oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

711 messages starting Mar 31 14 and ending Jun 30 14
Date index | Thread index | Author index

Monday, 31 March

Re: CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 cve-assign
CVE Request: Shaarli: Several XSS in index.php Salvatore Bonaccorso

Tuesday, 01 April

CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" Murray McAllister
cups-browsed remote exploit Sebastian Krahmer
Re: CVE Request: Shaarli: Several XSS in index.php cve-assign
Re: Re: CVE request: Linux Kernel, two security issues Petr Matousek
Re: CVE request: MediaWiki 1.22.5 login csrf cve-assign
Re: CVE request: Linux Kernel, two security issues cve-assign

Wednesday, 02 April

Information on CVE-2014-0158, openjpeg Raphael Geissert
Re: Information on CVE-2014-0158, openjpeg Huzaifa Sidhpurwala
Re: Information on CVE-2014-0158, openjpeg Raphael Geissert
Xen Security Advisory 89 (CVE-2014-2599) - HVMOP_set_mem_access is not preemptible Xen . org security team
Xen Security Advisory 90 (CVE-2014-2580) - Linux netback crash trying to disable due to malformed packet Xen . org security team
Re: cups-browsed remote exploit cve-assign
Re: KAuth security issues cve-assign

Thursday, 03 April

Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" cve-assign

Friday, 04 April

Lots of CVEs ahead in TLS implementations Hanno Böck

Saturday, 05 April

Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression Salvatore Bonaccorso

Sunday, 06 April

CVE request: redmine open redirector Florian Weimer
CVE request: Icecast world readable log/logdir Agostino Sarubbo
Re: CVE request: Icecast world readable log/logdir Tim Heckman

Monday, 07 April

CVE-2014-0155 -- kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table Petr Matousek
OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Tomas Hoger
Re: CVE request: Icecast world readable log/logdir Agostino Sarubbo
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Reed Loden
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Alex Gaynor
Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression cve-assign
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner

Tuesday, 08 April

Re: CVE request: Icecast world readable log/logdir Ben Corman
Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski
jbigkit security flaw Huzaifa Sidhpurwala
CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler P J P
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen
[OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157) Tristan Cacqueray
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Kurt Seifried
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Donald Stufft
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Vincent Danen
Re: CVE request: Icecast world readable log/logdir Kurt Seifried
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Florian Weimer
Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression cve-assign
Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried
RE: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Bobby Broughton
Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Solar Designer
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala
Two security flaws with json-c Huzaifa Sidhpurwala

Wednesday, 09 April

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala
Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172) Florian Weimer
Session IP check bypass in Roundcube 1.0 Felix Eckhofer
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner
Heartbleed, clients and Android Hanno Böck
Re: Heartbleed, clients and Android Yves-Alexis Perez
Re: Heartbleed, clients and Android Hanno Böck
Re: Heartbleed, clients and Android Yves-Alexis Perez
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marc Deslauriers
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Michal Zalewski
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 mancha
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray
pam_cifscreds stack overflow Sebastian Krahmer
Request for linux-distros list membership Anthony Liguori
[OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167) Tristan Cacqueray
Re: Heartbleed, clients and Android Nick Kralevich
Re: Heartbleed, clients and Android Hanno Böck
Re: Heartbleed, clients and Android Eric Lacombe
Cauterizing OpenSSL's heartbleed (the aftermath) mancha
Re: Cauterizing OpenSSL's heartbleed (the aftermath) Seth Arnold
Re: Request for linux-distros list membership Kurt Seifried
Re: Request for linux-distros list membership Anthony Liguori
Re: Request for linux-distros list membership Anthony Liguori
Re: Cauterizing OpenSSL's heartbleed (the aftermath) Yves-Alexis Perez
Re: Request for linux-distros list membership Kurt Seifried
Re: Request for linux-distros list membership Solar Designer
Re: Request for linux-distros list membership Matt Wilson

Thursday, 10 April

Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski
Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler cve-assign
CVE-2013-7353 CVE-2013-7354 libpng integer overflows cve-assign
Re: CVE request: redmine open redirector cve-assign
Re: Request for linux-distros list membership Anthony Liguori
[OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162) Tristan Cacqueray
Re: Request for linux-distros list membership Max Spevack
Re: CVE request for vulnerability in OpenStack Keystone cve-assign
Re: pam_cifscreds stack overflow cve-assign
Re: Re: pam_cifscreds stack overflow Kurt Seifried
Re: Request for linux-distros list membership Seth Arnold
Re: Session IP check bypass in Roundcube 1.0 cve-assign
[OSSA 2014-013] Keystone DoS through V3 API authentication chaining (CVE-2014-2828) Tristan Cacqueray
Re: Request for linux-distros list membership Tyler Hicks
REJECT of CVE-2014-2750 (an extra CVE ID for Prosody) cve-assign
Re: pam_cifscreds stack overflow cve-assign

