oss-sec: by author
RSS Feed
About List
All Lists
Previous period
637 messages
starting Jun 02 16 and
ending Apr 08 16
Date index |
Thread index |
Author index
Adam Maris
Re: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Adam Maris (Jun 02)
CVE request: Mishandling the first propagated copy being a slave Adam Maris (May 11)
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Adam Maris (Jun 06)
Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs Adam Maris (Jun 07)
Adrien Nader
Re: libonion 0.8 contains security fixes Adrien Nader (May 04)
Alan Coopersmith
Re: libical 0.47 SEGV on unknown address Alan Coopersmith (Jun 25)
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 09)
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 07)
Alan J. Wylie
Re: OpenSSL Security Advisory [3rd May 2016] Alan J. Wylie (May 04)
Albert Veli
Re: OpenSSL Security Advisory [3rd May 2016] Albert Veli (May 04)
Re: OpenSSL Security Advisory [3rd May 2016] Albert Veli (May 03)
Alexander Cherepanov
Re: broken RSA keys Alexander Cherepanov (May 04)
Re: broken RSA keys Alexander Cherepanov (May 04)
Re: broken RSA keys Alexander Cherepanov (May 05)
Re: broken RSA keys Alexander Cherepanov (May 04)
Re: broken RSA keys Alexander Cherepanov (May 05)
Alex Gaynor
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Alex Gaynor (Jun 08)
Alvaro Hoyos
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos (Jun 24)
Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos (Jun 24)
Amos Jeffries
CVE Request: Squid HTTP Proxy Amos Jeffries (Apr 01)
CVE Request: Squid HTTP Caching Proxy multiple issues Amos Jeffries (Apr 20)
CVE Request: Squid HTTP caching proxy Amos Jeffries (May 06)
Andreas Lehmkuehler
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability Andreas Lehmkuehler (May 26)
Andreas Stieger
Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
Re: CVE Request: wireshark releases Andreas Stieger (Jun 09)
CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 Andreas Stieger (May 10)
Andrej Nemec
CVE Request - xchat/hexchat doesn't properly verify SSL certificates Andrej Nemec (Apr 05)
Re: ImageMagick heap overflow and out of bounds read Andrej Nemec (May 17)
Andrew Shadura
[SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114 Andrew Shadura (May 02)
Andrey Konovalov
Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor Andrey Konovalov (Apr 06)
Aymeric
Re: Dotclear 2.9.1 XSS vulnerability by SVG Aymeric (May 04)
Baozeng Ding
Re: CVE Requests: Linux: use-after-free issue for ppp channel Baozeng Ding (May 15)
CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump Baozeng Ding (May 21)
CVE Requests: Linux: use-after-free issue for ppp channel Baozeng Ding (May 11)
Bas Pape
CVE request - Quassel IRC denial of service Bas Pape (Apr 30)
Ben Hutchings
Re: ext4 data corruption due to punch hole races Ben Hutchings (Apr 02)
Ben Laurie
Re: broken RSA keys Ben Laurie (May 11)
Berry
CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value Berry (Apr 17)
Billy Brumley
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley (Jun 08)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley (Jun 08)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley (Jun 09)
Bob Friesenhahn
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
Security issues addressed in GraphicsMagick SVG reader Bob Friesenhahn (May 27)
Re: CVE request: DoS in multiple versions of GraphicsMagick Bob Friesenhahn (May 01)
Re: Security issues addressed in GraphicsMagick SVG reader Bob Friesenhahn (May 31)
Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 03)
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Bob Friesenhahn (Apr 27)
GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename Bob Friesenhahn (May 29)
GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 08)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 20)
Brandon Dees
Re: ImageMagick Is On Fire -- CVE-2016-3714 Brandon Dees (May 03)
Brandon Perry
Re: libical 0.47 SEGV on unknown address Brandon Perry (Jun 25)
libical 0.47 SEGV on unknown address Brandon Perry (Jun 24)
Libtorrent http_parser.cpp denial of service Brandon Perry (Jun 04)
Brendan Scarvell
CVE Request - Multiple vulnerabilities in Activiti Explorer Brendan Scarvell (Apr 28)
CVE Request - XXE in Pentaho Business Analytics 6.0.1.0.386 Brendan Scarvell (Apr 21)
Brian Demers
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability Brian Demers (Jun 03)
Brian May
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Brian May (May 10)
Cantor, Scott
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD Cantor, Scott (Jun 29)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2016-0004 Carlos Alberto Lopez Perez (May 30)
Cedric Buissart
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 17)
RHSA-2016:1086 libndp: denial of service due to insufficient validation of source of NDP messages Cedric Buissart (May 17)
CVE-2016-3189: bzip2 use-after-free on bzip2recover Cedric Buissart (Jun 20)
Python CVE-2016-0772: smtplib StartTLS stripping attack Cedric Buissart (Jun 14)
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 15)
Re: CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages Cedric Buissart (May 18)
CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 14)
Craig Small
CVE Request: wordpress and mediaelement Craig Small (May 07)
cve-assign
Re: Libtorrent http_parser.cpp denial of service cve-assign (Jun 04)
Re: ImageMagick CVEs cve-assign (Jun 02)
Re: buffer overflow and information leak in OCaml < 4.03.0 cve-assign (Apr 29)
Re: Simple Machines Forums - PHP Object Injection cve-assign (Jun 18)
Re: Requesting CVE for ImageMagick DoS cve-assign (Jun 05)
Re: CVE request - Go - DLL loading, Big int cve-assign (Apr 05)
Re: CVE request: VLC - crash and potential code execution when processing QuickTime IMA files cve-assign (May 27)
Re: hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written cve-assign (May 02)
