oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

591 messages starting Jul 26 12 and ending Aug 09 12
Date index | Thread index | Author index

Aaron Patterson

Ruby on Rails DoS Vulnerability in authenticate_or_request_with_http_digest (CVE-2012-3424) Aaron Patterson (Jul 26)

Adam Caudill

CVE Request: NeoInvoice Blind SQL Injection in signup_check.php Adam Caudill (Aug 10)

Agostino Sarubbo

Re: CVE request for Calligra Agostino Sarubbo (Aug 04)
Re: CVE request: bacula: Console ACL Bypass Agostino Sarubbo (Sep 14)
CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability Agostino Sarubbo (Sep 17)
CVE request: bacula: Console ACL Bypass Agostino Sarubbo (Sep 14)
Re: CVE request for Calligra Agostino Sarubbo (Aug 04)

akuster

Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt akuster (Aug 31)
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() akuster (Aug 21)

andi abes

Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes (Sep 28)
Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes (Sep 29)
Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) andi abes (Sep 13)

Andrew Nacin

Re: CVEs for wordpress 3.4.2 release Andrew Nacin (Sep 12)

Andrey Petrov

Re: CVE Request -- urllib3: Does not check for SSL certificates by default Andrey Petrov (Sep 07)

Ben Bangert

ANN: Beaker 1.6.4 released with important security update Ben Bangert (Aug 13)

Ben Hutchings

Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412) Ben Hutchings (Aug 03)

Bruno Kleinert

Possible data loss or data modification in ownCloud Bruno Kleinert (Aug 10)

Carlos Alberto Lopez Perez

Re: Stripe Capture the Flag Carlos Alberto Lopez Perez (Aug 23)

Charlie Miller

Re: CVE request for Calligra Charlie Miller (Aug 05)

Chong Yidong

Security flaw in GNU Emacs file-local variables Chong Yidong (Aug 12)

Christoph Anton Mitterer

Re: CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable Christoph Anton Mitterer (Aug 06)

cve-assign

CVE-2012-3881 RTG and RTG2: 95.php/rtg.php/view.php SQL injection cve-assign (Jul 09)
Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident cve-assign (Sep 25)
Re: php header() header injection detection bypass cve-assign (Sep 04)
RSGallery2 before 2.3.0 (etc.) CVE-2012-3554 CVE-2012-4071 cve-assign (Jul 31)
Re: CVE Request: NVidia Linux driver cve-assign (Aug 08)
Re: php header() header injection detection bypass cve-assign (Sep 05)
Re: CVE request: Asterisk cve-assign (Jul 06)
Wireshark before 1.8.1 (etc.) CVE-2012-4048 CVE-2012-4049 cve-assign (Jul 23)
GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS cve-assign (Jul 12)
CVE-2012-4024 and CVE-2012-4025: Squashfs overflows cve-assign (Jul 19)
Re: RFC: ntp behavior with spoofed source IPs cve-assign (Sep 28)

Daniel Kahn Gillmor

Re: dracut creates world readable initramfs images Daniel Kahn Gillmor (Sep 27)
Re: Randomness Attacks Against PHP Applications Daniel Kahn Gillmor (Sep 17)
Re: dracut creates non-world readable initramfs images Daniel Kahn Gillmor (Sep 27)

Dan Rosenberg

Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Dan Rosenberg (Sep 21)
Re: ecryptfs headsup Dan Rosenberg (Jul 10)

David Faure

Re: CVE Request: KDE Pim David Faure (Jul 17)
Re: CVE Request: KDE Pim David Faure (Jul 17)

David Jorm

Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ? David Jorm (Jul 22)
CVE Request: Java 7 code execution 0day David Jorm (Aug 27)
CVE Request: Apache Axis2 XML Signature Wrapping Attack David Jorm (Sep 11)

Dolph Mathews

Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Dolph Mathews (Sep 12)

Dustin Kirkland

Re: Re: ecryptfs headsup Dustin Kirkland (Jul 13)
Re: ecryptfs headsup Dustin Kirkland (Jul 11)

Eitan Adler

Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Eitan Adler (Sep 06)
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Eitan Adler (Sep 07)

Eygene Ryabinkin

Re: CVE-request: Roundcube XSS issues Eygene Ryabinkin (Aug 26)
Re: CVE-request: Roundcube XSS issues Eygene Ryabinkin (Aug 26)
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Eygene Ryabinkin (Aug 31)
Re: CVE Request: Java 7 code execution 0day Eygene Ryabinkin (Aug 29)
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Eygene Ryabinkin (Sep 01)
Re: php header() header injection detection bypass Eygene Ryabinkin (Sep 04)
Re: CVE request - mcrypt buffer overflow flaw Eygene Ryabinkin (Sep 11)
Re: Re: php header() header injection detection bypass Eygene Ryabinkin (Sep 04)

Fiedler Roman

RFC: ntp behavior with spoofed source IPs Fiedler Roman (Sep 26)

Filip Palian

Re: Stripe Capture the Flag Filip Palian (Aug 24)

Florian Weimer

CVE-2012-3509: objalloc_alloc integer overflows in libiberty Florian Weimer (Aug 29)
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Florian Weimer (Sep 10)
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Florian Weimer (Sep 10)
operator new[] overflow checking in G++ Florian Weimer (Aug 31)
Re: libdbus hardening Florian Weimer (Jul 25)
Re: libdbus hardening Florian Weimer (Jul 10)
Re: libdbus hardening Florian Weimer (Jul 30)
Re: libdbus hardening Florian Weimer (Jul 10)
Re: libdbus hardening Florian Weimer (Jul 17)
Re: libdbus hardening Florian Weimer (Jul 11)
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Florian Weimer (Sep 12)