Friday, 11 April

CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function Petr Matousek
Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function cve-assign
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez
Re: Cauterizing OpenSSL's heartbleed (the aftermath) mancha

Saturday, 12 April

Use-after-free race condition,in OpenSSL's read buffer Scotty Bauer
Re: Use-after-free race condition,in OpenSSL's read buffer Solar Designer

Sunday, 13 April

Re: Use-after-free race condition,in OpenSSL's read buffer mancha
Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha
two more interesting notes on heartbleed Kurt Seifried
CVE request: cross-site scripting issue fixed in CUPS 1.7.2 Murray McAllister
Re: pam_cifscreds stack overflow Sebastian Krahmer

Monday, 14 April

Remote code execution in Pimcore CMS Pedro Ribeiro
CVE Request: rsync denial of service Marc Deslauriers
Re: Use-after-free race condition,in OpenSSL's read buffer cve-assign
TrueCrypt audit report Kurt Seifried

Tuesday, 15 April

Re: CVE Request: rsync denial of service cve-assign
CVE request - node-connect: methodOverride middleware reflected cross-site scripting Kurt Seifried
Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2 cve-assign
CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART P J P
CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target P J P
Remote Command Injection in Ruby Gem sfpagent 0.4.14 Larry W. Cashdollar
CVE request: insecure temporary file handling in clang's scan-build utility Murray McAllister

Wednesday, 16 April

libmms heap-based buffer overflow fix Źmicier Januszkiewicz
CVE request: openssl: missing critical flag for extended key usage not always detected in time-stamp verification Raphael Geissert
CVE Request - XXS in phpMyID (openid_error) Adam Caudill

Thursday, 17 April

Re: CVE request: openssl: missing critical flag for extended key usage not always detected in time-stamp verification Florian Weimer
CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers
Re: CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers
CVE ids for CyaSSL 2.9.4? Raphael Geissert
Re: CVE ids for CyaSSL 2.9.4? Todd A Ouska
Re: TrueCrypt audit report cve-assign
CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson
Re: CVE ids for CyaSSL 2.9.4? cve-assign
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin

Friday, 18 April

Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14 cve-assign
Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART cve-assign
Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target cve-assign
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden
Re: Request for linux-distros list membership Anthony Liguori
Re: Request for linux-distros list membership rf
CVE Request for Drupal Core Forest Monsen
Re: Request for linux-distros list membership Kurt Seifried
Re: CVE Request - XXS in phpMyID (openid_error) cve-assign
Re: libmms heap-based buffer overflow fix cve-assign
CVE request / advisory: gdomap (GNUstep core package <= 1.24.6) Matthew Daley
Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign

Saturday, 19 April

Re: Request for linux-distros list membership rf
CVE request: Fwd: Remote code execution in Pimcore CMS Pedro Ribeiro
Re: Remote code execution in Pimcore CMS cve-assign

Sunday, 20 April

Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru
Re: Remote code execution in Pimcore CMS Pedro Ribeiro
Re: Remote code execution in Pimcore CMS cve-assign

Monday, 21 April

Re: CVE request - node-connect: methodOverride middleware reflected cross-site scripting cve-assign
Re: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6) cve-assign
Re: CVE Request for Drupal Core cve-assign
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter

Tuesday, 22 April

Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson
Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Re: X.509 name constraints and potential interpretation conflict Florian Weimer
[OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187) Tristan Cacqueray
Xen Security Advisory 93 - Hardware features unintentionally exposed to guests on ARM Xen . org security team
Re: Xen Security Advisory 93 - Hardware features unintentionally exposed to guests on ARM cve-assign
CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski

Wednesday, 23 April

Xen Security Advisory 93 (CVE-2014-2915) - Hardware features unintentionally exposed to guests on ARM Xen . org security team
Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access Xen . org security team
Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access cve-assign
Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access Xen . org security team
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks cve-assign
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Eric W. Biederman

Thursday, 24 April

Re: Request for linux-distros list membership Solar Designer
Re: Request for linux-distros list membership Solar Designer

Friday, 25 April

Re: Request for linux-distros list membership rf
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen
Re: Request for linux-distros list membership Anthony Liguori
Re: Request for linux-distros list membership Solar Designer
Re: Re: cups-browsed remote exploit Jamie Strandboge

Saturday, 26 April

Ubuntu 14.04: security problem in the lock screen Kurt Seifried
Re: Ubuntu 14.04: security problem in the lock screen Dave Walker