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign (Jun 16)
Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Apr 28)
Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename cve-assign (May 29)
Re: CVE-Request for brltty auth bypass cve-assign (Apr 13)
Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL cve-assign (Apr 18)
Re: CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse cve-assign (Apr 10)
Re: CVE Request: Squid HTTP Proxy cve-assign (Apr 01)
Re: CVE Request: libpam-sshauth: local root privilege escalation cve-assign (May 01)
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign (Jun 23)
Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS cve-assign (May 05)
various vulnerabilities in Node.js packages cve-assign (Apr 20)
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Jun 10)
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases cve-assign (Apr 23)
Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Jun 06)
Re: CVE request: GnuPG classic & GnuPG modern cve-assign (Apr 21)
Re: CVE Request: Dnsmasq denial of service cve-assign (Jun 03)
Re: CVE request: three issues in libksba cve-assign (Apr 29)
Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) cve-assign (May 17)
Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c cve-assign (May 18)
Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash) cve-assign (Jun 29)
Re: CVE Request: 2015 squidguard reflected XSS cve-assign (Jun 21)
Re: CVE request: libcrypto++ - Timing Attack Counter Measure cve-assign (Apr 10)
Re: CVE Request - OpenJPEG: Security Fixes cve-assign (May 12)
Re: CVE requests: Multiple Wireshark vulnerabilities cve-assign (Apr 30)
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) cve-assign (Jun 14)
Re: CVE Request - xchat/hexchat doesn't properly verify SSL certificates cve-assign (Apr 06)
Re: Various invalid memory reads in ImageMagick (WPG, DDS, DCM) cve-assign (Jun 17)
Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks cve-assign (Apr 21)
Re: CVE request: atheme: security fixes cve-assign (May 02)
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd cve-assign (Jun 30)
Re: CVE Request : Use-after-free in openjpeg cve-assign (May 12)
Re: CVE Request: jq: heap buffer overflow in tokenadd() function cve-assign (Apr 23)
Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode cve-assign (May 03)
Re: CVE Request: Privilege escalation in webdav - Plone cve-assign (Apr 19)
Re: CVE Request: kernel information leak vulnerability in rtnetlink cve-assign (May 04)
Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump cve-assign (May 24)
Re: dosfstools / fsck.vfat: Several invalid memory accesses cve-assign (May 14)
Re: CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues cve-assign (Jun 23)
Re: CVE Request: ruby openssl hostname verification issue cve-assign (Jun 09)
Re: CVE Request: Unauthorized disclosure of site content - Plone cve-assign (Apr 19)
Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format cve-assign (Jun 29)
Re: CVE request: three issues in libksba cve-assign (May 10)
Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation cve-assign (Apr 14)
Re: CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 cve-assign (May 05)
Re: CVE Request: systemd / journald created world readable journal files cve-assign (Apr 09)
Re: CVE Request: null pointer deref in openslp, can be triggered remotely cve-assign (May 18)
Re: CVE request: DoS in multiple versions of GraphicsMagick cve-assign (Jun 02)
Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel cve-assign (Jun 25)
Re: CVE request: /tmp usage race condition in onionshare cve-assign (May 24)
three vulnerabilities in ImageMagick before 7.0.1-2 cve-assign (Jun 04)
Re: CVE Request Openstack-infra puppet-gerrit module xss vulnerability cve-assign (Jun 22)
Re: CVE Request: libgd - gdCtxPrintf memory leak cve-assign (May 29)
Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties cve-assign (May 26)
Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users cve-assign (Apr 18)
Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file cve-assign (May 29)
Re: CVE Requests: libimobiledevice and libusbmuxd cve-assign (May 26)
Re: CVE request: imlib2 - GIF loader: OOB read cve-assign (Apr 10)
Re: CVE request: OpenNTPD not verifying CN during HTTPS constraints request cve-assign (May 29)
Re: CVE Request: jq: stack exhaustion using jv_dump_term() function cve-assign (Apr 24)
Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump cve-assign (Jun 03)
Re: CVE Request: Jansson: stack exhaustion parsing a JSON file cve-assign (May 02)
Re: CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function cve-assign (May 26)
Re: CVE request for PHP bug #68978: "XSS in header() with Internet Explorer" (2015) cve-assign (Jun 21)
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer cve-assign (May 11)
Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd cve-assign (Jun 02)
Re: CVE requested: two stack exhaustation parsing xml files using mxml cve-assign (May 09)
Re: CVE Request: Squid HTTP caching proxy cve-assign (May 06)
Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign (May 09)
Re: Infinite loops parsing malicious DER certificates in libtasn1 4.7 cve-assign (Apr 13)
Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration cve-assign (May 26)
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Jun 13)
Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) cve-assign (May 06)
Re: CVE Request: OpenAFS: OPENAFS-SA-2016-002 - various client functionality leak stack data onto the wire in the clear cve-assign (May 05)
Re: CVE Request: information leak in devio of Linux kernel cve-assign (May 03)
Re: CVE Request: Qemu: net: buffer overflow in MIPSnet emulator cve-assign (Apr 12)
Re: CVE-Request: TYPO3 Extbase Missing Access Check cve-assign (May 25)
Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process cve-assign (Apr 18)
Re: CVE request: cronic - predictable temporary files cve-assign (Apr 10)
