oss-sec: by author
RSS Feed
About List
All Lists
Previous period
1068 messages
starting Jan 31 15 and
ending Jan 03 15
Date index |
Thread index |
Author index
Achref Akremi
CVE request: Piwigo SQL Injection Achref Akremi (Jan 31)
Adam Baldwin
Re: Node.js "serve-static" module Open Redirect Adam Baldwin (Jan 14)
Alan Coopersmith
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Alan Coopersmith (Mar 17)
Re: membership request to the closed linux-distros security mailing list Alan Coopersmith (Mar 20)
Fwd: X.Org Security Advisory: CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers Alan Coopersmith (Feb 10)
Re: CVE Request for illumos distributions Alan Coopersmith (Jan 04)
Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Alan Coopersmith (Mar 17)
Re: lynx: crash when parsing overly long links Alan Coopersmith (Feb 06)
Albert Astals Cid
KDE Plasma vulnerabilities: need CVE Albert Astals Cid (Jan 16)
Re: KDE Plasma vulnerabilities: need CVE Albert Astals Cid (Jan 22)
Re: KDE Plasma vulnerabilities: need CVE Albert Astals Cid (Jan 21)
Re: CVE Request: kwallet: incorrect CBC encryption handling Albert Astals Cid (Jan 10)
Alessandro Ghedini
Re: CVE Request: libarchive -- directory traversal in bsdcpio Alessandro Ghedini (Mar 05)
Alexander Cherepanov
CVE Request: cabextract -- directory traversal Alexander Cherepanov (Feb 18)
Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
CVE request: lhasa: directory traversals Alexander Cherepanov (Jan 13)
CVE Request: ppmd -- directory traversals Alexander Cherepanov (Jan 15)
Re: CVE Request: cpio -- directory traversal Alexander Cherepanov (Feb 05)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
Re: CVE request: file(1) DoS Alexander Cherepanov (Jan 16)
Re: cve request: miniunzip directory traversal Alexander Cherepanov (Jan 01)
Re: Re: CVE Request: cabextract -- directory traversal Alexander Cherepanov (Feb 23)
Re: CVE Request: cpio -- directory traversal Alexander Cherepanov (Jan 15)
Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
CVE Request: libarchive -- directory traversal in bsdcpio Alexander Cherepanov (Jan 15)
Re: Directory traversals in cpio and friends? Alexander Cherepanov (Jan 10)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Alexander Cherepanov (Feb 09)
jar(1) -- directory traversal Alexander Cherepanov (Jan 15)
Directory traversals in cpio and friends? Alexander Cherepanov (Jan 07)
Re: CVE for Kali Linux Alexander Cherepanov (Mar 24)
CVE Request: pxz -- race condition in setting permissions Alexander Cherepanov (Jan 15)
Re: SEANux 1.0 remote back door Alexander Cherepanov (Jan 25)
Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Alexander Cherepanov (Mar 27)
CVE Request: ha -- directory traversals Alexander Cherepanov (Jan 15)
Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
Re: CVE request: file(1) DoS Alexander Cherepanov (Jan 03)
Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
Re: CVE request: lhasa: directory traversals Alexander Cherepanov (Jan 18)
Fwd: ClamAV® blog: ClamAV 0.98.6 has been released! Alexander Cherepanov (Jan 29)
CVE Request: cpio -- directory traversal Alexander Cherepanov (Jan 15)
Re: SEANux 1.0 remote back door Alexander Cherepanov (Jan 25)
Alistair Crooks
Spencer regexp heap overflow? Alistair Crooks (Feb 07)
Re: Re: CVE request: spencer regexp Alistair Crooks (Mar 12)
Ammar Brohi
Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
Amos Jeffries
Re: CVE for Kali Linux Amos Jeffries (Mar 22)
Re: CVE-2015-0881 Amos Jeffries (Mar 06)
Re: Re: unassigning CVE-2015-2104 Amos Jeffries (Mar 05)
Re: Re: CVE request: httpd: IP address spoofing in mod_remoteip Amos Jeffries (Jan 15)
Re: CVE-2015-0881 Amos Jeffries (Feb 28)
Re: CVE-2015-0881 Amos Jeffries (Feb 22)
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Amos Jeffries (Jan 27)
Andrea Barisani
[oCERT-2015-001] JasPer input sanitization errors Andrea Barisani (Jan 21)
[oCERT-2015-002] e2fsprogs input sanitization errors Andrea Barisani (Feb 05)
Andrea Palazzo
CVE Request: PHP SoapClient's __call() type confusion through unserialize() Andrea Palazzo (Mar 20)
Andrew Shadura
CVE-2015-0260: Kallithea: API key of repository's creator exposed by get_repo API method Andrew Shadura (Feb 10)
Andy Brody
CVE-2015-1820: ruby rest-client session fixation vulnerability Andy Brody (Mar 23)
Andy Lutomirski
Re: PIE bypass using VDSO ASLR weakness - Linux kernel Andy Lutomirski (Jan 18)
Anthony Liguori
Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
Bastien ROUCARIES
Re: Imagemagick fuzzing bug Bastien ROUCARIES (Jan 01)
Ben Hutchings
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben Hutchings (Jan 21)
[RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben Hutchings (Jan 17)
Bill Blough
CVE-2014-6440: Heap Overflow in VLC Transcode Module Bill Blough (Mar 04)
Brian Carpenter
CVE request: pngcrush 1.7.83 crash bug (most likely exploitable) Brian Carpenter (Feb 28)
CVE Request: null ptr deref in lame v3.99.5 Brian Carpenter (Feb 26)
Cantor, Scott
Xerces-C Security Advisory [CVE-2015-0252] Cantor, Scott (Mar 19)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2015-0001 Carlos Alberto Lopez Perez (Jan 26)
Casey Schaufler
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Casey Schaufler (Jan 20)
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Casey Schaufler (Jan 21)
Casper . Dik
Re: Fixing the glibc runtime linker Casper . Dik (Feb 20)
Chris Evans
Re: vsftpd problem in deny_hosts Chris Evans (Feb 03)
Christian Mueller
CVE-2015-0263 and CVE-2015-0264 - Apache Camel medium disclosure vulnerability Christian Mueller (Mar 16)
Christian Rebischke
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Christian Rebischke (Mar 18)
Christos Zoulas
Re: CVE Request for illumos distributions Christos Zoulas (Jan 03)
Colm O hEigeartaigh
Two new security advisories released for Apache WSS4J Colm O hEigeartaigh (Feb 10)
New Apache Santuario security advisory CVE-2014-8152 Colm O hEigeartaigh (Jan 19)
Constantine Shulyupin
Fwd: ezmlm response Constantine Shulyupin (Feb 07)
Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 03)
workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 02)
C Peters
Re: CVE-2015-0881 C Peters (Feb 21)
cve-assign
Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
Re: XSS In Zope cve-assign (Mar 02)
Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 cve-assign (Mar 26)
Re: FreeBSD: URGENT: RNG broken for last 4 months cve-assign (Feb 18)
Re: CVE Request: patch: directory traversal via file rename cve-assign (Jan 28)
Re: CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities cve-assign (Feb 13)
CVE-2014-9529 - Linux kernel security/keys/gc.c race condition cve-assign (Jan 06)
Re: CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 cve-assign (Jan 27)
Re: CVE Request: Webmin & Usermin - Read Mail Module Vulnerability cve-assign (Jan 27)
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open cve-assign (Mar 13)
Re: CVE request: spencer regexp cve-assign (Mar 11)
Re: [perl #119505] Segfault from bad backreference cve-assign (Jan 27)
Re: CVE Request: PHP int overflow cve-assign (Jan 24)
Re: CVE for Kali Linux cve-assign (Mar 22)
Re: CVE Request: XSS issue in MantisBT permalink_page.php cve-assign (Mar 14)
Re: Possible CVE request: python-pillow: potential denial-of-service in PNG decompression code cve-assign (Feb 12)
Re: CVE-Request -- Piwigo <= v. 2.7.3 -- Reflecting XSS- and SQLi-vulnerability in administrative backend cve-assign (Feb 19)
Re: CVE request: Maven downloads JARs via HTTP cve-assign (Mar 03)
Re: CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument - Moodle cve-assign (Feb 09)
Re: CVE request: MovableType before 5.2.12 - Movable Type cve-assign (Feb 12)
Re: Socat security advisory 6 - Possible DoS with fork cve-assign (Jan 27)
Re: CVS-Request: realmd code execution/auth bypass cve-assign (Mar 25)
Re: CVE request: XSS issues in Koha cve-assign (Jan 03)
Re: CVE Request for python-requests session fixation vulnerability cve-assign (Mar 14)
Re: CVE request for emacs possibly cve-assign (Jan 03)
Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
Re: unshield directory traversal cve-assign (Jan 28)
Re: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS cve-assign (Mar 10)
Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign (Jan 24)
Re: parse_datetime() bug in coreutils cve-assign (Jan 03)
CVE-2015-1420 - Linux kernel fs/fhandle.c race condition cve-assign (Jan 29)
Re: CVE Request: cabextract -- directory traversal cve-assign (Feb 22)
Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities cve-assign (Feb 22)
Re: CVE Request(s): GnuPG 2/GPG2 cve-assign (Jan 05)
Re: CVE request: DokuWiki privilege escalation in RPC API cve-assign (Mar 01)
Re: CVE request: httpd: IP address spoofing in mod_remoteip cve-assign (Jan 15)
Re: CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast cve-assign (Feb 03)
Re: CVE Request: XSS and response-splitting bugs in rabbitmq management plugin cve-assign (Jan 27)
Re: CVE Request for illumos distributions cve-assign (Jan 03)
Re: CVE request: directory traversal flaw in patch cve-assign (Jan 18)
Re: PIE bypass using VDSO ASLR weakness - Linux kernel cve-assign (Jan 09)
Re: kamailio: multiple /tmp file vulnerabilities cve-assign (Feb 12)
Re: CVE request cve-assign (Jan 11)
