Open Source Security mailing list
@oss_security
@Openwall oss-security mailing list thread summaries, currently maintained by @solardiz. Originally setup and maintained as an automated feed by @eugeneteo.
You might like
Becoming a CVE Numbering Authority (CNA) for your project openwall.com/lists/oss-secu… One effective way to combat the influx of bogus CVEs and ensure accurate vulnerability reporting is for open source projects to become their own CNA. Red Hat [...] can help you.
Questionable CVEs against dnsmasq, Kamailio SIP server, GNU Bison assigned by VulDB (thread) openwall.com/lists/oss-secu… Maybe @VulDB is doing a particularly poor job as a CNA of (not) reviewing CVE requests before assignment openwall.com/lists/oss-secu…
CVE-2025-58337: Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode openwall.com/lists/oss-secu…
OSSA-2025-002: OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization openwall.com/lists/oss-secu… sending those endpoints a valid AWS Signature (e.g. from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization
CVE-2025-11563: wcurl: path traversal with percent-encoded slashes openwall.com/lists/oss-secu… Affected versions: wcurl shipped with curl 8.14.0 to and including 8.16.0, wcurl 2024.12.08 to and including 2025.09.27
CVE-2025-62875: OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket openwall.com/lists/oss-secu… Lengthy review of OpenSMTPD by SUSE Linux Security Team. Also includes "Notes on setuid and setgid Binaries" and "Notes on the Network-Facing OpenSMTPD Code".
CVE-2025-62232: Apache APISIX: APISIX basic-auth logs plaintext credentials at info level openwall.com/lists/oss-secu… logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG
CVE-2025-11232: Kea: Invalid characters cause assert openwall.com/lists/oss-secu… To trigger the issue, three configuration parameters must have specific settings. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly.
CVE-2025-30189: Dovecot IMAP Server: Using auth caching causes the first lookup to be cached for all lookups openwall.com/lists/oss-secu… with oauth2 passdb, passwd passdb or userdb, or passwd userdb. Vulnerable: 2.4.0, 2.4.1. Fixed in 2.4.2. Workaround: disable auth cache.
3 CVEs in X.Org X server and Xwayland openwall.com/lists/oss-secu… CVE-2025-62229: Use-after-free in XPresentNotify structures creation CVE-2025-62230: Use-after-free in Xkb client resource removal CVE-2025-62231: Value overflow in Xkb extension XkbSetCompatMap()
Apache Tomcat openwall.com/lists/oss-secu… CVE-2025-55752: Directory traversal via rewrite with possible RCE if PUT is enabled CVE-2025-55754: Console manipulation via escape sequences in log messages CVE-2025-61795: DoS via delayed cleaning of multi-part upload temporary files
Courier Mail Server: OOB read / segfault and endless loop in 1.5.0 openwall.com/lists/oss-secu… Two issues in MIME parsing found by @hanno. The parser code is also used by courier-imap, sqwebmail, maildrop, and cone. Known affected: 1.5.0 only. Unaffected: 1.4.x. Fixed: 1.5.1.
Xen Security Advisory 476 v1 (CVE-2025-58149) - Incorrect removal of permissions on PCI device unplug openwall.com/lists/oss-secu… A buggy or malicious PV guest can access memory of PCI devices no longer assigned to it. Only PV guests with PCI passthrough devices can leverage this.
United States Trends
- 1. Good Thursday 26.8K posts
- 2. Happy Friday Eve N/A
- 3. #thursdayvibes 2,078 posts
- 4. #thursdaymotivation 1,293 posts
- 5. ESPN Bet N/A
- 6. #Talus_Labs N/A
- 7. #ThursdayThoughts 1,313 posts
- 8. Lakers 84.8K posts
- 9. #River 4,303 posts
- 10. Wemby 28.6K posts
- 11. Vatican 10.6K posts
- 12. Unplanned 6,256 posts
- 13. Grapefruit 1,480 posts
- 14. Marcus Smart 6,900 posts
- 15. Captain Kangaroo 1,266 posts
- 16. Blazers 9,886 posts
- 17. Russ 12K posts
- 18. Richard 45.4K posts
- 19. Shroud 5,775 posts
- 20. Shabbat 7,301 posts
You might like
-
Linux Kernel Security
@linkersec -
offensivecon
@offensive_con -
starlabs
@starlabs_sg -
Project Zero Bugs
@ProjectZeroBugs -
Samuel Groß
@5aelo -
Openwall
@Openwall -
lcamtuf
@lcamtuf -
Axel Souchet
@0vercl0k -
grsecurity
@grsecurity -
Dohyun Lee
@l33d0hyun -
Zhihua Yao
@hackyzh -
DawnSecurityLab
@dawnseclab -
Andrey Konovalov
@andreyknvl -
HackSys Team
@HackSysTeam -
Brad Spengler
@spendergrsec
Something went wrong.
Something went wrong.