Sunday, 27 April

XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar
CVE-2014-0190: NULL pointer dereference in GIF image handler in QtGui Murray McAllister
CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords) Murray McAllister

Monday, 28 April

CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing Yves-Alexis Perez
Upcoming security release of fish 2.1.1 David Adam
Re: Upcoming security release of fish 2.1.1 David Adam
super unchecked setuid (CVE-2014-0470) Florian Weimer
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski

Tuesday, 29 April

Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created Xen . org security team
Re: Ubuntu 14.04: security problem in the lock screen Marc Deslauriers
CVE Request: indicator-datetime issue Marc Deslauriers
CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Raphael Geissert
Fwd: [vs] php-fpm: privilege escalation due to insecure default config (CVE-2014-0185) Christian Hoffmann
CVE Request - XSS in FOG open imaging system Dolev Farhi
local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski
Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer
Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer
Re: CVE Request: indicator-datetime issue cve-assign
Re: CVE Request - XSS in FOG open imaging system cve-assign
CVE request: possible miniupnpc buffer overflow Murray McAllister

Wednesday, 30 April

Re: local privilege escalation due to capng_lock as used in seunshare John Haxby
Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM Xen . org security team
CVE request: rxvt-unicode user-assisted arbitrary commands execution Conor McCarthy
CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking P J P
Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar
Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb
Re: Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created cve-assign
Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM cve-assign
Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski
Re: CVE request: possible miniupnpc buffer overflow Murray McAllister
Re: Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer
*REJECT* CVE-2013-4121 Kurt Seifried
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer
Re: CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking cve-assign
Re: CVE request: rxvt-unicode user-assisted arbitrary commands execution cve-assign
Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski
CVE request: Python Bottle JSON content-type not restrictive enough Murray McAllister

Thursday, 01 May

CVE-2014-3114 WordPress plugin ezpz-one-click-backup cmd parameter os command injection Henri Salo
Xen Security Advisory 91 (CVE-2014-3125) - Hardware timer context is not properly context switched on ARM Xen . org security team
Xen Security Advisory 92 (CVE-2014-3124) - HVMOP_set_mem_type allows invalid P2M entries to be created Xen . org security team
Re: CVE request: Python Bottle JSON content-type not restrictive enough cve-assign
CVE request: SKS non-persistent XSS Kristian Fiskerstrand
Re: local privilege escalation due to capng_lock as used in seunshare Daniel J Walsh
Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze cve-assign
akpop3d review Solar Designer

Friday, 02 May

Erlang OTP's httpc module Denial of Service Seba
Re: akpop3d review Jim Hull
CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Marc Deslauriers
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Theo de Raadt
Debian Bug#746579: libwww-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL Kurt Seifried

Saturday, 03 May

Re: Ubuntu 14.04: security problem in the lock screen cve-assign
ldns-keygen creates private key world readable Kurt Seifried
Re: Debian Bug#746579: libwww-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL Salvatore Bonaccorso

Sunday, 04 May

Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin cve-assign
Re: CVE request: SKS non-persistent XSS cve-assign
Re: akpop3d review cve-assign
Re: ldns-keygen creates private key world readable cve-assign
Re: Erlang OTP's httpc module Denial of Service cve-assign

Monday, 05 May

CVE-2014-0196: Linux kernel pty layer race condition memory corruption Marcus Meissner
Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar
Re: CVE Request: libxml2 external parsed entities issue Tomas Hoger
*Possible* ssh vulnerability RbN
Re: *Possible* ssh vulnerability Andrey Korolyov
Re: *Possible* ssh vulnerability Mark Lee
CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities feer james
Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Shawn

Tuesday, 06 May

Re: Upcoming security release of fish 2.1.1 cve-assign
CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Stefan Cornelius
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire
Re: Debian Bug#746579: libwww-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL cve-assign
Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities cve-assign
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign
Postfix bounces arbitrary content Vincent Danen
[CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations Rafael Mendonça França
Unsafe Query Risk in Active Record Rafael Mendonça França
[AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Rafael Mendonça França
Re: Postfix bounces arbitrary content cve-assign

Wednesday, 07 May

CVE Request - Predictable temporary filenames in GNU Emacs Steve Kemp
Re: Postfix bounces arbitrary content Vincent Danen
Re: [AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Jacob Kaplan-Moss
A note on DBus and the Hash DOS Kurt Seifried
Re: A note on DBus and the Hash DOS Hanno Böck
Re: CVE Request - Predictable temporary filenames in GNU Emacs cve-assign
Re: A note on DBus and the Hash DOS Kurt Seifried
Re: [AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Kurt Seifried
Re: local privilege escalation due to capng_lock as used in seunshare cve-assign
CVE Request - Local File inclusion in Cobbler Dolev Farhi

