oss-sec: by thread
689 messages
starting Jul 01 16 and
ending Sep 30 16
Date index |
Thread index |
Author index
- SQLite Tempdir Selection Vulnerability Andreas Stieger (Jul 01)
- Re: SQLite Tempdir Selection Vulnerability cve-assign (Jul 01)
- CVE requests / Advisory: ATutor <= 2.2.1 Matthew Daley (Jul 01)
- CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay (Jul 01)
- Re: CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay (Aug 11)
- Re: CVE Request: ipywidgets executes untrusted JavaScript Jamie Whitacre (Sep 21)
- Re: CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay (Aug 11)
- [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell (Jul 02)
- Re: [FD] [oss-security] libical 0.47 SEGV on unknown address Brandon Perry (Jul 04)
- [CVE-2016-1000007] Pagure: XSS in raw file endpoint Patrick Uiterwijk (Jul 04)
- Browsing and attaching images considered harmful in Linux Gustavo Grieco (Jul 04)
- Re: Browsing and attaching images considered harmful in Linux cve-assign (Jul 05)
- Re: Browsing and attaching images considered harmful in Linux Gustavo Grieco (Jul 06)
- Re: Browsing and attaching images considered harmful in Linux Salvatore Bonaccorso (Jul 06)
- Re: Browsing and attaching images considered harmful in Linux cve-assign (Jul 05)
- BUG_ON crash in linux 4.7-rc6/master skbuff.c Marco Grassi (Jul 05)
- Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c cve-assign (Jul 05)
- CVE ID Request : OpenFire multiple vulnerabilities Sysdream Labs (Jul 05)
- CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay) Christoph Biedl (Jul 05)
- Fwd: CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Solar Designer (Jul 05)
- <Possible follow-ups>
- CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 05)
- CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Salvatore Bonaccorso (Jul 05)
- Malicious primary DNS servers can crash secondaries Florian Weimer (Jul 06)
- Re: Malicious primary DNS servers can crash secondaries cve-assign (Jul 06)
- Re: Malicious primary DNS servers can crash secondaries Remi Gacogne (Jul 07)
- CVE Request: perl: XSLoader: could load shared library from incorrect location Salvatore Bonaccorso (Jul 07)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad (Jul 07)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jul 08)
- <Possible follow-ups>
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jul 12)
- Re: CVE request: several SOGo issues (DOS, XSS, information leakage) Jens Erat (Jul 08)
- Re: CVE request: several SOGo issues (DOS, XSS, information leakage) cve-assign (Jul 09)
- On anonymous CVE assignments Lior Kaplan (Jul 08)
- Re: On anonymous CVE assignments Kurt Seifried (Jul 08)
- Re: On anonymous CVE assignments Glenn Randers-Pehrson (Jul 08)
- Re: On anonymous CVE assignments Glenn Randers-Pehrson (Jul 09)
- Re: On anonymous CVE assignments Glenn Randers-Pehrson (Jul 08)
- Re: On anonymous CVE assignments Kurt Seifried (Jul 08)
- CVE request: apparmor: oops in apparmor_setprocattr() John Johansen (Jul 08)
- Re: CVE request: apparmor: oops in apparmor_setprocattr() cve-assign (Jul 09)
- Re: CVE request: apparmor: oops in apparmor_setprocattr() Ben Laurie (Jul 11)
- Re: CVE request: apparmor: oops in apparmor_setprocattr() Tyler Hicks (Jul 11)
- CVE-2016-4971: wget < 1.18 trusts server-provided filename on HTTP to FTP redirects Solar Designer (Jul 09)
- CVE request:SQL injections in TeamPass das das (Jul 10)
- CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 11)
- Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Hanno Böck (Jul 11)
- Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 11)
- Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Florian Weimer (Jul 11)
- Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 12)
- Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 11)
- Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Hanno Böck (Jul 11)
- cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel CAI Qian (Jul 11)
- CVE-2016-5389: linux kernel - challange ack information leak. Wade Mealing (Jul 11)
- Re: CVE-2016-5389: linux kernel - challange ack information leak. Wade Mealing (Jul 12)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 14)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 14)
- RE: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 14)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 15)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 16)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 16)
- RE: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 17)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 17)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Gsunde Orangen (Aug 17)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 17)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Salvatore Bonaccorso (Aug 17)
- Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 14)
- Re: Pylint checks not as static as one would think Jakub Wilk (Jul 12)
- CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c Salvatore Bonaccorso (Jul 12)
- Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c cve-assign (Aug 22)
- <Possible follow-ups>
- Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c Anonymous (Jul 14)
- Vulnerabilities in Apache Archiva 0ang3el 0ang3el (Jul 12)
- CVE request for the Play Framework David Black (Jul 12)
- Re: CVE request for the Play Framework cve-assign (Jul 15)
- Re: CVE request for the Play Framework David Black (Jul 17)
- <Possible follow-ups>
- Re: CVE request for the Play Framework Will Sargent (Jul 20)
- Re: CVE request for the Play Framework cve-assign (Jul 15)
- CVE Requests: Information exposure caused by ecryptfs-setup-swap failures Tyler Hicks (Jul 12)
- Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures cve-assign (Jul 14)
- CVE request: Information leak in LibTIFF Mathias Svensson (Jul 13)
- Re: CVE request: Information leak in LibTIFF cve-assign (Jul 14)
- CVE requests for Drupal Core - SA-CORE-2016-002 Pere Orga (Jul 13)
- Re: CVE requests for Drupal Core - SA-CORE-2016-002 cve-assign (Jul 13)
- Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco (Jul 13)
- cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian (Jul 13)
- Re: cve request: local DoS by overflowing kernel mount table using shared bind mount cve-assign (Jul 13)
- Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Greg KH (Jul 13)
- Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian (Jul 14)
- Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Jessica Frazelle (Jul 14)
- Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian (Jul 15)
- Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Jesse Hertz (Jul 15)
- Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Greg KH (Jul 13)
- Re: cve request: local DoS by overflowing kernel mount table using shared bind mount cve-assign (Jul 13)
- CVE Request: openshift-node is logging private RSA keys to the systemd journal Michael Scherer (Jul 13)
- CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Franco Costantini (Jul 13)
- Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Gustavo Grieco (Jul 26)
- Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 cve-assign (Jul 26)
- Re: Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Gustavo Grieco (Jul 27)
- CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala (Jul 13)
- Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign (Jul 17)
- Re: Re: CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala (Jul 17)
- Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign (Jul 18)
- Re: Re: CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala (Jul 17)
- Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign (Jul 17)
- Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
- Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
- Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
- Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 16)
- Re: Multiple Bugs in OpenBSD Kernel cve-assign (Jul 17)
- Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
- [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows Justin Ross (Jul 15)
- CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select Salvatore Bonaccorso (Jul 15)
- CVE Request for KNewStuff/KArchive issue David Faure (Jul 16)
- Re: CVE Request for KNewStuff/KArchive issue cve-assign (Jul 16)
- multiple memory corruption issues in lepton Marco Grassi (Jul 16)
- Re: multiple memory corruption issues in lepton cve-assign (Jul 17)
- CVE requests for Drupal contributed modules Pere Orga (Jul 17)
- Multiple stored Cross-Site Scripting vulnerabilities affecting three WordPress Plugins Summer of Pwnage (Jul 17)
- Multiple reflected Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins Summer of Pwnage (Jul 17)
- Multiple Local File Inclusion vulnerabilities affecting three WordPress Plugins Summer of Pwnage (Jul 17)
- CVE request for webkit js engine javascriptcore jun3 June (Jul 17)
- Re: CVE request for webkit js engine javascriptcore Solar Designer (Jul 18)
- A CGI application vulnerability for PHP, Go, Python and others Richard Rowe (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Peter Bex (Jul 21)
- Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Jan Schaumann (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer (Jul 18)
- Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried (Jul 18)
- CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) Alexander Sulfrian (Jul 18)
- Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) cve-assign (Jul 26)
- [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak (Jul 18)
- Re: CVE-2016-5321: libtiff 4.0.6 DumpModeDecode(): Ddos akuster (Jul 18)
- Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero akuster (Jul 18)
- libupnp write files via POST Hanno Böck (Jul 18)
- Re: libupnp write files via POST cve-assign (Jul 20)
- [ANNOUNCE] Django security releases issued: 1.10 release candidate 1, 1.9.8, and 1.8.14 Tim Graham (Jul 18)
