oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

583 messages starting Oct 11 13 and ending Dec 16 13
Date index | Thread index | Author index

aaron guzman

Re: Re: browser document.cookie DoS vulnerability aaron guzman (Oct 11)

Aaron Patterson

[CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Aaron Patterson (Dec 03)
Possible DoS Vulnerability in Action Mailer (CVE-2013-4389) Aaron Patterson (Oct 16)
[CVE-2013-6415] XSS Vulnerability in number_to_currency Aaron Patterson (Dec 03)
[CVE-2013-6414] Denial of Service Vulnerability in Action View Aaron Patterson (Dec 03)
[CVE-2013-6416] XSS Vulnerability in simple_format helper Aaron Patterson (Dec 03)
[CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) Aaron Patterson (Dec 03)

Adam Caudill

VICIDIAL 2.7 - SQL Injection, Command Injection Adam Caudill (Oct 23)

Alan Coopersmith

Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests Alan Coopersmith (Oct 08)

Alexander E. Patrakov

Vulnerability in Webkit-GTK and PulseAudio volume handling Alexander E. Patrakov (Oct 08)
CVE request: WebKit-GTK + Puseaudio: unexpectedly high sound volume Alexander E. Patrakov (Oct 22)
Re: [pulseaudio-discuss] Vulnerability in Webkit-GTK and PulseAudio volume handling Alexander E. Patrakov (Oct 10)
Re: Re: [pulseaudio-discuss] Vulnerability in Webkit-GTK and PulseAudio volume handling Alexander E. Patrakov (Oct 11)
Re: [pulseaudio-discuss] Vulnerability in Webkit-GTK and PulseAudio volume handling Alexander E. Patrakov (Oct 21)
Re: A note on cookie based sessions Alexander E. Patrakov (Oct 03)

Alex Gaynor

Re: Source of bad password hashing practices? MySQL manual... Alex Gaynor (Oct 09)

Alex Legler

http://nvd.nist.gov/nvd.cfm?cvename=CVE-XXX URLs result in 404 Alex Legler (Nov 28)

Anant Shrivastava

Re: Re: CVE for Wordpress plugin Portable-phpmyadmin Anant Shrivastava (Oct 22)
Re: CVE for Wordpress plugin Portable-phpmyadmin Anant Shrivastava (Oct 21)
CVE for Wordpress plugin Portable-phpmyadmin Anant Shrivastava (Oct 21)

Andrew Cooper

Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Andrew Cooper (Dec 04)

Andri Möll

Re: A note on cookie based sessions Andri Möll (Oct 04)

Andy Lester

Re: CVE request for remote code execution in ack Andy Lester (Dec 10)
Re: CVE request for remote code execution in ack Andy Lester (Dec 10)

Axel Beckert

CVE request for remote code execution in ack Axel Beckert (Dec 10)
Re: CVE request for remote code execution in ack Axel Beckert (Dec 10)

Bas Pape

CVE Request - Quassel IRC SQL injection Bas Pape (Oct 09)
Re: CVE Request - Quassel IRC SQL injection Bas Pape (Oct 11)

chris

Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails chris (Dec 05)

Chris Palmer

Re: Integer overflow in libtar (<= 1.2.19) Chris Palmer (Oct 09)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Chris Palmer (Nov 14)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Chris Palmer (Nov 15)
Re: Source of bad password hashing practices? MySQL manual... Chris Palmer (Oct 09)

Christey, Steven M.

RE: Source of bad password hashing practices? MySQL manual... Christey, Steven M. (Oct 09)
RE: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Christey, Steven M. (Nov 25)
RE: 2 CVE's to be rejected Christey, Steven M. (Oct 10)
RE: Re: CVE duplicates SA-CONTRIB-2013-075 Christey, Steven M. (Oct 21)

Christopher Dell

Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Christopher Dell (Dec 05)

Colin Guthrie

Re: Vulnerability in Webkit-GTK and PulseAudio volume handling Colin Guthrie (Oct 10)

cve-assign

Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities cve-assign (Dec 10)
Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities cve-assign (Dec 09)
CVE already assigned for 1026891? cve-assign (Dec 18)
Re: CVE request: Fat Free CRM multiple vulnerabilities cve-assign (Dec 31)
Re: CVE request: denial of service in Nagios (process_cgivars()) cve-assign (Dec 23)
Re: browser document.cookie DoS vulnerability cve-assign (Oct 17)
Re: CVE request: devscripts (uscan) command execution flaw cve-assign (Dec 11)
Re: CVE request: Fat Free CRM multiple vulnerabilities cve-assign (Dec 28)
Re: CVE request: ClamAV vulnerabilities cve-assign (Dec 12)
Re: Two CVE request for gnome-shell/screensaver issues cve-assign (Dec 26)
Re: CVE Request: SASL authentication allows wrong credentials to access memcache cve-assign (Dec 30)
Re: CVE request: Zenphoto 1.4.5.4 cve-assign (Dec 30)
CVE-2013-6885 AMD Publ. 51810 Errata 793 system hang cve-assign (Nov 27)
Re: CVE request: pyxtrlock cve-assign (Oct 15)
Re: CVE request: ClamAV vulnerabilities cve-assign (Dec 09)
Re: CVE request: denial of service in Nagios (process_cgivars()) cve-assign (Dec 24)
Re: CVE request for Drupal core, and contributed modules cve-assign (Dec 11)
Re: A note on cookie based sessions cve-assign (Oct 04)
Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace cve-assign (Dec 12)
Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001 cve-assign (Dec 11)
Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang cve-assign (Dec 02)
Re: CVE request: cmsmadesimple before 1.11.8 / bad upstream behaviour vs. CVE assignment cve-assign (Dec 30)
Re: CVE Request: FFmpeg 2.1 multiple problems cve-assign (Dec 08)
Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 cve-assign (Dec 23)
Re: browser document.cookie DoS vulnerability cve-assign (Oct 15)
Re: 2 CVE's to be rejected cve-assign (Oct 09)
CVE-2013-6780 for YUI 2.x 2013-11-11 uploader.swf issue cve-assign (Nov 12)
Re: CVE request: pam: password hashes aren't compared case-sensitively cve-assign (Dec 09)
Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities cve-assign (Dec 11)
CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc. cve-assign (Nov 10)
Re: CVE Request: Proc::Daemon writes pidfile with mode 666 cve-assign (Dec 17)
Re: CPython hash secret can be recoved remotely cve-assign (Dec 09)
Re: CVE request: ClamAV vulnerabilities cve-assign (Dec 11)
Re: CVE Request: ack-grep: potential remote code execution via per-project .ackrc files cve-assign (Dec 11)
Re: CVE-request: Dewplayer issues cve-assign (Dec 30)
Re: CVE request: Asterisk AST-2013-007 cve-assign (Dec 20)
Re: CVE to the ntp monlist DDoS issue? cve-assign (Dec 30)
Re: CVE request: Juvia secret token handling cve-assign (Dec 17)
Re: CVE request for a vulnerability in OpenStack Nova cve-assign (Dec 11)
Re: possible CVE request for rpath issues fixed via slackware updates cve-assign (Dec 19)
Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) cve-assign (Dec 15)
Re: Command injection in Ruby Gem Webbynode 1.0.5.3 cve-assign (Dec 12)
Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line cve-assign (Dec 15)
Re: CVE request: two issues in libmicrohttpd cve-assign (Dec 09)
Re: CVE request: SMF 1.1.19, 2.0.6 cve-assign (Dec 29)
Re: CVE request for Plone cve-assign (Dec 11)
Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 15)
Re: CVE issues with recent python flaws cve-assign (Dec 27)
Re: browser document.cookie DoS vulnerability cve-assign (Oct 16)
Re: CVE Request: ZNC IRC Bouncer DoS in FiSH Plugin cve-assign (Dec 11)
Re: CVE Request: wordpress: information leakage and backdoor vulnerabilities in writing settings cve-assign (Dec 23)
Re: Two CVE request for gnome-shell/screensaver issues cve-assign (Dec 27)
Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 09)