Thursday, 08 May

Re: CVE Request - Local File inclusion in Cobbler cve-assign
Re: Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Timoth D. Morgan
Defeating memory comparison timing oracles Solar Designer

Friday, 09 May

Linux kernel floppy ioctl kernel code execution Marcus Meissner
CVE request: python-lxml clean_html() input sanitization flaw Martin Prpic
CVE request: Denial of Service attacks against Dovecot v1.1+ Henri Salo
CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message P J P
Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message cve-assign
Re: CVE request: python-lxml clean_html() input sanitization flaw cve-assign
Re: CVE request: Denial of Service attacks against Dovecot v1.1+ cve-assign

Sunday, 11 May

CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer Murray McAllister

Monday, 12 May

Re: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer cve-assign
Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Matthew Daley
Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Matthew Daley
Re: [FD] [oss-security] CVE-2014-0196: Linux kernel pty layer race condition memory corruption Savio Bot
Re: [FD] [oss-security] CVE-2014-0196: Linux kernel pty layer race condition memory corruption Solar Designer
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger
CVE Request: seunshare and setexeccon issues Andy Lutomirski
Re: CVE Request: seunshare and setexeccon issues Solar Designer
Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski
Re: CVE Request: seunshare and setexeccon issues Solar Designer
Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski
CVE request: various NodeJS module vulnerabilities Paul Wise

Tuesday, 13 May

Re: Unsafe Query Risk in Active Record Jordi Massaguer
CVE request: Qemu: usb: fix up post load checks P J P
CVE-2014-0222 Qemu: qcow1: Validate L2 table size P J P
CVE-2014-0223 Qemu: qcow1: Validate image size P J P
Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont Alan Coopersmith
Re: CVE request: Qemu: usb: fix up post load checks cve-assign
A number of EncFS issues Murray McAllister
Re: A number of EncFS issues cve-assign

Wednesday, 14 May

CVE request: Pyplate multiple vulnerabilities Henri Salo
Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM Xen . org security team
Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities Dolev Farhi
CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference P J P
Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference Greg KH
Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference Petr Matousek
Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference cve-assign
CVE Reuest: Django: Malformed URLs from user input incorrectly validated Salvatore Bonaccorso
Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 Mikkel Krautz
Re: CVE request: various NodeJS module vulnerabilities cve-assign
Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated cve-assign
Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 cve-assign
Re: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities cve-assign

Thursday, 15 May

Re: Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM cve-assign
OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi
libgadu vulnerability: possible memory corruption Marcin Owsiany
[CVE-2014-2977] DirectFB integer signedness vulnerability Frédéric Basse
[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability Frédéric Basse

Friday, 16 May

Xen Security Advisory 95 (CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717) - input handling vulnerabilities loading guest kernel on ARM Xen . org security team
Small security issue in hub, a github client ( CVE-2014-0177 ) Michael Scherer

Saturday, 17 May

CVE request: X2Go Server privilege escalation Chris Reffett
CVE requests / advisory: TeamPass <= 2.1.19 Matthew Daley

Sunday, 18 May

CVE request for buffer overrun in CHICKEN Scheme Peter Bex
Moodle security notifications public Michael de Raadt
Re: OpenFiler - Arbitrary Code Execution & Stored XSS cve-assign
Re: libgadu vulnerability: possible memory corruption cve-assign

Monday, 19 May

Re: CVE request: X2Go Server privilege escalation cve-assign
Re: CVE requests / advisory: TeamPass <= 2.1.19 cve-assign
Re: CVE request for buffer overrun in CHICKEN Scheme cve-assign
Re: OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi
CVE request, multiple vulnerabilities in openwsman Kent Baxley
Re: Re: CVE request: X2Go Server privilege escalation Chris Reffett

Tuesday, 20 May

CVE request for vulnerability in OpenStack Heat Tristan Cacqueray
Incorrect SQL identifier quotation rampant among popular web frameworks Peter Bex
CVE Request one more openwsman issue Kent Baxley
CVE request: xbmc Moritz Muehlenhoff
Re: CVE request: xbmc cve-assign
Re: CVE request for vulnerability in OpenStack Heat cve-assign
CVE request: dovecot denial of service Yves-Alexis Perez
Re: CVE request: dovecot denial of service Seth Arnold
Re: CVE request: dovecot denial of service Marc Deslauriers
Re: CVE request: dovecot denial of service Yves-Alexis Perez