- ISC security issue CVE-2016-2775 (potential denial-of-service attack against lwres functionality in BIND) Michael McNally (Jul 18)
- Ruining the Magic of Magento's Encryption Library Scott Arciszewski (Jul 18)
- Re: Ruining the Magic of Magento's Encryption Library Scott Arciszewski (Jul 18)
- Re: Ruining the Magic of Magento's Encryption Library cve-assign (Jul 27)
- CVE ID Request: FOG Project Multiple Vulnerabilities Sysdream Labs (Jul 19)
- Re: CVE ID Request: FOG Project Multiple Vulnerabilities Henri Salo (Sep 04)
- Re: CVE ID Request: FOG Project Multiple Vulnerabilities Sysdream Labs (Sep 04)
- Re: CVE ID Request: FOG Project Multiple Vulnerabilities Henri Salo (Sep 04)
- subuid security patches for shadow package Sebastian Krahmer (Jul 19)
- Re: subuid security patches for shadow package Sebastian Krahmer (Jul 19)
- Re: subuid security patches for shadow package Eric W. Biederman (Jul 19)
- Re: [Pkg-shadow-devel] subuid security patches for shadow package Nicolas François (Jul 20)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Salvatore Bonaccorso (Jul 22)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer (Jul 25)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer (Jul 25)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Solar Designer (Jul 25)
- Re: subuid security patches for shadow package Eric W. Biederman (Jul 19)
- Re: subuid security patches for shadow package cve-assign (Jul 20)
- Re: subuid security patches for shadow package Sebastian Krahmer (Jul 19)
- Buffer overflow in libarchive-3.2.0 Christian Wressnegger (Jul 20)
- <Possible follow-ups>
- Re: Buffer overflow in libarchive-3.2.0 Christian Wressnegger (Jul 20)
- Multiple vulnerabilities affecting five WordPress Plugins (XSS, CSRF & SQLi) Summer of Pwnage (Jul 20)
- CVE request: multiple issues fixed in GNU libidn 1.33 Andreas Stieger (Jul 20)
- Re: CVE request: multiple issues fixed in GNU libidn 1.33 cve-assign (Jul 21)
- Re: CVE request: multiple issues fixed in GNU libidn 1.33 Hanno Böck (Jul 29)
- CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen (Jul 20)
- Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Lucian Cojocar (Jul 20)
- <Possible follow-ups>
- Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution cve-assign (Jul 21)
- mupdf library use after free Marco Grassi (Jul 21)
- Re: mupdf library use after free cve-assign (Jul 21)
- panic at big_key_preparse #4.7-r6/rc7 & master zer0mem (Jul 22)
- Re: panic at big_key_preparse #4.7-r6/rc7 & master Greg KH (Jul 22)
- [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison (Jul 22)
- XSS vulnerability in ILIAS before version 5.1.3, 5.0.11 and 4.4.14 Walter (Jul 23)
- XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Jul 23)
- Fwd: CVE for PHP 5.5.38 issues Lior Kaplan (Jul 24)
- Re: Fwd: CVE for PHP 5.5.38 issues cve-assign (Jul 24)
- CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
- Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
- Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Greg KH (Jul 24)
- Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
- Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Luis Henriques (Jul 27)
- Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Greg KH (Jul 24)
- Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Bálint Réczey (Jul 25)
- Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS Larry W. Cashdollar (Jul 25)
- CVE-2016-4451, CVE-2016-4475: Foreman organizations/locations API/UI privilege escalations Dominic Cleal (Jul 25)
- CVE-2016-4995: Foreman information disclosure through unauthorized template previews Dominic Cleal (Jul 25)
- CVE-2016-5390: Foreman information disclosure in host interfaces/parameters API Dominic Cleal (Jul 25)
- Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 25)
- Re: Use after free in my_login() function of DBD::mysql (Perl module) cve-assign (Jul 26)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 28)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 29)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 29)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 30)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Joshua J. Drake (Jul 31)
- Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 28)
- Re: Use after free in my_login() function of DBD::mysql (Perl module) cve-assign (Jul 26)
- CVE request Qemu: scsi: esp: oob write access while reading ESP command P J P (Jul 25)
- Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command cve-assign (Jul 26)
- Xen Security Advisory 182 (CVE-2016-6258) - x86: Privilege escalation in PV guests Xen . org security team (Jul 26)
- Xen Security Advisory 183 (CVE-2016-6259) - x86: Missing SMAP whitelisting in 32-bit exception / event delivery Xen . org security team (Jul 26)
- Reflected XSS & SQLi in HugeIT slideshow v1.0.4 Larry W. Cashdollar (Jul 26)
- SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla Larry W. Cashdollar (Jul 26)
- <Possible follow-ups>
- SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla Larry W. Cashdollar (Jul 28)
- cve request: systemd-machined: information exposure for docker containers CAI Qian (Jul 26)
- Re: cve request: systemd-machined: information exposure for docker containers cve-assign (Jul 26)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 27)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Jesse Hertz (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Jessica Frazelle (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Simon McVittie (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Shiz (Aug 01)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 03)
- Re: cve request: systemd-machined: information exposure for docker containers CAI Qian (Aug 10)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 10)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers cve-assign (Jul 26)
- CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD Jesse Hertz (Jul 26)
- Re: CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD cve-assign (Jul 26)
- CVE request : a stored XSS in Xcloner for wordpress limingxing (Jul 27)
- CVE request: Jenkins plugin 'Cucumber Reports' 1.3.0 to 2.5.1 disabled XSS protection mechanism Daniel Beck (Jul 27)
- CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS P J P (Jul 27)
- CVE Request: DBD-mysql: use-after-free in mysql_dr_error Salvatore Bonaccorso (Jul 27)
- Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error cve-assign (Jul 27)
- Xen Security Advisory 184 (CVE-2016-5403) - virtio: unbounded memory allocation issue Xen . org security team (Jul 27)
- CVE Request: redis: World readable .rediscli_history Salvatore Bonaccorso (Jul 28)
- Re: CVE Request: redis: World readable .rediscli_history cve-assign (Jul 28)
- CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode P J P (Jul 28)
- CVE request: Wireshark 2.0.5 and 1.12.13 security releases Andreas Stieger (Jul 28)
- Re: CVE request: Wireshark 2.0.5 and 1.12.13 security releases cve-assign (Aug 01)
- CVE Request Qemu: virtio: infinite loop in virtqueue_pop P J P (Jul 28)
- Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop cve-assign (Jul 28)
- Reflected XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Larry W. Cashdollar (Jul 28)
- CVE-Request Buffer overflow ImageMagick Ibrahim el-sayed (Jul 28)
- Re: CVE-Request Buffer overflow ImageMagick cve-assign (Jul 28)
- paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 28)
- Re: paps: heap overflow when processing crafted file cve-assign (Jul 28)
- Re: Re: paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 29)
- Re: paps: heap overflow when processing crafted file cve-assign (Jul 29)
- Re: Re: paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 29)
- Re: paps: heap overflow when processing crafted file cve-assign (Jul 28)
- CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Huzaifa Sidhpurwala (Jul 29)
- Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks cve-assign (Jul 29)
- Re: Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Huzaifa Sidhpurwala (Jul 31)
- Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Hanno Böck (Jul 30)
- Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks cve-assign (Jul 29)
- cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node 张开翔 (Jul 29)
- Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node cve-assign (Aug 03)
- <Possible follow-ups>
- Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica (Sep 01)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 01)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Monica (Sep 01)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 01)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica (Sep 02)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 02)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica (Sep 05)
- Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 01)
- CVE request: mongodb: world-readable .dbshell history file Sébastien Delafond (Jul 29)
- Re: CVE request: mongodb: world-readable .dbshell history file cve-assign (Jul 29)
- Re: Re: CVE request: mongodb: world-readable .dbshell history file Grant Ridder (Aug 01)
- Re: CVE request: mongodb: world-readable .dbshell history file Sébastien Delafond (Aug 01)
- Re: Re: CVE request: mongodb: world-readable .dbshell history file Grant Ridder (Aug 01)
- Re: CVE request: mongodb: world-readable .dbshell history file cve-assign (Jul 29)
- badUSB exploit - affects all Linux distros פאי פי (Jul 31)
- Re: badUSB exploit - affects all Linux distros Greg KH (Jul 31)
- Re: badUSB exploit - affects all Linux distros Greg KH (Jul 31)
- Re: badUSB exploit - affects all Linux distros Greg KH (Jul 31)
- Multiple vulnerabilities affecting four WordPress Plugins & one Theme Summer of Pwnage (Jul 31)
- CVE Request: Linux >= 4.5 double fetch leading to heap overflow Scott Bauer (Jul 31)
- Re: CVE Request: Linux >= 4.5 double fetch leading to heap overflow cve-assign (Aug 01)
- Announce: OpenSSH 7.3 released Damien Miller (Aug 01)
- CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 petrella.pietro (Aug 01)
- Re: CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 cve-assign (Aug 01)
- CVE Request: CSRF in Grails console Dario Bertini (Aug 01)
- Re: CVE Request: CSRF in Grails console cve-assign (Aug 02)
- Re: CVE Request: CSRF in Grails console Dario Bertini (Aug 02)
- Grails Console is still vulnerable to CSRF CVE-2016-6521 Dario Bertini (Aug 03)
- Re: CVE Request: CSRF in Grails console cve-assign (Aug 02)
- CVE request: XSS vulns in Dotclear v2.9.1 陈瑞琦 (Aug 01)
- Re: CVE request: XSS vulns in Dotclear v2.9.1 cve-assign (Aug 02)
- glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) Florian Weimer (Aug 02)
- CVE Request ImageMagick buffer overflow Ibrahim el-sayed (Aug 02)
- Re: CVE Request ImageMagick buffer overflow cve-assign (Aug 02)
- Re: Ruby:HTTP Header injection in 'net/http' Marcus Meissner (Aug 02)
- CVE Request: Denial-of-Service / Unexploitable Memory Corruption in mmap() on OpenBSD Jesse Hertz (Aug 02)
- Multiple vulnerabilities affecting seven WordPress (XSS, CSRF, SQLi) Summer of Pwnage (Aug 02)
- CVE request:Heap overflow vulns in MuPDF redrain root (Aug 02)
- Re: CVE request:Heap overflow vulns in MuPDF cve-assign (Aug 03)
- [SECURITY VULNERABILITY] curl: TLS session resumption client cert bypass Daniel Stenberg (Aug 03)
- [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Daniel Stenberg (Aug 03)
- Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Kamil Dudka (Sep 05)
- Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert cve-assign (Sep 05)
- Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Kamil Dudka (Sep 05)
- [SECURITY VULNERABILITY] curl: use of connection struct after free Daniel Stenberg (Aug 03)
- CVE-2016-6301: busybox: NTP server denial of service flaw Martin Prpic (Aug 03)
- CVE-2016-6580, Python Priority: DoS via Unlimited Stream Insertion Cory Benfield (Aug 04)
- CVE-2016-6581, Python HPACK and old Python Hyper releases: HPACK Bomb Cory Benfield (Aug 04)
- Multiple Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins Summer of Pwnage (Aug 04)
- CVE-2016-0760: Hive builtin functions “reflect”, “reflect2”, and “java_method” are not blocked in Apache Sentry Sravya Tirukkovalur (Aug 04)
- Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom 0xr0ot (Aug 04)
- Read out-of-bounds parsing bash code in GNU Bash 4.3 Gustavo Grieco (Aug 05)
- Re: Read out-of-bounds parsing bash code in GNU Bash 4.3 Gustavo Grieco (Aug 08)
- CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference Idler (Aug 05)
- Re: CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference cve-assign (Aug 17)
- CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) Salvatore Bonaccorso (Aug 07)
- Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) cve-assign (Sep 21)
- RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972) Kirill Zaitsev (Aug 08)
- MatrixSSL Bignum bugs Hanno Böck (Aug 08)
- Re: MatrixSSL Bignum bugs cve-assign (Aug 19)
- FreeBSD update components vulns (libarchive, bsdiff, portsnap) Hanno Böck (Aug 09)
- CVE Requests Facebook HHVM F. Alonso (Aug 11)
- Re: CVE Requests Facebook HHVM cve-assign (Aug 18)
- [CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson (Aug 11)
- Re: [CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson (Aug 11)
- [CVE-2016-6317] Unsafe Query Generation Risk in Active Record Aaron Patterson (Aug 11)
- CVE Request Qemu: Information leak in vmxnet3_complete_packet P J P (Aug 11)
- Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet cve-assign (Aug 17)
- CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation P J P (Aug 11)
- CVE request Qemu: an infinite loop during packet fragmentation P J P (Aug 11)
- Re: CVE request Qemu: an infinite loop during packet fragmentation cve-assign (Aug 17)
- CVE request: Qemu net: vmxnet3: use after free while writing P J P (Aug 11)
- Re: CVE request: Qemu net: vmxnet3: use after free while writing cve-assign (Aug 17)
- CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 11)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Kurt Seifried (Aug 11)
- Re: [Bug-wget] [oss-security] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen (Aug 12)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Jordan Bettis (Aug 25)
- Re: [Bug-wget] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen (Aug 14)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign (Aug 27)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 28)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign (Aug 28)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 28)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Kurt Seifried (Aug 11)
- CVE request: XSS vuln in b2evolution v6.7.4 陈瑞琦 (Aug 12)
- [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Maxim Solodovnik (Aug 12)
- [CVE-2016-6671] ffmpeg buffer overflow when decoding swf 连一汉 (Aug 12)
- libav: heap-based buffer overflow in ff_audio_resample (resample.c) Agostino Sarubbo (Aug 13)
- Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c) cve-assign (Aug 17)
- gorgeous squid3 (Aug 14)
- Re: gorgeous Solar Designer (Aug 14)
- CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex (Aug 14)
- Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 14)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 16)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master cve-assign (Aug 17)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
- Multiple vulnerabilities affecting eleven WordPress Plugins (XSS, CSRF, LFI & object injection) Summer of Pwnage (Aug 15)
- Fwd: Security vulnerability - read out-of-bounds leads to memory leak Ibrahim el-sayed (Aug 15)
- CVE Request: Default password in openstack / crowbar trove Marcus Meissner (Aug 16)
- Re: CVE Request: Default password in openstack / crowbar trove cve-assign (Aug 17)
- cracklib: Stack-based buffer overflow when parsing large GECOS field Huzaifa Sidhpurwala (Aug 16)
- Re: cracklib: Stack-based buffer overflow when parsing large GECOS field Salvatore Bonaccorso (Aug 23)
- firewalld: Firewall configuration can be modified by any logged in user Huzaifa Sidhpurwala (Aug 16)
- CVE-2016-4973 gcc: Targets using libssp for SSP are missing -D_FORTIFY_SOURCE functionality Cedric Buissart (Aug 17)
- Libgcrypt and GnuPG 1.4 RNG output prediction Solar Designer (Aug 17)
- Re: Libgcrypt and GnuPG 1.4 RNG output prediction Remi Gacogne (Aug 17)
- Re: Libgcrypt and GnuPG 1.4 RNG output prediction Werner Koch (Aug 17)
- Re: Re: Libgcrypt and GnuPG 1.4 RNG output prediction Andrew Gallagher (Aug 18)
- Re: Libgcrypt and GnuPG 1.4 RNG output prediction Solar Designer (Aug 18)
- Re: Re: Libgcrypt and GnuPG 1.4 RNG output prediction Andrew Gallagher (Aug 18)
- CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation Cedric Buissart (Aug 17)
- Re: CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation Cedric Buissart (Aug 22)
- ModSecurity's OWASP CRS v3.0.0-rc1 Released. Chaim Sanders (Aug 17)
- MantisBT: XSS in view_all_bug_page.php Damien Regad (Aug 17)
- Re: MantisBT: XSS in view_all_bug_page.php cve-assign (Aug 17)
- potrace: multiple crashes Agostino Sarubbo (Aug 18)
- CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang Florian Weimer (Aug 18)
- CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 18)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 18)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Ben Hutchings (Aug 18)
- Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Adam Maris (Aug 18)
- Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Willy Tarreau (Aug 18)
- Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 22)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign (Aug 22)
- Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 22)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign (Aug 22)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 23)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign (Aug 23)
- Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Willy Tarreau (Aug 22)
- Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Kurt Seifried (Aug 23)
- RE: [security-vendor] Re: [oss-security] Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Radzykewycz, T (Radzy) (Aug 23)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
- Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 18)
- CVE request - slock, all versions NULL pointer dereference Eric Pruitt (Aug 18)
- Re: CVE request - slock, all versions NULL pointer dereference cve-assign (Aug 18)
- [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 18)
- CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Wade Mealing (Aug 19)
- Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Greg KH (Aug 19)
- CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation P J P (Aug 19)
- Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation cve-assign (Aug 19)
- Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign (Aug 19)
- <Possible follow-ups>
- Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign (Aug 19)
- Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
- Re: Path traversal vulnerability in WordPress Core Ajax handlers cve-assign (Aug 21)
- <Possible follow-ups>
- Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
- memory issues in libksba 1.3.4 and git Pascal Cuoq (Aug 20)
- Re: memory issues in libksba 1.3.4 and git Werner Koch (Aug 22)
- Re: memory issues in libksba 1.3.4 and git Solar Designer (Aug 22)
- Re: memory issues in libksba 1.3.4 and git Werner Koch (Aug 22)
- Re: memory issues in libksba 1.3.4 and git Solar Designer (Aug 22)
- Re: memory issues in libksba 1.3.4 and git Solar Designer (Aug 22)
- Re: memory issues in libksba 1.3.4 and git Werner Koch (Aug 22)
- TLS testing results - OS distro vulnerabilities Mauri Miettinen (Aug 20)
- Re: TLS testing results - OS distro vulnerabilities Kurt Seifried (Aug 21)
- Re: TLS testing results - OS distro vulnerabilities Jakub Wilk (Aug 22)