Frank Mehnert

Re: CVE for Virtualbox 0x8 DoS? Frank Mehnert (Sep 14)

frosch

Re: CVE request for OpenTTD frosch (Jul 31)
Re: CVE request for OpenTTD frosch (Jul 28)
CVE request for OpenTTD frosch (Jul 27)

George Argyros

Re: Randomness Attacks Against PHP Applications George Argyros (Sep 20)
Re: Randomness Attacks Against PHP Applications George Argyros (Sep 27)
Re: Randomness Attacks Against PHP Applications George Argyros (Sep 27)

Gerald Combs

Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Gerald Combs (Aug 31)

Giles Coochey

Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution Giles Coochey (Aug 17)

Greg Knaddison

Re: CVE Request for Drupal contributed modules Greg Knaddison (Aug 02)
Re: CVE Request for Drupal contributed modules Greg Knaddison (Jul 11)

Guido Berhoerster

Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster (Sep 18)

halfdog

Re: CVE for Virtualbox 0x8 DoS? halfdog (Sep 14)

Hanno Böck

CVE request: joomla before 1.5.26 password change Hanno Böck (Aug 27)
Re: CVE-request: Roundcube XSS issues Hanno Böck (Aug 20)
CVE request: contao before 2.11.4 sql injection Hanno Böck (Aug 31)

Hanno Boeck

CVEs for wordpress 3.4.2 release Hanno Boeck (Sep 12)

Henri Salo

Re: CVE Request: Overflow fix in bash 4.2 patch 33 Henri Salo (Jul 11)
CVE-request: monkey fails to drop supplemental groups when lowering privileges Henri Salo (Sep 20)
Re: CVE-request: Roundcube XSS issues Henri Salo (Aug 20)
CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Sep 14)
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Henri Salo (Jul 19)
CVE-request: Roundcube XSS issues Henri Salo (Aug 20)
CVE-request: CakePHP XXE injection Henri Salo (Sep 02)
CVE-request: WordPress insufficient permissions verification on XMLRPC interface Henri Salo (Sep 14)
CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Henri Salo (Sep 21)
CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015) Henri Salo (Jul 24)
CVE-request: plow buffer overflow vulnerability Henri Salo (Jul 11)
Re: Stripe Capture the Flag Henri Salo (Aug 24)
Re: CVE-request: Roundcube XSS issues Henri Salo (Aug 20)
CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability Henri Salo (Jul 09)

Huzaifa Sidhpurwala

Re: Any information on mesa/CVE-2012-2864? Huzaifa Sidhpurwala (Aug 23)
tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala (Jul 18)
CVE Request: Heap-based buffer overflow in openjpeg Huzaifa Sidhpurwala (Aug 26)
CVE Request: gnome-keyring: improper caching of gpg password/passphrase Huzaifa Sidhpurwala (Aug 08)
CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images Huzaifa Sidhpurwala (Jul 23)
Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala (Sep 26)
Openjpeg: heap-buffer overflow when processing JPEG2000 image files Huzaifa Sidhpurwala (Jul 10)
libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images Huzaifa Sidhpurwala (Jul 16)
Re: Wireshark before 1.8.1 (etc.) CVE-2012-4048 CVE-2012-4049 Huzaifa Sidhpurwala (Jul 23)
CVE-2009-4030 regression in mysql Huzaifa Sidhpurwala (Sep 26)
CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala (Sep 25)
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala (Jul 19)
pcp: Multiple security flaws Huzaifa Sidhpurwala (Aug 15)
CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write Huzaifa Sidhpurwala (Sep 11)
dracut creates non-world readable initramfs images Huzaifa Sidhpurwala (Sep 27)
CVE Request: quota: incorrect use of tcp_wrappers Huzaifa Sidhpurwala (Jul 19)

Jakub Wilk

Re: [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output Jakub Wilk (Aug 31)

Jamie Strandboge

CVE request: tinyproxy Jamie Strandboge (Aug 17)

Jan Lieskovsky

CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks Jan Lieskovsky (Aug 22)
CVE Request -- fwknop 2.0.3: Multiple security issues Jan Lieskovsky (Sep 19)
CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Jan Lieskovsky (Aug 29)
CVE Request -- WordPress (3,4.2): CSRF in the incoming links section of the dashboard Jan Lieskovsky (Sep 25)
CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Jan Lieskovsky (Aug 21)
CVE Request -- inn (nnrpd): Prone to STARTTLS plaintext command injection Jan Lieskovsky (Aug 21)
CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Jan Lieskovsky (Jul 09)
CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws Jan Lieskovsky (Aug 31)
The Gimp PSD plug-in CVE-2012-3402 issue Jan Lieskovsky (Aug 20)
CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Jan Lieskovsky (Sep 11)
Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Jan Lieskovsky (Jul 09)
Re: CVE Request -- urllib3: Does not check for SSL certificates by default Jan Lieskovsky (Sep 07)
CVE Request - phpMyAdmin: PMASA-2012-5 incident Jan Lieskovsky (Sep 25)
Re: CVE Request: pidgin lack of SSL checks Jan Lieskovsky (Sep 05)
CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines Jan Lieskovsky (Aug 13)
phpMyAdmin PMASA-2012-3 (CVE-2012-4219) and PMASA-2012-4 (CVE-2012-4345) issues Jan Lieskovsky (Aug 16)
CVE Request -- urllib3: Does not check for SSL certificates by default Jan Lieskovsky (Sep 07)
CVE Request -- Tor 0.2.2.38: Three issues Jan Lieskovsky (Aug 21)
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Jan Lieskovsky (Sep 12)
The Gimp CEL plug-in CVE-2012-3403 issue Jan Lieskovsky (Aug 20)
[Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output Jan Lieskovsky (Aug 31)
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jan Lieskovsky (Sep 10)
CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Jan Lieskovsky (Sep 19)
CVE Request -- php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) Jan Lieskovsky (Sep 26)
CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) Jan Lieskovsky (Sep 26)
CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jan Lieskovsky (Sep 07)
CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Jan Lieskovsky (Sep 06)