Re: CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities cve-assign (Mar 02)
Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs. cve-assign (Jan 24)
Re: CVE Request: jabberd remote information disclosure cve-assign (Feb 22)
Re: CVE Request: cabextract -- directory traversal cve-assign (Feb 23)
Re: CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5 cve-assign (Feb 22)
Re: CVE Request: libpng 1.6.15 Heap Overflow cve-assign (Jan 10)
Re: Node.js "serve-static" module Open Redirect cve-assign (Jan 17)
Re: CVE Request: gd buffer read overflow in gd_gif_in.c cve-assign (Mar 23)
Re: CVE request: Piwigo SQL Injection cve-assign (Jan 31)
Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)
Re: cve request: miniunzip directory traversal cve-assign (Jan 03)
Re: CVE request: mpfr: buffer overflow in mpfr_strtofr cve-assign (Jan 03)
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 13)
CVE-2015-2080 - Jetty remote unauthenticated credential exposure cve-assign (Feb 25)
Re: CVE request: denial of service flaw in firebird cve-assign (Jan 05)
Re: Possible CVE request: sympa: vulnerability in the web interface cve-assign (Jan 22)
Re: CVE request: directory traversal flaw in patch cve-assign (Jan 22)
Re: CVE Request: Info-ZIP unzip 6.0 cve-assign (Jan 22)
Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign (Jan 24)
Re: CVE-Request -- eFront v. 3.6.15.2 build 18021 (Community Edition) -- Multiple CSRF vulnerabilities cve-assign (Feb 08)
Re: Re: CVE-2014-6316: URL redirection issue in MantisBT cve-assign (Jan 11)
Re: Dublicate CVE assignment for directory traversal in elfutils? (CVE-2014-9486 and CVE-2014-9447) cve-assign (Jan 07)
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 26)
Re: CVE-Request -- Linux kernel - panic on nftables rule flush cve-assign (Feb 10)
Re: CVE request (Debian specific): slapd: dangerous access rule in default config cve-assign (Mar 28)
Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities cve-assign (Jan 05)
Re: CVE request: roundcubemail: possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins cve-assign (Jan 11)
Re: CVE request: archmage directory traversal cve-assign (Feb 12)
Re: CVE Request: ha -- directory traversals cve-assign (Jan 18)
Re: CVE Request -- Contenido 4.9.x - 4.9.5 -- Reflecting XSS vulnerability in exception handler with deactivated AMR function cve-assign (Jan 05)
Re: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() - Linux kernel cve-assign (Feb 08)
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored cve-assign (Feb 26)
Re: Re: CVE request: remote code execution vulnerability in gollum < 3.1.1 cve-assign (Jan 03)
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Jan 17)
Re: CVE Request: jabberd remote information disclosure cve-assign (Feb 23)
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored cve-assign (Feb 25)
Re: ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat cve-assign (Jan 22)
Re: CVE Request: PuTTY fails to clear private key information from memory cve-assign (Feb 28)
Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper cve-assign (Feb 12)
Re: CVE Request: Linux kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer cve-assign (Mar 23)
Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin cve-assign (Feb 05)
Re: CVE Request -- CMS Kajona v. 4.6 -- Reflecting XSS in administrative backend cve-assign (Feb 13)
Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme cve-assign (Jan 18)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 11)
Re: CVE Request: PHP 5.6.6 changelog cve-assign (Mar 15)
Re: CVE Request, Use after free vulnerability in Dwarfdump cve-assign (Jan 03)
Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 cve-assign (Jan 03)
Re: CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend cve-assign (Feb 12)
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign (Mar 21)
Re: CVE request: XSS in search functionality for Geo Mashup Wordpress plugin cve-assign (Jan 27)
Re: CVE Request: WebKitGTK+ late TLS certificate verification cve-assign (Mar 18)
Re: CVE-Request -- Linux ASLR integer overflow cve-assign (Feb 13)
Re: CVE Request: ppmd -- directory traversals cve-assign (Jan 18)
Re: CVE request: novnc: session hijack through insecurely set session token cookies cve-assign (Mar 12)
Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server cve-assign (Jan 03)
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality cve-assign (Feb 12)
Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
Re: CVE Request: libpng 1.6.15 Heap Overflow cve-assign (Jan 03)
Re: CVE request: sudo TZ issue cve-assign (Feb 12)
Re: CVE Request for information leak in Etherpad exports cve-assign (Mar 14)
Re: CVE or not: 2x grml-debootstrap cve-assign (Jan 27)
Re: CVE request for Privoxy cve-assign (Jan 27)
Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities cve-assign (Feb 01)
Re: CVE request: spencer regexp cve-assign (Mar 16)
Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic cve-assign (Feb 05)
Re: CVE request: Roundcube cross-site scripting vulnerability fixed in 1.0.5 cve-assign (Jan 31)
Re: CVE request for denial-of-service vulnerability in fcgi cve-assign (Feb 07)
Re: CVE request - Evergreen cve-assign (Mar 03)
Re: CVE Request: arj: free on invalid pointer due to to buffer overflow cve-assign (Mar 28)
Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities cve-assign (Feb 27)
Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 24)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 29)
Re: CVE request: Invalid pointer dereference in the GNOME librest library cve-assign (Mar 23)
Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp cve-assign (Jan 03)
Re: Instant v2.0 SQL Injection Vulnerability cve-assign (Mar 10)
Re: Mono TLS vulnerabilities cve-assign (Mar 17)
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 27)
Re: CVE request: phpbb3 CSRF and CSS injection cve-assign (Jan 31)
Re: Multiple vulnerabilities in LibTIFF and associated tools cve-assign (Feb 07)
Re: byzanz: Out-of heap-based buffer write in GIF encoder cve-assign (Mar 29)
Re: Fwd: Insecure file upload in Berta CMS cve-assign (Mar 27)
Re: CVE request: vulnerabilities in libcsoap cve-assign (Mar 14)
Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic cve-assign (Feb 05)
Re: CVE request: glibc scanf implementation crashes on certain inputs cve-assign (Mar 12)
Re: Assign a CVE for Python's restkit Please cve-assign (Mar 23)
Re: CVE Request: gcab: directory traversal cve-assign (Jan 05)
Re: CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) cve-assign (Feb 12)
Re: CVE request for directory traversal flaw in p7zip cve-assign (Jan 11)
Re: [grant.murphy () hp com: [oss-security] CVE request for vulnerability in OpenStack Glance] cve-assign (Jan 03)
Re: CVS-Request: realmd code execution/auth bypass cve-assign (Mar 30)
Re: CVE Request: PHP cve-assign (Jan 24)
Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) cve-assign (Mar 30)
Re: Re: CVE Request: libsndfile buffer overread cve-assign (Jan 03)
Re: potrace: possible heap overflow cve-assign (Mar 29)
Re: CVE request: file(1) DoS cve-assign (Jan 17)
Re: CVE request - ICU cve-assign (Feb 05)
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 27)
Re: CVE request - Evergreen cve-assign (Mar 03)
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Feb 18)
Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Feb 01)
Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities cve-assign (Jan 11)
Re: some older pbm2l2030 stuff cve-assign (Mar 29)
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 14)
Re: CVE Request - dns-sync node module cve-assign (Feb 13)
Re: CVE request: dir traversal in elfutils cve-assign (Jan 03)
Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign (Jan 02)
Re: CVE request: CAPTCHA bypass in MantisBT cve-assign (Jan 18)
Re: heap overflow in procmail cve-assign (Jan 22)
Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
Re: CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c cve-assign (Mar 30)
Re: CVE request: grep heap buffer overrun cve-assign (Jan 22)
Re: unassigning CVE-2015-2104 cve-assign (Mar 05)
Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities cve-assign (Feb 27)
Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop cve-assign (Jan 07)
Re: CVE request: XSS in MantisBT cve-assign (Feb 20)
Re: CVE request: NULL ptr deref in php cve-assign (Feb 05)
Re: CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions cve-assign (Jan 29)
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)
Re: CVE requests: Drupal contributed modules cve-assign (Jan 03)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
Re: Vulnerabilities in VLC 2.1.5 cve-assign (Jan 20)
Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF cve-assign (Feb 14)
Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 25)
Re: CVE request: Linux kernel ecryptfs 1-byte overwrite cve-assign (Feb 17)
Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)
Re: CVE request: two OpenLDAP DoS issues cve-assign (Feb 07)
Re: CVE Request cve-assign (Jan 03)
Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. cve-assign (Mar 10)
Re: CVE Request: memory leak in openssl "hostname" TLS Extension cve-assign (Mar 16)
Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196? cve-assign (Jan 28)
