oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

618 messages starting Nov 16 15 and ending Nov 16 15
Date index | Thread index | Author index

김종권

CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability 김종권 (Nov 16)
CVE-2015-8106 - latex2rtf v2.3.8 format string vulnerability 김종권 (Nov 16)

Adam Maris

CVE request: qt5-qtwebkit records visited URLS in private browsing mode Adam Maris (Nov 05)
CVE-2015-5327 kernel: User triggerable out-of-bounds read Adam Maris (Nov 27)
CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion Adam Maris (Dec 21)
CVE request: crash when attempt to garbage collect an uninstantiated keyring Adam Maris (Oct 20)

Agostino Sarubbo

Re: suckless sent and libxft-dev 2.3.2-1 crash Agostino Sarubbo (Nov 17)
Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Agostino Sarubbo (Oct 16)

akuster

Re: CVE Request: Glibc Pointer guarding weakness akuster (Oct 29)

Alan Coopersmith

Re: suckless sent and libxft-dev 2.3.2-1 crash Alan Coopersmith (Nov 17)

Alex Gaynor

Re: Prime example of a can of worms Alex Gaynor (Oct 18)

Alyssa Milburn

race condition checking digests/checksums in sudoers Alyssa Milburn (Nov 09)

Amos Jeffries

Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication Amos Jeffries (Oct 12)

Andrea Barisani

shellinabox - DNS rebinding attack due to HTTP fallback Andrea Barisani (Dec 02)

Andreas Stieger

CVE-2015-7519: Phusion Passenger Header overwriting issue Andreas Stieger (Dec 07)
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Andreas Stieger (Oct 05)
Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Andreas Stieger (Oct 16)
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Andreas Stieger (Oct 05)

Andrew Shadura

CVE-2015-5285: Kallithea: HTTP header injection Andrew Shadura (Oct 02)

Andrey Utkin

[RFC] Keychain for GPG, SSH, X.509 etc. (inspired by Split GPG) Andrey Utkin (Nov 27)

Anti Räis

Re: CVE-Request for stored WCI (a.k.a XSS) in Visual Form Builder 2.7.5 - 2.8.4 Anti Räis (Oct 05)

Aravind

CVE Request: TestLink 1.9.14 CSRF Vulnerability Aravind (Nov 08)
CVE Request: TestLink 1.9.14 Persistent XSS Vulnerability Aravind (Nov 08)

Arrigo Triulzi

Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi (Oct 02)

Austin English

Re: Re: CVE request for wget Austin English (Dec 24)
Re: Re: CVE request for wget Austin English (Nov 03)
Re: Re: CVE request for wget Austin English (Oct 26)
Re: Re: CVE request for wget Austin English (Nov 02)

Ben Hutchings

Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings (Dec 30)

Bernd Schmidt

Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 18)
Re: Fwd: x86 ROP mitigation Bernd Schmidt (Nov 17)

Blake Burkhart

Re: CVE Request: git Blake Burkhart (Oct 12)

Blibbet

Re: Re: CVE Request - Linux kernel - securelevel/secureboot bypass. Blibbet (Oct 15)

Brad Knowles

Re: Prime example of a can of worms Brad Knowles (Oct 20)
Re: Duplicate CVE: CVE-2015-7703 in NTP Brad Knowles (Oct 23)
Re: Prime example of a can of worms Brad Knowles (Oct 19)

Brendan Scarvell

CVE request: XSS to RCE in PHP-Fusion 9 Brendan Scarvell (Nov 27)

Carlos Alberto Lopez Perez

WebKitGTK+ Security Advisory WSA-2015-0002 Carlos Alberto Lopez Perez (Dec 28)

Chris Steipp

CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11 Chris Steipp (Oct 19)
CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 Chris Steipp (Dec 21)

Christine Dodrill

ircd-ratbox and Derivatives OOM by MONITOR Command Christine Dodrill (Oct 10)

Christofer Dutz

CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Christofer Dutz (Nov 23)

Claus Ibsen

CVE-2015-5348 - Apache Camel medium disclosure vulnerability Claus Ibsen (Dec 17)

Colm O hEigeartaigh

New security advisory for Apache CXF Colm O hEigeartaigh (Nov 14)

CSW Research Lab

Symphony CMS 2.6.3 - Multiple Reflected Cross-site Scripting Vulnerability CSW Research Lab (Dec 22)
OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability CSW Research Lab (Dec 20)
Bedita CMS 3.6.0 Cross site Vulnerability CSW Research Lab (Dec 28)
[FD] [CVE-2015-8606] SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability CSW Research Lab (Dec 18)
Cross site vulnerability (XSS) in OcPortal CMS 9.0.20 CSW Research Lab (Dec 19)
Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0 CSW Research Lab (Dec 16)

Curesec Research Team (CRT)

CVE Request: Various Curesec Research Team (CRT) (Nov 20)

