oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

839 messages starting Jun 21 15 and ending Apr 21 15
Date index | Thread index | Author index

0pc0deFR

Wordpress Plugin: FTP To Zip 1.8 0pc0deFR (Jun 21)
CVE Request for WP Fastest Cache plugin 0pc0deFR (May 23)

Aaron Patterson

[CVE-2015-3227] Possible Denial of Service attack in Active Support Aaron Patterson (Jun 16)
[CVE-2015-3224] IP whitelist bypass in Web Console Aaron Patterson (Jun 16)
[CVE-2015-3226] XSS Vulnerability in ActiveSupport::JSON.encode Aaron Patterson (Jun 16)
[CVE-2015-1840] CSRF Vulnerability in jquery-ujs and jquery-rails Aaron Patterson (Jun 16)
[CVE-2015-3225] Potential Denial of Service Vulnerability in Rack Aaron Patterson (Jun 16)

Abhishek Ghosh

Re: Wordpress Plugin: FTP To Zip 1.8 Abhishek Ghosh (Jun 22)

Adrián M . F .

CVE request: SQLi in FeedWordPress - WordPress plugin Adrián M . F . (May 18)
CVE request: Multiple vulnerabilities in some WordPress plugins: NewStatPress & WordPress Landing Pages. Adrián M . F . (May 22)
CVE request: Multiple SQL injection vulnerabilities in GigPress - WordPress plugins. Adrián M . F . (May 20)

Akhil Das

Re: CVE Request: Arbitary Code Execution in Apache Spark Cluster Akhil Das (Apr 16)
CVE Request: Arbitary Code Execution in Apache Spark Cluster Akhil Das (Apr 16)

Alan Coopersmith

Re: Logjam attack / Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Alan Coopersmith (May 20)
Fwd: X.Org/Wayland Security Advisory: Missing authentication in XWayland Alan Coopersmith (Jun 10)
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Alan Coopersmith (Apr 09)
Re: CVE request: X server crash by client Alan Coopersmith (Apr 27)
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Alan Coopersmith (Apr 14)

Alban Crequy

Re: CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root Alban Crequy (Jun 16)

Alessandro Ghedini

Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Alessandro Ghedini (Jun 01)
CVE Request: phpbb open redirect Alessandro Ghedini (May 12)
Re: CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini (Jun 05)
Re: CVE Request: zeromq downgrade attack Alessandro Ghedini (May 22)
Re: CVE Request: zeromq downgrade attack Alessandro Ghedini (May 15)
Re: CVE reject request CVE-2015-8146/8147 (was: [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL) Alessandro Ghedini (May 19)
CVE Request: zeromq downgrade attack Alessandro Ghedini (May 07)
CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini (Jun 04)
CVE Request: nbd denial of service Alessandro Ghedini (May 19)
Re: WordPress 4.2.1 security update - CVE please Alessandro Ghedini (Apr 27)

Alexander E. Patrakov

StrongSwan VPN client for Android leaks username to rouge server Alexander E. Patrakov (May 29)
Re: Google Chrome Address Spoofing (Request For Comment) Alexander E. Patrakov (Jun 29)

Amos Jeffries

CVE policy clarification request Amos Jeffries (Apr 29)
Re: Re: CVE policy clarification request Amos Jeffries (Apr 30)
CVE-2015-3455 - SQUID-2015:1 Incorrect X509 server certificate validation Amos Jeffries (May 01)

Andrea Barisani

[oCERT-2015-003] MySQL SSL/TLS downgrade Andrea Barisani (Apr 29)
[oCERT-2015-006] dcraw input sanitization errors Andrea Barisani (May 11)
[oCERT-2015-008] FreeRADIUS insufficent CRL application Andrea Barisani (Jun 22)

Andrea Palazzo

CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 18)
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo (May 19)

Andreas Stieger

CVE Request for ceph-deploy world-readable keyring permissions Andreas Stieger (Apr 09)

Andrew Lutomirski

CVE Request: Linux mishandles int80 fork from 64-bit tasks Andrew Lutomirski (Apr 01)

Andrew Shadura

CVE-2015-0276: Kallithea: Lack of CSRF attack protection enables gaining unauthorised access to users' accounts Andrew Shadura (Apr 10)
CVE-2015-1864: Multiple HTML and Javascript injections Andrew Shadura (Apr 14)

Andrew Widdersheim

CVE-2015-3222 - OSSEC root escalation Andrew Widdersheim (Jun 11)

Andy Lutomirski

Re: CVE request Linux kernel: ns: user namespaces panic Andy Lutomirski (May 29)
Re: Linux namespaces: It is possible to escape from bind mounts Andy Lutomirski (Apr 06)

Anirudh Anand

CVE Request: Anchor CMS - Multiple Stored and DOM Based XSS issues Anirudh Anand (Jun 25)
CVE Request - BigTree CMS - Stored XSS while creating a new user Anirudh Anand (Jun 26)
Re: CVE Request: Anchor CMS - Multiple Stored and DOM Based XSS issues Anirudh Anand (Jun 26)

Bart Dopheide

CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability Bart Dopheide (May 18)

Bastian Blank

Re: PostgreSQL - Predictable cancel key Bastian Blank (Jun 15)
CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Bastian Blank (Jun 13)
PostgreSQL - Predictable cancel key Bastian Blank (Jun 13)