Jan Willamowius

Re: information request on security bug fix in GNU Gatekeeper 3.1 Jan Willamowius (Aug 25)

Jason A. Donenfeld

Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Jason A. Donenfeld (Aug 13)
cgit: heap buffer overflow Jason A. Donenfeld (Sep 30)
Re: Re: ecryptfs headsup Jason A. Donenfeld (Jul 14)
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Jason A. Donenfeld (Aug 11)
Re: Re: ecryptfs headsup Jason A. Donenfeld (Jul 13)
Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Jason A. Donenfeld (Aug 11)

Jeff Law

Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jeff Law (Sep 07)

Jeff Mitchell

Re: CVE request for Calligra Jeff Mitchell (Aug 04)
Re: CVE request for Calligra Jeff Mitchell (Aug 04)
Re: CVE request for Calligra Jeff Mitchell (Aug 06)
CVE request for Calligra Jeff Mitchell (Aug 04)
Re: CVE request for Calligra Jeff Mitchell (Aug 07)
Re: CVE request for Calligra Jeff Mitchell (Aug 10)

John Collison

Stripe Capture the Flag John Collison (Aug 22)

Jorge Manuel B. S. Vicetto

Re: CVE request for Calligra Jorge Manuel B. S. Vicetto (Aug 05)

Josh Bressers

Re: Randomness Attacks Against PHP Applications Josh Bressers (Sep 17)

Julius Kivimäki

Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution Julius Kivimäki (Aug 17)

Justin Ossevoort

Re: Re: ecryptfs headsup Justin Ossevoort (Jul 16)

Kees Cook

Re: CVE request: glibc formatted printing vulnerabilities Kees Cook (Jul 11)

Kiall Mac Innes

Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) Kiall Mac Innes (Sep 13)