Damien Regad

CVE Request: MantisBT before 1.2.16 XSS vulnerability Damien Regad (Oct 22)

Dan Carpenter

Re: some unstracked linux kernel security fixes Dan Carpenter (Nov 14)

Daniel Borkmann

Re: CVE requests for three Linux kernel issues Daniel Borkmann (Nov 20)

Daniel Kahn Gillmor

Re: openssl default ciphers Daniel Kahn Gillmor (Nov 04)
perdition: ssl_outgoing_ciphers not applied to STARTTLS connections Daniel Kahn Gillmor (Nov 12)
XSS in CollectiveAccess 1.3 and earlier Daniel Kahn Gillmor (Nov 04)
cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Daniel Kahn Gillmor (Nov 13)

David Jorm

CVE Request: Apache Solr XXE David Jorm (Nov 28)

David Prévot

Re: CVE Request: multiple vulnerabilities in spip David Prévot (Nov 10)

Donald Stufft

Re: A note on cookie based sessions Donald Stufft (Oct 03)

Dwayne Litzenberger

CVE-2013-1445 python-crypto: PRNG not correctly reseeded in some situations Dwayne Litzenberger (Oct 17)

Eric H. Christensen

Re: openssl default ciphers Eric H. Christensen (Nov 04)
Re: Microsoft Warns Customers Away From RC4 and SHA-1 Eric H. Christensen (Nov 13)
Re: openssl default ciphers Eric H. Christensen (Nov 04)

Florian Weimer

Re: openssl default ciphers Florian Weimer (Nov 05)
Re: CVE Request: static IV used in Percona XtraBackup Florian Weimer (Nov 26)
Re: CVE request: two issues in libmicrohttpd Florian Weimer (Dec 09)
Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Florian Weimer (Nov 05)
Re: A note on cookie based sessions Florian Weimer (Oct 03)
Re: Re: CVE to the ntp monlist DDoS issue? Florian Weimer (Dec 30)

Forest Monsen

CVE request for Drupal contributed modules Forest Monsen (Oct 18)
Re: Re: CVE duplicates SA-CONTRIB-2013-075 Forest Monsen (Oct 22)
Re: CVE request for Drupal core, and contributed modules Forest Monsen (Dec 09)
CVE request for Drupal contributed module Forest Monsen (Oct 04)
Re: CVE duplicates SA-CONTRIB-2013-075 Forest Monsen (Oct 18)
CVE request for Drupal core, and contributed modules Forest Monsen (Dec 06)
Re: CVE request for Drupal core, and contributed modules Forest Monsen (Dec 07)
Re: CVE request for Drupal contributed modules Forest Monsen (Nov 06)
CVE request for Drupal contributed modules Forest Monsen (Nov 02)
CVE request for Drupal contributed modules Forest Monsen (Nov 17)
Re: CVE request for Drupal core, and contributed modules Forest Monsen (Dec 09)

Fuminobu TAKEYAMA

Re: CVE Request: IBUS showing passwords during password input Fuminobu TAKEYAMA (Nov 04)

Garth Mollett

Please REJECT CVE-2013-2215 Garth Mollett (Dec 09)

George Theall

Re: Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities George Theall (Dec 10)
Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities George Theall (Dec 10)
Re: CVE request: ClamAV vulnerabilities George Theall (Nov 29)

Grant Murphy

Issue with PYTHON_EGG_CACHE Grant Murphy (Dec 08)

Greg KH

Re: CVE request - kernel: char: Int overflow in lp_do_ioctl() Greg KH (Dec 30)

Greg Kroah-Hartman

Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Greg Kroah-Hartman (Dec 02)

gremlin

Re: Source of bad password hashing practices? MySQL manual... gremlin (Oct 09)

Hannes Frederic Sowa

Re: CVE Request: Linux kernel: net: uninitialised memory leakage Hannes Frederic Sowa (Nov 28)

Hanno Böck

Re: openssl default ciphers Hanno Böck (Nov 04)
CVE request: cmsmadesimple before 1.11.8 / bad upstream behaviour vs. CVE assignment Hanno Böck (Oct 21)
Re: Re: CVE request - VLC 2.0.0 to 2.0.8 Hanno Böck (Oct 04)

Helmut Grohne

Re: [SECURITY] [DSA 2826-1] denyhosts security update Helmut Grohne (Dec 22)