Re: mpg123 CVE Assignment? cve-assign (Jan 03)
Re: CVE Request for Privoxy Version: 3.0.22 cve-assign (Jan 10)
Re: CVE request: denial of service flaw in firebird cve-assign (Jan 03)
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel cve-assign (Feb 26)
Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF cve-assign (Feb 13)
Re: CVE Request: pxz -- race condition in setting permissions cve-assign (Jan 18)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 15)
Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload cve-assign (Jan 27)
Re: CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation cve-assign (Mar 24)
Re: CVE Request: libarchive -- directory traversal in bsdcpio cve-assign (Mar 15)
Re: CVE request: XSS in MantisBT cve-assign (Feb 21)
Re: CVE request: Xymon cve-assign (Jan 31)
Re: Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree cve-assign (Mar 22)
Re: CVE Request: Cups: cupsRasterReadPixels buffer overflow cve-assign (Feb 12)
Re: CVE Request: cpio -- directory traversal cve-assign (Jan 18)
Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures cve-assign (Jan 28)
Re: CVE request: unace cve-assign (Feb 23)
Re: CVE request - ICU cve-assign (Jan 29)
Re: CVE request: Erlang POODLE TLS vulnerability cve-assign (Mar 27)
Re: CVE request: Joomla Google Maps Plugin cve-assign (Feb 26)
Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality cve-assign (Jan 11)
CVE-2015-2042 - Linux kernel - incorrect data type in rds_sysctl_rds_table cve-assign (Feb 20)
Re: CVE request: pigz, kgb, pax: directory traversal cve-assign (Jan 18)
Re: CVE requests for shibboleth service provider cve-assign (Mar 23)
Re: eCryptfs key wrapping help to crack user password cve-assign (Feb 27)
Re: CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices cve-assign (Mar 12)
Re: CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument - Moodle cve-assign (Feb 05)
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign (Mar 20)
Re: kgb-bot can be crashed by some network traffic cve-assign (Feb 07)
Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability cve-assign (Feb 03)
Re: KDE Plasma vulnerabilities: need CVE cve-assign (Jan 22)
Re: CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order cve-assign (Jan 27)
Re: CVE request Linux kernel: isofs: unchecked printing of ER records cve-assign (Jan 08)
Re: CVE Request: ikiwiki: cross-site scripting via openid_identifier cve-assign (Mar 30)
Re: the other glibc issue cve-assign (Jan 28)
Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 cve-assign (Mar 19)
Re: CVE request for vulnerability in OpenStack Glance cve-assign (Jan 18)
Re: CVE request: sudo TZ issue cve-assign (Feb 10)
Re: CVE request: Two vulnerabilities in Tor cve-assign (Mar 24)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 12)
Re: CVE Request: Linux kernel execution in the early microcode loader. cve-assign (Mar 20)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 09)
Re: CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilities cve-assign (Feb 08)
Re: CVE Request: Cap'n Proto: Several issues cve-assign (Mar 16)
Re: Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs) cve-assign (Mar 17)
CVE-2015-2041 - Linux kernel - incorrect data type in llc2_timeout_table cve-assign (Feb 20)
Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution cve-assign (Mar 04)
Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable) cve-assign (Feb 28)
Damien Regad
CVE Request: XSS issue in MantisBT permalink_page.php Damien Regad (Mar 14)
CVE request: XSS in MantisBT Damien Regad (Feb 09)
CVE-2014-9571: XSS in install.php Damien Regad (Jan 16)
Re: CVE request: XSS in MantisBT Damien Regad (Feb 13)
CVE-2014-9572: Improper Access Control in install.php Damien Regad (Jan 16)
Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
Re: CVE-2014-6316: URL redirection issue in MantisBT Damien Regad (Jan 10)
CVE-2014-9573: SQL Injection in manage_user_page.php Damien Regad (Jan 16)
Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
Re: CVE-2014-6316: URL redirection issue in MantisBT Damien Regad (Mar 14)
CVE-2014-9571, -9572 and -9573 affect MantisBT Damien Regad (Jan 16)
CVE request: CAPTCHA bypass in MantisBT Damien Regad (Jan 16)
CVE-2015-1042: URL redirection issue in MantisBT Damien Regad (Jan 16)
Daniel Kahn Gillmor
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Daniel Kahn Gillmor (Jan 15)
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Daniel Kahn Gillmor (Jan 29)
dropbear and PuTTY missing DHE sanity checks [was: Re: CVE request: RFC 4253 section 8 wooes] Daniel Kahn Gillmor (Feb 27)
Re: Certificate pinning and the browser PKI Daniel Kahn Gillmor (Mar 07)
Daniel Micay
Re: CVE for Kali Linux Daniel Micay (Mar 22)
Re: CVE-Request - Offset2lib Daniel Micay (Feb 15)
Re: CVE for Kali Linux Daniel Micay (Mar 22)
Re: CVE for Kali Linux Daniel Micay (Mar 21)
Re: CVE for Kali Linux Daniel Micay (Mar 21)
Re: Re: CVE request: heap buffer overflow in glibc swscanf Daniel Micay (Feb 03)
Re: membership request to the closed linux-distros security mailing list Daniel Micay (Mar 20)
Re: CVE for Kali Linux Daniel Micay (Mar 21)
Re: CVE for Kali Linux Daniel Micay (Mar 22)
Re: CVE for Kali Linux Daniel Micay (Mar 22)
Re: wordexp(3) Daniel Micay (Feb 11)
CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
Re: Vendor adoption of PIE INFO#934476 oss-security Daniel Micay (Mar 13)
Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 28)
Re: CVE for Kali Linux Daniel Micay (Mar 21)
Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
Re: CVE for Kali Linux Daniel Micay (Mar 22)
Daniel Strøm
CVE request Daniel Strøm (Jan 08)
Re: CVE request Daniel Strøm (Jan 11)
Dave
Fwd: CVE-2015-0249: Apache Roller allows admin users to execute arbitrary Java code Dave (Mar 30)
Dave Horsfall
Re: CVE Request for illumos distributions Dave Horsfall (Jan 03)
Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Dave Horsfall (Mar 23)
David A. Wheeler
Re: CVE for Kali Linux David A. Wheeler (Mar 22)
Re: CVE for Kali Linux David A. Wheeler (Mar 22)
Re: CVE for Kali Linux David A. Wheeler (Mar 22)
David Jorm
OpenDaylight security advisory: CVE-2015-1778 authentication bypass, CVE-2015-1611 CVE-2015-1612 topology spoofing via LLDP David Jorm (Mar 19)
Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem David Jorm (Jan 21)
Re: 2012 CVE request: XXE in nokogiri ruby gem David Jorm (Jan 02)
CVE request: local privilege escalation flaw in Red Star OS 3.0 David Jorm (Jan 08)
David Lawrence
Re: CVE request for BZ David Lawrence (Jan 23)
Dean Pierce
catdoc has bugs Dean Pierce (Mar 13)
Dejan Bosanac
[ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities Dejan Bosanac (Feb 05)
[ANNOUNCE] CVE-2014-3579 - ActiveMQ Apollo vulnerability Dejan Bosanac (Feb 05)
Donald Stufft
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft (Mar 04)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft (Mar 11)
Assign a CVE for Python's restkit Please Donald Stufft (Mar 12)
Re: Assign a CVE for Python's restkit Please Donald Stufft (Mar 22)
Re: CVE for Kali Linux Donald Stufft (Mar 22)
Emmanuel Law
Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
endeavor
Re: CVE Request: libpng 1.6.15 Heap Overflow endeavor (Jan 09)
endrazine
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
Eric Windisch
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Eric Windisch (Mar 24)
Fabian Keil
CVE request for Privoxy Fabian Keil (Jan 26)
Fabian Yamaguchi
Re: Vulnerabilities in VLC 2.1.5 Fabian Yamaguchi (Jan 20)
Vulnerabilities in VLC 2.1.5 Fabian Yamaguchi (Jan 20)
Fabio Olive Leite
Please assign a CVE to this recent cups-filters vulnerability Fabio Olive Leite (Mar 09)
Felix Eckhofer
Re: RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Feb 01)
RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Jan 31)
Filip Palian
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian (Jan 27)
Florent Daigniere
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere (Feb 04)
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere (Feb 04)
CVE request: RFC 4253 section 8 wooes Florent Daigniere (Feb 27)
Florian Weimer
Re: CVE for Kali Linux Florian Weimer (Mar 22)
Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Florian Weimer (Mar 24)
CVE-2014-8165: remote code execution in powerpc-utils-python Florian Weimer (Feb 09)
Re: CVE-Request - bitbake Florian Weimer (Feb 17)
Certificate pinning and the browser PKI Florian Weimer (Mar 05)
Re: membership request to the closed linux-distros security mailing list Florian Weimer (Mar 22)
Re: CVE for Kali Linux Florian Weimer (Mar 22)
Re: older fuseiso stuff Florian Weimer (Feb 23)
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 31)
Re: older issues in libbluray Florian Weimer (Feb 23)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
CVE-2015-0841: off-by-one error in network code of monopd/libcapsinetwork Florian Weimer (Mar 23)
Re: membership request to the closed linux-distros security mailing list Florian Weimer (Mar 22)
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 24)
CVE request: glibc scanf implementation crashes on certain inputs Florian Weimer (Feb 26)
Re: older issues in libbluray Florian Weimer (Feb 23)
CVE request: Invalid pointer dereference in the GNOME librest library Florian Weimer (Mar 04)