cve-assign

Re: CVE request - perl library UI::Dialog 1.09 - shell escaping vulnerability cve-assign (Oct 08)
Re: CVE Request: Unauthorized access to IPC objects with SysV shm cve-assign (Oct 01)
Re: CVE request: Redmine - information disclosure on the time logging form cve-assign (Nov 25)
Re: Several reads out-of-bound in mplayer 1.1 cve-assign (Nov 17)
Re: DoS attack through Email-Address perl module v1.907 (CVE id request) cve-assign (Oct 02)
Re: Qualys Security Advisory - OpenSMTPD Audit Report cve-assign (Oct 02)
Re: CVE request: libsndfile 1.0.25 heap overflow cve-assign (Nov 03)
Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication cve-assign (Oct 11)
Re: CVE-request: ~/.t_coffee/ is world-writable cve-assign (Dec 23)
Re: libsndfile DoS/divide-by-zero cve-assign (Nov 03)
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 cve-assign (Oct 02)
Re: Two out of bounds reads in Zstandard / zstd cve-assign (Oct 29)
Re: CVE request for vulnerability in OpenStack Glance cve-assign (Nov 18)
Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 21)
Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed cve-assign (Nov 18)
Re: Heap Overflow in PCRE cve-assign (Dec 02)
Re: CVE request: Qemu: ui: vnc: avoid floating point exception cve-assign (Dec 08)
Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 cve-assign (Dec 23)
Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password cve-assign (Oct 29)
Re: CVE for git issue - please use CVE-2015-7545 cve-assign (Dec 11)
Re: CVE Request: Squashfs 4.2 Race Condition cve-assign (Dec 30)
Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign (Dec 11)
Re: Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE cve-assign (Dec 04)
Re: CVE Request: Use-after-free in optipng 0.6.4 cve-assign (Oct 10)
Re: CVE request: net-snmp OpenBSD package - insecure file permission vulnerability cve-assign (Nov 09)
Re: CVE request Qemu net: rocker: fix an incorrect array bounds check cve-assign (Dec 28)
Re: shellinabox - DNS rebinding attack due to HTTP fallback cve-assign (Dec 02)
Re: CVE Request: PHPMailer Message Injection Vulnerability cve-assign (Dec 04)
Re: Heap Overflow in PCRE cve-assign (Dec 01)
Re: CVE Request: Linux kernel: privilege escalation in user namespaces cve-assign (Dec 31)
Re: CVE request -- Linux kernel: selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm() cve-assign (Nov 05)
Re: CVE request: urlfetch range handling flaw in Cyrus IMAP cve-assign (Nov 04)
Re: Chef: knife bootstrap leaks validator privkey into system logs cve-assign (Dec 14)
Re: CVE request -- Out-of-bounds Read in libtiff cve-assign (Dec 24)
Re: CVE request: crash when attempt to garbage collect an uninstantiated keyring - Linux kernel cve-assign (Oct 20)
Re: CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper cve-assign (Dec 14)
Re: CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem cve-assign (Nov 23)
Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc cve-assign (Oct 21)
Re: Duplicate CVE: CVE-2015-7703 in NTP cve-assign (Oct 23)
Re: CVE request: Linux kernel, information disclosure after file truncate on BTRFS cve-assign (Nov 27)
Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list cve-assign (Nov 25)
Re: Apache James Server 2.3.2 security vulnerability fixed VU#988628 cve-assign (Oct 01)
Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android cve-assign (Nov 23)
Re: CVE request: libsndfile 1.0.25 heap overflow cve-assign (Nov 03)
Re: CVE request for LightDM - XDMCP denial of service cve-assign (Nov 22)
Re: CVE Request: twig remote code execution cve-assign (Oct 11)
Re: CVE Request: Audio File Library cve-assign (Oct 07)
Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart - Linux kernel cve-assign (Oct 10)
Re: hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation cve-assign (Nov 02)
Re: CVE request: BD-J implementation in libbluray cve-assign (Oct 12)
Re: CVE request Qemu: net: vmxnet3: host memory leakage cve-assign (Dec 15)
Re: CVE Request: BusyBox tar directory traversal cve-assign (Oct 21)
Re: race condition checking digests/checksums in sudoers cve-assign (Nov 18)
Re: CVE Request: Buffer overflow in global memory affecting optipng 0.7.5 cve-assign (Oct 10)
Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization cve-assign (Nov 18)
Re: CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info cve-assign (Dec 21)
Re: LXDM X authentication issues cve-assign (Nov 20)
Re: CVE Request: Arm Mali gpu driver Dos vulnerability cve-assign (Oct 06)
Re: CVE request for path traversal / info leak bug in Spiffy web server cve-assign (Nov 18)
Re: Pointer misuse unziping files with busybox cve-assign (Nov 03)
Re: CVE Request: Openpgp.js Critical vulnerability in S2K cve-assign (Oct 30)
Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign (Dec 01)
Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 31)
Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0 cve-assign (Dec 17)
Re: CVE request: Remote DoS in Quassel cve-assign (Dec 12)
Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment cve-assign (Dec 31)
Re: Buffer overflow in libxml2 cve-assign (Nov 18)
Re: CVE request for sqlalchemy-utils cve-assign (Oct 20)
Re: CVE request for wget cve-assign (Oct 01)
Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 05)
Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization cve-assign (Nov 17)
Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign (Dec 16)
Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS cve-assign (Oct 29)
Re: Use after free in nghttp2 cve-assign (Dec 23)
Re: CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS cve-assign (Dec 14)
Re: CVE Request: Magento SWF XSS cve-assign (Dec 04)
Re: CVE Request: pycurl use after free fixed in version 7.19.5.2 cve-assign (Nov 03)
Re: CVE request - Redmine: open redirect vulnerability (fixed earlier this year) cve-assign (Dec 04)
Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS cve-assign (Oct 28)
Re: Heap overflow and endless loop in exfatfsck / exfat-utils cve-assign (Oct 29)
Re: CVE request libtiff: out-of-bounds read in CIE Lab image format cve-assign (Dec 25)
Re: CVE request: XSS to RCE in PHP-Fusion 9 cve-assign (Nov 29)
Re: CVE request: DoS in libxml2 if xz is enabled cve-assign (Nov 02)
Re: Heap Overflow in PCRE cve-assign (Nov 29)
Re: CVE request Qemu: acpi: heap based buffer overrun during VM migration cve-assign (Dec 24)
Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11 cve-assign (Oct 29)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw cve-assign (Nov 17)
Re: CVE Request: IPTables-Parse: Use of predictable names for temporary files cve-assign (Nov 24)
Re: CVE request -- linux kernel: overlay: fix permission checking for setattr cve-assign (Dec 23)
Re: CVE Request: zendframework SQL injections cve-assign (Oct 11)
Re: CVE request for math/big.Exp cve-assign (Dec 22)
Re: CVE request: issues fixed in PHP 5.6.14 and 5.5.30 cve-assign (Oct 10)
Re: CVE Requests for read out of bound in libpng cve-assign (Oct 26)
Re: CVE request - a out of bound read bug is found in libdwarf cve-assign (Dec 09)
Re: Libxml2: Several out of bounds reads cve-assign (Nov 22)
Re: CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key cve-assign (Dec 09)
Re: CVE Request: Stalin: Insecure use of temporary files cve-assign (Dec 27)
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 cve-assign (Oct 02)
Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign (Dec 15)
Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox) cve-assign (Nov 06)
Re: Inspircd <2.0.19 DoS cve-assign (Dec 29)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness cve-assign (Dec 14)
Re: race condition checking digests/checksums in sudoers cve-assign (Nov 10)
Re: CVE Request: Wordpress: Cross-site scripting vulnerability in the user list table cve-assign (Oct 27)
Re: CVE request: lldpd crash in lldp_decode due large management address cve-assign (Oct 29)
Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option cve-assign (Dec 31)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness cve-assign (Dec 15)
Re: CVE Request: Plone CSRF cve-assign (Oct 12)
Re: CVE request: Redmine - Data disclosure in atom feed cve-assign (Dec 09)
Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character cve-assign (Dec 14)
Re: CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine cve-assign (Dec 22)
Re: CVE request: qt5-qtwebkit records visited URLS in private browsing cve-assign (Nov 05)
Re: Pointer misuse unziping files with busybox cve-assign (Oct 28)
Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign (Dec 02)
Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c cve-assign (Oct 27)
Re: CVE request: Shell Injection in Pygments FontManager._get_nix_font_path cve-assign (Dec 14)
Re: Crafted xml causes out of bound memory access - Libxml2 cve-assign (Oct 22)
Re: CVE Request - Linux kernel - securelevel/secureboot bypass. cve-assign (Oct 15)
Re: CVE request - redmine: Issues API may disclose changeset messages that are not visible cve-assign (Dec 04)
Re: CVE Request: Use after free in PHP Collator::sortWithSortKeys function cve-assign (Dec 22)
Re: Heap Overflow in PCRE cve-assign (Nov 28)
Re: CVE Request: invalid curve attack on bouncycastle cve-assign (Oct 22)
Re: Heap overflow and DoS in unzip 6.0 cve-assign (Oct 11)
Re: CVE request: libpng buffer overflow in png_set_PLTE cve-assign (Nov 12)
Re: CVE request: Blueman: Privilege escalation in blueman dbus API cve-assign (Dec 18)
Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) cve-assign (Dec 11)
Re: CVE request for keepassx password database export cve-assign (Nov 30)
Re: CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace cve-assign (Oct 28)
Re: CVE request: Gummi cve-assign (Oct 08)
Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2 cve-assign (Dec 05)