Re: expat hash collision fix too predictable? cve-assign (Jun 04)
Re: CVE request for vulnerability in OpenStack Keystone cve-assign (May 17)
Re: CVE request: Mishandling the first propagated copy being a slave - Linux kernel cve-assign (May 11)
Re: CVE request: mat doesn't remove metadata in embedded images in PDFs cve-assign (Jun 02)
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 cve-assign (Jun 06)
Re: CVE Request: integer overflow in ALSA snd_compress_check_input cve-assign (Jun 28)
Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines cve-assign (May 23)
Re: CVE Request: No Demangling During Analysis of Untrusted Binaries cve-assign (May 04)
Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests cve-assign (May 24)
Re: [CVE Requests] PHP issues cve-assign (Apr 28)
Re: Many invalid memory access issues in libarchive cve-assign (Jun 17)
Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF cve-assign (Apr 23)
Re: CVE request - Quassel IRC denial of service cve-assign (Apr 30)
Re: Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow cve-assign (May 28)
Re: CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info cve-assign (Jun 08)
Re: CVE request: SQL injection in MovableType xml-rpc interface cve-assign (Jun 22)
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' cve-assign (May 07)
Re: libical 0.47 SEGV on unknown address cve-assign (Jun 25)
Re: CVE Request: Squid HTTP Caching Proxy multiple issues cve-assign (Apr 20)
Re: CVE request: imlib2 integer overflow cve-assign (Apr 10)
Re: CVE Request: No demangling of untrusted binaries (2) cve-assign (Jun 30)
Re: CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. cve-assign (Apr 13)
Re: CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate() cve-assign (Apr 10)
Re: CVE Request: heap overflow in Python zipimport module cve-assign (Jun 16)
Re: Linux Kernel bpf related UAF cve-assign (May 12)
Re: Out of bounds read and signed integer overflow in libarchive cve-assign (Jun 24)
Re: CVE Request: wordpress and mediaelement cve-assign (May 07)
Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files cve-assign (Apr 29)
Re: CVE Request: haproxy remote denial of service via reqdeny cve-assign (Jun 09)
Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites cve-assign (Jun 02)
Re: CVE Requests: Linux: use-after-free issue for ppp channel cve-assign (May 15)
Re: CVE request: Qemu: net: buffer overflow in stellaris_enet emulator cve-assign (Apr 12)
Re: CVE requests: Multiple Wireshark vulnerabilities cve-assign (Apr 25)
Re: CVE request - samsumg android phone TvoutService_C binder service DoS cve-assign (May 05)
Re: CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP cve-assign (Apr 27)
Re: expat hash collision fix too predictable? cve-assign (Jun 03)
Re: CVE for nodejs node-uuid cve-assign (Apr 13)
Re: CVE Request: ikiwiki: HTML-escape error messages to prevent cross-site scripting attack cve-assign (May 06)
Re: CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing cve-assign (May 07)
Re: CVE Request: perl: denial-of-service / Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU cve-assign (Apr 20)
Re: CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump cve-assign (May 21)
Re: CVE Request: wireshark releases cve-assign (Jun 09)
Re: CVE for PHP 5.5.37 issues cve-assign (Jun 23)
Re: CVE Request: Linux kernel HID: hiddev buffer overflows cve-assign (Jun 26)
Re: CVE Request: roundcube: XSS vulnerability in mail content page cve-assign (May 26)
Re: CVE request - python-docx 0.8.5 - XXE cve-assign (Jun 28)
Re: CVE Request: kernel information leak vulnerability in llc module cve-assign (May 04)
Re: CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value cve-assign (Apr 18)
Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO cve-assign (Jun 08)
Re: Fwd: out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE - ImageMagick cve-assign (Jun 25)
Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl cve-assign (May 30)
Re: MantisBT: XSS in custom fields management cve-assign (Jun 11)
Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy cve-assign (Jun 03)
Re: ext4 data corruption due to punch hole races cve-assign (Apr 01)
Re: CVE Request for Denial of Service in pacman 5.0.1 cve-assign (Jun 14)
Re: CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 cve-assign (May 11)
Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Jun 10)
Re: CVE Request: Bypass Restricted Python - Plone cve-assign (Apr 19)
Re: CVE request: Poppler < 0.40.0 cve-assign (Apr 23)
Re: CVE Request - PECL-HTTP 3.0.0 Buffer overflow cve-assign (Jun 29)
Re: CVE request: opam - missing certificate validation cve-assign (Apr 19)
Re: CVE request Qemu: i386: leakage of stack memory to guest in kvmvapic.c cve-assign (Apr 14)
Re: Fwd: CVE for PHP 5.5.36 issues cve-assign (May 26)
CVE ID Requests
RE: CVE Request: 2015 squidguard reflected XSS CVE ID Requests (Jun 20)
Damien Regad
MantisBT: XSS in custom fields management Damien Regad (Jun 10)
Re: MantisBT: XSS in custom fields management Damien Regad (Jun 11)
Daniel Beck
Jenkins - multiple fixes Daniel Beck (May 11)
Jenkins plugins -- multiple fixes Daniel Beck (Jun 20)
Re: Jenkins plugins -- multiple fixes Daniel Beck (Jun 20)
Daniel Borkmann
Re: Re: Linux Kernel bpf related UAF Daniel Borkmann (Jun 14)
Daniele Bianco
[oCERT 2016-001] Jetty path sanitization issues Daniele Bianco (May 30)
Daniel Kahn Gillmor
Re: broken RSA keys Daniel Kahn Gillmor (May 07)
Daniel Micay
Re: Re: expat hash collision fix too predictable? Daniel Micay (Jun 04)
Daniel Stenberg
[SECURITY ADVISORY] curl: TLS certificate check bypass with mbedTLS/PolarSSL Daniel Stenberg (May 17)
Daniel Veditz
Excessive resource consumption (DOS) in JPEG Daniel Veditz (Jun 08)
das das
CVE request:SQL injection in TeamPass das das (Apr 14)
Re: CVE request:SQL injection in TeamPass das das (Apr 28)
Dave Mielke
Re: CVE-Request for brltty auth bypass Dave Mielke (Apr 12)
David Chan