Henri Salo

CVE request: SMF 1.1.19, 2.0.6 Henri Salo (Dec 29)
CVE duplicates SA-CONTRIB-2013-075 Henri Salo (Oct 05)
CVE-request: Dewplayer issues Henri Salo (Dec 30)
CVE request: Fat Free CRM multiple vulnerabilities Henri Salo (Dec 27)
Re: CVE duplicates SA-CONTRIB-2013-075 Henri Salo (Oct 21)
CVE request: UnrealIRCd remote DoS Henri Salo (Nov 29)
CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001 Henri Salo (Dec 11)
Re: CVE request: cmsmadesimple before 1.11.8 / bad upstream behaviour vs. CVE assignment Henri Salo (Dec 29)
CVE request: Zenphoto 1.4.5.4 Henri Salo (Dec 29)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 30)
Re: CVE request for Drupal core, and contributed modules Henri Salo (Dec 06)

Huzaifa Sidhpurwala

Re: CVE Request: libxml2 external parsed entities issue Huzaifa Sidhpurwala (Oct 28)
Re: Re: Two CVE request for gnome-shell/screensaver issues Huzaifa Sidhpurwala (Dec 27)
[CVE request] systemd Huzaifa Sidhpurwala (Oct 01)
Integer overflow in libtar (<= 1.2.19) Huzaifa Sidhpurwala (Oct 09)
Two CVE request for gnome-shell/screensaver issues Huzaifa Sidhpurwala (Dec 26)

Ian Jackson

Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Ian Jackson (Dec 02)

Igor Sverkos

Re: A note on cookie based sessions Igor Sverkos (Oct 04)

Izadjoo, Meisam

RE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-XXX URLs result in 404 Izadjoo, Meisam (Nov 29)
RE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-XXX URLs result in 404 Izadjoo, Meisam (Nov 29)

Jacob Vosmaer

CVE-2013-4490 Remote code execution vulnerability in the SSH key upload feature of GitLab Jacob Vosmaer (Nov 04)
CVE-2013-4489 Remote code execution vulnerability in the code search feature of GitLab Jacob Vosmaer (Nov 04)
Security vulnerability in gitlab-shell (CVE-2013-4546) Jacob Vosmaer (Nov 11)
Requesting four (4) CVE identifiers for GitLab Jacob Vosmaer (Nov 14)
Re: Requesting four (4) CVE identifiers for GitLab Jacob Vosmaer (Nov 18)

Jamie Strandboge

CVE Request: xorg-server and pixman Jamie Strandboge (Dec 03)
Duplicate OpenStack CVEs for Horizon? Jamie Strandboge (Dec 03)
Re: CVE Request: xorg-server and pixman Jamie Strandboge (Dec 04)

Jay Berkenbilt

qpdf 5.0.1 has some security fixes Jay Berkenbilt (Oct 18)

Jenny Han Donnelly

RE: [vs-plain] Request for CVE Identifiers Jenny Han Donnelly (Nov 13)

Jeremy Stanley

[OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428) Jeremy Stanley (Dec 11)
[OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426) Jeremy Stanley (Dec 11)
Re: Source of bad password hashing practices? MySQL manual... Jeremy Stanley (Oct 09)
[OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426) Jeremy Stanley (Dec 11)
[OSSA 2013-033] Metadata queries from Neutron to Nova are not restricted by tenant (CVE-2013-6419) Jeremy Stanley (Dec 11)
Re: Re: Issue with PYTHON_EGG_CACHE Jeremy Stanley (Dec 15)
[OSSA 2013-030] XenAPI security groups not kept through migrate or resize (CVE-2013-4497) Jeremy Stanley (Nov 14)
CVE request for a vulnerability in OpenStack Nova Jeremy Stanley (Nov 03)
[OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858) Jeremy Stanley (Dec 11)
[OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391) Jeremy Stanley (Dec 11)

Joel Weinberger

Re: Re: browser document.cookie DoS vulnerability Joel Weinberger (Oct 11)

John Haxby

Re: Source of bad password hashing practices? MySQL manual... John Haxby (Nov 07)

Jonathan Rudenberg

CVE Request: Node.js HTTP Pipelining DoS Jonathan Rudenberg (Oct 19)

Jonathan Salwan

Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 & CVE-2013-6122) Jonathan Salwan (Nov 07)
CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Jonathan Salwan (Nov 25)
Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739) Jonathan Salwan (Oct 15)

Jon Yurek

Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457) Jon Yurek (Oct 22)

Jordi Sanfeliu

Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities (clearing up confusion) Jordi Sanfeliu (Dec 27)

Josef Šimánek

CVE request: RubyGem omniauth-facebook access token security vulnerability Josef Šimánek (Nov 15)
Re: CVE request: RubyGem omniauth-facebook access token security vulnerability Josef Šimánek (Nov 18)
Re: CVE request: rubygem omniauth-facebook CSRF vurnerability Josef Šimánek (Nov 12)
CVE request: rubygem omniauth-facebook CSRF vurnerability Josef Šimánek (Nov 12)

Jurriaan Bremer

CVE Request: ZNC IRC Bouncer DoS in FiSH Plugin Jurriaan Bremer (Dec 11)

Kees Cook

Linux kernel CVE fixes Kees Cook (Nov 22)

Kevin Pawloski

CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability Kevin Pawloski (Oct 24)
CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability Kevin Pawloski (Oct 22)

kpolitowicz

Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails kpolitowicz (Dec 03)