Ben Hutchings

Re: TCP Fast Open local DoS in some Linux stable branches Ben Hutchings (Apr 15)
Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI Ben Hutchings (Apr 20)
Buffer overruns in Linux kernel RFC4106 implementation using AESNI Ben Hutchings (Apr 14)
TCP Fast Open local DoS in some Linux stable branches Ben Hutchings (Apr 14)

Chris Steipp

CVE request: MediaWiki 1.24.2/1.23.9/1.19.24 Chris Steipp (Mar 31)

Christoph Anton Mitterer

Re: Bug#786909: chromium: unconditionally downloads binary blob Christoph Anton Mitterer (Jun 18)

Colin Walters

Re: CVE request for polkit Colin Walters (Jun 09)
CVE request for polkit Colin Walters (Jun 08)
Re: CVE request for polkit Colin Walters (Jun 12)

Colton Myers

Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module Colton Myers (May 18)

cve-assign

Re: Validating OCSP response signatures cve-assign (Jun 25)
Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign (Jun 05)
Re: CVE Request: vBulletin 5 - Private Messages Input Validation Failure cve-assign (Apr 24)
Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign (Apr 12)
Re: CVE request: Buffer overflow in das_watchdog cve-assign (Apr 02)
CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice cve-assign (May 20)
Re: CVE requests for Drupal contributed modules cve-assign (Apr 22)
Re: CVE request: Dovecot remote DoS on TLS connections cve-assign (Apr 26)
Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign (Apr 09)
Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign (Jun 04)
Re: CVE request: Perl XML::LibXML cve-assign (Apr 29)
Re: CVE request Linux kernel: ns: user namespaces panic cve-assign (Jun 04)
Re: CVE Request: various issues in PHP cve-assign (Jun 16)
Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS cve-assign (Jun 04)
Re: CVE request: Stack overflow in redcarpet's header_anchor cve-assign (Jun 30)
Re: kernel: fs.suid_dumpable=2 privilege escalation cve-assign (Apr 16)
Re: discourage "CVE only" use of (linux-)distros cve-assign (Apr 14)
Re: Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser cve-assign (Jun 29)
Re: CVE requests / Advisory: phpMyBackupPro cve-assign (Jun 04)
Re: CVE policy clarification request - Squid 3.5.4 etc. cve-assign (Apr 30)
Re: TCP Fast Open local DoS in some Linux stable branches - Linux kernel cve-assign (Apr 17)
Re: CVE request Linux kernel: udf: information leakage when reading symlink cve-assign (Jun 03)
Re: CVE request Qemu: malicious PRDT flow from guest to host cve-assign (Apr 20)
Re: CVE request: Multiple SQL injection vulnerabilities in GigPress - WordPress plugins. cve-assign (May 22)
Re: redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown cve-assign (Apr 20)
Re: FreeRDP tmp flaws cve-assign (May 27)
Re: CVE Request: Information disclosure in MantisBT cve-assign (Jun 24)
Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure cve-assign (Jun 15)
Re: Stack out of bounds read access in uudecode / sharutils cve-assign (Jun 03)
Re: CVE request Linux kernel: fs: udf kernel oops cve-assign (Jun 03)
Re: CVE request - NodeBB Persistent XSS through Markdown cve-assign (Apr 10)
Re: Question about world readable config files and commented warnings cve-assign (Jun 30)
Re: Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015) cve-assign (Apr 30)
Re: Potential issue in NTP -A option cve-assign (May 14)
Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP cve-assign (Jun 21)
Re: CVE reject request CVE-2015-8146/8147 (was: [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL) cve-assign (May 19)
Re: CVE policy clarification request cve-assign (Apr 29)
Re: CVE request: Linux kernel - bpf jit optimization flaw can panic kenrel. cve-assign (Jun 22)
Re: CVE Request: various issues in PHP cve-assign (Jun 18)
Re: Possible XSS vulnerability on NIST NVD cve-assign (Jun 10)
Re: CVE request for buffer overflow in ppp cve-assign (Apr 15)
Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress cve-assign (May 31)
Re: CVE Request: OSSIM multiple vulnerabilities cve-assign (May 22)
Re: zip-attachments v1.1.4 wordpress plugin arbitrary file download vulnerability. cve-assign (Jun 21)
Re: CVE request for polkit cve-assign (Jun 16)
Re: CVE Request - Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 cve-assign (Jun 16)
Re: Xen Security Advisory 132 - Information leak through XEN_DOMCTL_gettscinfo cve-assign (Apr 20)
Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request cve-assign (Jun 18)
Re: CVE request - TelescopeJS Information Leakage: User BCrypt password hash post-authentication cve-assign (Apr 29)
Re: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers cve-assign (Jun 24)
Re: Kernel oops on 32 bits arch cve-assign (Apr 13)
Re: CVE Request: various issues in PHP cve-assign (Jun 18)
Re: Linux namespaces: It is possible to escape from bind mounts cve-assign (Apr 06)
Re: CVE request for attic : encrypted backups attack cve-assign (May 31)
Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities cve-assign (Jun 05)
Re: CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage cve-assign (Jun 03)
Re: CVE request Linux kernel: ns: user namespaces panic cve-assign (Jun 03)
Re: CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer cve-assign (May 22)
Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 cve-assign (Apr 16)
Re: CVE Request for read-only directory traversal in Etherpad Minify cve-assign (Apr 10)
Re: Question about tmp flaws in non-default build options (e.g. Kerberos DEBUG_ASN1) cve-assign (May 27)
Re: CVE request - illumos cve-assign (Apr 20)
Re: CVE request: X server crash by client cve-assign (Apr 24)
Re: CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues cve-assign (Apr 06)
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 cve-assign (Jun 15)
Re: CVE Request : IPv6 Hop limit lowering via RA messages cve-assign (Apr 04)
Re: CVE request / Advisory: Slideshow (Wordpress plugin) - Wordpress option value disclosure cve-assign (May 02)
Re: CVE Request - CSRF and XSS in Encrypted Contact Form Wordpress Plugin v1.0.4 cve-assign (May 16)
Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)
Re: Request CVE for LinuxNode - DoS vulnerability cve-assign (Apr 06)
Re: CVE request: Caja / MATE Desktop Environment: caja automounts USB flash drives and CD/DVD drives while session is locked cve-assign (Apr 04)
Re: Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability cve-assign (May 22)
Re: CVE Request for ceph-deploy world-readable keyring permissions cve-assign (Apr 09)
Re: Problems in automatic crash analysis frameworks cve-assign (Apr 15)
Re: Question about world readable config files and commented warnings cve-assign (Jun 30)