Re: GraphicsMagick Response To "ImageTragick" David Chan (May 12)
David Snopek
Re: [security] CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) David Snopek (Apr 04)
Dejan Bosanac
[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Dejan Bosanac (May 24)
Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Dejan Bosanac (May 24)
Dominic Cleal
CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API Dominic Cleal (May 19)
CVE-2016-3693: Foreman application information leakage through templates Dominic Cleal (Apr 20)
Evgeny Uskov
CVE-2016-4049: Denial of Service Vulnerability in Quagga BGP Routing Daemon (bgpd) Evgeny Uskov (Apr 27)
Fábio Pires
CVE Request: Insecure Direct Object Reference in OSTicket (last versions availablle) Fábio Pires (Apr 26)
CVE Request: Insecure Direct Object Reference in OSTicket attachments Fábio Pires (Apr 19)
Felipe
CVE request: Poppler < 0.40.0 Felipe (Apr 11)
Felix Maduakor
CVE-2016-3694 modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection Felix Maduakor (Apr 20)
Fernando Muñoz
CVE Request: libgd - gdCtxPrintf memory leak Fernando Muñoz (May 29)
Filipe Reis
CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks Filipe Reis (Apr 19)
Florian Weimer
CVE request: MatrixSSL lack of RSA-CRT hardening Florian Weimer (Jun 26)
A few Hesiod issues Florian Weimer (May 04)
Greg KH
Re: CVE Request: information leak in wilc1000 module of Linux kernel Greg KH (May 04)
Re: CVE Request: Linux kernel: remote buffer overflow in usbip Greg KH (Apr 19)
Gregory Haynes
CVE Request Openstack-infra puppet-gerrit module xss vulnerability Gregory Haynes (Jun 21)
Gsunde Orangen
Re: OpenSSL Security Advisory [3rd May 2016] Gsunde Orangen (May 03)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Gsunde Orangen (Jun 08)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Gsunde Orangen (Jun 08)
Re: OpenSSL Security Advisory [3rd May 2016] Gsunde Orangen (May 03)
Gustavo Grieco
Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 30)
Re: CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco (May 03)
CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 28)
CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode Gustavo Grieco (May 03)
CVE Request: jq: stack exhaustion using jv_dump_term() function Gustavo Grieco (Apr 24)
Re: Apache Xerces getLastExtEntityInfo Use-After-Free Gustavo Grieco (Jun 27)
Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco (Jun 04)
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (May 15)
Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 11)
CVE request: an invalid pointer read in mini-xml 2.7 Gustavo Grieco (May 06)
CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file Gustavo Grieco (May 29)
Large amount of uninitialized values in svg parsing and processing Gustavo Grieco (Apr 11)
CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco (May 01)
CVE-2016-0718: Expat XML Parser Crashes on Malformed Input Gustavo Grieco (May 17)
Re: Apache Xerces getLastExtEntityInfo Use-After-Free Gustavo Grieco (Jun 28)
CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 07)
CVE request: DoS in multiple versions of GraphicsMagick Gustavo Grieco (May 01)
CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco (Jun 30)
Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 08)
CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco (Jun 02)
CVE-2016-2099: use-after-free in Xerces 3.1.3 Gustavo Grieco (May 09)
halfdog
Debian Exim Spool Local Root halfdog (Jun 29)
Hanno Böck
Out of bounds read and signed integer overflow in libarchive Hanno Böck (Jun 23)
Various invalid memory reads in ImageMagick (WPG, DDS, DCM) Hanno Böck (Jun 14)
Many invalid memory access issues in libarchive Hanno Böck (Jun 17)
ImageMagick heap overflow and out of bounds read Hanno Böck (May 11)
Re: broken RSA keys Hanno Böck (May 05)
Re: CVE request: MatrixSSL lack of RSA-CRT hardening Hanno Böck (Jun 29)
Re: broken RSA keys Hanno Böck (May 05)
Re: broken RSA keys Hanno Böck (May 05)
dosfstools / fsck.vfat: Several invalid memory accesses Hanno Böck (May 08)
Hans Jerry Illikainen
CVE-2016-2191: optipng: invalid write Hans Jerry Illikainen (Apr 04)
CVE-2016-3074: libgd: signedness vulnerability Hans Jerry Illikainen (Apr 21)
CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* Hans Jerry Illikainen (Apr 28)
Hector Marco-Gisbert
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert (Apr 06)
Henri Salo
Re: Reflected XSS in three Wordpress plugins. Henri Salo (May 12)
WordPress plugin nelio-ab-testing path traversal vulnerability Henri Salo (May 09)
henrix
Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ henrix (Jun 22)
Holger Levsen
Re: CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen (Jun 02)
CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen (Jun 02)
Huzaifa Sidhpurwala
CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Huzaifa Sidhpurwala (Jun 09)
3 libxml2 issues Huzaifa Sidhpurwala (May 25)
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Huzaifa Sidhpurwala (Jun 12)
CVE Request: null pointer deref in openslp, can be triggered remotely Huzaifa Sidhpurwala (May 17)
Re: Re: CVE Request: null pointer deref in openslp, can be triggered remotely Huzaifa Sidhpurwala (May 18)
Ibrahim el-sayed
Fwd: out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE Ibrahim el-sayed (Jun 22)
Ignat Korchagin
Re: CVE Request: Linux kernel: remote buffer overflow in usbip Ignat Korchagin (Apr 19)
Insu Yun
CVE Request: heap overflow in Python zipimport module Insu Yun (Jun 15)
CVE-Request: heap overflow in Python Insu Yun (Jun 10)
ira.weiny
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' ira.weiny (May 12)
Jakub Wilk
Re: s/party/hack like it's 1999 Jakub Wilk (Apr 21)
Jann Horn
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Jann Horn (May 09)
Re: Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Jann Horn (May 09)
Jason Buberel
CVE request - Go - DLL loading, Big int Jason Buberel (Apr 05)
Jens Erat