Kurt Seifried

Re: CVE request for Drupal contributed module Kurt Seifried (Oct 04)
Re: CVE Request: multiple vulnerabilities in spip Kurt Seifried (Nov 10)
Re: RESEND: CVE Request: pwgen Kurt Seifried (Oct 22)
Re: CVE Request: FFmpeg 2.1 multiple problems Kurt Seifried (Dec 06)
Re: CVE Request: Apache Solr XXE Kurt Seifried (Nov 28)
Re: A note on cookie based sessions Kurt Seifried (Oct 03)
Re: CVE Request: xorg-server and pixman Kurt Seifried (Dec 04)
Re: XSS in CollectiveAccess 1.3 and earlier Kurt Seifried (Nov 04)
Re: RE: 2 CVE's to be rejected Kurt Seifried (Oct 10)
Re: CVE Request: static IV used in Percona XtraBackup Kurt Seifried (Nov 26)
Re: CVE Request: grub-mkconfig Kurt Seifried (Nov 14)
Re: CVE Request Kurt Seifried (Oct 31)
Re: CVE Request: Node.js HTTP Pipelining DoS Kurt Seifried (Oct 19)
Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability Kurt Seifried (Nov 12)
Re: 2 CVE's to be rejected Kurt Seifried (Oct 09)
Re: CVE request: hplip insecure temporary file handling in pkit.py Kurt Seifried (Nov 27)
Re: Re: CVE request - VLC 2.0.0 to 2.0.8 Kurt Seifried (Oct 04)
Re: CVE Request: FFmpeg 2.1 multiple problems Kurt Seifried (Nov 26)
Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 Kurt Seifried (Oct 21)
Re: CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer dereference Kurt Seifried (Dec 06)
Re: CVE request for graphicsmagick DoS Kurt Seifried (Nov 15)
Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 18)
CVE assignments on OSS-Security for Dec 7-15th handed over the Mitre Kurt Seifried (Dec 06)
Re: CVE request: drupalauth module for simpleSAMLphp trivial impersonation Kurt Seifried (Nov 08)
Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled Kurt Seifried (Oct 18)
Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Kurt Seifried (Nov 25)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Kurt Seifried (Nov 15)
Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)
Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) Kurt Seifried (Nov 12)
Re: RE: [vs-plain] Request for CVE Identifiers Kurt Seifried (Nov 13)
Re: CVE request: Apache Solr 4.6.0 Kurt Seifried (Nov 26)
Re: Command injection vulnerability in Ruby Gem sprout 0.7.246 Kurt Seifried (Dec 02)
Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core Kurt Seifried (Nov 28)
Re: CVE request for OpenTTD Kurt Seifried (Nov 29)
Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks Kurt Seifried (Nov 01)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Kurt Seifried (Nov 14)
Re: CVE request: Kernel: ping: NULL pointer dereference on write to msg_name Kurt Seifried (Dec 06)
Re: CVE request: mahara 1.7.3 Kurt Seifried (Oct 10)
Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 18)
Re: CVE Request: xorg-server and pixman Kurt Seifried (Dec 03)
Re: CVE request: rubygem omniauth-facebook CSRF vurnerability Kurt Seifried (Nov 12)
Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 31)
Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 18)
Re: CVE Request: lightdm no longer confines guest profile with AppArmor Kurt Seifried (Oct 22)
Re: CVE request: Linux kernel: net: ipvs stack buffer overflow Kurt Seifried (Nov 15)
Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 15)
Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 03)
Re: CVE request: incorrect parsing of access control file in nbd-server Kurt Seifried (Nov 29)
Re: CVE request: samba pam_winbind authentication fails open Kurt Seifried (Dec 02)
Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
Re: some unstracked linux kernel security fixes Kurt Seifried (Nov 04)
Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf Kurt Seifried (Oct 28)
Please REJECT CVE-2013-6377 Kurt Seifried (Nov 21)
Re: Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) Kurt Seifried (Dec 16)
Re: CVE request: ppthtml heap-based buffer overflow Kurt Seifried (Nov 13)
Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Kurt Seifried (Nov 05)
Re: [CVE request] systemd Kurt Seifried (Oct 01)
Re: CVE request for a vulnerability in OpenStack Keystone Kurt Seifried (Oct 29)
Re: RESEND: CVE Request: pwgen Kurt Seifried (Oct 15)
Re: CVE request: UnrealIRCd remote DoS Kurt Seifried (Nov 29)
Re: CVE request for Drupal contributed modules Kurt Seifried (Oct 18)
Re: CVE Request: adequate: privilege escalation via tty hijacking Kurt Seifried (Nov 29)
Re: libtar: missing validation of file names Kurt Seifried (Oct 10)
Re: WebTester 5.x Multiple Vulnerabilities Kurt Seifried (Oct 15)
Re: VICIDIAL 2.7 - SQL Injection, Command Injection Kurt Seifried (Oct 24)
Re: Re: CVE request: RubyGem omniauth-facebook access token security vulnerability Kurt Seifried (Nov 18)
Re: Source of bad password hashing practices? MySQL manual... Kurt Seifried (Oct 09)
Re: CVE request: XSS flaw in Ganglia web interface Kurt Seifried (Nov 26)
Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Oct 01)
Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out Kurt Seifried (Dec 04)
Re: CVE request: another glibc flaw, similar to CVE-2013-1914, but in AF_INET6 Kurt Seifried (Oct 22)
Re: CVE number needed for Varnish DoS, also heads-up Kurt Seifried (Oct 30)
Re: CVE issues with recent python flaws Kurt Seifried (Dec 26)
Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 03)
Re: CVE Request: rubygem-nokogiri Multiple DoS vulnerabilities Kurt Seifried (Dec 26)
Re: CVE Request - Quassel IRC SQL injection Kurt Seifried (Oct 11)
CVE REJECTS Kurt Seifried (Dec 18)
Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
Re: CVE Request: ownCloud security bypass on admin page Kurt Seifried (Nov 27)
2 CVE's to be rejected Kurt Seifried (Oct 09)
Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 15)
Re: CVE Request: LDAP Account Manager XSS in login.php Kurt Seifried (Oct 21)
Re: CVE request: echoping buffer overflow vulnerabilities Kurt Seifried (Oct 21)
Re: possible CVE request: Tryton client input sanitization flaw Kurt Seifried (Nov 04)
Re: CVE Request - Quassel IRC SQL injection Kurt Seifried (Oct 10)
Re: CVE Request - Slim 1.3.6 fixes a security issue Kurt Seifried (Oct 09)
Re: Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Kurt Seifried (Dec 02)
Re: Re: CVE duplicates SA-CONTRIB-2013-075 Kurt Seifried (Oct 21)
Re: Re: CVE Request: IBUS showing passwords during password input Kurt Seifried (Nov 04)
Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability Kurt Seifried (Oct 22)
Re: CVE request: xss in XHProf Kurt Seifried (Oct 15)
Re: Re: CVE request - VLC 2.0.0 to 2.0.8 Kurt Seifried (Oct 03)
Re: CVE request: ClamAV vulnerabilities Kurt Seifried (Dec 06)
Re: CVE request: VLC Kurt Seifried (Sep 30)
SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out Kurt Seifried (Dec 02)
Re: CVE request for a vulnerability in OpenStack Glance Kurt Seifried (Oct 15)
Re: CVE request: ath9k_htc improperly updates MAC address Kurt Seifried (Nov 14)
CVE Rejections Kurt Seifried (Dec 02)
SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities Kurt Seifried (Nov 22)
Re: Re: CVE for Wordpress plugin Portable-phpmyadmin Kurt Seifried (Oct 23)
Re: CVE Request: bip denial of service via resource leak Kurt Seifried (Nov 08)
Re: CVE Request: sup MUA Command Injection Kurt Seifried (Oct 29)
Re: Vulnerability Reported in my Ruby Gem Kurt Seifried (Oct 09)
Re: CVE-2013-4563 -- Linux kernel: net: large udp packet over IPv6 over UFO-enabled device with TBF qdisc panic Kurt Seifried (Nov 13)
Re: CVE Request: MantisBT before 1.2.16 XSS vulnerability Kurt Seifried (Oct 22)
Re: CVE for Wordpress plugin Portable-phpmyadmin Kurt Seifried (Oct 21)
Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 24)
Re: CVE Request: rubygem-will_paginate XSS vulnerabilities Kurt Seifried (Dec 26)
Re: CVE Request: Linux kernel: net: uninitialised memory leakage Kurt Seifried (Nov 28)
Re: Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Oct 02)
Re: perdition: ssl_outgoing_ciphers not applied to STARTTLS connections Kurt Seifried (Nov 14)
Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 13)
Re: Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)
Re: CVE for Wordpress plugin Portable-phpmyadmin Kurt Seifried (Oct 21)
Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races Kurt Seifried (Oct 30)
Re: CVE request for a vulnerability in OpenStack Ceilometer Kurt Seifried (Nov 22)
Re: Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Kurt Seifried (Dec 02)
Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 15)
Re: Re: CVE request: mahara 1.7.3 Kurt Seifried (Oct 15)
Re: CVE Request - OpenSSH Kurt Seifried (Nov 07)
Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 10)
Re: CVE Request: lightdm no longer confines guest profile with AppArmor Kurt Seifried (Oct 22)
Re: CVE Request: lighttpd using vulnerable cipher suites with SNI Kurt Seifried (Nov 04)
Re: CVE Request : poppler < 0.13.0 Kurt Seifried (Oct 15)
Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
Re: CVE request: ClamAV vulnerabilities Kurt Seifried (Nov 29)
Re: CVE request for Drupal core, and contributed modules Kurt Seifried (Dec 07)
A note on cookie based sessions Kurt Seifried (Oct 03)
Microsoft Warns Customers Away From RC4 and SHA-1 Kurt Seifried (Nov 12)
Re: CVE request for a vulnerability in OpenStack Nova Kurt Seifried (Nov 03)
Re: CVE needed for hplip insecure auto update feature? Kurt Seifried (Dec 04)
Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
Re: CVE request: cmsmadesimple before 1.11.8 / bad upstream behaviour vs. CVE assignment Kurt Seifried (Oct 21)
Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 05)
Re: Xen Security Advisory 75 - Host crash due to guest VMX instruction execution Kurt Seifried (Nov 08)
Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried (Oct 29)
Re: Duplicate OpenStack CVEs for Horizon? Kurt Seifried (Dec 03)
Re: Requesting four (4) CVE identifiers for GitLab Kurt Seifried (Nov 14)
Re: CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later Kurt Seifried (Oct 08)
Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 16)
Re: "I miss LSD", slides, paper and tools relating to finding UNIX system level vulnerabilities (as given at 44CON) Kurt Seifried (Nov 14)
Re: CVE request: pyxtrlock Kurt Seifried (Oct 15)
Re: Re: CVE request - VLC 2.0.0 to 2.0.8 Kurt Seifried (Oct 04)
Re: Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code Kurt Seifried (Nov 21)
Re: CVE Request: sup MUA Command Injection Kurt Seifried (Oct 29)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Kurt Seifried (Nov 14)
Re: Re: CVE for Wordpress plugin Portable-phpmyadmin Kurt Seifried (Oct 22)
Re: CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic Kurt Seifried (Dec 30)
Re: CVE request: hplip insecure temporary file handling in pkit.py Kurt Seifried (Nov 27)
Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
Re: CVE Request: FFmpeg 2.1 multiple problems Kurt Seifried (Nov 28)
Re: CVE REJECTS Kurt Seifried (Dec 22)
Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO Kurt Seifried (Oct 25)
Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability Kurt Seifried (Oct 24)