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer (Feb 10)
Re: CVE request: sudo TZ issue Florian Weimer (Feb 10)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
Re: wordexp(3) Florian Weimer (Feb 11)
Re: CVE Request: kwallet: incorrect CBC encryption handling Florian Weimer (Jan 09)
Re: Re: CVE request: BD-J implementation in libbluray Florian Weimer (Mar 01)
Re: CVE-Request -- Linux kernel - panic on nftables rule flush Florian Weimer (Feb 10)
CVE request: BD-J implementation in libbluray Florian Weimer (Feb 23)
Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)
Re: Directory traversals in cpio and friends? Florian Weimer (Jan 08)
Reject CVE-2012-3878? Florian Weimer (Jan 26)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)
Re: CVE request: BD-J implementation in libbluray Florian Weimer (Feb 23)
Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 19)
Re: Re: CVE request: sudo TZ issue Florian Weimer (Feb 11)
Please REJECT CVE-2012-6686 Florian Weimer (Feb 24)
Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)
CVE request: glibc: potential application crash due to overread in fnmatch Florian Weimer (Feb 26)
Re: Re: CVE request: heap buffer overflow in glibc swscanf Florian Weimer (Feb 04)
Francisco Alonso
Re: CVE Request: PHP 5.6.6 changelog Francisco Alonso (Mar 11)
CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso (Jan 06)
CVE Request: gd buffer read overflow in gd_gif_in.c Francisco Alonso (Mar 23)
Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso (Jan 17)
CVE Request: PHP 5.6.6 changelog Francisco Alonso (Mar 10)
Galen Charlton
Re: CVE request - Evergreen Galen Charlton (Mar 03)
CVE request Galen Charlton (Mar 03)
Garth Mollett
CVE request for OpenStack Compute (nova) Garth Mollett (Mar 23)
Re: CVE request for OpenStack Compute (nova) Garth Mollett (Mar 24)
Gerhard Rieger
Socat security advisory 6 - Possible DoS with fork Gerhard Rieger (Jan 24)
Grandma Eubanks
Re: Disabling reading of kernel log buffer reading for user Grandma Eubanks (Mar 13)
Grant Murphy
[OSSA 2014-041.1] Glance v2 API unrestricted path traversal (CVE-2014-9493) ERRATA 1 Grant Murphy (Jan 05)
Greg KH
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)
gremlin
Re: validation on update gremlin (Mar 03)
Re: CVE request: Maven downloads JARs via HTTP gremlin (Mar 02)
Re: CVE request: Maven downloads JARs via HTTP gremlin (Mar 02)
Re: CVE Request for illumos distributions gremlin (Jan 03)
Gsunde Orangen
Re: CVE request for some NTP stuff Gsunde Orangen (Feb 04)
Re: CVE request: heap buffer overflow in glibc swscanf Gsunde Orangen (Feb 03)
Re: [FD] Java 8u40 released: why? Gsunde Orangen (Mar 05)
Gynvael Coldwind
Re: ghostscript double free and invalid read caused by embedded jbig2 data Gynvael Coldwind (Feb 07)
Hacker Fantastic
CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hacker Fantastic (Jan 09)
halfdog
Disabling reading of kernel log buffer reading for user halfdog (Mar 13)
Hanno Böck
CVE request: Erlang POODLE TLS vulnerability Hanno Böck (Mar 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
Re: ghostscript double free and invalid read caused by embedded jbig2 data Hanno Böck (Feb 07)
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Hanno Böck (Jan 15)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 23)
CVE request: Joomla Google Maps Plugin Hanno Böck (Feb 26)
less invalid memory access fixed (CVE-2014-9488) Hanno Böck (Mar 10)
Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
Re: lynx: crash when parsing overly long links Hanno Böck (Feb 08)
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Hanno Böck (Feb 14)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
CVE request: XSS in roundcube before 1.1.0 Hanno Böck (Mar 29)
the other glibc issue Hanno Böck (Jan 28)
Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) Hanno Böck (Mar 29)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 28)
Re: Possible CVE Requests: libmspack: several issues Hanno Böck (Feb 03)
Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)
GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic Hanno Böck (Feb 04)
Re: Re: CVE request: Joomla Google Maps Plugin Hanno Böck (Feb 27)
Hector Marco
CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco (Feb 18)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 16)
CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Hector Marco (Mar 27)
CVE-Request - Offset2lib Hector Marco (Feb 15)
Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 10)
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 11)
CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 09)
Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco (Feb 18)
Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco (Mar 03)
Re: CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
Helmut Grohne
kamailio: multiple /tmp file vulnerabilities Helmut Grohne (Jan 26)
Henri Salo
Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Henri Salo (Jan 23)
CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Henri Salo (Jan 25)
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)
CVE request: phpbb3 CSRF and CSS injection Henri Salo (Jan 31)
CVE request: Roundcube cross-site scripting vulnerability fixed in 1.0.5 Henri Salo (Jan 31)
CVE-2012-5853 Henri Salo (Jan 06)
Re: Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin Henri Salo (Feb 05)
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 16)
CVE request: Concrete5 XSS vulnerability Henri Salo (Jan 02)
CVE request: PHPMoAdmin Unauthorized Remote Code Execution Henri Salo (Mar 03)
CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version Henri Salo (Mar 14)
Re: CVE request: Concrete5 XSS vulnerability Henri Salo (Jan 05)
CVE request: Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities Henri Salo (Mar 23)
CVE-2013-1666 description still missing Henri Salo (Mar 24)
End of the m0n0wall project Henri Salo (Feb 15)
Re: CVE request: lhasa: directory traversals Henri Salo (Jan 14)
CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 Henri Salo (Jan 11)
Re: CVE-Request: WeBid 1.1.1 Unrestricted File Upload Exploit Henri Salo (Mar 06)
Hutton
Multiple vulnerabilities in Untangle NGFW 9-11 Hutton (Mar 08)
Huzaifa Sidhpurwala
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
Re: Fwd: setroubleshoot root exploit (CVE-Request) Huzaifa Sidhpurwala (Mar 26)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
Ian Cordasco
CVE Request for python-requests session fixation vulnerability Ian Cordasco (Mar 14)
Jakub Wilk
Re: heap overflow in procmail Jakub Wilk (Feb 12)
Re: heap overflow in procmail Jakub Wilk (Jan 21)
Re: Directory traversals in cpio and friends? Jakub Wilk (Jan 09)
James Morris
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks James Morris (Jan 20)
Jann Horn
Re: Disabling reading of kernel log buffer reading for user Jann Horn (Mar 13)
Jan Schaumann
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)
Javantea
CVE Request: Remote Code Execution in Realms Wiki install.sh Javantea (Mar 29)
CVE Request: CSRF in Realms Wiki Javantea (Mar 29)
Jean-Baptiste Kempf
Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Feb 23)
Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Feb 23)
Re: Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 24)
Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
Jelmer Vernooij
Dulwich security issue Jelmer Vernooij (Mar 22)
Jeremy Stanley
Re: CVE request for OpenStack Compute (nova) Jeremy Stanley (Mar 25)
Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
CVE Request for information leak in Etherpad exports Jeremy Stanley (Mar 14)
Re: Re: CVE request for OpenStack Compute (nova) Jeremy Stanley (Mar 24)
Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
Jerome Athias
Re: CVE-2015-0881 Jerome Athias (Feb 28)
Jim Meyering
CVE request: grep heap buffer overrun Jim Meyering (Jan 18)
jmm
Re: CVE request: xchat/hexchat don't properly verify SSL certificates jmm (Feb 22)
Re: CVE request: file(1) DoS jmm (Jan 16)
Jodie Cunningham
Requesting CVE for ImageMagick DoS Jodie Cunningham (Feb 19)
CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham (Mar 24)
Re: Requesting CVE for ImageMagick DoS Jodie Cunningham (Feb 26)
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham (Mar 27)
Joe Malcolm
CVE Request: jabberd remote information disclosure Joe Malcolm (Feb 20)
Johannes Segitz
CVE request: NULL ptr deref in php Johannes Segitz (Feb 04)
John Haxby
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 06)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 05)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 11)
Re: membership request to the closed linux-distros security mailing list John Haxby (Mar 20)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 09)
Re: Fixing the glibc runtime linker John Haxby (Feb 25)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 10)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 10)
Re: PEP-466 common compatible implementation. (was ... CVE-2015-1777) John Haxby (Mar 10)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 10)
Re: wordexp(3) John Haxby (Feb 11)
CVE-2014-8172 John Haxby (Mar 09)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 08)
John Lightsey
CVE request: MovableType before 5.2.12 John Lightsey (Feb 12)