Kurt Seifried

Re: CVE request: FreeBSD SCTP remote DoS Kurt Seifried (Aug 29)
Re: openvswitch world writable directories (CVE-2012-3449) Kurt Seifried (Aug 03)
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Kurt Seifried (Sep 12)
Test email - please ignore Kurt Seifried (Aug 08)
Re: php header() header injection detection bypass Kurt Seifried (Sep 01)
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried (Sep 26)
Re: Xen Security Advisory 19 - guest administrator can access qemu monitor console Kurt Seifried (Sep 06)
Re: CVE request for Ushahidi Kurt Seifried (Aug 09)
Re: zenoss issues Kurt Seifried (Aug 24)
ImageMagick Magick_png_malloc() / GraphicsMagick png_IM_malloc() size issue Kurt Seifried (Jul 29)
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 03)
CVE Request: Jenkins and plugins Kurt Seifried (Sep 20)
Re: operator new[] overflow checking in G++ Kurt Seifried (Aug 31)
Re: Re: CVE request: bacula: Console ACL Bypass Kurt Seifried (Sep 14)
Re: gnome-screensaver 3.4.2 locked only active screen Kurt Seifried (Aug 03)
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Kurt Seifried (Sep 11)
Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall() Kurt Seifried (Sep 13)
Re: Re: note on gnome shell extensions Kurt Seifried (Sep 13)
Re: CVE request for Ushahidi Kurt Seifried (Jul 31)
Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability Kurt Seifried (Jul 09)
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 04)
Re: CVE Request -- php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) Kurt Seifried (Sep 26)
Re: CVE-request: CakePHP XXE injection Kurt Seifried (Sep 03)
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Kurt Seifried (Aug 20)
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried (Sep 07)
CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable Kurt Seifried (Aug 06)
Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)
Re: CVE request: Asterisk Kurt Seifried (Jul 06)
Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)
Re: ownCloud - matching CVEs to fix information and vice versa Kurt Seifried (Aug 27)
Re: CVE Request -- WordPress (3,4.2): CSRF in the incoming links section of the dashboard Kurt Seifried (Sep 25)
Re: CVE request for OpenTTD Kurt Seifried (Jul 28)
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Kurt Seifried (Sep 06)
Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines Kurt Seifried (Aug 13)
Re: CVE request: DoS in OpenSLP Kurt Seifried (Sep 13)
Re: CVE Request -- fwknop 2.0.3: Multiple security issues Kurt Seifried (Sep 19)
Re: CVE request for Calligra Kurt Seifried (Aug 05)
Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase Kurt Seifried (Aug 08)
Re: CVE request: glibc formatted printing vulnerabilities Kurt Seifried (Jul 11)
Re: CVE #'s for WordPress 3.4.1 release Kurt Seifried (Jul 07)
Re: Zabbix SQL injection flaw (CVE request) Kurt Seifried (Jul 27)
Re: CVE ID request for fetchmail segfault in NTLM protocol exchange Kurt Seifried (Aug 13)
Re: CVE request for Calligra Kurt Seifried (Aug 06)
Re: Re: CVE Request -- fwknop 2.0.3: Multiple security issues Kurt Seifried (Sep 19)
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Sep 13)
Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Kurt Seifried (Sep 19)
Re: Re: Fwd: New Security Vulnerabilities in Puppet Kurt Seifried (Jul 11)
Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Kurt Seifried (Aug 21)
Re: Quick question regarding CVEs Kurt Seifried (Jul 27)
Re: CVE request: joomla before 1.5.26 password change Kurt Seifried (Aug 27)
Re: CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability Kurt Seifried (Sep 17)
Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images Kurt Seifried (Jul 24)
Re: CVE Request: KDE Pim Kurt Seifried (Jul 17)
Re: ecryptfs headsup Kurt Seifried (Jul 10)
Re: CVE Request: Apache mod RPAF denial of service Kurt Seifried (Aug 22)
Re: CVE Request: Hash collision issue in Mono/C# (similar to Microsoft .NET issue) Kurt Seifried (Aug 28)
Re: CVE Request: Overflow fix in bash 4.2 patch 33 Kurt Seifried (Jul 11)
ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514 Kurt Seifried (Aug 20)
Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling Kurt Seifried (Aug 27)
Re: CVE request for Calligra Kurt Seifried (Aug 05)
Re: CVE request for OpenTTD Kurt Seifried (Jul 27)
Re: CVE request: opencryptoki insecure lock files handling Kurt Seifried (Sep 26)
Re: ecryptfs headsup Kurt Seifried (Jul 11)
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Kurt Seifried (Aug 13)
Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ? Kurt Seifried (Jul 23)
Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 17)
Re: [icinga-web] rmtmp-files.sh Kurt Seifried (Aug 29)
Re: CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage Kurt Seifried (Jul 06)
Re: libdbus CVE-2012-3524 fix Kurt Seifried (Sep 13)
Re: CVE - ownCloud Kurt Seifried (Sep 01)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried (Sep 21)
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried (Sep 24)
Re: CVE Request -- kernel: mm: use-after-free in madvise_remove() Kurt Seifried (Aug 20)
Re: CVE request: information leak in vino Kurt Seifried (Sep 13)
Re: CVE Request -- inn (nnrpd): Prone to STARTTLS plaintext command injection Kurt Seifried (Aug 21)
Re: CVE Request: quota: incorrect use of tcp_wrappers Kurt Seifried (Jul 19)
Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 13)
Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
Re: CVE Request: icinga sample db creation scripts Kurt Seifried (Jul 30)
Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 17)
Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear Kurt Seifried (Jul 31)
Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws Kurt Seifried (Aug 31)
CVE #'s for WordPress 3.4.1 release Kurt Seifried (Jul 02)
Re: php header() header injection detection bypass Kurt Seifried (Aug 31)
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Kurt Seifried (Sep 06)
CVE ASSIGNMENT: logol: creates world writable directory: /var/lib/logol/results Kurt Seifried (Aug 03)
Re: note on gnome shell extensions Kurt Seifried (Sep 08)
Re: CVE request: letodms multiple issues Kurt Seifried (Aug 27)
openvswitch world writable directories (CVE-2012-3449) Kurt Seifried (Aug 02)
Re: CVE-request: Roundcube XSS issues Kurt Seifried (Aug 20)
Re: CVE Request: Heap-based buffer overflow in openjpeg Kurt Seifried (Aug 26)
Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Kurt Seifried (Jul 12)
CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage Kurt Seifried (Jul 06)
Re: Fwd: New Security Vulnerabilities in Puppet Kurt Seifried (Jul 11)
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Kurt Seifried (Aug 12)
Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Kurt Seifried (Sep 21)
Re: CVE request for Calligra Kurt Seifried (Aug 06)
Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)
Re: Re: zenoss issues Kurt Seifried (Aug 27)
Re: CVE request: tinyproxy Kurt Seifried (Aug 18)
Re: CVE request: VLC / Asterisk Kurt Seifried (Jul 06)
ownCloud - matching CVEs to fix information and vice versa Kurt Seifried (Aug 10)
Re: CVE request: Typo3 Kurt Seifried (Aug 22)
Re: CVE for Virtualbox 0x8 DoS? Kurt Seifried (Sep 14)
Re: CVE Request: SquidClamav insufficient escaping flaws Kurt Seifried (Aug 16)
Re: CVE id request: tor Kurt Seifried (Sep 12)
Re: CVE Request: Jenkins and plugins Kurt Seifried (Sep 20)
Re: CVE Request: NVidia Linux driver Kurt Seifried (Aug 01)
Re: dracut creates world readable initramfs images Kurt Seifried (Sep 27)
Quick question regarding CVEs Kurt Seifried (Jul 27)
Re: CVE id request: guacd Kurt Seifried (Sep 11)
Re: CVE request: letodms multiple issues Kurt Seifried (Aug 31)
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Sep 06)
Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP Kurt Seifried (Jul 04)
Re: CVE-request: WordPress insufficient permissions verification on XMLRPC interface Kurt Seifried (Sep 14)
Re: CVE request: contao before 2.11.4 sql injection Kurt Seifried (Aug 31)
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried (Sep 24)
Re: CVE-Request: apache2-mod_php5 AddHandler content confusion Kurt Seifried (Aug 28)
Re: CVE-request: plow buffer overflow vulnerability Kurt Seifried (Jul 11)
Re: CVE request: crowbar XSS Kurt Seifried (Aug 30)
CVE Request: Django 1.3.1 and 1.4.0 security issues Kurt Seifried (Jul 30)
Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory Kurt Seifried (Jul 26)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried (Sep 21)
Re: CVE id request: tor Kurt Seifried (Sep 12)
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Kurt Seifried (Aug 31)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Sep 14)
Re: Re: information request on security bug fix in GNU Gatekeeper 3.1 Kurt Seifried (Aug 26)
Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) Kurt Seifried (Sep 26)
Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Kurt Seifried (Sep 28)
Re: Three CVE requests: at-spi2-atk, as31, naxsi Kurt Seifried (Jul 06)
Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 12)
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried (Sep 13)
Re: CVE Request: rssh command-line parsing vulnerability Kurt Seifried (Aug 10)
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Sep 13)
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Kurt Seifried (Aug 31)
Re: Re: ecryptfs headsup Kurt Seifried (Jul 11)
Re: Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Kurt Seifried (Sep 12)
Re: Three CVE requests: at-spi2-atk, as31, naxsi Kurt Seifried (Aug 31)
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Kurt Seifried (Sep 07)
Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack Kurt Seifried (Sep 12)
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 09)
Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups Kurt Seifried (Sep 04)
Re: CVE request: Ganglia Web 3.5.1 Kurt Seifried (Aug 01)
Re: CVE Request: Overflow fix in bash 4.2 patch 33 Kurt Seifried (Jul 12)
Re: zenoss issues Kurt Seifried (Aug 24)
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Kurt Seifried (Aug 29)
Two munin issues, now with CVEs Kurt Seifried (Aug 20)
Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks Kurt Seifried (Aug 22)
Re: Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS Kurt Seifried (Jul 27)
Re: CVE Request: KDE Pim Kurt Seifried (Jul 13)
CVE Request -- kernel: request_module() OOM local DoS Kurt Seifried (Sep 02)
Re: CVE request: Apache Struts S2-010 and S2-011 Kurt Seifried (Sep 01)
Re: CVE Request: Django 1.3.1 and 1.4.0 security issues Kurt Seifried (Jul 30)
Re: CVE Request: XSS in a Mono System.web error page Kurt Seifried (Jul 06)
Re: CVE Request: Java 7 code execution 0day Kurt Seifried (Aug 27)
Re: Randomness Attacks Against PHP Applications Kurt Seifried (Sep 17)
Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015) Kurt Seifried (Jul 27)
Re: CVE for Virtualbox 0x8 DoS? Kurt Seifried (Sep 13)
Re: CVE Request -- Tor 0.2.2.38: Three issues Kurt Seifried (Aug 21)
Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Kurt Seifried (Sep 25)
Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 13)
Re: CVE-Request: openstack pickle de-serialization Kurt Seifried (Sep 05)
Re: CVE Request: NeoInvoice Blind SQL Injection in signup_check.php Kurt Seifried (Aug 10)
Re: Xen Security Advisory 19 - guest administrator can access qemu monitor console Kurt Seifried (Sep 06)
Re: CVE Request -- libotr: Multiple heap-based buffer overflows in the Base64 decoder Kurt Seifried (Aug 08)
Re: CVE Request: php5 pdo array overread/crash Kurt Seifried (Aug 02)
Re: Security flaw in GNU Emacs file-local variables Kurt Seifried (Aug 12)
Re: CVE-request: monkey fails to drop supplemental groups when lowering privileges Kurt Seifried (Sep 20)
CVE ASSIGNMENT: extplorer: creates world writable directory /var/lib/extplorer/ftp_tmp Kurt Seifried (Aug 03)

