Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives

Jan–Mar
Apr–Jun
Jul–Sep
Oct–Dec
2025
262
289
167
–
2024
358
314
293
183
2023
220
284
269
356
2022
212
220
239
273
2021
281
236
193
182
2020
131
219
211
241
2019
199
237
257
176
2018
287
256
284
279
2017
701
658
596
437
2016
738
637
689
788
2015
1068
839
658
618
2014
714
711
886
1185
2013
777
648
688
583
2012
815
578
591
549
2011
640
738
550
591
2010
291
376
465
383
2009
250
264
272
304
2008
206
390
402
358

Latest Posts

CVE-2025-58364 cups: Remote DoS via null dereference Zdenek Dohnal (Sep 11)
Hi all!

There is a moderate (CVSS base metrics 6.5) security vulnerability found
in CUPS project in `ipp_read_io()` function.

   Description

     Summary

An unsafe deserialization and validation of printer attributes, causes
null dereference in libcups library

     Details

The combination of:

|request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES) response =
cupsDoRequest(http_xyz, request, resource);...

ISC has disclosed one vulnerability in Stork (CVE-2025-8696) Ben Scott (Sep 10)
On 10 September 2025 we (Internet Systems Consortium) disclosed one vulnerability affecting our Stork software:

- CVE-2025-8696: DoS attack against the Stork UI from an unauthorized user https://kb.isc.org/docs/cve-2025-8696

New version(s) of Stork are available at the following URL(s):

Stable: https://downloads.isc.org/isc/stork/2.2.1/

With the public announcement of these vulnerabilities, the embargo period is ended and any updated...

Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Emilio Pozuelo Monfort (Sep 10)
Hi Daniel,

From what I can see, websocket support was introduced in 7.86 in [1], and later
marked as supported/not-experimental in 8.11 [2]. If so, I think the above note
(also in [3]) should say that it was experimental before 8.11.

Cheers,
Emilio

[1] https://github.com/curl/curl/commit/664249d095275e
[2] https://github.com/curl/curl/commit/d78e129d50b2d1
[3] https://curl.se/docs/CVE-2025-10148.html

Re: [SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg (Sep 10)
Thank you. I don't know how I could get that wrong (as the introduced-in
commit is the right one), but you are entirely correct. Thank you.

I will update the CVE.

[SECURITY ADVISORY] curl: CVE-2025-10148: predictable WebSocket mask Daniel Stenberg (Sep 09)
predictable WebSocket mask
==========================

Project curl Security Advisory, September 10 2025 -
[Permalink](https://curl.se/docs/CVE-2025-10148.html)

VULNERABILITY
-------------

curl's websocket code did not update the 32 bit mask pattern for each new
outgoing frame as the specification says. Instead it used a fixed mask that
persisted and was used throughout the entire connection.

A predictable mask pattern allows for a...

[SECURITY ADVISORY] curl: CVE-2025-9086: Out of bounds read for cookie path Daniel Stenberg (Sep 09)
Out of bounds read for cookie path
==================================

Project curl Security Advisory, September 10 2025 -
[Permalink](https://curl.se/docs/CVE-2025-9086.html)

VULNERABILITY
-------------

1. A cookie is set using the `secure` keyword for `https://target`
2. curl is redirected to or otherwise made to speak with `http://target` (same
hostname, but using clear text HTTP) using the same cookie set
3. The same cookie name is set...

Xen Security Advisory 474 v2 (CVE-2025-58146) - XAPI UTF-8 string handling Xen . org security team (Sep 09)
Xen Security Advisory CVE-2025-58146 / XSA-474
version 2

XAPI UTF-8 string handling

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

There are multiple issues.

1. Updates to the XAPI database sanitise input strings, but try
generating the notification using the unsanitised input. This
causes the database's event...

Xen Security Advisory 473 v2 (CVE-2025-58144,CVE-2025-58145) - Arm issues with page refcounting Xen . org security team (Sep 09)
Xen Security Advisory CVE-2025-58144,CVE-2025-58145 / XSA-473
version 2

Arm issues with page refcounting

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

There are two issues related to the mapping of pages belonging to other
domains: For one, an assertion is wrong there, where the case actually
needs handling. A NULL pointer de-reference...

Xen Security Advisory 472 v2 (CVE-2025-27466,CVE-2025-58142,CVE-2025-58143) - Mutiple vulnerabilities in the Viridian interface Xen . org security team (Sep 09)
Xen Security Advisory CVE-2025-27466,CVE-2025-58142,CVE-2025-58143 / XSA-472
version 2

Mutiple vulnerabilities in the Viridian interface

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

There are multiple issues related to the handling and accessing of guest
memory pages in the viridian code:

1. A NULL pointer dereference in the updating of the...

CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg (Sep 08)
========================================================================
CVE-2025-40930                                       CPAN Security Group
========================================================================

        CVE ID: CVE-2025-40930
Distribution: JSON-SIMD
      Versions: before 1.07

      MetaCPAN: https://metacpan.org/dist/JSON-SIMD
      VCS Repo: ...

CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified Robert Rothenberg (Sep 08)
========================================================================
CVE-2025-40928                                       CPAN Security Group
========================================================================

        CVE ID: CVE-2025-40928
Distribution: JSON-XS
      Versions: before 4.04

      MetaCPAN: https://metacpan.org/dist/JSON-XS
      VCS Repo: ...

CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Robert Rothenberg (Sep 08)
========================================================================
CVE-2025-40929                                       CPAN Security Group
========================================================================

        CVE ID: CVE-2025-40929
Distribution: Cpanel-JSON-XS
      Versions: before 4.40

      MetaCPAN: https://metacpan.org/dist/Cpanel-JSON-XS
     ...

CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong (Sep 06)
Severity: moderate

Affected versions:

- Apache HertzBeat (incubating) through 1.7.2

Description:

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .

This issue affects Apache HertzBeat: through 1.7.2.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Credit:

F10wers13eiCHeng (finder)
aftersnow (finder)

References:...

CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong (Sep 06)
Severity: moderate

Affected versions:

- Apache HertzBeat (incubating) before 1.7.0

Description:

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat (incubating): before 1.7.0.

Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Credit:

unam4 (finder)
springkill (finder)
Zoiltin (finder)

References:

https://hertzbeat.apache.org...

More Lists

Dozens of other network security lists are archived at SecLists.Org.