Wednesday, 21 May

Security release for mod_wsgi (version 3.5) Kurt Seifried
Persistent XSS in Mayan EDMS - document management system Dolev Farhi
[OSSA 2014-015] Keystone user and group id mismatch (CVE-2014-0204) Tristan Cacqueray
Re: CVE request, multiple vulnerabilities in openwsman cve-assign
Re: Persistent XSS in Mayan EDMS - document management system cve-assign

Friday, 23 May

Re: CVE request: Pyplate multiple vulnerabilities cve-assign
Re: Upcoming security release of fish 2.1.1 cve-assign
[OSSA 2014-016] Heat template URL information leakage (CVE-2014-3801) Tristan Cacqueray

Sunday, 25 May

Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Raphael Geissert
CVE request: another path traversal in dpkg-source during unpack Raphael Geissert
CVE Request: userCake <= 2.0.2 CSRF vulnerability Dolev Farhi
Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Guillem Jover

Monday, 26 May

Re: CVE Request: userCake <= 2.0.2 CSRF vulnerability cve-assign

Tuesday, 27 May

CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport Murray McAllister
Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32 Ramon de C Valle
CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried

Wednesday, 28 May

LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability LSE Leading Security Experts GmbH (Security Advisories)
freerdp: integer overflows in memory allocations in client/X11/xf_graphics.c Huzaifa Sidhpurwala
Fwd: [exim-announce] Exim 4.82.1 Security Release Phil Pennock
Re: Fwd: [exim-announce] Exim 4.82.1 Security Release Phil Pennock
CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski
Re: CVE request: Linux kernel DoS with syscall auditing Greg KH
Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski
Re: CVE request: Linux kernel DoS with syscall auditing Greg KH
Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski
Re: CVE request: Linux kernel DoS with syscall auditing Steve Grubb
Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski
Re: Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32 cve-assign
Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign

Thursday, 29 May

Re: CVE request: Linux kernel DoS with syscall auditing cve-assign
CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Murray McAllister
Re: CVE request: Linux kernel DoS with syscall auditing P J P
Re: Re: CVE request: Linux kernel DoS with syscall auditing Steve Grubb
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen
Please REJECT CVE-2014-3463 Kurt Seifried
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Dolev Farhi
CVE-2013-4159 ctdb: /tmp file vulnerability issues Kurt Seifried
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Kurt Seifried
[OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-2573) Jeremy Stanley
Re: [AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Reed Loden
Re: CVE request: another path traversal in dpkg-source during unpack cve-assign
Linux Foundation OpenSSL audit mancha

Friday, 30 May

GnuTLS and libtasn1 security fixes Tomas Hoger
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords cve-assign
Re: GnuTLS and libtasn1 security fixes Florian Weimer
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen

Sunday, 01 June

Re: GnuTLS and libtasn1 security fixes Kristian Fiskerstrand
Re: GnuTLS and libtasn1 security fixes mancha
CVE ID request: typo3 Moritz Muehlenhoff
Re: CVE ID request: typo3 Henri Salo

Monday, 02 June

Re: Linux Foundation OpenSSL audit mancha
CVE-2014-3940 - Linux kernel - missing check during hugepage migration cve-assign
sendmail close-on-exec issue -- CVE assigned? Xin Li
Re: CVE ID request: typo3 cve-assign
Re: CVE ID request: typo3 cve-assign
Request for linux-distros subscription "VMware Security Response Center"
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm

Tuesday, 03 June

LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues advisories
CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext Thijs Kinkhorst
Re: GnuTLS and libtasn1 security fixes Tomas Hoger
Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection Xen . org security team
Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV Xen . org security team
CVE-2013-6876 s3dvt Root shell Hector Marco
CVE-2013-6825 DCMTK Root Privilege escalation Hector Marco
CVE-2014-1226 s3dvt Root shell (still) Hector Marco
Bug in bash <= 4.3 [security feature bypassed] Hector Marco
Re: Bug in bash <= 4.3 [security feature bypassed] Steve Grubb
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim
Re: Request for linux-distros subscription Kurt Seifried
Operating system distribution security contact lists Lisa Bradley
Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign
Re: Request for linux-distros subscription Ramon de C Valle
Re: Request for linux-distros subscription Ramon de C Valle
FreeBSD Security Advisory FreeBSD-SA-14:13.pam FreeBSD Security Advisories
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Solar Designer
Re: Request for linux-distros subscription Solar Designer
Re: Request for linux-distros subscription Greg KH
Re: sendmail close-on-exec issue -- CVE assigned? cve-assign
Re: Operating system distribution security contact lists Solar Designer