CVE request: several SOGo issues (DOS, XSS, information leakage) Jens Erat (Jun 13)
Jeremy Stanley
Re: ImageMagick Is On Fire -- CVE-2016-3714 Jeremy Stanley (May 19)
Jesse Hertz
Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access) Jesse Hertz (Jun 24)
Jim Rollenhagen
Ironic node information including credentials exposed to unathenticated users Jim Rollenhagen (Jun 21)
jleroux () apache org
CVE-2016-2170: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 09)
CVE-2015-3268: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 09)
Jodie Cunningham
Re: Requesting CVE for ImageMagick DoS Jodie Cunningham (Jun 05)
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham (Apr 26)
John Johansen
[vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ John Johansen (Jun 10)
John Lightsey
Re: ImageMagick Is On Fire -- CVE-2016-3714 John Lightsey (May 19)
Re: GraphicsMagick Response To "ImageTragick" John Lightsey (May 09)
Re: CVE request: SQL injection in MovableType xml-rpc interface John Lightsey (Jun 22)
CVE request: SQL injection in MovableType xml-rpc interface John Lightsey (Jun 22)
Jouni Malinen
Re: hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written Jouni Malinen (May 03)
hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written Jouni Malinen (May 02)
Kangjie Lu
CVE Request: information leak in wilc1000 module of Linux kernel Kangjie Lu (May 04)
CVE Request: kernel information leak vulnerability in llc module Kangjie Lu (May 04)
CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu (May 10)
CVE Request: rds: fix an infoleak in rds_inc_info_copy Kangjie Lu (Jun 03)
CVE Request: information leak in devio of Linux kernel Kangjie Lu (May 03)
CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump Kangjie Lu (Jun 03)
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu (May 11)
CVE Request: kernel information leak vulnerability in rtnetlink Kangjie Lu (May 04)
CVE Request: x25: a kernel infoleak in x25_negotiate_facilities() Kangjie Lu (May 10)
CVE Request: ALSA: Another information leak vulnerability in sound/core/timer Kangjie Lu (May 10)
CVE Request: kernel information leak vulnerability in Linux sound module Kangjie Lu (May 08)
Karim Valiev
Re: ImageMagick Is On Fire -- CVE-2016-3714 Karim Valiev (May 03)
Kash Pande
OpenZFS (Linux, FreeBSD, illumos) fails to transmit holes Kash Pande (Apr 03)
Keith W
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass Keith W (May 27)
Kirill Zaitsev
RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972) Kirill Zaitsev (Jun 23)
Kurt Seifried
BitKeeper /tmp vulns Kurt Seifried (May 10)
Re: BitKeeper /tmp vulns Kurt Seifried (May 10)
Older OpenSSL RSA key/64 bit bug (now with added CVE!) Kurt Seifried (May 04)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Kurt Seifried (May 19)
CVE for nodejs node-uuid Kurt Seifried (Apr 13)
Larry McVoy
Re: BitKeeper /tmp vulns Larry McVoy (May 10)
Larry W. Cashdollar
Reflected XSS in three Wordpress plugins. Larry W. Cashdollar (May 11)
39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar (Apr 12)
Re: 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar (Apr 14)
Re: 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar (Apr 13)
limingxing
Dotclear 2.9.1 XSS vulnerability by SVG limingxing (May 03)
Lior Kaplan
Fwd: CVE for PHP 5.5.36 issues Lior Kaplan (May 25)
CVE for PHP 5.5.37 issues Lior Kaplan (Jun 23)
Loganaden Velvindron
Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Loganaden Velvindron (Apr 19)
Lorenz Quack
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability Lorenz Quack (May 27)
LSE-Advisories
LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability LSE-Advisories (May 03)
Luật Nguyễn
[CVE Requests] PHP issues Luật Nguyễn (Apr 28)
Lubomir Stroetmann
CVE Request: Reflected Cross-Site Scripting in TYPO3 Formhandler Lubomir Stroetmann (May 31)
Lucian Cojocar
CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Lucian Cojocar (Jun 29)
Luis M. Merino
CVE request: OpenNTPD not verifying CN during HTTPS constraints request Luis M. Merino (May 23)
Lukas Reschke
CVE request for PHP bug #68978: "XSS in header() with Internet Explorer" (2015) Lukas Reschke (Jun 20)
Marc Deslauriers
CVE Request: Dnsmasq denial of service Marc Deslauriers (Jun 03)
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Marc Deslauriers (Apr 21)
Marcel Böhme
CVE Request: No Demangling During Analysis of Untrusted Binaries Marcel Böhme (May 04)
CVE Request: No demangling of untrusted binaries (2) Marcel Böhme (Jun 30)
Re: CVE Request: No demangling of untrusted binaries (2) Marcel Böhme (Jun 30)
Marco Grassi
Apache Xerces getLastExtEntityInfo Use-After-Free Marco Grassi (Jun 27)
Linux Kernel bpf related UAF Marco Grassi (May 12)
Re: Linux Kernel bpf related UAF Marco Grassi (May 12)
Re: Apache Xerces getLastExtEntityInfo Use-After-Free Marco Grassi (Jun 28)
Marcus Meissner
CVE Request: integer overflow in ALSA snd_compress_check_input Marcus Meissner (Jun 28)
Re: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Marcus Meissner (Jun 02)
CVE Request: ruby openssl hostname verification issue Marcus Meissner (Jun 09)
Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero Marcus Meissner (Jun 15)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Marcus Meissner (Jun 08)
CVE Request: Linux kernel: remote buffer overflow in usbip Marcus Meissner (Apr 19)
Re: CVE Request: ruby openssl hostname verification issue Marcus Meissner (Jun 15)
CVE Request: wireshark releases Marcus Meissner (Jun 08)
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Marcus Meissner (Jun 23)
CVE Request: 2015 squidguard reflected XSS Marcus Meissner (Jun 20)
CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Marcus Meissner (Jun 02)
Re: CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution Marcus Meissner (Jun 15)
CVE Request: systemd / journald created world readable journal files Marcus Meissner (Apr 09)
CVE Request: haproxy remote denial of service via reqdeny Marcus Meissner (Jun 09)