Larry W. Cashdollar

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 14)
Command injection in Ruby Gem Webbynode 1.0.5.3 Larry W. Cashdollar (Dec 12)
Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Larry W. Cashdollar (Dec 15)
Command injection vulnerability in Ruby Gem sprout 0.7.246 Larry W. Cashdollar (Dec 02)

Laurent Butti

CVE request: VLC Laurent Butti (Sep 30)
Re: CVE request: VLC Laurent Butti (Sep 30)

Leon Weber

Re: CVE request: pyxtrlock Leon Weber (Oct 15)
Re: CVE request: pyxtrlock Leon Weber (Oct 15)

leToff

Re: openssl default ciphers leToff (Nov 04)

Linus Torvalds

Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Linus Torvalds (Dec 02)

mancha

CVE Request - Slim 1.3.6 fixes a security issue mancha (Oct 09)
Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576) mancha (Dec 18)
CVE Request - OpenSSH mancha (Nov 07)

Manuel Nickschas

CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core Manuel Nickschas (Nov 27)

Marc Deslauriers

Re: CVE Request: lightdm no longer confines guest profile with AppArmor Marc Deslauriers (Oct 22)
CVE Request: bip denial of service via resource leak Marc Deslauriers (Nov 08)
CVE Request: lightdm no longer confines guest profile with AppArmor Marc Deslauriers (Oct 22)

Marcus Meissner

CVE Request: IBUS showing passwords during password input Marcus Meissner (Nov 04)
CVE Request: gnutls/libdane buffer overflow Marcus Meissner (Oct 24)
Re: CVE request: Linux kernel: net: memory leak in recvmsg handler msg_name & msg_namelen logic Marcus Meissner (Dec 10)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Marcus Meissner (Nov 15)
CVE Request: additional fix for CVE-2012-2825 libxslt crash Marcus Meissner (Nov 05)
Re: CVE already assigned for 1026891? Marcus Meissner (Dec 20)
Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Marcus Meissner (Nov 05)
Re: CVE Request : poppler < 0.13.0 Marcus Meissner (Oct 14)
Re: Linux kernel CVE fixes Marcus Meissner (Nov 27)
CVE Request: static IV used in Percona XtraBackup Marcus Meissner (Nov 26)
Re: RESEND: CVE Request: pwgen Marcus Meissner (Oct 10)
CVE Request: dropbear sshd daemon 2013.59 release Marcus Meissner (Oct 10)