- Re: TLS testing results - OS distro vulnerabilities Solar Designer (Aug 22)
- Re: TLS testing results - OS distro vulnerabilities Jani Kenttala (Aug 22)
- Re: TLS testing results - OS distro vulnerabilities Solar Designer (Aug 22)
- CVE request: Linux kernel mbcache lock contention denial of service. Wade Mealing (Aug 21)
- Re: CVE request: Linux kernel mbcache lock contention denial of service. cve-assign (Aug 25)
- Re: CVE request: Linux kernel mbcache lock contention denial of service. Greg KH (Sep 05)
- Re: CVE request: Linux kernel mbcache lock contention denial of service. Andreas Stieger (Sep 06)
- CVE update (CVE-2016-5395) - Fixed in Apache Ranger 0.6.1 Velmurugan Periasamy (Aug 22)
- CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands Salvatore Bonaccorso (Aug 22)
- Fuzzing jasper Agostino Sarubbo (Aug 23)
- cve request: overlayfs: Fix dentry reference leak CAI Qian (Aug 23)
- Re: cve request: overlayfs: Fix dentry reference leak cve-assign (Aug 25)
- CVE request - sudoers on Red Hat, Fedora, Mageia information disclosure Doran Moppert (Aug 24)
- Re: CVE request - sudoers on Red Hat, Fedora, Mageia information disclosure cve-assign (Aug 25)
- CVE-2016-6319: Foreman stored XSS in form label helpers Dominic Cleal (Aug 24)
- CVE-2016-6320: Foreman stored XSS in network interface device identifiers Dominic Cleal (Aug 24)
- WebKitGTK+ Security Advisory WSA-2016-0005 Carlos Alberto Lopez Perez (Aug 24)
- CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Vladis Dronov (Aug 26)
- Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit cve-assign (Aug 26)
- Message not available
- Re: Multiple vulnerabilities in RPM – and a rant Kurt Seifried (Aug 26)
- Re: MantisBT weakened CSP when using bundled Gravatar plugin cve-assign (Aug 29)
- Re: Re: MantisBT weakened CSP when using bundled Gravatar plugin Reed Loden (Aug 29)
- Re: MantisBT weakened CSP when using bundled Gravatar plugin Damien Regad (Aug 30)
- Re: Re: MantisBT weakened CSP when using bundled Gravatar plugin Reed Loden (Aug 29)
- Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend P J P (Aug 30)
- Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend cve-assign (Aug 30)
- Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory cve-assign (Aug 31)
- <Possible follow-ups>
- CVE Request: docker swarm node Dos occurs when join a cluster failed using local CA certificate 张开翔 (Sep 01)
- cve request: docker swarm node Dos occurs when join a cluster failed using local CA certificate Diogo Mónica (Sep 05)
- Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl cve-assign (Sep 02)
- Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis William Pitcock (Sep 05)
- Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis cve-assign (Sep 05)
- Re: CVE request: Plone multiple vulnerabilities Nathan Van Gheem (Sep 05)
- Re: CVE request: Plone multiple vulnerabilities cve-assign (Sep 05)
- Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list cve-assign (Sep 06)
- Re: GraphicsMagick 1.3.25 fixes some security issues Agostino Sarubbo (Sep 09)
- Re: GraphicsMagick 1.3.25 fixes some security issues Bob Friesenhahn (Sep 09)
- Re: GraphicsMagick 1.3.25 fixes some security issues cve-assign (Sep 18)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger (Sep 14)
- Message not available
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Anonymous (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Moritz Muehlenhoff (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Jeremy Stanley (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Seth Arnold (Sep 14)
- Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection cve-assign (Sep 14)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 15)
- Re: CVE Request: File Roller path traversal cve-assign (Sep 07)
- Re: CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service cve-assign (Sep 07)
- Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue cve-assign (Sep 07)
- Re: CVE Request: OpenJPEG Integer Overflow Issue cve-assign (Sep 07)
- Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine cve-assign (Sep 08)
- Re: CVEs for public Kibana / logstash issues Kurt Seifried (Sep 09)
- Re: multiple crashes in radare2/radiff2 Solar Designer (Sep 08)
- Message not available
- Fwd: multiple crashes in radare2/radiff2 Vahagn Vardanyan (Sep 09)
- Message not available
- Re: multiple crashes in radare2/radiff2 Tavis Ormandy (Sep 09)
- Re: CVE request for webp:index overflow,used by memcpy later cve-assign (Sep 09)
- Re: ettercap: etterlog: multiple crashes cve-assign (Sep 09)
- Re: autotrace: out-of-bounds write cve-assign (Sep 10)
- Re: autotrace: out-of-bounds write Brian May (Sep 12)
- Re: libav: out-of-bounds stack read cve-assign (Sep 10)
- Re: CVE Request: XSS vulns in b2evolution v6.7.5 cve-assign (Sep 14)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Solar Designer (Sep 12)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Solar Designer (Sep 13)