CVE ID Requests

Re: CVE Requests for Drupal 7.41 and contributed modules CVE ID Requests (Oct 23)

Dag-Erling Smørgrav

Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav (Dec 14)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav (Dec 15)

Damien Cauquil

CVE request: stored XSS in PowerDNS < 3.4.7 Damien Cauquil (Nov 06)

Daniel Beck

CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization Daniel Beck (Nov 09)
Re: Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization Daniel Beck (Nov 18)

Daniele Bianco

[oCERT 2015-011] PyAMF input sanitization errors (XXE) Daniele Bianco (Dec 17)
[oCERT 2015-012] Ganeti multiple issues Daniele Bianco (Dec 30)

Daniel Kahn Gillmor

Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)

Daniel Micay

Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
Re: seccomp filters without PR_SET_NO_NEW_PRIVS Daniel Micay (Nov 20)
Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Daniel Micay (Nov 30)
Re: Re: Fwd: x86 ROP mitigation Daniel Micay (Nov 17)

Daniel Stender

CVE request: Gummi Daniel Stender (Oct 08)

Dan Rosenberg

Re: CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Dan Rosenberg (Dec 17)

David Dworken

CVE Request: Reflected XSS in OpenMRS Login Page David Dworken (Dec 21)

David Jorm

CVE request: DoS in ONOS when handling jumbo ethernet frames David Jorm (Nov 24)

Dejan Bosanac

[ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ Dejan Bosanac (Dec 08)

Devananda van der Veen

OpenStack Ironic does not honor clean steps (CVE-2015-7514) Devananda van der Veen (Dec 03)
OpenStack Ironic does not honor clean steps (CVE-2015-7514) Devananda van der Veen (Dec 03)

Dis close

CVE Request: Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 Dis close (Oct 27)
CVE Request: Malicious File Upload in NextGEN Gallery by Photocrati Version 2.1.10 Dis close (Oct 27)
CVE Request: XSS in Fast Secure Contact Form version 4.0.37 Dis close (Oct 27)
CVE Request: XSS Vulnerability in BulletProof Security Version .52.4 Dis close (Oct 27)
CVE Request: Multiple XSS in NextGEN Gallery by Photocrati Version 2.1.7 Dis close (Oct 27)
CVE Request: XSS in Blubrry PowerPress Podcasting wordpress plugin Version 6.0.4 Dis close (Oct 27)
CVE request: Reflected XSS in OcPortal CMS 9.0.20 Dis close (Nov 13)

Dominic Cleal

CVE-2015-7518: Foreman stored XSS in parameter information popup Dominic Cleal (Dec 09)

Emmanuel Law

CVE Request: Use after free in PHP Collator::sortWithSortKeys function Emmanuel Law (Dec 22)

Evans, Jonathan L.

Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 21)
RE: CVE for git issue - please use CVE-2015-7545 Evans, Jonathan L. (Dec 09)
RE: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 26)

Fabian Keil

Re: Heap Overflow in PCRE Fabian Keil (Nov 25)
Re: Heap Overflow in PCRE Fabian Keil (Nov 24)

Fabio Olive Leite

Re: CVE request-HUAWEI P8 GRA-UL00 Fabio Olive Leite (Nov 16)

Fabio Pagani

Re: Re: Fwd: x86 ROP mitigation Fabio Pagani (Nov 18)

Felix Geyer

Re: Re: CVE request for keepassx password database export Felix Geyer (Dec 08)

Fiedler Roman

AW: CVE Request: Linux kernel: privilege escalation in user namespaces Fiedler Roman (Dec 18)
Re: CVE Request: Linux kernel: privilege escalation in user namespaces Fiedler Roman (Dec 21)

Florent Daigniere

Re: Prime example of a can of worms Florent Daigniere (Oct 22)