Marek Hulán
CVE-2016-4451: Privileges escalation through Organization and Locations Foreman API Marek Hulán (May 27)
Marina Glancy
Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14 Marina Glancy (May 17)
Martin Prpic
Please reject duplicate CVE for libxml2 Martin Prpic (Jun 07)
CVE request: three issues in libksba Martin Prpic (Apr 29)
Mathias Svensson
CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format Mathias Svensson (Jun 29)
Matthias Geerdsen
CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Matthias Geerdsen (Apr 11)
CVE request: imlib2 - GIF loader: OOB read Matthias Geerdsen (Apr 09)
CVE request: imlib2 integer overflow Matthias Geerdsen (Apr 09)
CVE request: opam - missing certificate validation Matthias Geerdsen (Apr 18)
CVE request: cronic - predictable temporary files Matthias Geerdsen (Apr 09)
CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate() Matthias Geerdsen (Apr 09)
CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse(). Matthias Geerdsen (Apr 10)
CVE request: libcrypto++ - Timing Attack Counter Measure Matthias Geerdsen (Apr 10)
Max Teufel
Re: CVE request: atheme: security fixes Max Teufel (May 03)
CVE request: atheme: security fixes Max Teufel (May 02)
Mehrdad Linux
CVE Request -XSS Vulnerabilitie in Collectd-web Mehrdad Linux (May 22)
CVE Request -Vulnerabilitie XSS in brafton WordPress Plugin Mehrdad Linux (May 20)
Michael Ellerman
CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls Michael Ellerman (Jun 24)
Michael Scherer
CVE request: /tmp usage race condition in onionshare Michael Scherer (May 23)
Re: BitKeeper /tmp vulns Michael Scherer (May 10)
Re: BitKeeper /tmp vulns Michael Scherer (May 10)
Re: BitKeeper /tmp vulns Michael Scherer (May 10)
Michael Tremer
CVE request: Remote command execution/XSS vulnerability after login in IPFire's web user interface Michael Tremer (Apr 05)
Mihamina RAKOTOMANDIMBY
"The Blind SQL Injection Issue" explanation Mihamina RAKOTOMANDIMBY (Jun 01)
Molly Crowther
CVE-2016-3091 Diego log encoding vulnerability Molly Crowther (May 17)
morgan fainberg
CVE request for vulnerability in OpenStack Keystone morgan fainberg (May 17)
[OSSA-2016-008] Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass (CVE-2016-4911) morgan fainberg (Jun 01)
Moritz Muehlenhoff
Re: CVE Request : Use-after-free in openjpeg Moritz Muehlenhoff (May 12)
Re: CVE Request - OpenJPEG: Security Fixes Moritz Muehlenhoff (May 12)
CVE requests: Multiple Wireshark vulnerabilities Moritz Muehlenhoff (Apr 25)
Naser Farhadi
CVE request: OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution Naser Farhadi (Apr 14)
Re: CVE request: OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution Naser Farhadi (Apr 14)
Nathan Van Gheem
CVE Request: Unauthorized disclosure of site content Nathan Van Gheem (Apr 19)
CVE Request: Bypass Restricted Python Nathan Van Gheem (Apr 19)
CVE Request: Privilege escalation in webdav Nathan Van Gheem (Apr 19)
Re: CVE Request: Privilege escalation in webdav Nathan Van Gheem (Apr 19)
ncl () cock li
Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format ncl () cock li (Jun 29)
Nitin Venkatesh
CVE-2016-1236 - XSS Vulnerability in websvn 2.3.3-1.2+deb8u1 Nitin Venkatesh (May 05)
none
Re: CVE Request: cpio -- directory traversal none (Apr 17)
Oliveira Lima
Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS Oliveira Lima (May 11)
Pascal Cuoq
buffer overflow and information leak in OCaml < 4.03.0 Pascal Cuoq (Apr 28)
Infinite loops parsing malicious DER certificates in libtasn1 4.7 Pascal Cuoq (Apr 11)
Patrick Coleman
CVE request: VLC - crash and potential code execution when processing QuickTime IMA files Patrick Coleman (May 27)
Paul Wouters
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jun 13)
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jun 14)
Petr Matousek
Please REJECT CVE-2016-2189 Petr Matousek (May 17)
Petter Reinholdtsen
Re: CVE request: reads out-of-bounds with cpio 2.11 Petter Reinholdtsen (Jun 14)
Pierre Ernst
CVE request - python-docx 0.8.5 - XXE Pierre Ernst (Jun 28)
P J P
CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties P J P (May 25)
CVE-2014-3672 libvirt: DoS via excessive logging P J P (May 24)
CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write P J P (May 19)
CVE request: Qemu: net: buffer overflow in stellaris_enet emulator P J P (Apr 11)
CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues P J P (May 09)
CVE Request: Qemu: net: buffer overflow in MIPSnet emulator P J P (Apr 11)
CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function P J P (May 25)
CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue P J P (May 09)
Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process P J P (Apr 18)
CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests P J P (May 24)
CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine P J P (May 30)
CVE-2016-3713 Linux kernel: kvm: OOB r/w access issue with MSR 0x2F8 P J P (May 16)
CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl P J P (May 30)
CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd P J P (Jun 01)
Re: CVE Request: Linux kernel: remote buffer overflow in usbip P J P (Apr 19)
CVE request Qemu: i386: leakage of stack memory to guest in kvmvapic.c P J P (Apr 13)
CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd P J P (May 19)
CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine P J P (May 30)
CVE-2016-4440 Kernel: kvm: vmx: incorrect state update leading to MSR access P J P (May 19)
Re: CVE Request: Out-of-bands write issue found in qemu P J P (May 02)
CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines P J P (May 23)
Re: CVE Request: Out-of-bands write issue found in qemu P J P (Apr 26)
CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration P J P (May 25)
CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info P J P (Jun 08)
CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO P J P (Jun 07)
PXO????
