oss-sec: by thread
738 messages
starting Jan 02 16 and
ending Mar 31 16
Date index |
Thread index |
Author index
- CVE Request: MantisBT SOAP API can be used to disclose confidential settings Damien Regad (Jan 02)
- Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings cve-assign (Jan 03)
- Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings Damien Regad (Jan 04)
- Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings cve-assign (Jan 03)
- CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen (Jan 02)
- Re: CVE Request: PCRE Library Heap Overflow Vulnerability cve-assign (Jan 02)
- CVE request: esoTalk 1.0.0g4 cross-site scripting vulnerability Henri Salo (Jan 03)
- phpecc/phpecc - Timing side-channel in ECDSA signature verification Paragon Initiative Enterprises Security Team (Jan 03)
- use-after-free in tidy-html5 Gustavo Grieco (Jan 03)
- Re: use-after-free in tidy-html5 Gustavo Grieco (Jan 25)
- Re: use-after-free in tidy-html5 Gustavo Grieco (Feb 11)
- Re: use-after-free in tidy-html5 Gustavo Grieco (Jan 25)
- CVE request Qemu: net: ne2000: OOB r/w in ioport operations P J P (Jan 04)
- Re: CVE request Qemu: net: ne2000: OOB r/w in ioport operations cve-assign (Jan 04)
- CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash P J P (Jan 04)
- CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash P J P (Jan 04)
- Re: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash cve-assign (Jan 04)
- CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 04)
- Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php cve-assign (Jan 04)
- Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
- Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 05)
- Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
- Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
- Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php cve-assign (Jan 04)
- CVE Request: python-rsa signature forgery Filippo Valsorda (Jan 04)
- Re: CVE Request: python-rsa signature forgery cve-assign (Jan 04)
- Remote Command Injection in Ruby Gem colorscore <=0.0.4 Reed Loden (Jan 04)
- CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso (Jan 05)
- Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files cve-assign (Jan 07)
- Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso (Jan 10)
- Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files cve-assign (Jan 07)
- CVE request for radicale Yves-Alexis Perez (Jan 05)
- Re: CVE request for radicale cve-assign (Jan 06)
- <Possible follow-ups>
- Re: CVE request for radicale Guillaume Ayoub (Jan 06)
- Re: CVE request for radicale cve-assign (Jan 07)
- CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed Vladis Dronov (Jan 05)
- Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman (Jan 05)
- Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Jan 05)
- Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman (Jan 06)
- Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Jan 06)
- Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman (Jan 06)
- Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Jan 05)
- CVE request -- NULL dereference in libdwarf xiaoqixue_1 (Jan 06)
- Re: CVE request -- NULL dereference in libdwarf cve-assign (Jan 07)
- CVE Request: Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 CSW Research Lab (Jan 06)
- Discuss: Daily/weekly cron jobs best practices halfdog (Jan 06)
- Re: Discuss: Daily/weekly cron jobs best practices Tim Brown (Jan 12)
- Re: Discuss: Daily/weekly cron jobs best practices David W. Hodgins (Jan 12)
- Re: Discuss: Daily/weekly cron jobs best practices halfdog (Jan 15)
- Re: Discuss: Daily/weekly cron jobs best practices Tim Brown (Jan 12)
- CVE request: Missing normalization in ruby gem rack-attack <4.3.1 when used with ruby on rails Reed Loden (Jan 06)
- CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS P J P (Jan 07)
- CVE id request: dhcpcd Nico Golde (Jan 07)
- Re: CVE id request: dhcpcd cve-assign (Jan 07)
- CVE request: WP Symposium Pro Social Network plugin XSS and Critical CSRF Rahul Pratap Singh (Jan 07)
- [OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548) Tristan Cacqueray (Jan 07)
- CVE request for vulnerability in OpenStack Nova Grant Murphy (Jan 07)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Jan 07)
- Fwd: Integer overflow in the JasPer's jas_matrix_create() function Solar Designer (Jan 07)
- Re: Integer overflow in the JasPer's jas_matrix_create() function cve-assign (Jan 07)
- Re: Re: Integer overflow in the JasPer's jas_matrix_create() function Stefan Cornelius (Jan 11)
- Re: Integer overflow in the JasPer's jas_matrix_create() function cve-assign (Jan 07)
- CVE Request: WordPress: cross-site scripting vulnerability fixed in new 4.4.1 release Salvatore Bonaccorso (Jan 08)
- CVE-2016-1231, CVE-2016-1232: Prosody XMPP server multiple vulnerabilities Matthew Wild (Jan 08)
- Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Moritz Muehlenhoff (Jan 08)
- <Possible follow-ups>
- Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer cve-assign (Jan 08)
- Qemu: ide: ahci use-after-free vulnerability in aio port commands P J P (Jan 08)
- Re: Qemu: ide: ahci use-after-free vulnerability in aio port commands cve-assign (Jan 09)
- CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter Salvatore Bonaccorso (Jan 10)
- CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege VeraCrypt Team (Jan 10)
- CVE request: Arbitrary search execution in ruby gems auto_select2 <0.5.0 and auto_awesomeplete <=0.0.3 Reed Loden (Jan 10)
- CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions. Wade Mealing (Jan 11)
- CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas (Jan 11)
- CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas (Jan 11)
- CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P (Jan 11)
- CVE Request: click Jamie Strandboge (Jan 11)
- Re: CVE Request: click Jamie Strandboge (Jan 12)
- Re: CVE Request: click cve-assign (Jan 12)
- CVE requests for Drupal contributed modules Pere Orga (Jan 11)
- CVE for node.js websockets (ws) Kurt Seifried (Jan 11)
- Re: CVE for node.js websockets (ws) cve-assign (Jan 12)
- Re: CVE for node.js websockets (ws) Kurt Seifried (Jan 19)
- Re: CVE for node.js websockets (ws) cve-assign (Jan 20)
- Re: CVE for node.js websockets (ws) cve-assign (Jan 12)
- CVE Request: Vtiger CRM 6.4 Authenticated Remote Code Execution Benjamin Daniel Mussler (Jan 12)
- Re: CVE Request: Vtiger CRM 6.4 Authenticated Remote Code Execution cve-assign (Jan 12)
- CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability Rahul Pratap Singh (Jan 12)
- CVE request for Kubernetes api server: patch operation should use patched object to check admission control Kurt Seifried (Jan 12)
- CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy Kurt Seifried (Jan 12)
- [OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749) Grant Murphy (Jan 12)
- GRR <= 3.0.0-RC1 (all versions) RCE with privilege escalation through file upload filter bypass (authenficated) Jean-Marie Bourbon (Jan 12)
- ISC DHCP CVE-2015-8605: UDP payload length not properly checked ISC Security Officer (Jan 12)
- Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function limingxing (Jan 12)
- Re: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function cve-assign (Jan 13)
- Fwd: FFmpeg: stealing local files with HLS+concat Vladimir Dubrovin (Jan 13)
- Re: Fwd: FFmpeg: stealing local files with HLS+concat Alexander Cherepanov (Jan 13)
- Re: Fwd: FFmpeg: stealing local files with HLS+concat cve-assign (Jan 14)
- Re: Fwd: FFmpeg: stealing local files with HLS+concat Alexander Cherepanov (Jan 13)
- CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh (Jan 13)
- Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Henri Salo (Jan 16)
- [security] Go security release v1.5.3 Jason Buberel (Jan 13)
- Re: [security] Go security release v1.5.3 Solar Designer (Jan 14)
- Overlayfs ovl_setattr missing permission checks (CVE-2015-8660) halfdog (Jan 13)
- CVE Request: CGit - Multiple vulnerabilities Jason A. Donenfeld (Jan 14)
- Re: CVE Request: CGit - Multiple vulnerabilities Jason A. Donenfeld (Jan 14)
- Re: CVE Request: CGit - Multiple vulnerabilities cve-assign (Jan 14)
- nodejs Buffer(number) is unsafe #4660 Kurt Seifried (Jan 14)
- Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Rich Felker (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 18)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 20)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yves-Alexis Perez (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign (Jan 15)
- Re: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Kurt Seifried (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign (Jan 15)
- Re: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Tomas Hoger (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
- [CVE Request] Multiple PHP issues Emmanuel Law (Jan 14)
- Re: [CVE Request] Multiple PHP issues cve-assign (Jan 14)
- Security issues in GOsa Mike Gabriel (Jan 15)
- Re: Security issues in GOsa cve-assign (Jan 15)
- CVE request Qemu: i386: null pointer dereference in vapic_write P J P (Jan 15)
- Re: CVE request Qemu: i386: null pointer dereference in vapic_write cve-assign (Jan 16)
- It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski (Jan 16)
- Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil (Jan 18)
- Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski (Jan 18)
- Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil (Jan 19)
- Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski (Jan 18)
- Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil (Jan 18)
- Setgid/Setuid binary writing privilege escalation halfdog (Jan 16)
- Re: Setgid/Setuid binary writing privilege escalation Simon McVittie (Jan 16)
- [vs] moodle security release Marina Glancy (Jan 17)
- Buffer Overflow in lha compression utility Paris Zoumpouloglou (Jan 18)
- Re: Buffer Overflow in lha compression utility cve-assign (Jan 18)
- Re:[oss-security] Re: Buffer Overflow in lha compression utility xiaoqixue_1 (Jan 19)
- Re: an out of bound read is found in libdwarf -20151114 cve-assign (Jan 28)
- a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1 (Jan 26)
- Re: a bug in gif2rgb.c in giflib-5.1.2 cve-assign (Jan 26)
- Re:[oss-security] Re: a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1 (Jan 28)
- Re:[oss-security] Re: Buffer Overflow in lha compression utility xiaoqixue_1 (Jan 19)
- Re: Buffer Overflow in lha compression utility cve-assign (Jan 18)
- Out-of-bounds Read in the OpenJpeg's opj_j2k_update_image_data and opj_tgt_reset function limingxing (Jan 18)
- Security bugs in Linux kernel sound subsystem Johannes Segitz (Jan 19)
- Re: Security bugs in Linux kernel sound subsystem Johannes Segitz (Feb 23)
- Re: Security bugs in Linux kernel sound subsystem cve-assign (Feb 23)
- Linux kernel: use after free in keyring facility. Wade Mealing (Jan 19)
- CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 cve-assign (Jan 22)