Re: USBCreator D-Bus service cve-assign (May 03)
Re: [CVE Request] Multiple vulnerabilities in PHP's Phar handling cve-assign (Apr 17)
Re: CVE request: SQLi in FeedWordPress - WordPress plugin cve-assign (May 18)
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function cve-assign (Jun 25)
Re: [oCERT-2015-006] dcraw input sanitization errors cve-assign (May 12)
Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings cve-assign (Jun 16)
Re: QEMU 2.3.0 tmp vulns CVE request cve-assign (May 23)
Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function cve-assign (Jun 20)
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) cve-assign (Jun 11)
Re: Local privileges escalation in rubygem open-uri-cached cve-assign (May 06)
Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP cve-assign (Jun 22)
Re: cve-assign delays cve-assign (Apr 16)
Re: Re: CVEs for Drupal contributed modules - January 2015 cve-assign (Apr 21)
Re: CVE Request: bson-ruby DoS and possible injection cve-assign (Jun 06)
Re: CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify cve-assign (Apr 15)
Re: CVE Request for ZFS on Linux cve-assign (Apr 21)
Re: CVE Request: zeromq downgrade attack cve-assign (May 21)
Re: CVE requests / Advisory: phpMyBackupPro cve-assign (May 03)
Re: CVE request Qemu: malicious PRDT flow from guest to host cve-assign (Apr 21)
Re: Stack out of bounds read access in uudecode / sharutils cve-assign (Jun 02)
Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign (Apr 09)
Re: USERNS allows circumventing MNT_LOCKED - Linux kernel cve-assign (Apr 17)
Re: CVE request libaxl <= 0.6.9 cve-assign (Apr 29)
Re: About PHP and CVE-2015-1353 cve-assign (May 18)
Re: CVE request: incomplete fix for CVE-2013-4422 cve-assign (Apr 27)
Re: CVE request: Module::Signature before 0.75 - multiple vulnerabilities cve-assign (Apr 23)
Re: Linux: chown() was racy relative to execve() - Linux kernel cve-assign (Apr 20)
Re: CVE request: Multiple SQL injection vulnerabilities in GigPress - WordPress plugins. cve-assign (May 22)
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam cve-assign (May 02)
Re: CVE request: IPython XSS in JSON error responses cve-assign (Jun 22)
Re: Re: CVEs for Drupal contributed modules - January 2015 cve-assign (Apr 22)
Re: CVE Request: Arbitary Code Execution in Apache Spark Cluster cve-assign (Apr 16)
Re: CVE for Jentu cve-assign (May 10)
Re: CVE Request: Linux mishandles int80 fork from 64-bit tasks cve-assign (Apr 02)
Re: CVE request: python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH) cve-assign (May 19)
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() cve-assign (Jun 01)
Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign (Apr 13)
Re: CVE request: Wesnoth authentication information disclosure cve-assign (Jun 25)
Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 cve-assign (Apr 08)
Re: CVE request netfilter connection tracking accounting. - Linux kernel cve-assign (Apr 08)
Re: CVE Request for ZFS on Linux cve-assign (Apr 22)
Re: Possible CVE Requests: libmspack: several issues cve-assign (Jun 11)
Re: CVE requests for Drupal contributed modules cve-assign (Apr 22)
Re: CVE request: vulnerability in wpa_supplicant and hostapd cve-assign (May 31)
Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 cve-assign (Apr 16)
Re: Request CVE for LinuxNode - DoS vulnerability cve-assign (Apr 03)
Re: CVE request for vulnerability in OpenStack Keystone cve-assign (May 04)
Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)
Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems cve-assign (Apr 23)
Re: Question about world readable config files and commented warnings cve-assign (Jun 30)
Re: Wordpress Plugin: FTP To Zip 1.8 cve-assign (Jun 22)
Re: Potential CVE request: flaw in comment handling cve-assign (Apr 16)
Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI cve-assign (Apr 17)
Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix cve-assign (May 21)
Re: CVE Request - CSRF vulnerability in the Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 cve-assign (Jun 21)
Re: CVE Request, multiple WordPress plugins and themes cve-assign (May 28)
Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24 cve-assign (Apr 07)
Re: CVE request for polkit cve-assign (Jun 08)
Re: Problems in automatic crash analysis frameworks cve-assign (Apr 15)
Re: proftpd: Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy cve-assign (Apr 15)
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function cve-assign (Jun 25)
Re: Problems in automatic crash analysis frameworks cve-assign (Apr 14)
Re: CVE Request: nbd denial of service cve-assign (May 21)
Re: CVE Request: phpbb open redirect cve-assign (May 12)
Re: CVE request: pure-ftpd denial of service in glob_() cve-assign (Jun 18)
Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength() cve-assign (Jun 26)
Re: Problems in automatic crash analysis frameworks cve-assign (Apr 16)
Re: CVE request: vulnerability in the kernel tty subsystem. cve-assign (Jun 02)
Re: CVE request for vhost/scsi possible memory corruption. cve-assign (May 21)
Re: CVE request: Multiple vulnerabilities in some WordPress plugins: NewStatPress & WordPress Landing Pages. cve-assign (May 22)
Re: CVE Request: ipsec-tools cve-assign (May 21)
Re: CVE request for vulnerability in OpenStack Horizon cve-assign (May 14)
Re: Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS cve-assign (Jun 21)
Re: Linux namespaces: It is possible to escape from bind mounts cve-assign (Apr 04)
Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured cve-assign (Jun 08)
Re: CVE Request: t1utils: buffer overflow in set_cs_start cve-assign (May 22)
Re: double-free in gnutls (CRL distribution points parsing) cve-assign (Apr 15)
Re: CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable cve-assign (May 21)
Re: Possible CVE Request: Wordpress 4.1.2 security release cve-assign (Apr 28)
Re: Cross-Site Request Forgery in Spina CMS cve-assign (Jun 16)
Re: CVE request for proxychains-ng : current path as the first directory for the library search path cve-assign (May 13)
Re: CVE Request: Django CMS cve-assign (Jun 28)
Re: CVE Request for read-only directory traversal in Etherpad frontend tests cve-assign (May 26)
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 cve-assign (Jun 21)
Re: coreutils sort heap overflow cve-assign (May 19)
Re: CVE Request for WP Fastest Cache plugin cve-assign (May 26)
Re: CVE Request: PHP potential remote code execution with apache 2.4 apache2handler cve-assign (Apr 17)
Re: CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability cve-assign (May 19)