Mathy Vanhoef

CVE request: ath9k_htc improperly updates MAC address Mathy Vanhoef (Nov 14)

Matthew Daley

Re: Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Matthew Daley (Dec 02)

Matthew Wilkes

CVE request for Plone Matthew Wilkes (Dec 10)

Matt Johnston

Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)
Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 10)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Nov 24)

Michael Gilbert

Re: CVE request: ppthtml heap-based buffer overflow Michael Gilbert (Nov 13)

Michael Niedermayer

CVE Request: FFmpeg 2.1 multiple problems Michael Niedermayer (Nov 26)
Re: CVE Request: FFmpeg 2.1 multiple problems Michael Niedermayer (Nov 28)

Michael Samuel

Re: CVE Request: static IV used in Percona XtraBackup Michael Samuel (Nov 26)
Re: RESEND: CVE Request: pwgen Michael Samuel (Oct 17)
Re: RESEND: CVE Request: pwgen Michael Samuel (Oct 10)
Re: RESEND: CVE Request: pwgen Michael Samuel (Oct 22)

Michael Scherer

CVE request for saltstack minion identity usurpation Michael Scherer (Oct 11)

Mike

Re: openssl default ciphers Mike (Nov 04)

Mike O'Connor

CVE to the ntp monlist DDoS issue? Mike O'Connor (Dec 30)

Moritz Muehlenhoff

Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff (Dec 30)
Re: Request for linux-distros () vs openwall org membership Moritz Muehlenhoff (Oct 07)
CVE requests for three Linux kernel issues Moritz Muehlenhoff (Nov 19)
CVE request: Asterisk AST-2013-007 Moritz Muehlenhoff (Dec 20)
Re: CVE request: echoping buffer overflow vulnerabilities Moritz Muehlenhoff (Oct 20)

Mozilla Security

Re: browser document.cookie DoS vulnerability Mozilla Security (Oct 17)

Murray McAllister

possible CVE request for rpath issues fixed via slackware updates Murray McAllister (Dec 18)
CVE request: ppthtml heap-based buffer overflow Murray McAllister (Nov 13)
Re: CVE request: ppthtml heap-based buffer overflow Murray McAllister (Nov 13)
CVE request: devscripts (uscan) command execution flaw Murray McAllister (Dec 10)
CVE needed for hplip insecure auto update feature? Murray McAllister (Dec 04)
CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later Murray McAllister (Oct 07)
CVE Request: ownCloud security bypass on admin page Murray McAllister (Nov 27)
possible CVE request: Tryton client input sanitization flaw Murray McAllister (Nov 04)
CVE request: XSS flaw in Ganglia web interface Murray McAllister (Nov 25)
CVE request: xss in XHProf Murray McAllister (Oct 13)
Re: Re: browser document.cookie DoS vulnerability Murray McAllister (Oct 14)
CVE request: two issues in libmicrohttpd Murray McAllister (Dec 08)
Re: CVE Request: sup MUA Command Injection Murray McAllister (Oct 29)
Re: CVE request: devscripts (uscan) command execution flaw Murray McAllister (Dec 10)
Re: CVE already assigned for 1026891? Murray McAllister (Dec 18)
Re: CVE Request: xorg-server and pixman Murray McAllister (Dec 03)

Naufragium Est

libtar: missing validation of file names Naufragium Est (Oct 10)
Re: Integer overflow in libtar (<= 1.2.19) Naufragium Est (Oct 09)

nick

Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails nick (Dec 22)

Nick Coghlan

CPython hash secret can be recoved remotely Nick Coghlan (Dec 08)

Nico Golde

CVE-2013-6282 - linux kernel: missing access checks in get_user/put_user on ARM Nico Golde (Nov 14)
some unstracked linux kernel security fixes Nico Golde (Nov 03)

Nicolas Grégoire

CVE request: Apache Solr 4.6.0 Nicolas Grégoire (Nov 26)
Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 29)
Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 28)

Paolo Bonzini

Re: [vs-plain] kvm issues Paolo Bonzini (Dec 13)

Pedro Ribeiro

CVE request - VLC 2.0.0 to 2.0.8 Pedro Ribeiro (Oct 01)
Re: CVE request - VLC 2.0.0 to 2.0.8 Pedro Ribeiro (Oct 03)
CVE request: 3 vulnerabilities in poppler and 1 in Xpdf Pedro Ribeiro (Oct 26)
Re: Re: CVE request - VLC 2.0.0 to 2.0.8 Pedro Ribeiro (Oct 04)

Petr Matousek

Re: some unstracked linux kernel security fixes Petr Matousek (Nov 12)
Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Petr Matousek (Dec 04)
Re: CVE requests for three Linux kernel issues Petr Matousek (Nov 19)
Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)
CVE-2013-4592 -- Linux kernel: kvm: memory leak when memory slot is moved with assigned device Petr Matousek (Nov 18)
kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Petr Matousek (Nov 26)
CVE-2013-4563 -- Linux kernel: net: large udp packet over IPv6 over UFO-enabled device with TBF qdisc panic Petr Matousek (Nov 13)
CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races Petr Matousek (Oct 30)
Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)
Re: [vs-plain] kvm issues Petr Matousek (Dec 12)
CVE-2013-4591 -- Linux kernel: kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached Petr Matousek (Nov 18)

P J P

CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO P J P (Oct 25)
Re: CVE request: Linux kernel: net: memory leak in recvmsg handler msg_name & msg_namelen logic P J P (Dec 30)
CVE request: Linux kernel: net: ipvs stack buffer overflow P J P (Nov 15)
Re: CVE Request: Linux kernel: net: uninitialised memory leakage P J P (Nov 28)
CVE request: Kernel: ping: NULL pointer dereference on write to msg_name P J P (Dec 06)
Re: CVE requests for three Linux kernel issues P J P (Nov 19)
CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer dereference P J P (Dec 06)
CVE request: Linux kernel: net: memory leak in recvmsg handler msg_name & msg_namelen logic P J P (Dec 09)
Re: CVE Request: static IV used in Percona XtraBackup P J P (Nov 27)
CVE Request: Linux kernel: net: uninitialised memory leakage P J P (Nov 28)
Re: CVE request: Linux kernel: net: info leak in recvmsg handler msg_name & msg_namelen logic P J P (Dec 10)
CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic P J P (Dec 30)