?????? [oss-security] 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 27)
3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 26)
Randy Barlow
Pulp 2.8.3 Released to address multiple CVEs Randy Barlow (May 19)
Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow (Apr 18)
Pulp 2.8.2 release for CVE-2016-3095 Randy Barlow (Apr 06)
CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users Randy Barlow (Apr 18)
CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow (Apr 15)
_rc0r
CVE Request - PECL-HTTP 3.0.0 Buffer overflow _rc0r (Jun 28)
redrain root
Ruby:HTTP Header injection in 'net/http' redrain root (Jun 24)
Reed Loden
Re: Ruby gem rack-mini-profiler CVE-2016-4442 Reed Loden (Jun 10)
Régis Leroy
CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL Régis Leroy (Apr 16)
Robert Święcki
Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki (Jun 13)
Roman Drahtmueller
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller (Jun 08)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller (Jun 09)
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller (Jun 08)
Ryan Huber
ImageMagick Is On Fire -- CVE-2016-3714 Ryan Huber (May 03)
Salvatore Bonaccorso
Re: Please reject duplicate CVE for libxml2 Salvatore Bonaccorso (Jun 07)
CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues Salvatore Bonaccorso (Jun 23)
Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) Salvatore Bonaccorso (May 16)
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Salvatore Bonaccorso (Apr 21)
CVE Request: roundcube: XSS vulnerability in mail content page Salvatore Bonaccorso (May 25)
CVE Request: jq: heap buffer overflow in tokenadd() function Salvatore Bonaccorso (Apr 22)
CVE Request: ikiwiki: HTML-escape error messages to prevent cross-site scripting attack Salvatore Bonaccorso (May 06)
CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c Salvatore Bonaccorso (May 18)
CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Salvatore Bonaccorso (Apr 14)
CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 Salvatore Bonaccorso (May 05)
CVE Request: OpenAFS: OPENAFS-SA-2016-002 - various client functionality leak stack data onto the wire in the clear Salvatore Bonaccorso (May 05)
CVE Request: perl: denial-of-service / Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU Salvatore Bonaccorso (Apr 20)
Re: CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP Salvatore Bonaccorso (Apr 30)
CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing Salvatore Bonaccorso (May 07)
CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Salvatore Bonaccorso (May 06)
CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF Salvatore Bonaccorso (Apr 23)
Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it Salvatore Bonaccorso (Jun 24)
CVE Request: Linux: IB/security: Restrict use of the write() interface' Salvatore Bonaccorso (May 06)
CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs Salvatore Bonaccorso (Jun 06)
Re: CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (May 03)
Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) Salvatore Bonaccorso (May 12)
CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (Apr 30)
CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash) Salvatore Bonaccorso (Jun 29)
CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP Salvatore Bonaccorso (Apr 25)
Re: Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash) Salvatore Bonaccorso (Jun 30)
Sam Saffron
Ruby gem rack-mini-profiler CVE-2016-4442 Sam Saffron (Jun 10)
Scott Arciszewski
Simple Machines Forums - PHP Object Injection Scott Arciszewski (Jun 10)
Scott Balneaves
Re: CVE Request: libpam-sshauth: local root privilege escalation Scott Balneaves (May 03)
Scotty
CVE Request: Linux kernel HID: hiddev buffer overflows Scotty (Jun 25)
Sebastian Krahmer
CVE-Request for brltty auth bypass Sebastian Krahmer (Apr 12)
SELinux troubles Sebastian Krahmer (Jun 21)
Sebastian Pipping
Re: expat hash collision fix too predictable? Sebastian Pipping (Jun 04)
Re: expat hash collision fix too predictable? Sebastian Pipping (Jun 04)
Re: expat hash collision fix too predictable? Sebastian Pipping (Jun 03)
Sébastien Delafond
Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL Sébastien Delafond (Apr 18)
Seth Arnold
Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold (May 03)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold (May 03)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold (May 03)
CVE Requests: libimobiledevice and libusbmuxd Seth Arnold (May 25)
shravan kumar
Reflected XSS Vulnerability in Wordpress Custom-metas plugin 1.5.1 shravan kumar (Apr 16)
Unauthenticated XSS Vulnerability in WORDPRESS FAQ WD plugin 1.0.14. shravan kumar (Apr 16)
Unauthenticated XSS Vulnerability in kento-post-view-counter Wordpress Plugin 2.8 shravan kumar (Apr 16)
CSRF and Stored XSS in Kento post viewer counter wordpress Plugin 2.8 shravan kumar (Apr 16)
CSRF and Stored XSS in a WORDPRESS Plugin LeenkMe version 2.5.0. shravan kumar (Apr 16)
Simon Lees
CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser) Simon Lees (May 03)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon Lees (May 20)
Simon McVittie
Re: broken RSA keys Simon McVittie (May 05)
Re: CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image Simon McVittie (Jun 14)
Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon McVittie (May 19)
Solar Designer
Re: s/party/hack like it's 1999 Solar Designer (Apr 21)
CVE-2016-2177: OpenSSL undefined pointer arithmetic Solar Designer (Jun 08)
Re: broken RSA keys Solar Designer (May 12)
Re: OpenSSL Security Advisory [3rd May 2016] Solar Designer (May 03)
Re: broken RSA keys Solar Designer (May 04)
Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump Solar Designer (May 24)
Re: broken RSA keys Solar Designer (May 05)
broken RSA keys Solar Designer (May 04)
Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols Solar Designer (Jun 05)
CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Solar Designer (Jun 08)
Re: broken RSA keys Solar Designer (May 05)
Re: CVE request:SQL injection in TeamPass Solar Designer (Apr 28)
Re: broken RSA keys Solar Designer (May 04)
list mail bounces; libtiff Solar Designer (Apr 21)
Re: libonion 0.8 contains security fixes Solar Designer (May 04)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Solar Designer (May 03)
Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Solar Designer (Jun 22)
libonion 0.8 contains security fixes Solar Designer (May 04)
Re: broken RSA keys Solar Designer (May 05)
Re: "The Blind SQL Injection Issue" explanation Solar Designer (Jun 01)
OpenSSL Security Advisory [3rd May 2016] Solar Designer (May 03)
Stanislav Datskovskiy
Re: broken RSA keys Stanislav Datskovskiy (May 05)