- Re: CVE request: out-of-bounds write with cpio 2.11 anarcat (Jan 29)
- Re: Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 29)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Feb 12)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)
- [OSSA 2016-003] Heat denial of service through template-validate (CVE-2015-5295) Tristan Cacqueray (Jan 19)
- CVE Request: Quick CMS v 6.1 XSS Vulnerability Rahul Pratap Singh (Jan 19)
- CVE Request: Quick Cart v6.6 XSS Vulnerability Rahul Pratap Singh (Jan 19)
- Fwd: out of bound write in libdwarf -20151114 Qixue Xiao (Jan 19)
- Re: Fwd: out of bound write in libdwarf -20151114 cve-assign (Jan 24)
- CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines P J P (Jan 19)
- CVE assignment request for security bugs fixed in glibc 2.23 Florian Weimer (Jan 19)
- Re: CVE assignment request for security bugs fixed in glibc 2.23 Kurt Seifried (Jan 19)
- Re: CVE assignment request for security bugs fixed in glibc 2.23 cve-assign (Jan 19)
- Re: CVE assignment request for security bugs fixed in glibc 2.23 Florian Weimer (Jan 20)
- Re: CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Pray3r (Jan 19)
- OpenCart users, switch to OpenCart-CE immediately Scott Arciszewski (Jan 19)
- Overlayfs and devpts issues in namespaces halfdog (Jan 19)
- CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c causing BIND named to exit Jeremy C. Reed (Jan 19)
- CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate. Jeremy C. Reed (Jan 19)
- Xen Security Advisory 167 (CVE-2016-1570) - PV superpage functionality missing sanity checks Xen . org security team (Jan 20)
- Xen Security Advisory 168 (CVE-2016-1571) - VMX: intercept issue with INVLPG on non-canonical address Xen . org security team (Jan 20)
- Security issue in eCryptfs-utils (CVE-2016-1572) Tyler Hicks (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Hanno Böck (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms gremlin (Jan 20)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- Re: Prime example of a can of worms Steve Grubb (Jan 21)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- <Possible follow-ups>
- Re: Prime example of a can of worms Andrew Gallagher (Jan 21)
- Re: Re: Prime example of a can of worms Steve Grubb (Jan 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- imlib2 may need some CVEs assigned Mark Felder (Jan 20)
- Re: imlib2 may need some CVEs assigned cve-assign (Jan 22)
- CVE request: Two vulnerabilities in git-fastclone ruby gem Reed Loden (Jan 20)
- CVE Request: RESTBase 0.9.2 (security release) Chris Steipp (Jan 20)
- CVE request: Two vulnerabilities in mapbox.js node module Reed Loden (Jan 20)
- [OSSA 2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) Tristan Cacqueray (Jan 20)
- CVE request for Privoxy 3.0.24 Fabian Keil (Jan 21)
- Re: CVE request for Privoxy 3.0.24 cve-assign (Jan 21)
- ntp.org stats data logrotation script privilege escalation halfdog (Jan 21)
- CVE request for prima wlan driver: Address buffer overflow due to invalid length Shawn (Jan 23)
- CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() Salvatore Bonaccorso (Jan 23)
- CVE Request: Host based account hijack attack on php-openid Zemn mez (Jan 24)
- Re: CVE Request: Host based account hijack attack on php-openid cve-assign (Jan 24)
- CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression Salvatore Bonaccorso (Jan 24)
- CVE Request: tiff: potential out-of-bound write in NeXTDecode() Salvatore Bonaccorso (Jan 24)
- Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode() cve-assign (Jan 24)
- PSA: Don't use RNCryptor Scott Arciszewski (Jan 24)
- CVE Request: x86 Linux TLB flush bug Andy Lutomirski (Jan 24)
- Re: CVE Request: x86 Linux TLB flush bug cve-assign (Jan 25)
- Linux kernel : Denial of service with specially crafted key file. Wade Mealing (Jan 24)
- Re: Linux kernel : Denial of service with specially crafted key file. cve-assign (Jan 24)
- Linux potential division by zero in TCP code Florian Weimer (Jan 25)
- Re: Linux potential division by zero in TCP code cve-assign (Jan 25)
- Out-of-bounds Read in the libxml2's htmlParseNameComplex() function limingxing (Jan 25)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Jan 26)
- Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Feb 03)
- Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- [CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. Aaron Patterson (Jan 25)
- [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Aaron Patterson (Jan 25)
- Re: [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Justin Bull (Jan 27)
- [CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. Aaron Patterson (Jan 25)
- [CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson (Jan 25)
- [CVE-2015-7579] XSS vulnerability in rails-html-sanitizer Aaron Patterson (Jan 25)
- [CVE-2016-0752] Possible Information Leak Vulnerability in Action View Aaron Patterson (Jan 25)
- [CVE-2016-0753] Possible Input Validation Circumvention in Active Model Aaron Patterson (Jan 25)
- [CVE-2015-7580] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson (Jan 25)
- [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson (Jan 25)
- Flaw in mariadb clients SSL certificate validation Sergei Golubchik (Jan 26)
- CVE Request: WP Easy Gallery v4.1.4 Stored XSS Vulnerability Rahul Pratap Singh (Jan 26)
- shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Luca BRUNO (Jan 27)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Loganaden Velvindron (Jan 27)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Richard Johnson (Jan 27)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Thomas B . Rücker (Jan 27)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Kurt Seifried (Jan 27)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Zach W. (Jan 27)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Hazel (Jan 29)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes enki (Jan 29)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Scott Herbert (Jan 29)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Daniel Micay (Jan 29)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Daniel Micay (Jan 29)
- RE: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Adam Jacobs (Jan 27)
- Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Rob Janssen (Jan 27)
- Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Ask Bjørn Hansen (Jan 28)
- Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Rob Janssen (Jan 28)
- Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Asbjorn Hojmark (Jan 28)
- Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Loganaden Velvindron (Jan 27)
- CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function Salvatore Bonaccorso (Jan 27)
- CVE-2016-0756: Prosody XMPP server: insecure dialback key generation/validation algorithm Matthew Wild (Jan 27)
- Heap buffer overflow in fgetwln function of libbsd Hanno Böck (Jan 27)
- Re: Heap buffer overflow in fgetwln function of libbsd cve-assign (Jan 27)
- CVE request for Drupal contributed module (Open Atrium - Access Bypass - SA-CONTRIB-2016-003) Pere Orga (Jan 27)
- invalid Read in the JasPer's jas_matrix_clip() function limingxing (Jan 27)
- Re: invalid Read in the JasPer's jas_matrix_clip() function cve-assign (Jan 27)
- CVE request: Synology Photo Station command injection and privilege escalation lucas_leong () trend com tw (Jan 27)
- CVE-2015-7521: Apache Hive authorization bug disclosure Sushanth Sowmyan (Jan 28)
- CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines P J P (Jan 28)
- CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write P J P (Jan 29)
- Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write cve-assign (Jan 29)
- [OSSA 2016-005] Potential reuse of revoked Identity tokens (CVE-2015-7546) Tristan Cacqueray (Jan 29)
- CVE-2015-5344 - Apache Camel medium disclosure vulnerability Claus Ibsen (Jan 29)
- ArpON (ARP handler inspection) 3.0-ng release Andrea Di Pasquale (Jan 30)
- curl: NTLM credentials not-checked for proxy connection re-use Daniel Stenberg (Jan 31)
- curl: remote file name path traversal in curl tool for Windows Daniel Stenberg (Jan 31)
- CVE Request: FFmpeg issue Lucas Leong (Feb 01)
- Re: CVE Request: FFmpeg issue cve-assign (Feb 02)
- Socat security advisory 7 - Created new 2048bit DH modulus Gerhard Rieger (Feb 01)
- Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 02)
- Re: Re: Socat security advisory 7 - Created new 2048bit DH modulus Seth Arnold (Feb 02)
- Re: Socat security advisory 7 - Created new 2048bit DH modulus Andreas Stieger (Feb 04)
- <Possible follow-ups>
- Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 03)
- Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 02)
- Socat security advisory 8 - Stack overflow in parser Gerhard Rieger (Feb 01)
- Re: Socat security advisory 8 - Stack overflow in parser cve-assign (Feb 02)
- WebKitGTK+ Security Advisory WSA-2016-0001 Carlos Alberto Lopez Perez (Feb 01)
- [ANNOUNCE] Django releases issued: 1.9.2 (security) and 1.8.9 (bugfix) Tim Graham (Feb 01)
- Wordpress plugin Reflected XSS in connections v8.5.8 Larry Cashdollar (Feb 01)
- Miscomputations of elliptic curve scalar multiplications in Nettle Hanno Böck (Feb 02)
- Re: Miscomputations of elliptic curve scalar multiplications in Nettle cve-assign (Feb 02)
- Reflected XSS & Blind SQLi in wordpress plugin eshop v6.3.14 Larry Cashdollar (Feb 02)
- Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow Štefan Šafár (Feb 02)
- CVE Request -- Buffer overflow in Python-Pillow and PIL Eric Soroos (Feb 02)
- Re: CVE Request -- Buffer overflow in Python-Pillow and PIL Stefan Cornelius (Feb 22)
- Re: CVE Request -- Buffer overflow in Python-Pillow and PIL cve-assign (Feb 22)
- CVE Request: PHP-5.5.31: multiple security vulnerabilities Dmitry Kasyanov (Feb 03)
- CVE Request: Datafari Local File Disclosure PASCAULT Wilfried (Feb 03)
- Re: CVE Request: Datafari Local File Disclosure Fried Wil (Feb 24)
- [OSSA 2016-006] Glance image status manipulation through locations removal (CVE-2016-0757) Tristan Cacqueray (Feb 04)
- CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability Salvatore Bonaccorso (Feb 04)
- CVE Request: Open Source Media Center insecure default config Zach W. (Feb 04)
- CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1 Velmurugan Periasamy (Feb 05)
- CVE Request uclibc-ng dns resolver issues Daniel Fahlgren (Feb 05)
- Re: CVE Request uclibc-ng dns resolver issues cve-assign (Feb 05)
- CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 Gustavo Grieco (Feb 06)
- Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 Gustavo Grieco (Feb 06)
- Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 cve-assign (Feb 06)
- CVE Request: Horde: Two cross-site scripting vulnerabilities Salvatore Bonaccorso (Feb 06)
- Re: CVE Request: Horde: Two cross-site scripting vulnerabilities cve-assign (Feb 06)
- CVE request - buffer overflow in xdelta3 before 3.0.9 Stepan Golosunov (Feb 08)
- Re: CVE request - buffer overflow in xdelta3 before 3.0.9 cve-assign (Feb 08)