DaKnOb

Re: Request 2 CVE-IDs for Zeus Voting System DaKnOb (May 14)
Re: Request 2 CVE-IDs for Zeus Voting System DaKnOb (May 14)
Request 2 CVE-IDs for Zeus Voting System DaKnOb (May 13)

Damien Cauquil

CVE Request: OSSIM multiple vulnerabilities Damien Cauquil (May 13)

Damien Regad

CVE Request: Information disclosure in MantisBT Damien Regad (Jun 24)
Re: CVE Request: Information disclosure in MantisBT Damien Regad (Jun 25)

Dan Carpenter

Re: [PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow Dan Carpenter (May 26)
Re: [PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS Dan Carpenter (May 26)

Daniel Kahn Gillmor

Re: [CVE-2015-0839] hp-plugin binary driver verification Daniel Kahn Gillmor (May 31)

Daniel Micay

Re: Google Chrome Address Spoofing (Request For Comment) Daniel Micay (Jun 30)
Re: Google Chrome Address Spoofing (Request For Comment) Daniel Micay (Jun 30)
Re: membership request to the closed linux-distros security mailing list Daniel Micay (Apr 02)

Dan McDonald

Re: CVE Request : IPv6 Hop limit lowering via RA messages Dan McDonald (Apr 02)
Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Dan McDonald (Jun 03)
CVE request Dan McDonald (Apr 19)
Re: CVE request - illumos Dan McDonald (Apr 20)

Darren Martyn

CVE Request: SuiteCRM Post Auth RCE Darren Martyn (May 20)

Dave Walker

Re: CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Dave Walker (Jun 13)

David A. Wheeler

Re: Hanno Boeck found Heartbleed using afl + ASan! David A. Wheeler (Apr 07)
Re: Hanno Boeck found Heartbleed using afl + ASan! David A. Wheeler (Apr 07)
Hanno Boeck found Heartbleed using afl + ASan! David A. Wheeler (Apr 07)

David Jorm

OpenDaylight security advisory: CVE-2015-3414 CVE-2015-3416 SQLite memory corruption, CVE-2015-4000 LOGJAM TLS MITM David Jorm (Jun 29)

David Leo

Google Chrome Address Spoofing (Request For Comment) David Leo (Jun 29)

Dean Pierce

Joomla! Administrator -> web shell esclalation Dean Pierce (Jun 18)
Re: On sanctioned MITMs Dean Pierce (May 01)

Dennis

CVE Request: mime-support Dennis (Jun 03)
Re: CVE Request: mime-support Dennis (Jun 03)
Re: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Dennis (May 19)

Dmitry V. Levin

Linux-PAM 1.2.1 released to address CVE-2015-3238 Dmitry V. Levin (Jun 25)

Douwe Maan

CVE Request: CSRF vulnerability in OmniAuth request phase Douwe Maan (May 26)

D.S. Ljungmark

CVE Request : IPv6 Hop limit lowering via RA messages D.S. Ljungmark (Apr 02)
Re: CVE Request : IPv6 Hop limit lowering via RA messages D.S. Ljungmark (Apr 03)

Eddie Chapman

Re: On sanctioned MITMs Eddie Chapman (May 02)