Kyle Creyts

Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Kyle Creyts (Aug 11)

laurent Montel

Re: CVE Request: KDE Pim laurent Montel (Jul 17)

Ludwig Nussel

Re: libdbus hardening Ludwig Nussel (Jul 30)
Re: libdbus hardening Ludwig Nussel (Jul 30)
Re: libdbus hardening Ludwig Nussel (Jul 30)

mancha

Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6 mancha (Jul 01)

Marc Deslauriers

CVE Request: KDE Pim Marc Deslauriers (Jul 13)
Re: Re: CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
Re: CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
Re: CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)

Marcus Meissner

CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Marcus Meissner (Jul 03)
Re: CVE Request: Overflow fix in bash 4.2 patch 33 Marcus Meissner (Jul 12)
CVE Request: php5 pdo array overread/crash Marcus Meissner (Aug 02)
CVE Request: icinga sample db creation scripts Marcus Meissner (Jul 30)
Re: note on gnome shell extensions Marcus Meissner (Sep 13)
Re: ecryptfs headsup Marcus Meissner (Jul 10)
[dan () coneharvesters com: [Libexif-devel] libexif project security advisory July 12, 2012] Marcus Meissner (Jul 12)
CVE Request: XSS in a Mono System.web error page Marcus Meissner (Jul 06)
CVE Request: Overflow fix in bash 4.2 patch 33 Marcus Meissner (Jul 11)
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Marcus Meissner (Jul 06)
gnome-screensaver 3.4.2 locked only active screen Marcus Meissner (Aug 03)
Re: CVE Request: pidgin lack of SSL checks Marcus Meissner (Sep 05)
CVE Request: Hash collision issue in Mono/C# (similar to Microsoft .NET issue) Marcus Meissner (Aug 28)
CVE Request: Linux kernel net/rds max socket length checking Marcus Meissner (Aug 06)
Re: Re: CVE Request: NVidia Linux driver Marcus Meissner (Aug 01)
CVE Request: pidgin lack of SSL checks Marcus Meissner (Sep 05)
Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident Marcus Meissner (Sep 25)