- CVE-2016-0617: linux kernel: hugetlbfs: fix bugs in hugetlb_vmtruncate_list() John Haxby (Feb 08)
- Libreoffice updater runs over http Sevan Janiyan (Feb 08)
- CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files Gustavo Grieco (Feb 09)
- CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access Andreas Stieger (Feb 09)
- KDE Plasma vulnerability: need CVE Albert Astals Cid (Feb 09)
- Re: KDE Plasma vulnerability: need CVE cve-assign (Feb 09)
- Re: KDE Plasma vulnerability: need CVE Albert Astals Cid (Feb 09)
- Re: KDE Plasma vulnerability: need CVE cve-assign (Feb 09)
- CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 Seth Arnold (Feb 09)
- Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 cve-assign (Feb 10)
- CVE request for Media Player Classic Andreas Lindh (Feb 10)
- CVE Request: Textual IRC Client <= 5.2.7 Remote Command Execution Shubham Shah (Feb 10)
- CVE Request : Use-after-free in accel-ppp FEIST Josselin (Feb 10)
- Re: CVE Request : Use-after-free in accel-ppp FEIST Josselin (Mar 08)
- CVE request - OkHttp Certificate Pining Bypass Matthew McPherrin (Feb 10)
- Re: CVE request - OkHttp Certificate Pining Bypass cve-assign (Feb 17)
- Linux kernel: Flaw in CXGB3 driver. Wade Mealing (Feb 11)
- Re: Linux kernel: Flaw in CXGB3 driver. cve-assign (Feb 11)
- HTTPS Only (Open Source, Python) David Leo (Feb 11)
- Re: HTTPS Only (Open Source, Python) P J P (Feb 11)
- Re: HTTPS Only (Open Source, Python) David Leo (Feb 12)
- Re: HTTPS Only (Open Source, Python) P J P (Feb 11)
- CVE requests for Drupal contributed modules (2016-004, 2016-005) Pere Orga (Feb 11)
- STARTTLS for this list? Alex Gaynor (Feb 11)
- Re: STARTTLS for this list? Noel Kuntze (Feb 11)
- Re: STARTTLS for this list? Seth Arnold (Feb 11)
- Re: STARTTLS for this list? Solar Designer (Feb 11)
- Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software halfdog (Feb 12)
- Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Scotty Bauer (Feb 12)
- Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Hanno Böck (Feb 13)
- Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Kristian Fiskerstrand (Feb 13)
- snprintf return value misuse in a lot of projects Yuriy M. Kaminskiy (Feb 13)
- Re: snprintf return value misuse in a lot of projects Alexander Cherepanov (Feb 13)
- CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read Salvatore Bonaccorso (Feb 14)
- Re: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read cve-assign (Feb 14)
- CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor Salvatore Bonaccorso (Feb 14)
- Re: CVE Request: cacti: Authentication using web authentication as a user, not in the,cacti database allows complete access Paul Gevers (Feb 14)
- CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability Stefan Cornelius (Feb 15)
- Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability cve-assign (Feb 15)
- cloud-init follows symlinks for ssh authorized_keys Jason A. Donenfeld (Feb 15)
- Re: cloud-init follows symlinks for ssh authorized_keys Roman Drahtmueller (Feb 15)
- CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow Stelios Tsampas (Feb 15)
- Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow cve-assign (Feb 15)
- Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) David Leo (Feb 15)
- Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) Solar Designer (Feb 15)
- Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) gremlin (Feb 15)
- Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) David Leo (Feb 17)
- CVE-2015-1776: Apache Hadoop MapReduce, disclosure of encrypted data Arun Suresh (Feb 15)
- CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service Amos Jeffries (Feb 15)
- Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service cve-assign (Feb 16)
- Re: Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service Amos Jeffries (Feb 16)
- Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service cve-assign (Feb 16)
- CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference P J P (Feb 16)
- CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function Florian Weimer (Feb 16)
- CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling P J P (Feb 16)
- Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble (Feb 16)
- Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 16)
- Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Florent Daigniere (Feb 17)
- Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 17)
- Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble (Feb 17)
- Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Florent Daigniere (Feb 17)
- Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 16)
- Xen Security Advisory 154 (CVE-2016-2270) - x86: inconsistent cachability flags on guest mappings Xen . org security team (Feb 17)
- Xen Security Advisory 170 (CVE-2016-2271) - VMX: guest user mode may crash guest with non-canonical RIP Xen . org security team (Feb 17)
- Feedback and mentoring (reviewer) for logdata-anomaly-miner Fiedler Roman (Feb 17)
- CVE Request: graphite-web: open redirect Manuel Mancera (Feb 17)
- <Possible follow-ups>
- Re: CVE Request: graphite-web: open redirect Manuel Mancera (Feb 17)
- Re: CVE Request: graphite-web: open redirect cve-assign (Feb 17)
- Re: CVE Request: graphite-web: open redirect Manuel Mancera (Feb 18)
- Re: CVE Request: graphite-web: open redirect cve-assign (Feb 17)
- Address Sanitizer local root Szabolcs Nagy (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Konstantin Serebryany (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Rich Felker (Feb 19)