Eitan Adler

Fwd: CVE Request : IPv6 Hop limit lowering via RA messages Eitan Adler (Apr 02)

Emmanuel Law

[CVE Request/Advisory] Multiple vulnerabilities in PHP's handling of Phar files Emmanuel Law (May 17)
[CVE Request] Multiple vulnerabilities in PHP's Phar handling Emmanuel Law (Apr 16)

Enrico Zini

[CVE-2015-0839] hp-plugin binary driver verification Enrico Zini (May 29)

Eric W. Biederman

Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman (Jun 07)
Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman (Jun 04)
Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman (Jun 05)

Eric Windisch

Docker 1.6.1 - Security Advisory [150507] Eric Windisch (May 07)
USERNS allows circumventing MNT_LOCKED Eric Windisch (Apr 17)

Felipe Pena

Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Felipe Pena (Jun 04)

Fernando Muñoz

Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz (Jun 16)
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Fernando Muñoz (Jun 16)
CVE-2015-0848 - Heap overflow on libwmf0.2-7 Fernando Muñoz (Jun 01)
CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz (Jun 03)

Fiedler Roman

AW: Re: open(2) with side effects Fiedler Roman (Apr 23)

Florian Weimer

CVE-2015-0847 in nbd-server Florian Weimer (May 07)
Re: Problems in automatic crash analysis frameworks Florian Weimer (Apr 17)
Silent security fixes in virtuoso-opensource Florian Weimer (May 05)
Re: Problems in automatic crash analysis frameworks Florian Weimer (Apr 15)
Re: Problems in automatic crash analysis frameworks Florian Weimer (May 05)
Re: Google Chrome Address Spoofing (Request For Comment) Florian Weimer (Jun 30)
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Florian Weimer (Apr 09)
ELF PLT changes in gcc/binutils/glibc Florian Weimer (May 26)
kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer (Apr 16)
CVE-2015-1781 in glibc Florian Weimer (Apr 21)
JSON-based SQL query construction (Sequelize as an example) Florian Weimer (May 20)
Re: PHP and some == wonkiness Florian Weimer (May 05)
Re: kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer (Apr 17)
Re: CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice Florian Weimer (May 26)
Re: Re: Problems in automatic crash analysis frameworks Florian Weimer (Apr 15)
Re: Re: open(2) with side effects Florian Weimer (Apr 23)
Re: Problems in automatic crash analysis frameworks Florian Weimer (Apr 23)
Re: PHP and some == wonkiness Florian Weimer (May 04)
Re: Problems in automatic crash analysis frameworks Florian Weimer (May 05)
open(2) with side effects Florian Weimer (Apr 23)
Re: tlsdate havoc ahead - default host randomizes tls timestamps Florian Weimer (Apr 24)
Re: Abusing TZ for fun (and little profit) Florian Weimer (Apr 24)
CVE request: Buffer overflow in das_watchdog Florian Weimer (Apr 01)

Garth Mollett

Reject CVE-2015-3157 Garth Mollett (Jun 30)

Gerhard Rieger

Socat security advisory 6 - Possible DoS with fork (update: CVE-Id: CVE-2015-1379; fix for version 2) Gerhard Rieger (Apr 06)

Giancarlo Canales

Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 17)
Re: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 18)
CVE request: Stack overflow in redcarpet's header_anchor Giancarlo Canales (Jun 29)
CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales (Jun 10)
Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales (Jun 15)

Grandma Eubanks

Re: Problems in automatic crash analysis frameworks Grandma Eubanks (Apr 17)
Re: USBCreator D-Bus service Grandma Eubanks (Apr 24)
Re: PHP and some == wonkiness Grandma Eubanks (May 05)

Greg KH

Re: CVE request: vulnerability in the kernel tty subsystem. Greg KH (May 29)
Re: CVE request: vulnerability in the kernel tty subsystem. Greg KH (May 26)
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Greg KH (May 13)
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Greg KH (May 13)

Greg Kroah-Hartman

Re: [PATCH 1/4] ozwpan: Use proper check to prevent heap overflow Greg Kroah-Hartman (May 24)

gremlin

Re: Question about world readable config files and commented warnings gremlin (Jun 29)

Gsunde Orangen

Re: CVE request for some NTP stuff Gsunde Orangen (Apr 13)
Re: Advisory: CVE-2014-9708: Appweb Web Server Gsunde Orangen (Apr 06)

Guanxing Wen

Re: Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Guanxing Wen (Jun 04)
CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength() Guanxing Wen (Jun 25)

Haggai Eran

Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Haggai Eran (Apr 02)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Haggai Eran (Apr 02)

Hannes Trunde

AW: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 Hannes Trunde (Apr 16)
Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 Hannes Trunde (May 08)
CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 Hannes Trunde (Apr 14)