Florian Weimer

Re: Instruction encoding which prevents execution of a suffix Florian Weimer (Nov 24)
Instruction encoding which prevents execution of a suffix Florian Weimer (Nov 20)
Re: CVE request: BD-J implementation in libbluray Florian Weimer (Oct 05)
Re: CVE request: urlfetch range handling flaw in Cyrus IMAP Florian Weimer (Oct 13)
Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Florian Weimer (Oct 23)
Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Florian Weimer (Nov 08)
CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 15)
Re: CVE Request: Glibc Pointer guarding weakness Florian Weimer (Oct 15)
Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Florian Weimer (Oct 16)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Florian Weimer (Dec 14)
CVE-2015-0856: sddm does not prevent access to the KDE crash handler Florian Weimer (Oct 14)
Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
Re: Re: Fwd: x86 ROP mitigation Florian Weimer (Nov 18)
Re: CVE request - open-vm-tools using predictable filename in /tmp Florian Weimer (Oct 26)
Re: CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 18)
Re: CVE request for math/big.Exp Florian Weimer (Dec 21)
seccomp filters without PR_SET_NO_NEW_PRIVS Florian Weimer (Nov 20)

Fried Wil

Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Fried Wil (Nov 22)

GAURAV GUPTA

[oss-security]Crafted xml causes out of bound memory access - Libxml2 GAURAV GUPTA (Oct 21)
Buffer overflow in libxml2 GAURAV GUPTA (Nov 17)

gauri

Re: Re: CVE request: libsndfile 1.0.25 heap overflow gauri (Nov 05)

Gijs Hollestelle

CVE Request: Openpgp.js Critical vulnerability in S2K Gijs Hollestelle (Oct 13)

Gilles Chehade

Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)
Re: Remotely triggerable buffer overflow in OpenSMTPD Gilles Chehade (Oct 05)
Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)

Glenn Randers-Pehrson

Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE Glenn Randers-Pehrson (Dec 03)
CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson (Dec 31)
CVE request: libpng buffer overflow in png_set_PLTE Glenn Randers-Pehrson (Nov 12)
Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson (Dec 31)
Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson (Dec 11)
Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson (Dec 10)
Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson (Dec 17)

Greg KH

Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Greg KH (Oct 15)

gremlin

Re: Prime example of a can of worms gremlin (Oct 23)
Re: Being vulnerable to POODLE gremlin (Dec 26)
Re: Prime example of a can of worms gremlin (Oct 20)

Gsunde Orangen

Re: Being vulnerable to POODLE Gsunde Orangen (Dec 26)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen (Nov 25)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen (Nov 12)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen (Nov 13)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen (Nov 26)
CVE Request: PHPMailer Message Injection Vulnerability Gsunde Orangen (Dec 04)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen (Nov 15)
Re: Re: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen (Nov 13)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen (Nov 13)
CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen (Nov 12)

Gustavo Grieco

CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
Pointer misuse unziping files with busybox Gustavo Grieco (Oct 25)
CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 05)
CVE request: DoS in libxml2 if xz is enabled Gustavo Grieco (Nov 02)
Re: CVE request: DoS in libxml2 if xz is enabled Gustavo Grieco (Nov 03)
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 05)
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
Several reads out-of-bound in mplayer 1.1 Gustavo Grieco (Nov 10)
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
Re: Pointer misuse unziping files with busybox Gustavo Grieco (Oct 26)
Re: Pointer misuse unziping files with busybox Gustavo Grieco (Oct 30)

halfdog

Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 20)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 14)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 13)
User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 02)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 15)

Hannes Frederic Sowa

Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 11)
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)
Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 09)
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)

Hanno Böck

Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Hanno Böck (Nov 25)
Two out of bounds reads in Zstandard / zstd Hanno Böck (Oct 24)
Stack overflows and out of bounds read in dpkg (Debian) Hanno Böck (Nov 26)
Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
Re: New security advisory for Apache CXF Hanno Böck (Nov 14)
Use after free in nghttp2 Hanno Böck (Dec 23)
Re: CVE request: libsndfile 1.0.25 heap overflow Hanno Böck (Nov 03)
Libxml2: Several out of bounds reads Hanno Böck (Nov 21)
Heap Overflow in PCRE Hanno Böck (Nov 24)
Out of bounds read in OpenVPN before 2.3.9 Hanno Böck (Dec 17)
Heap overflow and endless loop in exfatfsck / exfat-utils Hanno Böck (Oct 24)
Re: Heap Overflow in PCRE Hanno Böck (Nov 24)

Hans Jerry Illikainen

libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen (Dec 16)
libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen (Dec 26)
giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen (Dec 21)
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen (Dec 16)

Hector Marco-Gisbert

Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert (Dec 15)

Henri Salo

CVE-request: ~/.t_coffee/ is world-writable Henri Salo (Dec 23)
CVE-2015-8562: Joomla remote code execution vulnerability Henri Salo (Dec 15)
Re: Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2 Henri Salo (Dec 05)
CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2 Henri Salo (Dec 04)

Hubert Kario

tlsfuzzer - new tool Hubert Kario (Nov 02)

Huzaifa Sidhpurwala

Fwd: [vs-plain] CVE-2015-5261 Huzaifa Sidhpurwala (Oct 05)

Igor Smolyar

CVE request -- Ethernet flow control vulnerability in SRIOV devices Igor Smolyar (Dec 03)

ISC Security Officer

New vulnerability in Kea DHCP servers (CVE-2015-8373) is now public ISC Security Officer (Dec 22)

Jacob Vosmaer

CVE request: RCE in gitlab-shell 2.6.6-2.6.7 Jacob Vosmaer (Nov 25)

Jakub Wilk

Re: Re: Heap Overflow in PCRE Jakub Wilk (Dec 03)

Jann Horn

Re: CVE Request: Linux kernel: privilege escalation in user namespaces Jann Horn (Dec 17)

Jan Rusnacko

Re: CVE Request: git Jan Rusnacko (Nov 23)

Jan Schaumann

Chef: knife bootstrap leaks validator privkey into system logs Jan Schaumann (Dec 14)
Re: Re: Chef: knife bootstrap leaks validator privkey into system logs Jan Schaumann (Dec 14)