Wednesday, 04 June

Re: Request for linux-distros subscription Alan Coopersmith
CVE request: PulseAudio crash due to empty UDP packet Alexander E. Patrakov
CVE-2014-0476 chkrootkit vulnerability Giuseppe Iuculano
Re: Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran
Re: Operating system distribution security contact lists Lisa Bradley
Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Xen . org security team
Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection cve-assign
Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM cve-assign
Re: CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext cve-assign
Re: CVE request: PulseAudio crash due to empty UDP packet cve-assign
Re: CVE request: PulseAudio crash due to empty UDP packet Alexander E. Patrakov
Xen Security Advisory 96 (CVE-2014-3967,CVE-2014-3968) - Vulnerabilities in HVM MSI injection Xen . org security team
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team
Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Ian Jackson
Re: Request for linux-distros subscription Ramon de C Valle
CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Salvatore Bonaccorso
Re: Re: Request for linux-distros subscription Raphael Geissert
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco
Re: Request for linux-distros subscription Kurt Seifried
Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried
Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried
Re: Request for linux-distros subscription Greg KH
Re: Request for linux-distros subscription Ramon de C Valle
Re: Request for linux-distros subscription Greg KH
Re: Request for linux-distros subscription Ramon de C Valle
Re: Request for linux-distros subscription Ramon de C Valle
Re: Request for linux-distros subscription Greg KH
Re: Request for linux-distros subscription Russ Allbery
Re: Request for linux-distros subscription Ramon de C Valle
Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Murray McAllister
Re: Request for linux-distros subscription Ramon de C Valle

Thursday, 05 June

CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure Murray McAllister
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists
[CVE request] Local privilege escalation in libfep Florian Weimer
OpenSSL seven security fixes Solar Designer
Re: OpenSSL seven security fixes Solar Designer
Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign
FreeBSD Security Advisory FreeBSD-SA-14:14.openssl FreeBSD Security Advisories
Re: OpenSSL seven security fixes Solar Designer
Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Kees Cook
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Leon Weber
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Phil Turnbull
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) John Johansen
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner

Friday, 06 June

Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf
Request for CVE: Bytemark Symbiosis Patrick J Cherry
Re: [CVE request] Local privilege escalation in libfep cve-assign
Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure cve-assign
Re: Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Simon McVittie
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH
CVE-2014-0085 / Zookeeper Moritz Muehlenhoff
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf
Re: CVE request: possible miniupnpc buffer overflow Moritz Muehlenhoff
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker
Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers) Stephen Gallagher
Security advisory for musl libc - remote stack-based buffer overflow in DNS response parsing [CVE-2014-3484] Rich Felker
Re: CVE request: possible miniupnpc buffer overflow cve-assign
Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure cve-assign
Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers) cve-assign

Saturday, 07 June

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) mancha
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner

Sunday, 08 June

transparency on message moderation Solar Designer
Re: transparency on message moderation Josh Bressers
Re: transparency on message moderation rea

Monday, 09 June

Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Matthew Daley
OpenJDK CVE duplicates Tomas Hoger
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim
Re: CVE-2014-0085 / Zookeeper David Jorm

Tuesday, 10 June

CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon Simon McVittie
CVE request: Linux kernel / target information leak Moritz Muehlenhoff
CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski

Wednesday, 11 June

Re: CVE request: Linux kernel / target information leak cve-assign
Re: Request for CVE: Bytemark Symbiosis cve-assign
CVE for library bug that requires application participation Alex Gaynor
CVE request: OpenAFS 1.6.8 TMAY fileserver crashes Russ Allbery
CVE request: PHP heap-based buffer overflow in DNS TXT record parsing Murray McAllister

Thursday, 12 June

[OSSA 2014-018] Keystone privilege escalation through trust chained delegation (CVE-2014-3476) Tristan Cacqueray
CVE request: scheme48: insecure use of temporary files in cmuscheme48.el Salvatore Bonaccorso
Re: glibc - CVE for library bug that requires application participation cve-assign
Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes cve-assign
Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing cve-assign
Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el cve-assign

Friday, 13 June

Re: [OpenAFS-GK] Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes Jeffrey Altman
CVE request: Proxmox VE < 3.2 user enumeration vulnerability Damien Cauquil
CVE request: PowerDNS in default configuration is vulnerable to DoS attack Vasyl Kaigorodov
Re: CVE request: Proxmox VE < 3.2 user enumeration vulnerability cve-assign
CVE request: multiple /tmp races in ppc64-diag Vincent Danen
Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords cve-assign