Matthew Jordan

Re: CVE request: Asterisk Matthew Jordan (Jul 06)

Matthias Andree

CVE ID request for fetchmail segfault in NTLM protocol exchange Matthias Andree (Aug 13)

Matthias Weckbecker

Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker (Sep 21)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker (Sep 24)
CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker (Sep 21)
The Gimp GIF plug-in CVE-2012-3481 issue Matthias Weckbecker (Aug 20)
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker (Sep 25)

Matt Joyce

Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Matt Joyce (Sep 12)
Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Matt Joyce (Sep 12)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Sep 16)
Moodle security notifications public Michael de Raadt (Jul 16)

Michael Gilbert

Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 21)
Re: Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 24)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 21)
Re: Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 24)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 21)
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 24)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 21)
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert (Sep 24)

Michael Niedermayer

Re: Information on security issues fixed in ffmpeg 0.11? Michael Niedermayer (Sep 02)

Michael Pasternak

Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) Michael Pasternak (Aug 26)

Michael Rash

Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash (Sep 19)
Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash (Sep 19)

Mike O'Connor

Re: RFC: ntp behavior with spoofed source IPs Mike O'Connor (Sep 27)

Moritz Muehlenhoff

Any information on mesa/CVE-2012-2864? Moritz Muehlenhoff (Aug 22)
CVE request: Typo3 Moritz Muehlenhoff (Aug 21)
Information on security issues fixed in ffmpeg 0.11? Moritz Muehlenhoff (Aug 31)
CVE request: VLC / Asterisk Moritz Muehlenhoff (Jul 06)
Three CVE requests: at-spi2-atk, as31, naxsi Moritz Muehlenhoff (Jul 05)

Nathan March

Re: [Xen-users] Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability Nathan March (Sep 07)

Nico Golde

Re: CVE id request: libjs-swfupload Nico Golde (Jul 17)
CVE id request: libjs-swfupload Nico Golde (Jul 16)
Re: CVE id request: libjs-swfupload Nico Golde (Jul 17)
NTP authentication Nico Golde (Sep 11)
CVE id request: tor Nico Golde (Sep 12)
CVE id request: guacd Nico Golde (Sep 11)
Re: CVE id request: tor Nico Golde (Sep 12)
Re: CVE id request: libjs-swfupload Nico Golde (Jul 16)

Patrick J. Volkerding

Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Patrick J. Volkerding (Sep 24)

Petr Matousek

CVE Request -- libvirt: crash in virTypedParameterArrayClear Petr Matousek (Jul 31)
Re: CVE Request: Linux kernel net/rds max socket length checking Petr Matousek (Aug 06)
CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall() Petr Matousek (Sep 13)
CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory Petr Matousek (Jul 26)
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Petr Matousek (Aug 21)
CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Petr Matousek (Aug 20)
CVE Request -- kernel: request_module() OOM local DoS Petr Matousek (Aug 31)
CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing Petr Matousek (Aug 22)
Re: CVE Request: NVidia Linux driver Petr Matousek (Aug 01)
CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Petr Matousek (Aug 31)
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Petr Matousek (Sep 07)
CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP Petr Matousek (Jul 04)
CVE Request -- kernel: mm: use-after-free in madvise_remove() Petr Matousek (Aug 20)

Raphael Geissert

Re: CVE request: opencryptoki insecure lock files handling Raphael Geissert (Sep 07)
Re: CVE for Virtualbox 0x8 DoS? Raphael Geissert (Sep 14)
CVE for Virtualbox 0x8 DoS? Raphael Geissert (Sep 13)
Re: php header() header injection detection bypass Raphael Geissert (Aug 31)
php header() header injection detection bypass Raphael Geissert (Aug 29)
CVE-2012-2238: trytond missing permissions check in button model Raphael Geissert (Sep 11)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 12)
Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
CVE request: letodms multiple issues Raphael Geissert (Aug 27)
Re: CVE request: opencryptoki insecure lock files handling Raphael Geissert (Sep 24)
information request on security bug fix in GNU Gatekeeper 3.1 Raphael Geissert (Aug 25)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 06)
CVE request: FreeBSD SCTP remote DoS Raphael Geissert (Aug 28)
CVE request: moinmoin incorrect ACL evaluation for virtual groups Raphael Geissert (Sep 04)
Re: information request on security bug fix in GNU Gatekeeper 3.1 Raphael Geissert (Aug 27)
CVE request: opencryptoki insecure lock files handling Raphael Geissert (Sep 06)
CVE for FreeBSD SCTP remote DoS? Raphael Geissert (Aug 27)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 15)
Re: Re: php header() header injection detection bypass Raphael Geissert (Sep 04)
Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Raphael Geissert (Aug 21)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 10)
Re: CVE request: opencryptoki insecure lock files handling Raphael Geissert (Sep 12)
Re: Randomness Attacks Against PHP Applications Raphael Geissert (Sep 17)
CVE request: Apache Struts S2-010 and S2-011 Raphael Geissert (Sep 01)
Re: CVE request: letodms multiple issues Raphael Geissert (Aug 27)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 13)
Re: Randomness Attacks Against PHP Applications Raphael Geissert (Sep 24)
Re: Re: php header() header injection detection bypass Raphael Geissert (Sep 06)

research

TCExam Edit SQL Injection research (Aug 13)
RE: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution research (Aug 19)
GIMP Scriptfu Python Remote Command Execution research (Aug 16)
Total Shop UK eCommerce Generic Cross-Site Scripting research (Aug 13)