Jason A. Donenfeld

CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper Jason A. Donenfeld (Dec 14)
Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper Jason A. Donenfeld (Dec 14)
Remotely triggerable buffer overflow in OpenSMTPD Jason A. Donenfeld (Oct 04)
Re: Remotely triggerable buffer overflow in OpenSMTPD Jason A. Donenfeld (Oct 05)
CVE Request: OpenSMTPD <= 5.7.2 buffer overflow Jason A. Donenfeld (Oct 05)

Jason Buberel

Re: CVE request for math/big.Exp Jason Buberel (Dec 22)
CVE request for math/big.Exp Jason Buberel (Dec 21)

Jason Shepherd

Re: Assign CVE for common-collections remote code execution on deserialisation flaw Jason Shepherd (Nov 12)
Assign CVE for common-collections remote code execution on deserialisation flaw Jason Shepherd (Nov 08)

Jean-Baptiste Kempf

Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Nov 03)
Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Oct 04)

Jeff Law

Re: Fwd: x86 ROP mitigation Jeff Law (Nov 18)
Re: Fwd: x86 ROP mitigation Jeff Law (Nov 17)

Jeremy Stanley

Re: CVE Request: BusyBox tar directory traversal Jeremy Stanley (Oct 23)
Re: Re: CVE Request: Squashfs 4.2 Race Condition Jeremy Stanley (Dec 31)
Re: CVE Request: BusyBox tar directory traversal Jeremy Stanley (Oct 23)

Jessie Frazelle

Re: Re: CVE request for math/big.Exp Jessie Frazelle (Dec 22)

Jihyeok Seo

Re: CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo (Dec 30)
CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo (Dec 30)

Joe Bowser

CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions Joe Bowser (Nov 20)
CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Joe Bowser (Nov 20)

Johannes Segitz

CVE request: Linux kernel, information disclosure after file truncate on BTRFS Johannes Segitz (Nov 27)

John Johansen

CVE Request: Linux kernel: privilege escalation in user namespaces John Johansen (Dec 17)

Jonathan Brossard

[CFP] No Big Thing Conference #2 San Francisco, December 5 2015 Jonathan Brossard (Nov 17)

Jonathan Salwan

Re: Re: Fwd: x86 ROP mitigation Jonathan Salwan (Nov 19)

Josh Bressers

Re: Instruction encoding which prevents execution of a suffix Josh Bressers (Nov 23)
Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)
Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Josh Bressers (Nov 18)
Re: Re: Fwd: x86 ROP mitigation Josh Bressers (Nov 17)

Jo Shields

CVE-2009-0689 discovered in Mono prior to 4.2 Jo Shields (Dec 19)

Josh Matthews

Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Josh Matthews (Nov 30)

Joshua Rogers

Re: Prime example of a can of worms Joshua Rogers (Oct 21)

Jouni Malinen

hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation Jouni Malinen (Nov 10)
wpa_supplicant unauthorized WNM Sleep Mode GTK control Jouni Malinen (Nov 10)
wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message Jouni Malinen (Nov 10)

Julien Tinnes

CVE Request: Unauthorized access to IPC objects with SysV shm Julien Tinnes (Oct 01)

Kristian Fiskerstrand

CVE request: OpenSMTPD 5.7.2 Kristian Fiskerstrand (Oct 02)
CVE Request: pycurl use after free fixed in version 7.19.5.2 Kristian Fiskerstrand (Nov 03)

Kurt Seifried

Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Kurt Seifried (Oct 23)
Re: Prime example of a can of worms Kurt Seifried (Oct 21)
Re: CVE request: DoS in ONOS when handling jumbo ethernet frames Kurt Seifried (Nov 25)
Prime example of a can of worms Kurt Seifried (Oct 18)
Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 24)
Re: Prime example of a can of worms Kurt Seifried (Oct 19)
Re: Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Kurt Seifried (Nov 18)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
Re: Prime example of a can of worms Kurt Seifried (Oct 21)
CVE request for Gnome gdm/screen lock crash Kurt Seifried (Nov 17)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
Re: Prime example of a can of worms Kurt Seifried (Oct 20)
Re: CVE for git issue - please use CVE-2015-7545 Kurt Seifried (Dec 09)
Re: Prime example of a can of worms Kurt Seifried (Oct 22)
Re: CVE-2015-7266 Kurt Seifried (Nov 18)
mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Kurt Seifried (Dec 21)
Major outstanding CVE requests Kurt Seifried (Nov 27)
Re: CVE-2015-7266 Kurt Seifried (Nov 18)
php preg_replace() flaw - is this even CVE worthy? Kurt Seifried (Dec 21)
Re: Prime example of a can of worms Kurt Seifried (Oct 19)
Re: CVE request for Gnome gdm/screen lock crash Kurt Seifried (Nov 17)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 30)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
CVE for git issue - please use CVE-2015-7545 Kurt Seifried (Dec 08)
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Kurt Seifried (Oct 01)

Larry Cashdollar

Blind SQL injection in wp-championship wordpress plugin v5.8 Larry Cashdollar (Nov 09)
Re: CVE request for sqlalchemy-utils Larry Cashdollar (Oct 19)
Command Injection in cool-video-gallery v1.9 Wordpress plugin Larry Cashdollar (Dec 02)

Larry W. Cashdollar

SQL injection in wordpress plugin double-opt-in-for-download v2.0.8 Larry W. Cashdollar (Nov 28)
Local root vulnerability in DeleGate v9.9.13 Larry W. Cashdollar (Dec 26)

limingxing

CVE request rtmpdump: the 6 vulnerabilities have been fixed limingxing (Dec 29)
CVE request -- Out-of-bounds Read in libtiff limingxing (Dec 23)

Lisa Bradley

Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Lisa Bradley (Nov 13)

Loganaden Velvindron

Re: Prime example of a can of worms Loganaden Velvindron (Oct 21)

Luca Bruno

Review+CVE request: multiple issues in redis EVAL command (lua sandbox) Luca Bruno (Nov 06)
Re: Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox) Luca Bruno (Nov 06)

Lucid Lynx

CVE Request: two issues in bee2 crypto library Lucid Lynx (Dec 14)

Mamoru TASAKA

Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Mamoru TASAKA (Oct 25)
CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Mamoru TASAKA (Oct 24)

Marc Deslauriers

Re: AW: CVE Request: Linux kernel: privilege escalation in user namespaces Marc Deslauriers (Dec 18)