Radhesh Krishnan K

CVE Request Radhesh Krishnan K (Oct 31)

Ramon de C Valle

Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Ramon de C Valle (Nov 25)

Raphael Geissert

CVE request: mahara 1.7.3 Raphael Geissert (Oct 08)
Re: CVE request: hplip insecure temporary file handling in pkit.py Raphael Geissert (Nov 27)
Re: CVE request: mahara 1.7.3 Raphael Geissert (Oct 10)
Re: CVE request: mahara 1.7.3 Raphael Geissert (Oct 15)
Fwd: [vs] multiple issues in openjpeg Raphael Geissert (Dec 04)
Re: CVE request: pam: password hashes aren't compared case-sensitively Raphael Geissert (Dec 09)
Re: Source of bad password hashing practices? MySQL manual... Raphael Geissert (Oct 09)

Ratul Gupta

CVE Request: devscripts (uscan) broken handling of filenames with whitespace Ratul Gupta (Dec 12)
CVE Request: rubygem-nokogiri Multiple DoS vulnerabilities Ratul Gupta (Dec 26)
CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities Ratul Gupta (Dec 09)
CVE request: hplip insecure temporary file handling in pkit.py Ratul Gupta (Nov 27)
Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities Ratul Gupta (Dec 10)
CVE Request: wordpress: information leakage and backdoor vulnerabilities in writing settings Ratul Gupta (Dec 22)
CVE Request: rubygem-will_paginate XSS vulnerabilities Ratul Gupta (Dec 26)
CVE request: pam: password hashes aren't compared case-sensitively Ratul Gupta (Dec 09)

Reed Loden

Re: openssl default ciphers Reed Loden (Nov 04)

Ricardo

Fwd: Vulnerability (Buffer Overflow) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5250) Vulnerability (Off-by-one memory access) in Icinga 1.8, 1.9 and 1.10 (Icinga Issue #5251) Ricardo (Dec 16)

richard schneeman

Vulnerability Reported in my Ruby Gem richard schneeman (Oct 08)

Rich Felker

Source of bad password hashing practices? MySQL manual... Rich Felker (Oct 08)

Rubidium

CVE request for OpenTTD Rubidium (Nov 28)

Russ Allbery

Re: openssl default ciphers Russ Allbery (Nov 04)

Salvatore Bonaccorso

CVE Request: Proc::Daemon writes pidfile with mode 666 Salvatore Bonaccorso (Dec 16)
CVE Request: SASL authentication allows wrong credentials to access memcache Salvatore Bonaccorso (Dec 29)
Re: Request for linux-distros () vs openwall org membership Salvatore Bonaccorso (Oct 15)
[Notification] CVE-2013-6047: ikiwiki-hosting: XSS in site creation interface Salvatore Bonaccorso (Oct 25)
Request for linux-distros () vs openwall org membership Salvatore Bonaccorso (Oct 07)
CVE Request: adequate: privilege escalation via tty hijacking Salvatore Bonaccorso (Nov 28)
Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3 Salvatore Bonaccorso (Dec 23)
CVE Request: LDAP Account Manager XSS in login.php Salvatore Bonaccorso (Oct 21)
CVE Request: sup MUA Command Injection Salvatore Bonaccorso (Oct 29)
CVE Request: multiple vulnerabilities in spip Salvatore Bonaccorso (Nov 09)
Re: CVE request: denial of service in Nagios (process_cgivars()) Salvatore Bonaccorso (Dec 23)
CVE Request: ack-grep: potential remote code execution via per-project .ackrc files Salvatore Bonaccorso (Dec 10)
Re: CVE Request: ack-grep: potential remote code execution via per-project .ackrc files Salvatore Bonaccorso (Dec 10)

Sebastian Krahmer

Re: CVE request: hplip insecure temporary file handling in pkit.py Sebastian Krahmer (Nov 27)
CVE Request: pywbem certificate TOCTOU Sebastian Krahmer (Dec 18)
Re: [CVE request] systemd Sebastian Krahmer (Oct 01)

security curmudgeon

Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities security curmudgeon (Oct 01)
Re: CVE for Wordpress plugin Portable-phpmyadmin security curmudgeon (Oct 22)
re: Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow security curmudgeon (Oct 02)

Sergey Popov

CVE request: ClamAV vulnerabilities Sergey Popov (Nov 29)
Re: CVE request: ClamAV vulnerabilities Sergey Popov (Dec 09)
CVE request: echoping buffer overflow vulnerabilities Sergey Popov (Oct 17)

Seth Arnold

CVE Request: grub-mkconfig Seth Arnold (Nov 14)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Seth Arnold (Nov 15)
Re: CVE Request: dropbear sshd daemon 2013.59 release Seth Arnold (Oct 10)
Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c Seth Arnold (Nov 25)
Re: Source of bad password hashing practices? MySQL manual... Seth Arnold (Oct 09)

Sitaram Chamarty

CVE Request: gitolite world writable files for fresh installs of v3.5.3 Sitaram Chamarty (Oct 20)

Solar Designer

Re: Request for linux-distros () vs openwall org membership Solar Designer (Oct 15)
Re: Randomness Attacks Against PHP Applications Solar Designer (Nov 04)
CVE-2013-4402 GnuPG infinite recursion in the compressed packet parser Solar Designer (Oct 09)
Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Solar Designer (Dec 22)
GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576) Solar Designer (Dec 18)
Re: CVE request: pam: password hashes aren't compared case-sensitively Solar Designer (Dec 09)
Re: RESEND: CVE Request: pwgen Solar Designer (Oct 11)
Re: RESEND: CVE Request: pwgen Solar Designer (Oct 22)
Re: CVE REJECTS Solar Designer (Dec 22)

Stefan Bühler

CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) Stefan Bühler (Nov 12)
CVE Request: lighttpd using vulnerable cipher suites with SNI Stefan Bühler (Nov 04)
CVE request: Juvia secret token handling Stefan Bühler (Dec 16)
Re: openssl default ciphers Stefan Bühler (Nov 05)
Re: openssl default ciphers Stefan Bühler (Nov 04)
openssl default ciphers Stefan Bühler (Nov 04)