Hanno Böck

Two invalid read errors / heap overflows in SQLite (TFPA 006/2015) Hanno Böck (May 12)
Re: Re: CVE Request: jabberd remote information disclosure Hanno Böck (Jun 17)
Re: Re: CVE request: Dovecot remote DoS on TLS connections Hanno Böck (Apr 28)
Re: about this openssh heap overflow Hanno Böck (May 16)
Re: CVE request: libksba version 1.3.3 fixes multiple security issues Hanno Böck (Apr 13)
Re: Re: Possible CVE Request: Wordpress 4.1.2 security release Hanno Böck (Apr 28)
Re: On sanctioned MITMs Hanno Böck (May 01)
Out of bounds read in OpenSSL function X509_cmp_time (CVE-2015-1789) and other minor issues Hanno Böck (Jun 12)
Re: Re: Stack out of bounds read access in uudecode / sharutils Hanno Böck (Jun 03)
Stack out of bounds read access in uudecode / sharutils Hanno Böck (Jun 02)
about this openssh heap overflow Hanno Böck (May 16)
Palinopsia bug Hanno Böck (Apr 03)
Null pointer access in inflatehd tool (nghttp2) Hanno Böck (Jun 03)
Read heap overflow / invalid memory access in Wireshark Hanno Böck (May 14)
CVE request: Dovecot remote DoS on TLS connections Hanno Böck (Apr 26)
Re: CVE Request: phpbb open redirect Hanno Böck (May 12)
Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser Hanno Böck (Jun 29)
CVE request: XSS in WP Super Cache < 1.4.3 Hanno Böck (Apr 05)
Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015) Hanno Böck (Apr 30)
Re: CVE request: Dovecot remote DoS on TLS connections Hanno Böck (May 07)
Re: Problems in automatic crash analysis frameworks Hanno Böck (Apr 15)
tlsdate havoc ahead - default host randomizes tls timestamps Hanno Böck (Apr 23)
proftpd: Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy Hanno Böck (Apr 14)
Re: CVE request: libarchive: Out of bounds read using malformed cpio archive Hanno Böck (May 03)

Harlan Stenn

Re: Potential issue in NTP -A option Harlan Stenn (May 14)

Hector Marco-Gisbert

Re: CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Hector Marco-Gisbert (May 07)

Henri Salo

Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability Henri Salo (Apr 18)
Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS Henri Salo (Jun 03)
CVE-2015-3429: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme Henri Salo (May 07)
CVE request: WordPress plugin wassup cross-site scripting vulnerability Henri Salo (Apr 05)
Re: CVE Request, multiple WordPress plugins and themes Henri Salo (May 27)
Re: Possible XSS vulnerability on NIST NVD Henri Salo (Jun 10)
CVE request: XSS and CSRF in WP Smiley plugin for WordPress Henri Salo (May 29)
Re: CVE request: vulnerability in the kernel tty subsystem. Henri Salo (May 29)

Hhjack

Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Hhjack (Jun 03)

Huzaifa Sidhpurwala

Re: Re: Problems in automatic crash analysis frameworks Huzaifa Sidhpurwala (Apr 15)
Re: Re: Problems in automatic crash analysis frameworks Huzaifa Sidhpurwala (Apr 15)

Iain R. Learmonth

Request CVE for LinuxNode - DoS vulnerability Iain R. Learmonth (Apr 03)

Ignacio R. Morelle

CVE request: Wesnoth authentication information disclosure Ignacio R. Morelle (Jun 24)

Jaanus

CVE-2015-3200 Log injection in Lighttpd Jaanus (May 25)

Jake Luciani

[SECURITY ANNOUNCEMENT] CVE-2015-0225 Jake Luciani (Apr 01)

Jakub Filak

Re: Problems in automatic crash analysis frameworks Jakub Filak (Apr 15)

Jakub Wilk

Re: QEMU 2.3.0 tmp vulns CVE request Jakub Wilk (May 16)
CVE requests: didjvu, pdf2djvu: insecure use of /tmp Jakub Wilk (May 09)

James Cammarata

Re: CVE Request / Ansible: insecure permission on a directory when using spacewalk inventory James Cammarata (May 02)

Jann Horn

Re: open(2) with side effects Jann Horn (Apr 23)
Linux namespaces: It is possible to escape from bind mounts Jann Horn (Apr 03)
Still unfixed? Re: [oss-security] Linux namespaces: It is possible to escape from bind mounts Jann Horn (May 14)
Linux: chown() was racy relative to execve() Jann Horn (Apr 19)

Jan Rusnacko

Re: Re: libyaml / YAML-LibYAML DoS Jan Rusnacko (Apr 03)

Jason A. Donenfeld

Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Jason A. Donenfeld (May 30)
[PATCH 2/4] ozwpan: Use unsigned ints to prevent heap overflow Jason A. Donenfeld (May 13)
[PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS Jason A. Donenfeld (May 26)
[PATCH v2 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld (May 26)
[PATCH v2 3/4] ozwpan: divide-by-zero leading to panic Jason A. Donenfeld (May 26)
[PATCH v2 2/4] ozwpan: Use unsigned ints to prevent heap overflow Jason A. Donenfeld (May 26)
[PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld (May 13)
[PATCH 3/4] ozwpan: divide-by-zero leading to panic Jason A. Donenfeld (May 13)
[PATCH 4/4] ozwpan: unchecked signed subtraction leads to DoS Jason A. Donenfeld (May 13)
CVE requests: Remote packet-of-death vulnerabilities in Linux Kernel ozwpan driver Jason A. Donenfeld (May 13)
[PATCH 4/4] ozwpan: unchecked signed subtraction leads to DoS Jason A. Donenfeld (May 13)
[PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow Jason A. Donenfeld (May 26)
[PATCH 1/4] ozwpan: Use proper check to prevent heap overflow Jason A. Donenfeld (May 13)
[PATCH 1/4] ozwpan: Use proper check to prevent heap overflow Jason A. Donenfeld (May 13)
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld (May 13)
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld (May 13)
CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Jason A. Donenfeld (May 27)
[PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld (May 13)
[PATCH 3/4] ozwpan: divide-by-zero leading to panic Jason A. Donenfeld (May 13)
[PATCH 2/4] ozwpan: Use unsigned ints to prevent heap overflow Jason A. Donenfeld (May 13)