Robbie Mackay

Re: CVE request for Ushahidi Robbie Mackay (Aug 01)
CVE request for Ushahidi Robbie MacKay (Jul 31)

Russ Allbery

Re: CVE Request: rssh command-line parsing vulnerability Russ Allbery (Aug 10)
CVE Request: rssh command-line parsing vulnerability Russ Allbery (Aug 10)

Russell Bryant

Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Russell Bryant (Sep 29)
[OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456) Russell Bryant (Sep 28)
[OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Russell Bryant (Sep 28)
Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) Russell Bryant (Aug 30)
[OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542) Russell Bryant (Aug 30)
Re: [Openstack] [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Russell Bryant (Sep 12)
[OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) Russell Bryant (Aug 30)

Santiago Pastorino

XSS Vulnerability in strip_tags Santiago Pastorino (Aug 09)
Ruby on Rails Potential XSS Vulnerability in select_tag prompt Santiago Pastorino (Aug 09)
Potential XSS Vulnerability in Ruby on Rails Santiago Pastorino (Aug 09)

Sean Amoss

CVE Request: SquidClamav insufficient escaping flaws Sean Amoss (Aug 16)

Sebastian Krahmer

Re: Re: note on gnome shell extensions Sebastian Krahmer (Sep 17)
CVE-Request: openstack pickle de-serialization Sebastian Krahmer (Sep 05)
Re: libdbus CVE-2012-3524 fix Sebastian Krahmer (Sep 17)
Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Sebastian Krahmer (Sep 25)
Re: libdbus hardening Sebastian Krahmer (Jul 10)
Re: libdbus hardening Sebastian Krahmer (Jul 10)
Re: ecryptfs headsup Sebastian Krahmer (Jul 10)
CVE-Request: apache2-mod_php5 AddHandler content confusion Sebastian Krahmer (Aug 28)
Re: Re: ecryptfs headsup Sebastian Krahmer (Jul 16)
libdbus hardening Sebastian Krahmer (Jul 10)
Re: libdbus hardening Sebastian Krahmer (Jul 10)
Re: libdbus hardening Sebastian Krahmer (Jul 11)
libdbus CVE-2012-3524 fix Sebastian Krahmer (Sep 12)
ecryptfs headsup Sebastian Krahmer (Jul 10)

sergii

Multiple SQL injections in MySQL/MariaDB sergii (Sep 11)

Seth Arnold

Request for linux-distros () vs openwall org membership Seth Arnold (Sep 21)
Re: Request for linux-distros () vs openwall org membership Seth Arnold (Sep 24)

Simon .

Re: [icinga-web] rmtmp-files.sh Simon . (Aug 30)
[icinga-web] rmtmp-files.sh Simon . (Aug 29)

Simon L. B. Nielsen

Re: CVE for FreeBSD SCTP remote DoS? Simon L. B. Nielsen (Aug 28)

Simon McVittie

Re: libdbus hardening Simon McVittie (Jul 10)
Re: Possible data loss or data modification in ownCloud Simon McVittie (Aug 10)
Re: libdbus hardening Simon McVittie (Jul 26)

Solar Designer

Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Solar Designer (Sep 22)
Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 22)
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Solar Designer (Aug 11)
Re: Stripe Capture the Flag Solar Designer (Aug 22)
Re: libdbus hardening Solar Designer (Jul 10)
Re: libdbus hardening Solar Designer (Jul 10)
Re: Request for linux-distros () vs openwall org membership Solar Designer (Sep 21)
Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 14)
Re: libdbus hardening Solar Designer (Jul 10)
Re: Stripe Capture the Flag Solar Designer (Aug 30)
Re: libdbus hardening Solar Designer (Jul 17)
(linux-)distros membership changes Solar Designer (Sep 04)
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Solar Designer (Sep 22)
Re: Randomness Attacks Against PHP Applications Solar Designer (Aug 22)
Re: libdbus hardening Solar Designer (Jul 10)
Re: libdbus hardening Solar Designer (Jul 11)

Soren Hansen

Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Soren Hansen (Sep 12)

Stefan Cornelius

Re: CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)
CVE request: glibc formatted printing vulnerabilities Stefan Cornelius (Jul 11)

Steven M. Christey

Re: Three CVE requests: at-spi2-atk, as31, naxsi Steven M. Christey (Aug 31)
Re: CVE Request: SquidClamav insufficient escaping flaws Steven M. Christey (Aug 24)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Steven M. Christey (Aug 16)
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Steven M. Christey (Sep 11)
Re: Re: CVE - ownCloud Steven M. Christey (Sep 05)
Re: CVE-request: Roundcube XSS issues Steven M. Christey (Aug 24)
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Steven M. Christey (Sep 24)