- Re: Address Sanitizer local root Daniel Micay (Feb 19)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Hanno Böck (Feb 18)
- Re: Address Sanitizer local root Balint Reczey (Feb 18)
- Re: Address Sanitizer local root Daniel Micay (Feb 18)
- Re: Address Sanitizer local root Gynvael Coldwind (Feb 18)
- Re: Address Sanitizer local root Robert Święcki (Feb 18)
- <Possible follow-ups>
- Re: Address Sanitizer local root Darren Martyn (Feb 18)
- Re: Re: Address Sanitizer local root Rich Felker (Feb 18)
- Re: Re: Address Sanitizer local root Gynvael Coldwind (Feb 18)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- CVE-2015-7521: Apache Hive authorization bug disclosure (update) Sushanth Sowmyan (Feb 17)
- CVE requests for Drupal contributed modules (2016-006, 2016-007) Pere Orga (Feb 18)
- Re: Re: CVE request for wget Austin English (Feb 18)
- CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
- Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
- CVE for nodejs hawk Kurt Seifried (Feb 19)
- Re: CVE for nodejs hawk cve-assign (Feb 20)
- CSRF Vulnerability in Refinery CMS Shravan Kumar (Feb 20)
- Multiple XSS vulnerabilities in Refinery CMS Shravan Kumar (Feb 20)
- Re: Multiple XSS vulnerabilities in Refinery CMS Solar Designer (Feb 20)
- [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android Carlos Santana (Feb 21)
- CVE request Qemu: usb: integer overflow in remote NDIS control message handling P J P (Feb 22)
- imagemagick: request for CVEs Brian May (Feb 22)
- php: stack overflow when decompressing tar archives Hans Jerry Illikainen (Feb 22)
- Re: php: stack overflow when decompressing tar archives cve-assign (Feb 24)
- CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets Salvatore Bonaccorso (Feb 22)
- Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Solar Designer (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Simon McVittie (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 24)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Serge Hallyn (Feb 24)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Jakub Wilk (Feb 27)
- Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Alan Coopersmith (Feb 23)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 23)
- pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] Jann Horn (Feb 28)
- Re: Access to /dev/pts devices via pt_chown and user namespaces cve-assign (Mar 06)
- Re: Access to /dev/pts devices via pt_chown and user namespaces Solar Designer (Feb 23)
- CVE Request: Linux kernel USB hub invalid memory access in hub_activate() Cornea, Alexandru (Feb 23)
- Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate() cve-assign (Feb 23)
- libssh/libssh2 bits and bytes confusion Kurt Seifried (Feb 23)
- libssh2 Truncated Difffie-Hellman secret length Daniel Stenberg (Feb 23)
- User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs halfdog (Feb 23)
- Overlayfs over Fuse Privilege Escalation in USERNS halfdog (Feb 23)
- Aufs Union Filesystem Privilege Escalation In User Namespaces halfdog (Feb 23)
- Re: CVE Requests: Aufs Union Filesystem Privilege Escalation In User Namespaces Tyler Hicks (Mar 02)
- Re: Aufs Union Filesystem Privilege Escalation In User Namespaces cve-assign (Mar 06)
- CVE request: Squid HTTP Caching Proxy multiple denial of service issues Amos Jeffries (Feb 24)
- Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues cve-assign (Feb 25)
- [Pixman] create_bits(): Cast the result of height * stride to size_t Gustavo Grieco (Feb 24)
- Re: [Pixman] create_bits(): Cast the result of height * stride to size_t cve-assign (Feb 24)
- Re: [Pixman] create_bits(): Cast the result of height * stride to size_t Alan Coopersmith (Feb 25)
- CVE Request: bash-completion: dequote command injection Fernando Muñoz (Feb 24)
- Re: CVE Request: bash-completion: dequote command injection Eric Blake (Feb 24)
- Re: CVE Request: bash-completion: dequote command injection Fernando Muñoz (Feb 24)
- Re: CVE Request: bash-completion: dequote command injection Kurt Seifried (Feb 24)
- Re: CVE Request: bash-completion: dequote command injection John Haxby (Feb 25)
- Re: CVE Request: bash-completion: dequote command injection Fernando Muñoz (Feb 24)
- Re: CVE Request: bash-completion: dequote command injection Eric Blake (Feb 24)
- CVE requests for Drupal core (SA-CORE-2016-001) Pere Orga (Feb 24)
- Re: CVE requests for Drupal core (SA-CORE-2016-001) cve-assign (Mar 15)
- CVE ID Request : Proxmox VE Insecure hostname checking (remote root exploit) Sysdream Labs (Feb 25)
- CVE ID Request : Centreon remote code execution Sysdream Labs (Feb 25)
- CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface Sysdream Labs (Feb 25)
- CVE Request: pkexec tty hijacking via TIOCSTI ioctl up201407890 (Feb 25)
- Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl cve-assign (Feb 25)
- CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Cantor, Scott (Feb 25)
- RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Shivaprasad Sadashivappa (Feb 25)
- CVE request: reads out-of-bounds with cpio 2.11 Gustavo Grieco (Feb 25)
- Re: CVE request: reads out-of-bounds with cpio 2.11 cve-assign (Feb 26)
- Re: CVE request rtmpdump: the 6 vulnerabilities have been fixed Mark Felder (Feb 26)
- Partial SMAP bypass on 64-bit Linux kernels Andy Lutomirski (Feb 26)
- Re: Partial SMAP bypass on 64-bit Linux kernels Salvatore Bonaccorso (Mar 29)
- Re: Partial SMAP bypass on 64-bit Linux kernels cve-assign (Mar 31)
- Re: Re: Partial SMAP bypass on 64-bit Linux kernels Steve Grubb (Mar 31)