Marcus Meissner

Re: Re: CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner (Dec 16)
CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner (Dec 15)
injecting environment variables into Phusion Passenger (CVE-2015-7519) Marcus Meissner (Dec 07)

Mark Felder

Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder (Nov 12)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder (Nov 13)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder (Nov 13)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder (Nov 13)
Inspircd <2.0.19 DoS Mark Felder (Dec 29)

Martin Prpic

Duplicate CVE: CVE-2015-7703 in NTP Martin Prpic (Oct 22)
CVE request: issues fixed in PHP 5.6.14 and 5.5.30 Martin Prpic (Oct 05)
CVE request: libsndfile 1.0.25 heap overflow Martin Prpic (Nov 03)

Mathias Krause

Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Mathias Krause (Nov 18)

Matthias Geerdsen

CVE request - Redmine: open redirect vulnerability (fixed earlier this year) Matthias Geerdsen (Dec 03)
CVE request - redmine: Issues API may disclose changeset messages that are not visible Matthias Geerdsen (Dec 03)
CVE request: Redmine - Data disclosure in atom feed Matthias Geerdsen (Dec 08)
CVE request: Redmine - information disclosure on the time logging form Matthias Geerdsen (Nov 24)

Matthias Weckbecker

Re: Prime example of a can of worms Matthias Weckbecker (Oct 21)

Matthijs Kooijman

CVE request - perl library UI::Dialog 1.09 - shell escaping vulnerability Matthijs Kooijman (Oct 08)

Matt U

Re: Prime example of a can of worms Matt U (Oct 18)

Max Teufel

CVE request: flexlay: Insecure use of temporary files Max Teufel (Dec 28)

mcatanzaro

CVE Request: Shotwell does not verify TLS certificates mcatanzaro (Dec 04)

Michael McNally

CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c Michael McNally (Dec 15)
CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c Michael McNally (Dec 15)

Michael Scherer

CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer (Oct 26)
Re: CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer (Oct 27)

Michal Zalewski

Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)

Mohamed A. Baset

CVE Request regarding Firefox FindMyDevice Service Critical ClickJacking Mohamed A. Baset (Oct 25)

Moritz Bechler

Re: Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization Moritz Bechler (Nov 18)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Moritz Bechler (Nov 09)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Moritz Bechler (Nov 11)

Moritz Muehlenhoff

Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)

Nathan Van Gheem

CVE Request: Plone CSRF Nathan Van Gheem (Oct 12)
Re: CVE Request: Plone CSRF Nathan Van Gheem (Oct 12)

Nick Kralevich

Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart Nick Kralevich (Oct 09)

Oracle Security Alerts (Thomas)

Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Oracle Security Alerts (Thomas) (Nov 17)

Pali Rohár

Re: DoS attack through Email-Address perl module v1.907 (CVE id request) Pali Rohár (Oct 02)

Patrick Uiterwijk

Multiple CVE info for Ipsilon Patrick Uiterwijk (Oct 27)
[CVE-2015-5215] Ipsilon: XSS in multiple pages Patrick Uiterwijk (Oct 23)

Pedro Vaz De Sousa Grilo

Re: Assign CVE for common-collections remote code execution on deserialisation flaw Pedro Vaz De Sousa Grilo (Nov 09)

Pere Orga

Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 24)
CVE Requests for Drupal 7.41 and contributed modules Pere Orga (Oct 21)
CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 14)

Peter Bex

CVE request for path traversal / info leak bug in Spiffy web server Peter Bex (Nov 17)
Re: CVE request for path traversal / info leak bug in Spiffy web server Peter Bex (Nov 18)

Philip Pettersson

CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL Philip Pettersson (Nov 30)

Pierre Kim

CVE request: net-snmp OpenBSD package - insecure file permission vulnerability Pierre Kim (Nov 09)

Pierre Schweitzer

CVE request: Remote DoS in Quassel Pierre Schweitzer (Dec 12)

Pieter Lexis

PowerDNS Security Announcement 2015-03 Pieter Lexis (Nov 09)
Re: CVE request: stored XSS in PowerDNS < 3.4.7 Pieter Lexis (Nov 06)

P J P

CVE request Qemu: acpi: heap based buffer overrun during VM migration P J P (Dec 23)
CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine P J P (Dec 22)
Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception P J P (Nov 09)
CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception P J P (Nov 09)
CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info P J P (Dec 21)
Re: Re: CVE request Qemu: net: vmxnet3: host memory leakage P J P (Dec 15)
CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception P J P (Nov 09)
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode P J P (Nov 30)
CVE request Qemu: net: vmxnet3: host memory leakage P J P (Dec 15)
CVE request Qemu net: rocker: fix an incorrect array bounds check P J P (Dec 28)
CVE request Qemu: net: eepro100: infinite loop in processing command block list P J P (Nov 25)
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode P J P (Nov 30)
CVE request: Qemu: ui: vnc: avoid floating point exception P J P (Dec 08)
CVE-2015-7549 Qemu: pci: msi-x: null pointer dereference issue P J P (Dec 13)
CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS P J P (Dec 14)

Pray3r

CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Pray3r (Dec 12)

Qualys Security Advisory

Qualys Security Advisory - OpenSMTPD Audit Report Qualys Security Advisory (Oct 02)
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Qualys Security Advisory (Oct 15)

Quentin Casasnovas

Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c Quentin Casasnovas (Oct 27)

Raphael Hertzog

Re: Pending CVE requests for glibc Raphael Hertzog (Nov 03)
CVE Request: invalid curve attack on bouncycastle Raphael Hertzog (Oct 22)

Reed Loden

CVE request: mail ruby gem <2.6.0 vulnerable to SMTP injection via recipient email addresses Reed Loden (Dec 11)
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Reed Loden (Nov 25)
CVE request: handlebars node.js module <4.0.0 - "Quoteless attributes in templates can lead to XSS" Reed Loden (Dec 11)

Reinhard Tartler

Re: Re: CVE request for keepassx password database export Reinhard Tartler (Dec 03)

Ricardo

CVE request - Icinga 1.13.3 and older are vulnerable to XSS Ricardo (Oct 23)