Jonathan Brossard
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jonathan Brossard (Jan 27)
Josh Boyer
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Josh Boyer (Feb 16)
Jo Shields
Mono TLS vulnerabilities Jo Shields (Mar 07)
Joshua J. Drake
Re: vsftpd problem in deny_hosts Joshua J. Drake (Feb 03)
Joshua Rogers
Re: Re: CVE Request: PHP Joshua Rogers (Jan 24)
CVE Request: PHP int overflow Joshua Rogers (Jan 20)
Re: CVE Request: PHP Joshua Rogers (Jan 24)
Re: Re: CVE Request: PHP Joshua Rogers (Jan 24)
Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Jan 06)
Re: CVE Request: PHP Joshua Rogers (Jan 08)
CVE Revoke Joshua Rogers (Jan 05)
Re: Re: CVE Request: PHP 5.6.6 changelog Joshua Rogers (Mar 11)
Fwd: Re: CVE Request Question Joshua Rogers (Jan 03)
CVE Request: PHP Joshua Rogers (Jan 08)
Re: CVE Request for illumos distributions Joshua Rogers (Jan 03)
J. Tozo
CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo (Jan 21)
Justin Steven
Re: CVE for Kali Linux Justin Steven (Mar 21)
Kees Cook
Re: CVE-Request -- Linux ASLR integer overflow Kees Cook (Feb 14)
CVE request: Linux kernel ecryptfs 1-byte overwrite Kees Cook (Feb 17)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
Korvin Szanto
Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto (Jan 05)
Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto (Jan 05)
Kristian Fiskerstrand
CVE Request: Cups: cupsRasterReadPixels buffer overflow Kristian Fiskerstrand (Feb 10)
Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)
Kurt Seifried
CVE-2013-6501 php: predictible filename used for cache in world writable directory Kurt Seifried (Feb 08)
FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 17)
potrace: possible heap overflow Kurt Seifried (Feb 06)
Re: CVE for Kali Linux Kurt Seifried (Mar 21)
lynx: crash when parsing overly long links Kurt Seifried (Feb 06)
ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat Kurt Seifried (Jan 20)
some really old openjdk stuff/possible java Kurt Seifried (Feb 07)
Re: older issues in libbluray Kurt Seifried (Feb 22)
Re: FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 18)
Re: CVE request for denial-of-service vulnerability in fcgi Kurt Seifried (Feb 06)
Re: unassigning CVE-2015-2104 Kurt Seifried (Mar 04)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried (Feb 07)
kgb-bot can be crashed by some network traffic Kurt Seifried (Jan 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 28)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
CVE request for some NTP stuff Kurt Seifried (Feb 04)
Re: CVE for Kali Linux Kurt Seifried (Mar 22)
XSS In Zope Kurt Seifried (Feb 26)
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Kurt Seifried (Mar 13)
Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 04)
foomatic file loading from cwd Kurt Seifried (Feb 04)
Old nagios CVE Kurt Seifried (Feb 04)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
CVE HOWTO - updated and moved to github Kurt Seifried (Jan 26)
CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not set for cookies with Jenkins on Tomcat Kurt Seifried (Jan 13)
libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Kurt Seifried (Feb 06)
Re: CVE-2015-0881 Kurt Seifried (Feb 21)
Re: cve-assign delays Kurt Seifried (Mar 19)
Node.js "serve-static" module Open Redirect Kurt Seifried (Jan 13)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
Re: [videolan] [oss-security] older issues in libbluray Kurt Seifried (Feb 23)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
Re: foomatic file loading from cwd Kurt Seifried (Feb 18)
Re: CVE for Kali Linux Kurt Seifried (Mar 22)
Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried (Feb 07)
MP3::Info file loading from cwd Kurt Seifried (Feb 04)
Re: CVE for Kali Linux Kurt Seifried (Mar 22)
Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 24)
gcj jar manifest parsing segfault with classpath references Kurt Seifried (Feb 07)
Re: Summer bug cleaning - rpcbind -h option - REJECT CVE-2012-3541 Kurt Seifried (Feb 23)
Re: lynx: crash when parsing overly long links Kurt Seifried (Feb 06)
Possible "new" CVE for Zoo directory traversal Kurt Seifried (Jan 02)
busybox CVE-2014-9645 Kurt Seifried (Jan 25)
CVE request for BZ Kurt Seifried (Jan 23)
CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument Kurt Seifried (Feb 04)
CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars Kurt Seifried (Feb 08)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 04)
Re: membership request to the closed linux-distros security mailing list Kurt Seifried (Mar 20)
CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order Kurt Seifried (Jan 22)
please REJECT CVE-2013-4186 Kurt Seifried (Feb 08)
unshield directory traversal Kurt Seifried (Jan 25)
Re: CVE for Kali Linux Kurt Seifried (Mar 22)
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Kurt Seifried (Jan 30)
some older pbm2l2030 stuff Kurt Seifried (Feb 06)
CVE for Kali Linux Kurt Seifried (Mar 21)
Re: Assignment of CVE IDs with 5 or more digits by January 13, 2015 Kurt Seifried (Jan 04)
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 24)
python-rope: pickle.load of remotely supplied data with no authentication required Kurt Seifried (Feb 06)
Debian / xterm #779397 Kurt Seifried (Mar 02)
Re: CVE-2015-0881 Kurt Seifried (Feb 23)
2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 23)
[perl #119505] Segfault from bad backreference Kurt Seifried (Jan 23)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 05)
CVE-2015-0881 Kurt Seifried (Feb 21)
older issues in libbluray Kurt Seifried (Feb 06)
Re: CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Kurt Seifried (Jan 05)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 09)
CVE request for Zero-day in the Fancybox-for-WordPress Plugin Kurt Seifried (Feb 04)
older fuseiso stuff Kurt Seifried (Feb 06)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 10)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 06)
CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Kurt Seifried (Mar 23)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 09)
Current outstanding CVE requests Kurt Seifried (Feb 09)
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() Kurt Seifried (Feb 07)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 05)
rsyslog/logs/1 minute off (another RISKS thing) Kurt Seifried (Mar 21)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
ghostscript double free and invalid read caused by embedded jbig2 data Kurt Seifried (Feb 07)
CVE REJECT CVE-2009-1193 Kurt Seifried (Feb 07)
Re: CVE-2015-0881 Kurt Seifried (Mar 01)
Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
Re: validation on update Kurt Seifried (Mar 03)
byzanz: Out-of heap-based buffer write in GIF encoder Kurt Seifried (Feb 06)
Larry Cashdollar
CVE for SEANux 1.0? Larry Cashdollar (Jan 25)
Larry W. Cashdollar
Re: SEANux 1.0 remote back door Larry W. Cashdollar (Jan 25)
SEANux 1.0 remote back door Larry W. Cashdollar (Jan 24)
Re: SEANux 1.0 remote back door Larry W. Cashdollar (Jan 24)
linkbc02
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
Lior Kaplan
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Lior Kaplan (Mar 30)
Loganaden Velvindron
Re: FreeBSD: URGENT: RNG broken for last 4 months Loganaden Velvindron (Feb 17)
Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Loganaden Velvindron (Feb 18)
Luis Bernardo
[CVE-2015-0250] Apache Batik information disclosure vulnerability Luis Bernardo (Mar 17)
Lyndon Nerenberg
Re: CVE Request: cpio -- directory traversal Lyndon Nerenberg (Jan 15)
mancha
Re: CVE Request: Info-ZIP unzip 6.0 mancha (Jan 20)
Re: CVE Request: Info-ZIP unzip 6.0 mancha (Feb 11)
CVE request: xrdp mancha (Feb 18)
OpenSSL sec. advisory mancha (Mar 19)
OpenSSL DoS tester now available (CVE-2015-0291) mancha (Mar 22)
Re: CVE request: xrdp mancha (Feb 18)
CVE Requests - glibc overflows (strxfrm) mancha (Feb 13)
Marc Deslauriers
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Marc Deslauriers (Jan 29)
CVE Request: XSS and response-splitting bugs in rabbitmq management plugin Marc Deslauriers (Jan 21)
CVE Request: Linux kernel crypto api unprivileged arbitrary module load Marc Deslauriers (Jan 23)
Re: CVE Request: XSS and response-splitting bugs in rabbitmq management plugin Marc Deslauriers (Jan 26)
Re: CVE request: file(1) DoS Marc Deslauriers (Jan 16)
Marcus Meissner
Re: CVE Request for illumos distributions Marcus Meissner (Jan 04)
Re: vsftpd problem in deny_hosts Marcus Meissner (Feb 03)
Re: CVE for Kali Linux Marcus Meissner (Mar 23)
vsftpd problem in deny_hosts Marcus Meissner (Feb 03)
Re: CVE Request: MySQL: MyISAM temporary file issue Marcus Meissner (Feb 03)
CVE Request: Linux kernel information leak in event device handling Marcus Meissner (Jan 20)
Re: CVE Request: libarchive -- directory traversal in bsdcpio Marcus Meissner (Mar 09)
Re: membership request to the closed linux-distros security mailing list Marcus Meissner (Mar 20)
Re: Re: Debian / xterm #779397 Marcus Meissner (Mar 03)
CVE Request: memory leak in openssl "hostname" TLS Extension Marcus Meissner (Mar 16)
Re: CVE for Kali Linux Marcus Meissner (Mar 24)
Re: CVE for Kali Linux Marcus Meissner (Mar 23)
Re: CVE Request: kwallet: incorrect CBC encryption handling Marcus Meissner (Jan 08)
Marek Kroemeke
Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke (Mar 10)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Marek Kroemeke (Jan 27)
Re: Disabling reading of kernel log buffer reading for user Marek Kroemeke (Mar 13)
Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke (Mar 09)
Marina Glancy
Moodle security issues are now public Marina Glancy (Jan 18)
Re: CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument - Moodle Marina Glancy (Feb 05)
Moodle security issue made public Marina Glancy (Feb 08)
Moodle security issues made public Marina Glancy (Mar 15)
Mark Felder
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
Martin Hecht
Re: Certificate pinning and the browser PKI Martin Hecht (Mar 05)
Martin Prpic
CVE request: two issues in vorbis-tools Martin Prpic (Jan 21)
Re: CVE request: Maven downloads JARs via HTTP Martin Prpic (Mar 02)
CVE request: directory traversal flaw in patch Martin Prpic (Jan 14)
CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Martin Prpic (Mar 06)
Re: CVE request: directory traversal flaw in patch Martin Prpic (Jan 20)
CVE request: Maven downloads JARs via HTTP Martin Prpic (Mar 02)
Mathias Krause
Re: Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load Mathias Krause (Jan 24)
Matthew Daley
Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 Matthew Daley (Mar 27)
Advisory: CVE-2014-9708: Appweb Web Server Matthew Daley (Mar 27)
Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley (Jan 21)
CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley (Jan 06)
Matt Mahoney
Possible vulnerability fixed in ZPAQ v7.02 Matt Mahoney (Feb 13)
Maxin John
CVE-Request - bitbake Maxin John (Feb 16)
Mehaffey, John
RE: CVE Request: Linux kernel information leak in event device handling Mehaffey, John (Jan 20)
RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Mehaffey, John (Mar 13)
Michael Catanzaro
CVE Request: WebKitGTK+ late TLS certificate verification Michael Catanzaro (Mar 17)
Michael Gilbert
Re: Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Michael Gilbert (Feb 18)
Michael Samuel
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Michael Samuel (Jan 30)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 11)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 05)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 11)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 10)
Re: CVE for Kali Linux Michael Samuel (Mar 21)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 11)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 10)
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Michael Samuel (Feb 04)
PostgreSQL password hashing Michael Samuel (Mar 03)
Michal Zalewski
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski (Jan 24)
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
Mike O'Connor
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Mike O'Connor (Feb 09)
Moritz Heidkamp
CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Moritz Heidkamp (Jan 12)
Moritz Muehlenhoff
Re: vsftpd problem in deny_hosts Moritz Muehlenhoff (Feb 03)
CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff (Mar 23)
CVE request: spencer regexp Moritz Muehlenhoff (Feb 16)
CVE request: unace Moritz Muehlenhoff (Feb 23)
Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Muehlenhoff (Feb 22)
CVE request: Xymon Moritz Muehlenhoff (Jan 30)
Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Moritz Muehlenhoff (Jan 28)
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Moritz Muehlenhoff (Feb 22)
Re: CVE Request: jabberd remote information disclosure Moritz Muehlenhoff (Feb 22)
Re: CVE Request: Linux kernel information leak in event device handling Moritz Muehlenhoff (Feb 24)
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Moritz Muehlenhoff (Mar 20)
CVE Request: PHP/file: out-of-bounds memory access in softmagic Moritz Muehlenhoff (Feb 04)
CVE request: lame Moritz Muehlenhoff (Feb 12)
Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff (Jan 05)
Re: Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Moritz Muehlenhoff (Jan 24)
Re: CVE Request: null ptr deref in lame v3.99.5 Moritz Muehlenhoff (Feb 26)
CVE request: archmage directory traversal Moritz Muehlenhoff (Feb 12)
Re: CVE Request: gd buffer read overflow in gd_gif_in.c Moritz Muehlenhoff (Mar 23)
Moritz Mühlenhoff
Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)
Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Mühlenhoff (Mar 05)
Re: Possible CVE Requests: libmspack: several issues Moritz Mühlenhoff (Feb 22)
Nadav Amit
KVM SYSENTER emulation vulnerability - CVE-2015-0239 Nadav Amit (Jan 27)
Nick Kralevich
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Mar 13)
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Mar 12)
Paolo Perego
CVE request: XSS in search functionality for Geo Mashup Wordpress plugin Paolo Perego (Jan 27)
Paris Z
Re: CVE request: two issues in vorbis-tools Paris Z (Jan 23)
Patrick Coleman
Re: CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 17)
CVE Request: PuTTY fails to clear private key information from memory Patrick Coleman (Feb 28)
Re: CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 25)
CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 17)
Patrick William
CVE Request: Webmin & Usermin - Read Mail Module Vulnerability Patrick William (Jan 19)
Paul McMillan
unassigning CVE-2015-2104 Paul McMillan (Mar 04)
Paul Pluzhnikov
Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
CVE request: glibc PR 17269 _IO_wstr_overflow integer overflow Paul Pluzhnikov (Feb 22)
Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 28)
CVE request: heap buffer overflow in glibc swscanf Paul Pluzhnikov (Feb 01)
Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
Pavel Machek
Re: CVE Request: Linux kernel information leak in event device handling Pavel Machek (Jan 21)
Pere Orga
CVE requests for Drupal contributed modules Pere Orga (Feb 13)
CVE requests for Drupal contributed modules Pere Orga (Mar 22)
CVE requests for Drupal contributed modules Pere Orga (Feb 05)
CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 Pere Orga (Mar 19)
Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)
Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 Pere Orga (Mar 21)
CVE requests: Drupal contributed modules Pere Orga (Jan 02)
CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 28)
Peter Bex
Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Peter Bex (Jan 28)
Peter Kjellström
Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs) Peter Kjellström (Mar 17)
Petr Matousek
CVE Request: Linux kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer Petr Matousek (Mar 23)
Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions Petr Matousek (Jan 29)
CVE-2015-0275 -- Linux kernel: fs: ext4: fallocate zero range page size > block size BUG() Petr Matousek (Feb 23)
CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast Petr Matousek (Feb 02)
CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder Petr Matousek (Mar 24)
Pierre Schweitzer
Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
Re: kgb-bot can be crashed by some network traffic Pierre Schweitzer (Jan 28)
CVE request: denial of service in Quassel Pierre Schweitzer (Mar 20)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
P J P
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 16)
CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation P J P (Mar 24)
CVE request Linux kernel: isofs: unchecked printing of ER records P J P (Jan 06)
CVE request Qemu: malicious PRDT flow from guest to host P J P (Mar 23)
CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 13)
Prathan Phongthiproek
CVE-Request: WeBid 1.1.1 Unrestricted File Upload Exploit Prathan Phongthiproek (Mar 05)
P Richards
RE: CVE request: XSS in MantisBT P Richards (Feb 21)
RE: Re: CVE request: XSS in MantisBT P Richards (Feb 13)
RE: Re: CVE request: XSS in MantisBT P Richards (Feb 16)
RE: CVE request: XSS in MantisBT P Richards (Feb 09)
Puneeth Gowda
CVE Request - Apache Solr 4.10 Puneeth Gowda (Mar 15)
Qualys Security Advisory
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 29)
Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Qualys Security Advisory (Feb 03)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 28)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
Quentin Casasnovas
CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas (Mar 18)
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas (Mar 21)
CVE Request: Linux kernel execution in the early microcode loader. Quentin Casasnovas (Mar 18)
Raphael Geissert
CVE-2005-2096 and gamera Raphael Geissert (Jan 17)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert (Jan 28)
Reed Loden
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Reed Loden (Feb 04)
Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Reed Loden (Feb 07)
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Reed Loden (Jan 29)
Rich Felker
Re: Re: CVE request: sudo TZ issue Rich Felker (Feb 12)
Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817] Rich Felker (Mar 29)
Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Rich Felker (Feb 28)
Re: wordexp(3) Rich Felker (Feb 10)
Re: Fixing the glibc runtime linker Rich Felker (Feb 20)
Re: Fixing the glibc runtime linker Rich Felker (Feb 19)