- Re: Re: Partial SMAP bypass on 64-bit Linux kernels P J P (Mar 31)
- CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl up201407890 (Feb 26)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)
- Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot cve-assign (Feb 28)
- Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)
- AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki (Feb 27)
- CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Vladis Dronov (Feb 28)
- tidy-html5: read out-of-bounds in TextEndsWithNewline Gustavo Grieco (Feb 28)
- CVE request: Heap buffer overflow in pcretest Adam Maris (Feb 29)
- Re: CVE request: Heap buffer overflow in pcretest cve-assign (Feb 29)
- Java Deserialization continued, Analysis Tooling and (potentially) bypassing Application Level Filtering Moritz Bechler (Feb 29)
- [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack Rafael Mendonça França (Feb 29)
- [CVE-2016-2097] Possible Information Leak Vulnerability in Action View. Rafael Mendonça França (Feb 29)
- CVE request Qemu: OOB access in address_space_rw leads to segmentation fault P J P (Mar 01)
- Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault cve-assign (Mar 01)
- CVE Request: Linux: aio write triggers integer overflow in some network protocols Salvatore Bonaccorso (Mar 01)
- CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov (Mar 01)
- Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes cve-assign (Mar 02)
- Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes cve-assign (Mar 06)
- Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov (Mar 07)
- [ANNOUNCE] Django security releases issued: 1.9.3 and 1.8.10 Tim Graham (Mar 01)
- CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support Loganaden Velvindron (Mar 01)
- Re: CVE's for SSLv2 support Grant Ridder (Mar 01)
- Re: CVE's for SSLv2 support Stuart Henderson (Mar 01)
- Re: CVE's for SSLv2 support gremlin (Mar 01)
- Re: CVE's for SSLv2 support cve-assign (Mar 01)
- Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support cve-assign (Mar 01)
- Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support cve-assign (Mar 01)
- Re: Re: CVE's for SSLv2 support Tim (Mar 01)
- Re: Re: CVE's for SSLv2 support Bob Beck (Mar 01)
- Re: Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: Re: CVE's for SSLv2 support Bob Beck (Mar 01)
- Re: Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: Re: CVE's for SSLv2 support Steve Grubb (Mar 02)
- Re: Re: CVE's for SSLv2 support Seth Arnold (Mar 01)
- Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
- Re: CVE's for SSLv2 support Loganaden Velvindron (Mar 01)
- CVE request: Kryo (Java serialization API) Arshan Dabirsiaghi (Mar 01)
- CVE Request(s): VTigerCRM and SugarCRM Darren Martyn (Mar 02)
- [CVE-2015-7520] Apache Wicket XSS vulnerability Martin Grigorov (Mar 02)
- CVE request Qemu: net: ne2000: infinite loop in ne2000_receive P J P (Mar 02)
- Re: CVE request Qemu: net: ne2000: infinite loop in ne2000_receive cve-assign (Mar 02)
- CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver Tyler Hicks (Mar 02)
- Mitre, reserved CVEs and oss-security? Paul Wise (Mar 02)
- Re: Mitre, reserved CVEs and oss-security? Kurt Seifried (Mar 02)
- According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Georgi Guninski (Mar 03)
- Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Adam D. Barratt (Mar 03)
- Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Cord Beermann (Mar 03)
- Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Hanno Böck (Mar 03)
- Message not available
- Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Georgi Guninski (Mar 03)
- Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Adam D. Barratt (Mar 03)
- Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Luca Filipozzi (Mar 03)
- Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate cve-assign (Mar 06)
- Re: CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) cve-assign (Mar 17)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion (Mar 04)
- RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Mike Prosser (Mar 04)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill (Mar 04)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 04)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W. (Mar 04)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies mark (Mar 05)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Larry Cashdollar (Mar 05)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith (Mar 06)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 09)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith (Mar 09)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 10)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies me (Mar 06)
- CVE Replacement Via Blockchains (was: Concerns about CVE coverage shrinking - direct impact to researchers/companies) Tim (Mar 07)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Simon Ward (Mar 07)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies gremlin (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Rahul Pratap Singh (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Robert Paprocki (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Gsunde Orangen (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Amos Jeffries (Mar 06)
- RE: [security-vendor] Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies Radzykewycz, T (Radzy) (Mar 07)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim Brown (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
- RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Boyle, Stephen V. (Mar 09)
- RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies John Scott (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Reed Loden (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W. (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies halfdog (Mar 10)
- RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Mike Prosser (Mar 04)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tavis Ormandy (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Markus Vervier (Mar 07)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 11)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 11)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 11)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
- Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)
- Re: [exact-image] Missing fixes for CVEs in upstream dcraw René Rebe (Mar 05)
- Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140) Tristan Cacqueray (Mar 08)
- Re: Heap use after free in Pidgin-OTR plugin cve-assign (Mar 09)
- Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Steve Beattie (Mar 10)
- Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption cve-assign (Mar 13)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 16)
- Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 25)
- Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
- Re: Announce: Portable OpenSSH 7.2p2 released cve-assign (Mar 10)
- Re: Re: Announce: Portable OpenSSH 7.2p2 released Gsunde Orangen (Mar 11)
- Re: Re: Announce: Portable OpenSSH 7.2p2 released Tomas Hoger (Mar 16)
- Re: Re: Announce: Portable OpenSSH 7.2p2 released Gsunde Orangen (Mar 11)
- Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Derek Mahar (Mar 17)
- Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon (Mar 17)
- Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability Tim Zingelman (Mar 15)
- Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability cve-assign (Mar 15)
- Re: WebKitGTK+ Security Advisory WSA-2016-0002 Tomas Hoger (Mar 14)
- Re: WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez (Mar 14)
- Re: Several out of bounds reads in ProFTPD Moritz Mühlenhoff (Mar 11)
- Re: CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile cve-assign (Mar 13)
- Re: CVE-Request - GNU Awk. Tomas Hoger (Mar 14)
- Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)
- Re: Re: CVE-Request - GNU Awk. Kurt Seifried (Mar 14)
- Re: Re: CVE-Request - GNU Awk. Bob Friesenhahn (Mar 14)
- Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)
- <Possible follow-ups>
- Re: CVE-Request - GNU Awk. Steve Kemp (Mar 14)
- Re: CVE request Marcus Meissner (Mar 14)
- Re: CVE request - OpenJPEG : Out-Of-Bounds Read in opj_tcd_free_tile function cve-assign (Mar 16)
- Re: CVE request - OpenJPEG : Heap Corruption in opj_free function cve-assign (Mar 16)
- Re: CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function cve-assign (Mar 16)
- Re: CVE request - SPIP: 2 vulnerabilities cve-assign (Mar 15)
- Re: CVE request: ipv4: Don't do expensive useless work during inetdev destroy cve-assign (Mar 15)
- Re: CVE request: ipv4: Don't do expensive useless work during inetdev destroy Vladis Dronov (Mar 16)
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished cve-2016-2324 and cve-2016-2315) Solar Designer (Mar 15)
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Tyler Hicks (Mar 15)
- Message not available
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
- Re: CVE Request : Use-after-free in gifcolor cve-assign (Mar 16)
- Message not available
- Message not available
- Message not available
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 18)
- Message not available
- Re: Three CVE requests for PHP cve-assign (Mar 16)
- Re: Re: Three CVE requests for PHP Moritz Muehlenhoff (Mar 17)
- Re: [cairo] Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans cve-assign (Mar 17)
- Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode cve-assign (Mar 21)
- Re: Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode Murphy, Grant (Mar 21)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Daniel Micay (Mar 22)
- Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 26)
- Re: [ANNOUNCE] Linux Security Summit 2016 - CFP Solar Designer (Mar 25)
- Re: CVE request - XStream: XXE vulnerability cve-assign (Mar 28)
- Re: older fuseiso stuff cve-assign (Mar 29)
- Re: Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround Yuriy M. Kaminskiy (Mar 30)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Yves-Alexis Perez (Mar 29)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger (Mar 29)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Theodore Ts'o (Mar 30)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Eric Sandeen (Mar 31)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Theodore Ts'o (Mar 31)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Kurt Seifried (Mar 31)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger (Mar 31)
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger (Mar 29)
- <Possible follow-ups>
- Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Hugues ANGUELKOV (Mar 31)
- Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco (Mar 30)
- Re: Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Seth Arnold (Mar 30)
- Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files cve-assign (Mar 30)
- Re: CVE Clarification: Mysqlnd / CVE-2015-3152 cve-assign (Mar 31)