Re: broken RSA keys Stanislav Datskovskiy (May 04)
Re: broken RSA keys Stanislav Datskovskiy (May 05)
Re: broken RSA keys Stanislav Datskovskiy (May 05)
Stefan Cornelius
Re: Security issues addressed in GraphicsMagick SVG reader Stefan Cornelius (May 31)
ImageMagick CVEs Stefan Cornelius (May 31)
Stefan Horlacher
CVE-Request: TYPO3 Extbase Missing Access Check Stefan Horlacher (May 25)
Stefan Kanthak
CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
Re: CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
Steve Beattie
Re: Re: CVE Request: kernel information leak vulnerability in Linux sound module Steve Beattie (May 10)
Sven Kieske
Re: ImageMagick Is On Fire -- CVE-2016-3714 Sven Kieske (May 20)
Sysdream Labs
Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename) Sysdream Labs (Apr 21)
Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights) Sysdream Labs (Apr 21)
Takashi Iwai
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)
Theodore Ts'o
Re: ext4 data corruption due to punch hole races Theodore Ts'o (Apr 02)
Re: ext4 data corruption due to punch hole races Theodore Ts'o (Apr 02)
Thomas Klausner
Re: ImageMagick Is On Fire -- CVE-2016-3714 Thomas Klausner (May 19)
Tim
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 15)
Re: ImageMagick Is On Fire -- CVE-2016-3714 Tim (May 03)
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 14)
Tim Allison
[CVE-2016-4434] Apache Tika XML External Entity vulnerability Tim Allison (May 26)
Tim Bain
Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Tim Bain (May 24)
Timo Juhani Lindfors
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection Timo Juhani Lindfors (May 04)
Tobias Stoeckmann
CVE Request for Denial of Service in pacman 5.0.1 Tobias Stoeckmann (Jun 11)
Tomas Hoger
Re: SELinux troubles Tomas Hoger (Jun 21)
Tony Homer
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Tony Homer (Apr 27)
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
Tristan Cacqueray
CVE request for vulnerability in OpenStack Neutron Tristan Cacqueray (Jun 10)
[OSSA-2016-009] Neutron IPTables firewall anti-spoof protection bypass (CVE-2016-5362, CVE-2016-5363, CVE-2015-8914) Tristan Cacqueray (Jun 13)
[OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428) Tristan Cacqueray (Jun 17)
Tute Costa
Cross-site request forgery (CSRF) vulnerability in administrate gem Tute Costa (Apr 01)
Vagrant Cascadian
Re: CVE Request: libpam-sshauth: local root privilege escalation Vagrant Cascadian (May 03)
Velmurugan Periasamy
CVE update (CVE-2016-2174) - Fixed in Ranger 0.5.3 Velmurugan Periasamy (Jun 01)
Vinc3nt4H
CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS Vinc3nt4H (May 05)
CVE request - samsumg android phone TvoutService_C binder service DoS Vinc3nt4H (May 05)
Vincent Danjean
root escalation from any user on clusters managed with OAR Vincent Danjean (Apr 05)
VoidSec
CVE Request for VirIT Explorer v.8.1.68 Local Privilege Escalation VoidSec (May 12)
Wade Mealing
CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request Wade Mealing (May 16)
CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree(). Wade Mealing (Jun 14)
CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Wade Mealing (Apr 13)
CVE-2016-0723: Linux kernel: Kernel memory disclosure. Wade Mealing (Apr 26)
CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files. Wade Mealing (May 12)
Willy Tarreau
Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Willy Tarreau (Jun 10)
WinsonLiu
Re: Re: CVE Request - OpenJPEG: Security Fixes WinsonLiu (May 12)
Xen . org security team
Xen Security Advisory 181 - arm: Host crash caused by VMID exhaustion Xen . org security team (Jun 03)
Xen Security Advisory 181 (CVE-2016-5242) - arm: Host crash caused by VMID exhaustion Xen . org security team (Jun 06)
Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging Xen . org security team (May 23)
Xen Security Advisory 176 (CVE-2016-4480) - x86 software guest page walk PS bit handling flaw Xen . org security team (May 17)
Xen Security Advisory 179 (CVE-2016-3710,CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks Xen . org security team (May 09)
Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling Xen . org security team (Jun 02)
Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling Xen . org security team (Jun 06)
Xen Security Advisory 173 (CVE-2016-3960) - x86 shadow pagetables: address width overflow Xen . org security team (Apr 18)
Xen Security Advisory 179 (CVE-2016-3710,CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks Xen . org security team (May 10)
Xen Security Advisory 174 (CVE-2016-3961) - hugetlbfs use may crash PV Linux guests Xen . org security team (Apr 14)
xiong piaox
[CVE-2016-3972]DotCMS Directory traversal vulnerability xiong piaox (Apr 07)
[CVE-2016-3971]DotCMS xss vulnerability xiong piaox (Apr 07)
Yann Droneaud
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Yann Droneaud (May 09)
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Yann Droneaud (May 09)
Yue Liu
CVE request: Multiple vunerabilities in libdwarf & dwarfdump Yue Liu (May 24)
Yusaku Sako
[CVE-2016-0731] Apache Ambari: Ambari File Browser View security vulnerability Yusaku Sako (May 16)
Yves-Alexis Perez
Re: Debian Exim Spool Local Root Yves-Alexis Perez (Jun 30)
Re: ext4 data corruption due to punch hole races Yves-Alexis Perez (Apr 02)
刘科
CVE Request - OpenJPEG: Security Fixes 刘科 (May 11)
张开翔
CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image 张开翔 (Jun 14)
CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero 张开翔 (Jun 14)
CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool 张开翔 (Apr 12)
CVE-2016-3632 - libtiff 4.0.6 illegel write 张开翔 (Apr 08)
CVE-2016-5321: libtiff 4.0.6 DumpModeDecode(): Ddos 张开翔 (Jun 14)
CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool 张开翔 (Apr 07)
CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation 张开翔 (Jun 14)
CVE-2016-5316: libtiff 4.0.6 tif_pixarlog.c: PixarLogCleanup() Segmentation fault 张开翔 (Jun 14)
CVE-2016-5322:libtiff 4.0.6 extractContigSamplesBytes: out-of-bounds read 张开翔 (Jun 14)
CVE-2016-5314:libtiff 4.0.6 PixarLogDecode() out-of-bound writes 张开翔 (Jun 14)
CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool 张开翔 (Apr 12)
CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution 张开翔 (Jun 14)
李强
CVE Request: Out-of-bands write issue found in qemu 李强 (Apr 26)
王梅
CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool 王梅 (Apr 07)
CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool 王梅 (Apr 07)
CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool 王梅 (Apr 07)
CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool 王梅 (Apr 07)
CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool 王梅 (Apr 07)
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 08)