Rich Felker

Re: Re: Fwd: x86 ROP mitigation Rich Felker (Nov 17)
Re: Re: Pointer misuse unziping files with busybox Rich Felker (Oct 30)

robert

Re: CVE request for sqlalchemy-utils robert (Oct 18)
CVE request for sqlalchemy-utils robert (Oct 06)

Robert Święcki

Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 09)
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 14)

Robert Watson

Re: CVE Request: BusyBox tar directory traversal Robert Watson (Oct 22)
Re: CVE Request: BusyBox tar directory traversal Robert Watson (Oct 23)
Re: CVE Request: BusyBox tar directory traversal Robert Watson (Oct 23)

Russ Allbery

Re: CVE Request: BusyBox tar directory traversal Russ Allbery (Oct 23)

Ryan Dewhurst

CVE Request: Magento SWF XSS Ryan Dewhurst (Dec 04)

Sabrina Dubroca

CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace Sabrina Dubroca (Oct 27)

Salva Peiró

Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró (Oct 16)
Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró (Oct 16)
CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró (Oct 15)
CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc Salva Peiró (Oct 21)

Salvatore Bonaccorso

CVE Request: Stalin: Insecure use of temporary files Salvatore Bonaccorso (Dec 27)
Re: hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation Salvatore Bonaccorso (Oct 30)
CVE Request: Wordpress: Cross-site scripting vulnerability in the user list table Salvatore Bonaccorso (Oct 26)
CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character Salvatore Bonaccorso (Dec 13)
Re: CVE Request: Linux kernel: privilege escalation in user namespaces Salvatore Bonaccorso (Dec 27)
Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Salvatore Bonaccorso (Nov 22)
Re: Re: CVE request: BD-J implementation in libbluray Salvatore Bonaccorso (Oct 13)
CVE request: Blueman: Privilege escalation in blueman dbus API Salvatore Bonaccorso (Dec 18)
CVE Request: IPTables-Parse: Use of predictable names for temporary files Salvatore Bonaccorso (Nov 24)
Re: Re: Heap Overflow in PCRE Salvatore Bonaccorso (Dec 02)
pitivi: CVE-2015-0855: Insecure use of os.system() Salvatore Bonaccorso (Dec 23)

Scott Arciszewski

Joomla CMS - Bad Cryptography - Multiple Vulnerabilities Scott Arciszewski (Nov 07)

Sebastian Krahmer

csd-datetime forgets to authorize users Sebastian Krahmer (Oct 28)
Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Sebastian Krahmer (Dec 02)

Serge Hallyn

Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Dec 17)

Seth Arnold

Re: Re: CVE request for wget Seth Arnold (Oct 01)
Re: Prime example of a can of worms Seth Arnold (Oct 19)
CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold (Dec 01)
Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold (Dec 01)
CVE Request: Audio File Library Seth Arnold (Oct 05)
CVE Request: gvfsd-dav Seth Arnold (Oct 05)
CVE Request: ImageMagick Seth Arnold (Oct 06)
CVE Request: git Seth Arnold (Oct 05)

Sevan Janiyan

Re: Being vulnerable to POODLE Sevan Janiyan (Dec 29)
Re: Being vulnerable to POODLE Sevan Janiyan (Dec 28)
Being vulnerable to POODLE Sevan Janiyan (Dec 26)
Re: Being vulnerable to POODLE Sevan Janiyan (Dec 26)

Shawn

Re: CVE request-HUAWEI P8 GRA-UL00 Shawn (Nov 16)

Simon .

suckless sent and libxft-dev 2.3.2-1 crash Simon . (Nov 16)

Solar Designer

Re: CVE-2015-7266 Solar Designer (Nov 18)
Re: CVE request libtiff: out-of-bounds read in CIE Lab image format Solar Designer (Dec 25)
Re: CVE request-HUAWEI P8 GRA-UL00 Solar Designer (Nov 16)
Re: [CFP] No Big Thing Conference #2 San Francisco, December 5 2015 Solar Designer (Nov 17)
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Solar Designer (Dec 14)
Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
x86 ROP mitigation Solar Designer (Nov 17)
Re: Fwd: x86 ROP mitigation Solar Designer (Nov 19)
Re: Fwd: x86 ROP mitigation Solar Designer (Nov 17)
Re: CVE Request: Linux kernel: privilege escalation in user namespaces Solar Designer (Dec 17)

Stefan Cornelius

CVE request: Shell Injection in Pygments FontManager._get_nix_font_path Stefan Cornelius (Dec 14)
Re: CVE Request: ImageMagick Stefan Cornelius (Oct 08)
CVE request: libxslt xsltStylePreCompute() type confusion DoS Stefan Cornelius (Oct 27)
Re: Re: CVE request: Shell Injection in Pygments FontManager._get_nix_font_path Stefan Cornelius (Dec 15)

Stefan Kanthak

CVE request for Nullsoft Scriptable Install System Stefan Kanthak (Oct 31)

Steve Grubb

Re: Re: Fwd: x86 ROP mitigation Steve Grubb (Nov 18)

Stuart Henderson

Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Stuart Henderson (Oct 16)

Till Kamppeter

Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character Till Kamppeter (Dec 14)

Tim

Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Tim (Nov 12)
Re: suckless sent and libxft-dev 2.3.2-1 crash Tim (Nov 16)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Tim (Nov 11)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Tim (Nov 09)
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Tim (Nov 13)
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Tim (Nov 10)
Re: Prime example of a can of worms Tim (Oct 19)

Tim Brown

Re: CVE Request: BusyBox tar directory traversal Tim Brown (Oct 22)

Tim Graham

[ANNOUNCE] Django security releases issued (1.7.11, 1.8.7, and 1.9rc2) Tim Graham (Nov 24)

Timothy Bish

[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities Timothy Bish (Nov 06)

Tomas Hoger

LXDM X authentication issues Tomas Hoger (Nov 20)
Re: race condition checking digests/checksums in sudoers Tomas Hoger (Dec 01)
Re: Re: LXDM X authentication issues Tomas Hoger (Nov 20)
Re: Re: Heap Overflow in PCRE Tomas Hoger (Nov 30)