Re: wordexp(3) Rich Felker (Feb 10)
Re: Fixing the glibc runtime linker Rich Felker (Feb 21)
Re: Fixing the glibc runtime linker Rich Felker (Feb 20)
Re: Fixing the glibc runtime linker Rich Felker (Feb 19)
Re: the other glibc issue Rich Felker (Jan 30)
Ritwik Ghoshal
Re: CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars Ritwik Ghoshal (Feb 09)
Russ Allbery
Re: CVE for Kali Linux Russ Allbery (Mar 22)
Re: CVE for Kali Linux Russ Allbery (Mar 22)
Re: CVE for Kali Linux Russ Allbery (Mar 21)
Ryan Tandy
CVE request: two OpenLDAP DoS issues Ryan Tandy (Feb 05)
Salvatore Bonaccorso
Possible CVE request: sympa: vulnerability in the web interface Salvatore Bonaccorso (Jan 20)
Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 07)
CVE Request: Cap'n Proto: Several issues Salvatore Bonaccorso (Mar 15)
CVE Request: patch: directory traversal via file rename Salvatore Bonaccorso (Jan 24)
Re: CVE request: denial of service flaw in firebird Salvatore Bonaccorso (Jan 03)
CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Feb 18)
CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5 Salvatore Bonaccorso (Feb 21)
Re: heap overflow in procmail Salvatore Bonaccorso (Feb 11)
Re: [perl #119505] Segfault from bad backreference Salvatore Bonaccorso (Jan 23)
Re: CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices Salvatore Bonaccorso (Mar 10)
CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c Salvatore Bonaccorso (Mar 29)
Dublicate CVE assignment for directory traversal in elfutils? (CVE-2014-9486 and CVE-2014-9447) Salvatore Bonaccorso (Jan 06)
CVE Request: arj: free on invalid pointer due to to buffer overflow Salvatore Bonaccorso (Mar 28)
Re: CVE Request: kwallet: incorrect CBC encryption handling Salvatore Bonaccorso (Jan 09)
CVE Request: gcab: directory traversal Salvatore Bonaccorso (Jan 04)
Re: Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Mar 03)
CVE Request: kwallet: incorrect CBC encryption handling Salvatore Bonaccorso (Jan 08)
CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 01)
Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices Salvatore Bonaccorso (Feb 20)
CVE Request: ikiwiki: cross-site scripting via openid_identifier Salvatore Bonaccorso (Mar 29)
Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Feb 03)
CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash Salvatore Bonaccorso (Jan 02)
CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196? Salvatore Bonaccorso (Jan 24)
Re: CVE request: XSS in roundcube before 1.1.0 Salvatore Bonaccorso (Mar 29)
Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel Salvatore Bonaccorso (Dec 31)
Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree Salvatore Bonaccorso (Mar 21)
Re: heap overflow in procmail Salvatore Bonaccorso (Feb 22)
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Jan 16)
CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Dec 31)
Sam Dodrill
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sam Dodrill (Jan 29)
Sebastian Andrzej Siewior
CVE-2015-1463: clamav: special crafted petite can lead to a crash Sebastian Andrzej Siewior (Feb 17)
CVE-2014-9328: clamav: special crafted upack files may lead to segfault Sebastian Andrzej Siewior (Feb 17)
Sebastian Krahmer
Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 30)
Fwd: setroubleshoot root exploit (CVE-Request) Sebastian Krahmer (Mar 26)
CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 25)
Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 25)
Sebastian Pipping
CVE or not: 2x grml-debootstrap Sebastian Pipping (Jan 21)
CVE request: DokuWiki privilege escalation in RPC API Sebastian Pipping (Mar 01)
Sébastien Delafond
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond (Feb 23)
CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond (Feb 22)
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond (Feb 26)
CVE request: 2 issues in inspircd Sébastien Delafond (Mar 29)
Seth Arnold
Re: CVE HOWTO - updated and moved to github Seth Arnold (Jan 26)
Shachar Raindel
CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Mar 18)
Shawn
Re: Linux kernel: multiple x86_64 vulnerabilities Shawn (Feb 05)
Siddharth Sharma
CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others) Siddharth Sharma (Feb 27)
Re: CVE request: spencer regexp Siddharth Sharma (Mar 11)
Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
Simo Ben youssef
Re: CVE request: Concrete5 XSS vulnerability Simo Ben youssef (Jan 05)
Simon McVittie
Announcing D-Bus 1.8.14 Simon McVittie (Jan 05)
Re: CVE request: Maven downloads JARs via HTTP Simon McVittie (Mar 02)
CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Simon McVittie (Jan 05)
CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Simon McVittie (Jan 05)
Re: Re: Debian / xterm #779397 Simon McVittie (Mar 03)
Re: Re: CVE request: sudo TZ issue Simon McVittie (Feb 13)
CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation Simon McVittie (Feb 09)
Re: CVE Request: ikiwiki: cross-site scripting via openid_identifier Simon McVittie (Mar 30)
CVE-2014-8156: freesmartphone.org stack configures D-Bus system bus to be insecure Simon McVittie (Jan 28)
Simon Waters
Re: Insecure file upload in Berta CMS Simon Waters (Mar 30)
Fwd: Insecure file upload in Berta CMS Simon Waters (Mar 27)
Solar Designer
Re: CVE for Kali Linux Solar Designer (Mar 22)
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 18)
wordexp(3) Solar Designer (Feb 10)
Re: CVE for Kali Linux Solar Designer (Mar 22)
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 18)
Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Mar 13)
Re: CVE for Kali Linux Solar Designer (Mar 22)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 16)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 28)
Re: CVE for Kali Linux Solar Designer (Mar 22)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
Re: membership request to the closed linux-distros security mailing list Solar Designer (Mar 20)
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Solar Designer (Jan 29)
Re: Fwd: setroubleshoot root exploit (CVE-Request) Solar Designer (Mar 26)
Re: Linux kernel: multiple x86_64 vulnerabilities Solar Designer (Feb 02)
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Solar Designer (Jan 21)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
Re: the other glibc issue Solar Designer (Jan 29)
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 16)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
Re: vsftpd problem in deny_hosts Solar Designer (Feb 03)
Re: CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Solar Designer (Mar 27)
Re: Instant v2.0 SQL Injection Vulnerability Solar Designer (Mar 10)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
Sona Sarmadi
membership request to the closed linux-distros security mailing list Sona Sarmadi (Mar 20)
Stanislav Malyshev
Re: CVE-2013-6501 php: predictible filename used for cache in world writable directory Stanislav Malyshev (Feb 08)
Re: CVE Request: PHP: out of bounds read crashes php-cgi Stanislav Malyshev (Dec 31)
Steevee a.k.a Stefanus
Instant v2.0 SQL Injection Vulnerability Steevee a.k.a Stefanus (Mar 09)
Steffen Rösemann
CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities Steffen Rösemann (Jan 03)
CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend Steffen Rösemann (Jan 12)
CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities Steffen Rösemann (Jan 06)
Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF Steffen Rösemann (Feb 13)
CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Steffen Rösemann (Jan 22)
CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities Steffen Rösemann (Feb 01)
CVE Request -- CMS Kajona v. 4.6 -- Reflecting XSS in administrative backend Steffen Rösemann (Jan 06)
CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilities Steffen Rösemann (Jan 27)
CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann (Feb 22)
CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities Steffen Rösemann (Feb 21)
CVE-Request -- openEMR v. 4.2.0 -- Multiple stored/reflecting XSS- and SQLi vulns Steffen Rösemann (Mar 22)
CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 13)
CVE-Request -- eFront v. 3.6.15.2 build 18021 (Community Edition) -- Multiple CSRF vulnerabilities Steffen Rösemann (Feb 08)
CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 09)
CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability Steffen Rösemann (Feb 03)
CVE Request -- Contenido 4.9.x - 4.9.5 -- Reflecting XSS vulnerability in exception handler with deactivated AMR function Steffen Rösemann (Jan 03)
Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities Steffen Rösemann (Feb 23)
CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF Steffen Rösemann (Feb 13)
CVE-Request -- Piwigo <= v. 2.7.3 -- Reflecting XSS- and SQLi-vulnerability in administrative backend Steffen Rösemann (Feb 18)
CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities Steffen Rösemann (Feb 21)
Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities Steffen Rösemann (Feb 01)
CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) Steffen Rösemann (Jan 12)
CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities Steffen Rösemann (Jan 08)
Stephane Chazelas
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Stephane Chazelas (Jan 28)