Saturday, 14 June

CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities() Salva Peiró

Sunday, 15 June

CVE Request for KIO/kmail Richard Moore
Re: CVE Request for KIO/kmail Henri Salo
Re: CVE Request for KIO/kmail cve-assign
Re: CVE Request for KIO/kmail Richard Moore
Re: CVE Request for KIO/kmail cve-assign
older ffmpeg overflows/out-of-bounds-accesses/etc. Thomas Klausner
Re: Re: CVE Request for KIO/kmail Yves-Alexis Perez
Re: Re: CVE Request for KIO/kmail Richard Moore
CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE David Jorm

Monday, 16 June

Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS Yves-Alexis Perez
CVE request for vulnerability in OpenStack Neutron Tristan Cacqueray
Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities (clearing up confusion) cve-assign
Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru
CVE Request: iodine: authentication bypass by client Erik Ekman
Re: CVE request: multiple /tmp races in ppc64-diag cve-assign

Tuesday, 17 June

Re: Security release for mod_wsgi (version 3.5) Tomas Hoger
Re: transparency on message moderation Solar Designer
Re: transparency on message moderation Henri Salo
Xen Security Advisory 99 - unexpected pitfall in xenaccess API Xen . org security team
Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests Xen . org security team
Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton
Xen Security Advisory 99 - unexpected pitfall in xenaccess API Andres Lagar Cavilla
Re: transparency on message moderation Solar Designer
Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Ian Campbell
Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Steven Haigh
Re: Security release for mod_wsgi (version 3.5) Tomas Hoger
Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Andres Lagar Cavilla
Re: Security release for mod_wsgi (version 3.5) Seth Arnold
Re: CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski
Re: CVE request: Proxmox VE < 3.2 user enumeration vulnerability cve-assign
Re: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS cve-assign
Re: CVE request for vulnerability in OpenStack Neutron cve-assign
Re: CVE Request: iodine: authentication bypass by client cve-assign
CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse Salvatore Bonaccorso

Wednesday, 18 June

Re: Re: CVE-2014-4014: Linux kernel user namespace bug Sven Kieske
docker VMM breakout Sebastian Krahmer
Re: Security release for mod_wsgi (version 3.5) Matthew Daley
Re: Security release for mod_wsgi (version 3.5) Solar Designer
Re: docker VMM breakout David Jorm
Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton
Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton
CVE-2014-4171 - Linux kernel mm/shmem.c denial of service cve-assign
[OSSA 2014-019] Neutron L3-agent DoS through IPv6 subnet (CVE-2014-4167) Tristan Cacqueray
Re: docker VMM breakout Yves-Alexis Perez
Re: docker VMM breakout Sven Kieske
CVE Request: Parameter Injection in jCryption 3.0 David Tomaschik
Re: docker VMM breakout Daniel J Walsh
KMail/KIO POP3 SSL MITM Flaw Richard Moore
Re: CVE request: multiple /tmp races in ppc64-diag Vincent Danen
TMP flaw in rackspace jclouds? Kurt Seifried
Re: TMP flaw in rackspace jclouds? Alex Gaynor
Re: TMP flaw in rackspace jclouds? Andrew Gaul
Re: CVE Request: Parameter Injection in jCryption 3.0 cve-assign
Re: docker VMM breakout gremlin
CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] Murray McAllister
Re: Re: TMP flaw in rackspace jclouds? Kurt Seifried

Thursday, 19 June

Re: TMP flaw in rackspace jclouds? Ignasi Barrera
Re: Re: cups-browsed remote exploit Tomas Hoger
[OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497) Tristan Cacqueray
Re: docker VMM breakout Serge Hallyn
Re: cups-browsed remote exploit cve-assign
Re: TMP flaw in rackspace jclouds? Andrew Gaul
CVE request: Another Linux syscall auditing bug Andy Lutomirski
Re: CVE request: Another Linux syscall auditing bug Steve Grubb
possible CVE request: opendnssec and softhsm permission issue Murray McAllister
CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister
Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Salvatore Bonaccorso
Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister

Friday, 20 June

Re: TMP flaw in rackspace jclouds? Ignasi Barrera
Re: docker VMM breakout Daniel J Walsh
Re: TMP flaw in rackspace jclouds? Ignasi Barrera
Re: CVE request: Another Linux syscall auditing bug cve-assign

Saturday, 21 June

Re: XSS vulnerability in apt-cacher-ng Yves-Alexis Perez

Sunday, 22 June

Re: XSS vulnerability in apt-cacher-ng cve-assign
Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce
Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore
Re: KMail/KIO POP3 SSL MITM Flaw David Faure
Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce

Monday, 23 June

CVE request: XSS in coppermine gallery before 1.5.28 Hanno Böck
CVE request: piwigo before 2.6.3 sql injection Hanno Böck
CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF Henri Salo
CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest P J P
CVE ID Request for Python CGIHTTPServer File Disclosure Till Maas
CVE request: python: _json module is vulnerable to arbitrary process memory read Vasyl Kaigorodov
CVE request: WordPress plugin wp-gpx-maps wp-gpx-maps_admin_tracks.php Improper Admin Verification File Upload PHP Code Execution Henri Salo
CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library Tristan Cacqueray
Re: CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski
Ansible CVE requests Michael Scherer
Re: TMP flaw in rackspace jclouds? Andrew Gaul
CVE request: GnuPG-1 mancha
Re: CVE request: XSS in coppermine gallery before 1.5.28 cve-assign
Re: CVE request: piwigo before 2.6.3 sql injection cve-assign
Re: CVE request: GnuPG-1 mancha
Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF cve-assign
Re: CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library cve-assign
Re: CVE request: python: _json module is vulnerable to arbitrary process memory read cve-assign

Tuesday, 24 June

Re: CVE request: GnuPG-1 Werner Koch
Re: CVE request: piwigo before 2.6.3 sql injection Hanno Böck
Re: CVE request: GnuPG-1 Olivier Levillain
CVE Request: Linux kernel ALSA core control API vulnerabilities Marcus Meissner
Re: CVE Request: Linux kernel ALSA core control API vulnerabilities Marcus Meissner
possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen
Re: CVE request: GnuPG-1 cve-assign
Re: CVE request: piwigo before 2.6.3 sql injection cve-assign
OpenVZ simfs container filesystem breakout Michał Grzędzicki
FreeBSD Security Advisory FreeBSD-SA-14:15.iconv FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-14:16.file FreeBSD Security Advisories
Re: possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen

Wednesday, 25 June

CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents() Petr Matousek
CVE request: timthumb remote code execution Hanno Böck
Re: CVE request: timthumb remote code execution Hanno Böck
MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Henri Salo
Xen Security Advisory 101 - information leak via gnttab_setup_table on ARM Xen . org security team
[OSSA 2014-021] User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615) Tristan Cacqueray
Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign
Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Chris Steipp
Re: CVE request: piwigo before 2.6.3 sql injection cve-assign
Re: CVE ID Request for Python CGIHTTPServer File Disclosure cve-assign
Re: CVE request: WordPress plugin wp-gpx-maps wp-gpx-maps_admin_tracks.php Improper Admin Verification File Upload PHP Code Execution cve-assign
Re: TMP flaw in rackspace jclouds? cve-assign
Re: CVE Request: Linux kernel ALSA core control API vulnerabilities cve-assign
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried

Thursday, 26 June

Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Henri Salo
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Florian Weimer
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Jamie Strandboge
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried
Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Hanno Böck
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Vladimir '3APA3A' Dubrovin
Re: Ansible CVE requests cve-assign
LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey
LMS-2014-06-16-2: Linux Kernel LZO Don A. Bailey
LMS-2014-06-16-3: Libav LZO Don A. Bailey
LMS-2014-06-16-4: FFmpeg LZO Don A. Bailey
LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey
LMS-2014-06-16-6: LZ4 Core Don A. Bailey
Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer
Re: LMS-2014-06-16-6: LZ4 Core Hanno Böck
Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey
Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey
Re: Re: Ansible CVE requests Florian Weimer
Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez
Re: LMS-2014-06-16-6: LZ4 Core Solar Designer
Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey
Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer
Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey
Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey

Friday, 27 June

Re: LMS-2014-06-16-5: Linux Kernel LZ4 Eddie Chapman
Re: LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE Arun Babu Neelicattu
Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P
CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem Petr Matousek
Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem cve-assign
Re: Xen Security Advisory 101 - information leak via gnttab_setup_table on ARM cve-assign
Re: CVE request: timthumb remote code execution cve-assign
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign
Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 cve-assign
Re: LMS-2014-06-16-1: Oberhumer LZO H. Peter Anvin
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
CVE request / advisory: Cherokee Matthew Daley
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried

Saturday, 28 June

Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez
Re: CVE request / advisory: Cherokee cve-assign

Sunday, 29 June

CVE-2014-0103: Zarafa WebAccess/WebApp store passwords in cleartext on server Robert Scheck
Confusion on CVE-2014-0235 Salvatore Bonaccorso
Re: Confusion on CVE-2014-0235 cve-assign
CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root Murray McAllister

Monday, 30 June

Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen
Xen Security Advisory 101 (CVE-2014-4022) - information leak via gnttab_setup_table on ARM Xen . org security team
Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root cve-assign
changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235) cve-assign

Previous period

Next period