Tristan Cacqueray

[OSSA 2015-020] Glance storage overrun (CVE-2015-5286) Tristan Cacqueray (Oct 02)
CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 05)
Re: Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Nov 18)
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Nov 17)
[OSSA 2015-021] Nova network security group changes are not applied to running instances (CVE-2015-7713) Tristan Cacqueray (Oct 07)

Tyler Hicks

CVE Request: BusyBox tar directory traversal Tyler Hicks (Oct 21)
Re: CVE Request: BusyBox tar directory traversal Tyler Hicks (Oct 21)

Vladis Dronov

CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Vladis Dronov (Nov 13)
CVE request -- linux kernel: overlay: fix permission checking for setattr Vladis Dronov (Dec 23)
CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem Vladis Dronov (Nov 23)
Re: CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Vladis Dronov (Nov 13)
CVE request -- Linux kernel: selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm() Vladis Dronov (Nov 04)

Wade Mealing

CVE Request - Linux kernel - securelevel/secureboot bypass. Wade Mealing (Oct 14)
Re: CVE Request - Linux kernel - securelevel/secureboot bypass. Wade Mealing (Oct 15)
CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Wade Mealing (Nov 17)
CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key Wade Mealing (Dec 08)

William Pitcock

Re: ircd-ratbox and Derivatives OOM by MONITOR Command William Pitcock (Oct 11)

Xen . org security team

Xen Security Advisory 164 (CVE-2015-8554) - qemu-dm buffer overrun in MSI-X handling Xen . org security team (Dec 17)
Xen Security Advisory 145 (CVE-2015-7812) - arm: Host crash when preempting a multicall Xen . org security team (Oct 29)
Xen Security Advisory 166 - ioreq handling possibly susceptible to multiple read issue Xen . org security team (Dec 17)
Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents Xen . org security team (Dec 17)
Xen Security Advisory 163 - virtual PMU is unsupported Xen . org security team (Nov 24)
Xen Security Advisory 159 (CVE-2015-8339,CVE-2015-8340) - XENMEM_exchange error handling issues Xen . org security team (Dec 08)
Xen Security Advisory 153 (CVE-2015-7972) - x86: populate-on-demand balloon size inaccuracy can crash guests Xen . org security team (Oct 29)
Xen Security Advisory 169 (CVE-2015-8615) - x86: unintentional logging upon guest changing callback method Xen . org security team (Dec 22)
Xen Security Advisory 150 (CVE-2015-7970) - x86: Long latency populate-on-demand operation is not preemptible Xen . org security team (Oct 29)
Xen Security Advisory 169 - x86: unintentional logging upon guest changing callback method Xen . org security team (Dec 21)
Xen Security Advisory 160 (CVE-2015-8341) - libxl leak of pv kernel and initrd on error Xen . org security team (Dec 08)
Xen Security Advisory 149 (CVE-2015-7969) - leak of main per-domain vcpu pointer array Xen . org security team (Oct 29)
Xen Security Advisory 151 (CVE-2015-7969) - x86: leak of per-domain profiling-related vcpu pointer array Xen . org security team (Oct 29)
Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM Xen . org security team (Dec 08)
Xen Security Advisory 157 (CVE-2015-8551,CVE-2015-8552) - Linux pciback missing sanity checks leading to crash Xen . org security team (Dec 17)
Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents Xen . org security team (Dec 17)
Xen Security Advisory 147 (CVE-2015-7814) - arm: Race between domain destruction and memory allocation decrease Xen . org security team (Oct 29)
Xen Security Advisory 161 - WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM Xen . org security team (Nov 25)
Xen Security Advisory 148 (CVE-2015-7835) - x86: Uncontrolled creation of large page mappings by PV guests Xen . org security team (Oct 29)
Xen Security Advisory 152 (CVE-2015-7971) - x86: some pmu and profiling hypercalls log without rate limiting Xen . org security team (Oct 29)
Xen Security Advisory 146 (CVE-2015-7813) - arm: various unimplemented hypercalls log without rate limiting Xen . org security team (Oct 29)
Xen Security Advisory 156 (CVE-2015-5307,CVE-2015-8104) - x86: CPU lockup during exception delivery Xen . org security team (Nov 09)
Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM Xen . org security team (Dec 10)
Xen Security Advisory 165 (CVE-2015-8555) - information leak in legacy x86 FPU/XMM initialization Xen . org security team (Dec 17)
Xen Security Advisory 162 (CVE-2015-7504) - heap buffer overflow vulnerability in pcnet emulator Xen . org security team (Nov 30)

xiaoqixue_1

CVE request - a out of bound read bug is found in libdwarf xiaoqixue_1 (Dec 09)
CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) xiaoqixue_1 (Dec 10)
CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key xiaoqixue_1 (Dec 09)
CVE Requests for read out of bound in libpng xiaoqixue_1 (Oct 25)

Yann Droneaud

Re: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Yann Droneaud (Oct 05)

Yusaku Sako

[CVE-2015-1775] Apache Ambari Server Side Request Forgery vulnerability Yusaku Sako (Oct 12)
[CVE-2015-3186] Apache Ambari XSS vulnerability Yusaku Sako (Oct 12)
[CVE-2015-3270] A non-administrative user can escalate themselves to have administrative privileges remotely Yusaku Sako (Oct 12)
[CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits Yusaku Sako (Oct 12)

Yves-Alexis Perez

CVE request for keepassx password database export Yves-Alexis Perez (Nov 30)
CVE request for LightDM - XDMCP denial of service Yves-Alexis Perez (Nov 21)
Re: CVE Request: BusyBox tar directory traversal Yves-Alexis Perez (Oct 23)

Zach W.

CVE-2015-7266 Zach W. (Nov 18)
Re: CVE-2015-7266 Zach W. (Nov 18)

范祚至(库特)

CVE request libtiff: out-of-bounds read in CIE Lab image format 范祚至(库特) (Dec 25)

郭永刚

CVE request - Android OS - Using the PPP character device driver caused the system to restart 郭永刚 (Oct 08)
CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚 (Dec 09)
CVE request-HUAWEI P8 GRA-UL00 郭永刚 (Nov 16)

Previous period

Next period