Re: Re: Debian / xterm #779397 Stephane Chazelas (Mar 03)
Stephen Kitt
Re: CVE for Kali Linux Stephen Kitt (Mar 22)
Stephen Smalley
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Stephen Smalley (Jan 21)
Steve Kemp
cve request: insecure temporary file usage - xbindkeys-config Steve Kemp (Jan 03)
Steven M. Christey
Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash Steven M. Christey (Jan 05)
Assignment of CVE IDs with 5 or more digits by January 13, 2015 Steven M. Christey (Jan 04)
Re: CVE Request for illumos distributions Steven M. Christey (Jan 04)
Re: cve request: insecure temporary file usage - xbindkeys-config Steven M. Christey (Jan 05)
Re: CVE Request for illumos distributions Steven M. Christey (Jan 04)
cve-assign delays Steven M. Christey (Mar 19)
Re: Re: 2012 CVE request: XXE in nokogiri ruby gem Steven M. Christey (Jan 05)
Steven M. Schweda
Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 11)
Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 10)
Steven Stewart-Gallus
Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Steven Stewart-Gallus (Mar 01)
Stuart Gathman
Re: Fixing the glibc runtime linker Stuart Gathman (Feb 19)
Stuart Henderson
Re: wordexp(3) Stuart Henderson (Feb 11)
Re: membership request to the closed linux-distros security mailing list Stuart Henderson (Mar 20)
Sven Kieske
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Sven Kieske (Jan 28)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske (Jan 29)
Sven Schwedas
Re: Re: CVE request: BD-J implementation in libbluray Sven Schwedas (Feb 23)
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Sven Schwedas (Mar 17)
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sven Schwedas (Jan 30)
Sylvain Pelissier
eCryptfs key wrapping help to crack user password Sylvain Pelissier (Feb 10)
Tavis Ormandy
Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
Thijs Alkemade
CVE Request: jabberd remote information disclosure Thijs Alkemade (Feb 09)
Re: CVE Request: jabberd remote information disclosure Thijs Alkemade (Feb 23)
Thijs Kinkhorst
CVE request: pigz, kgb, pax: directory traversal Thijs Kinkhorst (Jan 12)
Thomas Dickey
Re: Debian / xterm #779397 Thomas Dickey (Mar 03)
Thomas Klausner
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Thomas Klausner (Mar 23)
Till Maas
CVE request for denial-of-service vulnerability in fcgi Till Maas (Feb 06)
Tim
Re: wordexp(3) Tim (Feb 11)
Tim Brown
Fixing the glibc runtime linker Tim Brown (Feb 19)
Re: Fixing the glibc runtime linker Tim Brown (Feb 20)
Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
Timo Warns
Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
TingPing
Re: CVE request: xchat/hexchat don't properly verify SSL certificates TingPing (Jan 30)
Todd C. Miller
Re: Re: CVE request: sudo TZ issue Todd C. Miller (Feb 13)
Re: CVE request: sudo TZ issue Todd C. Miller (Feb 10)
CVE request: sudo TZ issue Todd C. Miller (Feb 09)
Re: Re: CVE request: sudo TZ issue Todd C. Miller (Feb 11)
Tomas Hoger
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Mar 30)
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Tomas Hoger (Mar 05)
Re: CVE Request: Info-ZIP unzip 6.0 Tomas Hoger (Feb 10)
CVE request - ICU Tomas Hoger (Jan 28)
Re: Re: CVE request - ICU Tomas Hoger (Jan 29)
Trevor Jay
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Trevor Jay (Mar 24)
Tristan Cacqueray
[OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme Tristan Cacqueray (Jan 15)
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
[OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881) Tristan Cacqueray (Feb 23)
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 16)
[OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153) Tristan Cacqueray (Jan 08)
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 12)
[OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1 Tristan Cacqueray (Jan 20)
[OSSA 2015-005] Nova console Cross-Site WebSocket hijacking (CVE-2015-0259) Tristan Cacqueray (Mar 13)
[OSSA 2015-003] Glance user storage quota bypass (CVE-2014-9623) Tristan Cacqueray (Jan 26)
Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
Tyler Hicks
Re: eCryptfs key wrapping help to crack user password Tyler Hicks (Feb 26)
Re: eCryptfs key wrapping help to crack user password Tyler Hicks (Feb 10)
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)
Vasyl Kaigorodov
CVE request: novnc: session hijack through insecurely set session token cookies Vasyl Kaigorodov (Feb 17)
CVE request: roundcubemail: possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins Vasyl Kaigorodov (Jan 07)
Re: CVE request: dir traversal in elfutils Vasyl Kaigorodov (Jan 06)
CVE request: lftp saves unknown host's fingerprint in known_hosts without any prompt Vasyl Kaigorodov (Mar 12)
CVE request: httpd: IP address spoofing in mod_remoteip Vasyl Kaigorodov (Jan 13)
Possible CVE request: python-pillow: potential denial-of-service in PNG decompression code Vasyl Kaigorodov (Jan 06)
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Vasyl Kaigorodov (Feb 16)
CVE Request: ikiwiki: cross-site scripting via openid_identifier Vasyl Kaigorodov (Mar 30)
Re: some older pbm2l2030 stuff Vasyl Kaigorodov (Mar 30)
Re: Re: CVEs for Drupal contributed modules - January 2015 Vasyl Kaigorodov (Jan 29)
Vincent Danen
Re: unsubscribe mmcallis () redhat com Vincent Danen (Jan 06)
unsubscribe mmcallis () redhat com Vincent Danen (Jan 06)
CVE request for directory traversal flaw in p7zip Vincent Danen (Jan 06)
CVE request: xchat/hexchat don't properly verify SSL certificates Vincent Danen (Jan 29)
Re: CVE request: denial of service flaw in firebird Vincent Danen (Jan 05)
Vitezslav Cizek
Re: CVE Request: memory leak in openssl "hostname" TLS Extension Vitezslav Cizek (Mar 16)
Re: CVE Request: cpio -- directory traversal Vitezslav Cizek (Feb 02)
Wade Mealing
CVE-Request -- Linux kernel - panic on nftables rule flush Wade Mealing (Feb 09)
CVE Request: Linux kernel - Denial of service in notify_change for xattrs. Wade Mealing (Jan 22)
CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded Wade Mealing (Jan 13)
William Robinet
CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write William Robinet (Feb 17)
Multiple vulnerabilities in LibTIFF and associated tools William Robinet (Jan 24)
wzt wzt
New Rootkit - Lightweight rootkit implemented by bash shell scripts v0.10 wzt wzt (Mar 28)
CVE request: freebsd/sh stack overflow vulnerability wzt wzt (Mar 31)
Xen . org security team
Xen Security Advisory 116 (CVE-2015-0361) - xen crash due to use after free on hvm guest teardown Xen . org security team (Jan 06)
Xen Security Advisory 125 (CVE-2015-2752) - Long latency MMIO mapping operations are not preemptible Xen . org security team (Mar 31)
Xen Security Advisory 126 (CVE-2015-2756) - Unmediated PCI command register access in qemu Xen . org security team (Mar 31)
Xen Security Advisory 123 (CVE-2015-2151) - Hypervisor memory corruption due to x86 emulator flaw Xen . org security team (Mar 10)
Xen Security Advisory 119 (CVE-2015-2152) - HVM qemu unexpectedly enabling emulated VGA graphics backends Xen . org security team (Mar 12)
Xen Security Advisory 122 (CVE-2015-2045) - Information leak through version information hypercall Xen . org security team (Mar 05)
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Mar 13)
Xen Security Advisory 121 (CVE-2015-2044) - Information leak via internal x86 system device emulation Xen . org security team (Mar 05)
Xen Security Advisory 118 (CVE-2015-1563) - arm: vgic: incorrect rate limiting of guest triggered logging Xen . org security team (Feb 25)
Xen Security Advisory 127 (CVE-2015-2751) - Certain domctl operations may be abused to lock up the host Xen . org security team (Mar 31)
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Mar 13)
Xen Security Advisory 117 (CVE-2015-0268) - arm: vgic-v2: GICD_SGIR is not properly emulated Xen . org security team (Feb 12)
Xen Security Advisory 124 - Non-standard PCI device functionality may render pass-through insecure Xen . org security team (Mar 10)
Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests Xen . org security team (Mar 10)
Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls Xen . org security team (Jan 20)
Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests Xen . org security team (Mar 31)
Xen Security Advisory 118 - arm: vgic: incorrect rate limiting of guest triggered logging Xen . org security team (Jan 29)
Yury German
CVE Request for Privoxy Version: 3.0.22 Yury German (Jan 07)
Re: Imagemagick fuzzing bug Yury German (Jan 17)
Yves-Alexis Perez
Re: CVE requests for shibboleth service provider Yves-Alexis Perez (Mar 23)
CVE request (Debian specific): slapd: dangerous access rule in default config Yves-Alexis Perez (Mar 28)
CVE requests for shibboleth service provider Yves-Alexis Perez (Mar 23)
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez (Jan 28)
Zhenghao Hu
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 16)
CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 13)
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 25)
Zubin Mithra
Re: CVE Request: PuTTY fails to clear private key information from memory Zubin Mithra (Feb 28)
罗大龙
【Vulnerability Report 】 - from QIHU 360 China 罗大龙 (Jan 03)