Jason Geffner

RE: VENOM - CVE-2015-3456 Jason Geffner (May 14)
VENOM - CVE-2015-3456 Jason Geffner (May 13)
RE: VENOM - CVE-2015-3456 Jason Geffner (May 13)

Jeremy Spilman

Signature Bypass in several JSON Web Token Libraries (CVEs Needed?) Jeremy Spilman (Mar 31)

Jeremy Stanley

CVE Request for read-only directory traversal in Etherpad Minify Jeremy Stanley (Apr 10)
CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify Jeremy Stanley (Apr 12)
Re: Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley (May 23)
Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley (Apr 11)
Corrections to CVE-2015-3297 Jeremy Stanley (Apr 12)
Re: CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Jeremy Stanley (Jun 13)

Jim Thompson

Re: CVE Request : IPv6 Hop limit lowering via RA messages Jim Thompson (Apr 03)

Jing Wang

NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities - CVE Request Jing Wang (May 04)
Feed2JS v1.7 XSS Web Security Vulnerabilities - CVE Request Jing Wang (May 22)
WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request Jing Wang (Apr 23)
Innovative WebPAC Pro 2.0 Open Redirect Web Security Vulnerabilities - CVE Request Jing Wang (May 22)

J. M. Bogaard

CVE request libaxl <= 0.6.9 J. M. Bogaard (Apr 28)

Joe Bowser

CVE-2015-1835: Remote exploit of secondary configuration variables in Apache Cordova on Android Joe Bowser (May 27)

Joe Malcolm

Re: On sanctioned MITMs Joe Malcolm (May 04)

John Lightsey

CVE request: Module::Signature before 0.75 - multiple vulnerabilities John Lightsey (Apr 06)

Jon Oberheide

Re: [oCERT-2015-003] MySQL SSL/TLS downgrade Jon Oberheide (Apr 30)

Jose R R

Re: OpenSSL Sec Adv 20150611 Jose R R (Jun 12)

Joshua Rogers

CVE Request: MySQL Null Pointer Dereference Joshua Rogers (Apr 10)

Joshua Smith

Re: Re: Stack out of bounds read access in uudecode / sharutils Joshua Smith (Jun 03)

Jouni Malinen

CVE request: hostapd/wpa_supplicant - WPS UPnP vulnerability with HTTP chunked transfer encoding Jouni Malinen (May 09)
wpa_supplicant P2P SSID processing vulnerability Jouni Malinen (Apr 22)
Re: CVE request: vulnerability in wpa_supplicant and hostapd Jouni Malinen (May 09)
CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing Jouni Malinen (May 09)
Re: CVE request: vulnerability in wpa_supplicant and hostapd Jouni Malinen (May 09)

Julian Reschke

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) Julian Reschke (May 21)

Justin Bull

CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" Justin Bull (Jun 20)
Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP Justin Bull (Jun 21)

Justin Burke

Re: CVE=2015-1234 disambiguation Justin Burke (Jun 10)

Kash Pande

re: CVE for Jentu Kash Pande (May 14)
CVE Request for ZFS on Linux Kash Pande (Apr 21)
CVE for Jentu Kash Pande (May 09)
Re: CVE Request for ZFS on Linux Kash Pande (Apr 21)
Re: re: CVE for Jentu Kash Pande (May 14)
Re: membership request to the closed linux-distros security mailing list Kash Pande (Apr 02)
openwall phpass fallback mode Kash Pande (May 09)

Kees Cook

Re: kernel: fs.suid_dumpable=2 privilege escalation Kees Cook (Apr 16)

Kevin McArthur

Re: CVE Request: Insufficient TLS Protection in Composer (PHP) Kevin McArthur (May 14)

Kurt Seifried

QEMU 2.3.0 tmp vulns CVE request Kurt Seifried (May 13)
Re: USBCreator D-Bus service Kurt Seifried (Apr 22)
CVE-2015-1867 pacemaker: acl read-only access allow role assignment Kurt Seifried (Apr 13)
Apache Tomcat partial file upload DoS CVE-2014-0230 Kurt Seifried (Apr 09)
CVE-2015-3243 rsyslog: some log files are created world-readable Kurt Seifried (Jun 18)
Re: Limited DoS in mailman (requires non standard config) Kurt Seifried (Apr 28)
chrony security release as well Kurt Seifried (Apr 07)
Question about world readable config files and commented warnings Kurt Seifried (Jun 29)
Fedora Atomic - downloads updates over HTTP (CVE-2015-3229) Kurt Seifried (Jun 12)
FreeRDP tmp flaws Kurt Seifried (May 26)
Please REJECT CVE-2015-3168, I failed to notice that CVE-2015-3164 was already assigned. Kurt Seifried (May 04)
PHP and some == wonkiness Kurt Seifried (May 04)
Limited DoS in mailman (requires non standard config) Kurt Seifried (Apr 28)
Re: Re: CVE Request: Arbitary Code Execution in Apache Spark Cluster Kurt Seifried (Apr 16)
Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
REJECT CVE-2015-1861 Kurt Seifried (Apr 10)
beaker vulns fixed in version 20.1 Kurt Seifried (May 07)
Re: Re: Problems in automatic crash analysis frameworks Kurt Seifried (Apr 14)
Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried (Apr 10)
Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried (Apr 10)
Question about tmp flaws in non-default build options (e.g. Kerberos DEBUG_ASN1) Kurt Seifried (May 26)
Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
Re: discourage "CVE only" use of (linux-)distros Kurt Seifried (Apr 13)
Re: Re: FreeRDP tmp flaws Kurt Seifried (May 27)
Re: On sanctioned MITMs Kurt Seifried (May 01)
Re: FreeRDP tmp flaws Kurt Seifried (May 26)
WordPress 4.2.1 security update - CVE please Kurt Seifried (Apr 27)
Re: ntp security release today Kurt Seifried (Apr 07)
Re: Re: USBCreator D-Bus service Kurt Seifried (Apr 22)
Potential issue in NTP -A option Kurt Seifried (May 14)