Steve Kenworthy

Re: CVE request: Fat Free CRM multiple vulnerabilities Steve Kenworthy (Dec 30)

Thierry Carrez

[OSSA 2013-031] Ceilometer DB2/MongoDB backend password leak (CVE-2013-6384) Thierry Carrez (Nov 25)
CVE request for a vulnerability in OpenStack Glance Thierry Carrez (Oct 15)
[OSSA 2013-037] Nova compute DoS through ephemeral disk backing files (CVE-2013-6437) Thierry Carrez (Dec 18)
CVE request for a vulnerability in OpenStack Keystone Thierry Carrez (Oct 29)
CVE request for a vulnerability in OpenStack Ceilometer Thierry Carrez (Nov 22)
[OSSA 2013-028] Unintentional role granting with Keystone LDAP backend (CVE-2013-4477) Thierry Carrez (Oct 30)
[OSSA 2013-027] Glance image_download policy not enforced for cached images (CVE-2013-4428) Thierry Carrez (Oct 22)
[OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469) Thierry Carrez (Oct 31)
CVE request for a vulnerability in OpenStack Nova Thierry Carrez (Dec 11)

Thijs Kinkhorst

CVE request: drupalauth module for simpleSAMLphp trivial impersonation Thijs Kinkhorst (Nov 05)

Tim

Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Tim (Nov 14)
Re: Microsoft Warns Customers Away From RC4 and SHA-1 Tim (Nov 13)
Re: Microsoft Warns Customers Away From RC4 and SHA-1 Tim (Nov 13)
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Tim (Nov 15)

Tim Brown

"I miss LSD", slides, paper and tools relating to finding UNIX system level vulnerabilities (as given at 44CON) Tim Brown (Nov 14)

Tomas Hoger

Re: Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) Tomas Hoger (Dec 16)
gimp - two xwd plugin issues Tomas Hoger (Dec 04)
Re: CVE Request: gnutls/libdane buffer overflow Tomas Hoger (Oct 31)
mod_nss - NSSVerifyClient handling issue Tomas Hoger (Dec 04)
mod_nss FakeBasicAuth authentication bypass Tomas Hoger (Nov 14)
Reject augeas CVE-2012-6607 Tomas Hoger (Dec 12)
Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) Tomas Hoger (Dec 13)

Vasily Kulikov

Re: CVE request: Kernel: ping: NULL pointer dereference on write to msg_name Vasily Kulikov (Dec 06)

Vincent Danen

Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Vincent Danen (Nov 05)
Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Vincent Danen (Nov 05)
CVE request: denial of service in Nagios (process_cgivars()) Vincent Danen (Dec 23)
CVE request: another glibc flaw, similar to CVE-2013-1914, but in AF_INET6 Vincent Danen (Oct 22)
CVE request: samba pam_winbind authentication fails open Vincent Danen (Dec 02)
Re: CVE request: denial of service in Nagios (process_cgivars()) Vincent Danen (Dec 23)
CVE issues with recent python flaws Vincent Danen (Dec 23)
CVE request for graphicsmagick DoS Vincent Danen (Nov 15)
CVE request: slapd segfaults on certain queries with rwm overlay enabled Vincent Danen (Oct 16)
389-ds DoS due to improper handling of ger attr searches (CVE-2013-4485) Vincent Danen (Nov 21)
Re: CVE already assigned for 1026891? Vincent Danen (Dec 20)
Re: CVE already assigned for 1026891? Vincent Danen (Dec 18)
CVE-2013-4419: libguestfs insecure handling of socket file Vincent Danen (Oct 18)

Wouter Verhelst

CVE request: incorrect parsing of access control file in nbd-server Wouter Verhelst (Nov 28)

Xabier Rodríguez Calvar

Re: [pulseaudio-discuss] Vulnerability in Webkit-GTK and PulseAudio volume handling Xabier Rodríguez Calvar (Oct 11)

X-Cisadane

WebTester 5.x Multiple Vulnerabilities X-Cisadane (Oct 15)

Xen . org security team

Xen Security Advisory 68 (CVE-2013-4369) - possible null dereference when parsing vif ratelimiting info Xen . org security team (Oct 10)
Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed Xen . org security team (Dec 10)
Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks Xen . org security team (Nov 01)
Xen Security Advisory 69 (CVE-2013-4370) - misplaced free in ocaml xc_vcpu_getaffinity stub Xen . org security team (Oct 10)
Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code Xen . org security team (Nov 20)
Xen Security Advisory 74 (CVE-2013-4553) - Lock order reversal between page_alloc_lock and mm_rwlock Xen . org security team (Nov 26)
Xen Security Advisory 72 (CVE-2013-4416) - ocaml xenstored mishandles oversized message replies Xen . org security team (Oct 29)
Xen Security Advisory 70 (CVE-2013-4371) - use-after-free in libxl_list_cpupool under memory pressure Xen . org security team (Oct 10)
Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks Xen . org security team (Nov 01)
Xen Security Advisory 77 - Disaggregated domain management security status Xen . org security team (Dec 10)
Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Xen . org security team (Dec 02)
Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak Xen . org security team (Oct 10)
Xen Security Advisory 76 (CVE-2013-4554) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests Xen . org security team (Nov 26)
Xen Security Advisory 78 (CVE-2013-6375) - Insufficient TLB flushing in VT-d (iommu) code Xen . org security team (Nov 21)
Xen Security Advisory 73 (CVE-2013-4494) - Lock order reversal between page allocation and grant table locks Xen . org security team (Nov 04)
Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow Xen . org security team (Oct 02)
Xen Security Advisory 75 - Host crash due to guest VMX instruction execution Xen . org security team (Nov 08)
Xen Security Advisory 75 (CVE-2013-4551) - Host crash due to guest VMX instruction execution Xen . org security team (Nov 11)
Xen Security Advisory 67 (CVE-2013-4368) - Information leak through outs instruction emulation Xen . org security team (Oct 10)

Xin Li

Re: CVE to the ntp monlist DDoS issue? Xin Li (Dec 30)

Yongjian Xu

CVE request - kernel: char: Int overflow in lp_do_ioctl() Yongjian Xu (Dec 30)

Yves-Alexis Perez

Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 17)
Re: Re: [SECURITY] [DSA 2826-1] denyhosts security update Yves-Alexis Perez (Dec 22)
Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 16)

Previous period

Next period