- Re: CVE request -libdwarf 20160613 heap-buffer-overflow cve-assign (Sep 14)
- Re: CVE request -libdwarf 20160613 heap-buffer-overflow Agostino Sarubbo (Sep 15)
- Re: libxml with CGI fix Bob Friesenhahn (Sep 13)
- Re: CVE request for Dropbear SSH <2016.74 cve-assign (Sep 14)
- Re: CVE assignment for PHP 5.6.26 and 7.0.11 cve-assign (Sep 15)
- Re: Libarchive/bsdtar: multiple crashes Gulshan Singh (Sep 15)
- Re: Libarchive/bsdtar: multiple crashes Agostino Sarubbo (Sep 19)
- Re: Does a documentation bug elevate to CVE status? - Crypto++ cve-assign (Sep 15)
- Re: Does a documentation bug elevate to CVE status? - Crypto++ Jeffrey Walton (Sep 15)
- Re: CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests cve-assign (Sep 16)
- Re: CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc cve-assign (Sep 16)
- Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object cve-assign (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Flavio Junqueira (Sep 17)
- Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) cve-assign (Sep 16)
- Re: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo (Sep 17)
- Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerability cve-assign (Sep 18)
- Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities cve-assign (Sep 18)
- Re: CVE Request: GnuTLS: OCSP validation issue (GNUTLS-SA-2016-3) cve-assign (Sep 18)
- Re: CVE request - openjpeg null ptr dereference Robert Święcki (Sep 18)
- Re: CVE request - openjpeg null ptr dereference cve-assign (Sep 18)
- <Possible follow-ups>
- Exponent CMS 2.3.9 SQL injection vulnerabilities 王禹哲 (Sep 19)
- Re: CVE Request Qemu: usb: xhci memory leakage during device unplug cve-assign (Sep 20)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Seth Arnold (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Brandon Perry (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Reed Loden (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 30)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
- Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode cve-assign (Sep 30)
- Re: Possible CVE for TLS protocol issue Reed Loden (Sep 19)
- Re: Possible CVE for TLS protocol issue cve-assign (Sep 20)
- Re: Re: ezmlm warning Solar Designer (Sep 19)
- Re: ezmlm warning Brad Knowles (Sep 19)
- Re: libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c) cve-assign (Sep 21)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Sep 21)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Sep 28)
- Re: libav: divide-by-zero in sbr_make_f_master (aacsbr.c) cve-assign (Sep 21)
- Re: CVE Request: VLC: Potential divide-by-zero issue Moritz Muehlenhoff (Sep 22)
- Re: CVE Request - Exponent CMS 2.3.9 multi-vulnerabilities in install code cve-assign (Sep 29)
- Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite cve-assign (Sep 23)
- Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl cve-assign (Sep 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape John Haxby (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape up201407890 (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 29)
- Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas (Sep 29)
- Re: ffmpeg afl bugs Solar Designer (Sep 25)
- Re: ffmpeg afl bugs Michal Zalewski (Sep 25)
- Re: Re: ffmpeg afl bugs cookieopfer (Sep 25)
- Re: Re: ffmpeg afl bugs cookieopfer (Sep 26)
- Re: ffmpeg afl bugs Michal Zalewski (Sep 25)
- Re: ffmpeg afl bugs cve-assign (Sep 25)
- Re: Re: ffmpeg afl bugs Hanno Böck (Sep 26)
- Re: CVE-2016-7543 -- bash SHELLOPTS+PS4 Tavis Ormandy (Sep 26)
- Re: CVE Request: libgd: Integer overflow in function gdImageWebpCtx of gd_webp.c cve-assign (Sep 28)
- Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign (Sep 27)
- <Possible follow-ups>
- Re: CVE Request - OpenSLP 2.0 Memory Corruption jericho (Sep 28)
- Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign (Sep 28)
- Re: ImageMagick identify "d:" hangs Jakub Wilk (Sep 27)
- Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
- Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)
- Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 30)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)
- Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
- Re: CVE Request: docker2aci: Path traversals present in image converting Alex Crawford (Sep 28)
- Re: CVE Request: docker2aci: Path traversals present in image converting cve-assign (Sep 28)
- Re: CVE Request: systemd v209+: local denial-of-service attack cve-assign (Sep 29)
- Re: CVE Requests for Drupal Core - SA-CORE-2016-004 cve-assign (Sep 28)
- Re: kdesu vulnerability: need CVE cve-assign (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Quentin Casasnovas (Sep 29)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Hanno Böck (Sep 29)
- Re: git-hub: missing sanitization of data received from GitHub cve-assign (Sep 29)
- Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger (Sep 29)
- Re: CVE request: pacemaker DoS when pacemaker remote is in use cve-assign (Sep 30)