Tavis Ormandy

Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy (Sep 24)
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy (Sep 24)
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy (Sep 24)
Re: Re: CVE Request: NVidia Linux driver Tavis Ormandy (Aug 01)
Re: note on gnome shell extensions Tavis Ormandy (Sep 13)
Re: note on gnome shell extensions Tavis Ormandy (Sep 13)
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy (Sep 24)
Re: CVE Request: NVidia Linux driver Tavis Ormandy (Aug 01)
note on gnome shell extensions Tavis Ormandy (Sep 08)

Thanh Nguyen

Re: Stripe Capture the Flag Thanh Nguyen (Aug 23)

Thierry Carrez

[OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371) Thierry Carrez (Jul 11)
[OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361) Thierry Carrez (Jul 03)
[OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Thierry Carrez (Sep 12)
[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447) Thierry Carrez (Aug 07)
[OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426) Thierry Carrez (Jul 27)

Thijs Kinkhorst

CVE Request: Apache mod RPAF denial of service Thijs Kinkhorst (Aug 22)

Thomas Biege

CVE request: crowbar XSS Thomas Biege (Aug 30)
CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling Thomas Biege (Aug 27)

Thomas Pollet

zenoss issues Thomas Pollet (Aug 24)
Re: zenoss issues Thomas Pollet (Aug 24)

Tim

Re: CVE request for Ushahidi Tim (Aug 09)

Timo Warns

[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods Timo Warns (Sep 10)
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Timo Warns (Jul 03)

Tomas Hoger

Re: CVE request: opencryptoki insecure lock files handling Tomas Hoger (Sep 07)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Aug 10)
Re: libdbus CVE-2012-3524 fix Tomas Hoger (Sep 14)
Re: libdbus hardening Tomas Hoger (Sep 13)
Re: CVE request: opencryptoki insecure lock files handling Tomas Hoger (Sep 20)
Re: CVE Request: KDE Pim Tomas Hoger (Jul 17)
Re: CVE request: opencryptoki insecure lock files handling Tomas Hoger (Sep 09)
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Tomas Hoger (Sep 20)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Aug 03)
bind-dyndb-ldap DoS CVE-2012-3429 Tomas Hoger (Aug 02)
IcedTea-Web security fixes in 1.1.6 and 1.2.1 Tomas Hoger (Aug 02)

Tomas Mraz

Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tomas Mraz (Sep 21)

Tom Lane

Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Tom Lane (Sep 26)

Tyler Hicks

Re: Re: ecryptfs headsup Tyler Hicks (Jul 11)
Re: ecryptfs headsup Tyler Hicks (Jul 10)
Re: Re: ecryptfs headsup Tyler Hicks (Jul 11)
Re: ecryptfs headsup Tyler Hicks (Jul 10)

Vincent Danen

Re: CVE request - mcrypt buffer overflow flaw Vincent Danen (Sep 06)
Re: Re: note on gnome shell extensions Vincent Danen (Sep 18)
Re: Re: note on gnome shell extensions Vincent Danen (Sep 17)
Re: Re: note on gnome shell extensions Vincent Danen (Sep 13)
CVE request: DoS in OpenSLP Vincent Danen (Sep 13)
oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) Vincent Danen (Aug 24)
CVE request: information leak in vino Vincent Danen (Sep 13)
CVE request - mcrypt buffer overflow flaw Vincent Danen (Sep 06)
Zabbix SQL injection flaw (CVE request) Vincent Danen (Jul 27)
Notification of upstream Condor security fixes Vincent Danen (Sep 20)
CVE request: Ganglia Web 3.5.1 Vincent Danen (Aug 01)
Re: note on gnome shell extensions Vincent Danen (Sep 10)
Re: note on gnome shell extensions Vincent Danen (Sep 13)
CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections Vincent Danen (Aug 09)
Re: CVE Request: KDE Pim Vincent Danen (Jul 17)
Re: CVE Request: KDE Pim Vincent Danen (Jul 16)

Vladimir Vorontsov

Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov (Sep 23)
Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov (Sep 17)

Xen . org security team

Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS Xen . org security team (Jul 26)
Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability Xen . org security team (Sep 05)
Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability Xen . org security team (Sep 05)
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability Xen . org security team (Sep 05)
Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability Xen . org security team (Sep 05)
Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS Xen . org security team (Jul 27)
Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console Xen . org security team (Sep 07)
Xen Security Advisory 18 (CVE-2012-3516) - grant table entry swaps have inadequate bounds checking Xen . org security team (Sep 05)
Xen Security Advisory 19 - guest administrator can access qemu monitor console Xen . org security team (Sep 06)
Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability Xen . org security team (Sep 05)
Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities Xen . org security team (Sep 05)
Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS Xen . org security team (Aug 09)

yersinia

Re: libdbus hardening yersinia (Jul 10)
Re: libdbus hardening yersinia (Jul 26)
Re: libdbus hardening yersinia (Jul 11)
CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ? yersinia (Jul 20)

YGN Ethical Hacker Group

ocPortal 7.1.5 <= | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Jul 28)
ocPoral CMS 8.x | Session Hijacking Vulnerability YGN Ethical Hacker Group (Aug 19)
ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Aug 19)

Yves-Alexis Perez

Re: Randomness Attacks Against PHP Applications Yves-Alexis Perez (Aug 10)
Re: CVEs for wordpress 3.4.2 release Yves-Alexis Perez (Sep 13)
Re: openvswitch world writable directories (CVE-2012-3449) Yves-Alexis Perez (Aug 02)
Randomness Attacks Against PHP Applications Yves-Alexis Perez (Aug 09)

Previous period

Next period