [oss-security] On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona
  • [oss-security] Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
• Re: [oss-security] CVE request experience Fabian Keil
  • Re: [oss-security] CVE request experience Fabian Keil
• [oss-security] CVE-2026-8788: Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections Robert Rothenberg
• [oss-security] CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs Timothy Legge
• [oss-security] CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws Timothy Legge
• [oss-security] [vim-security] Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex affects Vim < 9.2.0496 Christian Brabandt
• [oss-security] [vim-security] Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name affects Vim < 9.2.495 Christian Brabandt
• [oss-security] CVE-2026-46720: Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections Robert Rothenberg
• [oss-security] CVE-2026-46719: Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections Robert Rothenberg
• [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Hanno Böck
  • Re: [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Valtteri Vuorikoski
  • Re: [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Agostino Sarubbo
  • Re: [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Bernhard R. Link
  • Re: [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Donald Buczek
  • Re: [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Lionel Debroux
  • Re: [oss-security] Recent Kernel exploits, attack surface reduction, example IPSEC Jeffrey Walton
• [oss-security] CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified Timothy Legge
• [oss-security] CVE-2026-8700: Crypt::DSA versions before 1.20 for Perl generate seeds using rand Timothy Legge
• [oss-security] Poppy: XPC Observability & Fault Injection Stuart Thomas
  • Re: [oss-security] Poppy: XPC Observability & Fault Injection Solar Designer
• [oss-security] PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released with security fixes Alan Coopersmith
• [oss-security] netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later Alan Coopersmith
• [oss-security] libpng-apng: Chunk-smuggling vulnerability in push-mode APNG parser: CVE-2026-40930 Cosmin Truta
• [oss-security] CVE-2026-35194: Apache Flink: Remote code execution via SQL injection in code generation Martijn Visser
• [oss-security] Security Advisory: Multiple Vulnerabilities in llama.cpp GGUF Format Parsers 135266653
• [oss-security] CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand Robert Rothenberg
• [oss-security] CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge
• [oss-security] CVE-2026-8503: Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids Robert Rothenberg
• [oss-security] CVE-2026-8454: Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge
• [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
  • Re: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function Sam James
  • Re: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso
  • Re: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso
  • Re: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function Sam James
  • Re: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
  • Re: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function David Gonzalez
  • [oss-security] Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
  • [oss-security] Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
  • [oss-security] Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory

• Earlier messages