Kyle Kelley

Re: CVE request: IPython XSS in JSON error responses Kyle Kelley (Jun 22)
CVE request: IPython XSS in JSON error responses Kyle Kelley (Jun 22)

Larry W. Cashdollar

Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar (Mar 31)
Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Larry W. Cashdollar (Jun 23)
wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect Larry W. Cashdollar (May 29)
Re: hwclock(8) SUID privilege escalation Larry W. Cashdollar (May 26)
Exploit for VideoWhisper WP plugins file upload incomplete fix. Larry W. Cashdollar (Apr 18)
Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar (Apr 02)
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Larry W. Cashdollar (Jun 05)
Remote file download vulnerability in download-zip-attachments v1.0 Larry W. Cashdollar (Jun 23)
zip-attachments v1.1.4 wordpress plugin arbitrary file download vulnerability. Larry W. Cashdollar (Jun 12)
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Larry W. Cashdollar (Mar 31)
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Larry W. Cashdollar (Jun 10)
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Larry W. Cashdollar (Jun 10)

Lior Kaplan

Re: CVE Request: various issues in PHP Lior Kaplan (May 18)

Loganaden Velvindron

Re: CVE Request : IPv6 Hop limit lowering via RA messages Loganaden Velvindron (Apr 03)

Luca Carettoni

Netty/Play's Security Updates (CVE­-2015­-2156) Luca Carettoni (May 16)

Lyndon Nerenberg

Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
Re: On sanctioned MITMs Lyndon Nerenberg (May 01)

Mamoru TASAKA

CVE request for proxychains-ng : current path as the first directory for the library search path Mamoru TASAKA (May 12)

mancha

Re: PHP and some == wonkiness mancha (May 05)
Re: On sanctioned MITMs mancha (May 02)
Re: about this openssh heap overflow mancha (May 16)
Re: Re: MITRE delays persist mancha (Jun 11)
Re: about this openssh heap overflow mancha (May 16)
Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
Re: OpenSSL Sec Adv 20150611 mancha (Jun 12)
Re: On sanctioned MITMs mancha (May 01)
OpenSSL Sec Adv 20150611 mancha (Jun 11)
Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
Re: OpenSSL Sec Adv 20150611 mancha (Jun 11)
Re: Re: [CVE Requests] rsync and librsync collisions mancha (Apr 10)
Re: PHP and some == wonkiness mancha (May 05)
On sanctioned MITMs mancha (May 01)
Moving in the wrong direction [was: Re: VENOM - CVE-2015-3456] mancha (May 14)
Re: cve-assign delays mancha (Apr 02)
Re: On sanctioned MITMs mancha (May 01)
MITRE delays persist mancha (Jun 01)
Re: PHP and some == wonkiness mancha (May 05)

Marc Deslauriers

Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Marc Deslauriers (Apr 09)
CVE Request: libX11: buffer overflow in MakeBigReq macro Marc Deslauriers (Apr 07)
Re: CVE reject request CVE-2015-8146/8147 Marc Deslauriers (May 19)
Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
CVE Request: PHP potential remote code execution with apache 2.4 apache2handler Marc Deslauriers (Apr 17)
Re: Re: USBCreator D-Bus service Marc Deslauriers (Apr 22)
Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)

Marcel Reutegger

[ANNOUNCE] Apache Jackrabbit 2.10.1 released Marcel Reutegger (May 21)

Marcus Meissner

CVE request: X server crash by client Marcus Meissner (Apr 24)
Re: Re: CVE Request : IPv6 Hop limit lowering via RA messages Marcus Meissner (Apr 06)
Re: Re: CVE request: X server crash by client Marcus Meissner (Apr 25)
ntp security release today Marcus Meissner (Apr 07)
Re: Re: MITRE delays persist Marcus Meissner (Jun 09)
Re: VENOM - CVE-2015-3456 Marcus Meissner (May 13)

Marek Sebera

Possible XSS vulnerability on NIST NVD Marek Sebera (Jun 09)

Marina Glancy

Moodle security advisories [vs] Marina Glancy (May 17)

Mark Felder

Re: CVE request: freebsd/sh stack overflow vulnerability Mark Felder (Apr 13)

Mark Sapiro

Re: Limited DoS in mailman (requires non standard config) Mark Sapiro (Apr 28)
Re: Limited DoS in mailman (requires non standard config) Mark Sapiro (Apr 28)

Martin Prpic

Potential CVE request: flaw in comment handling Martin Prpic (Apr 16)
CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems Martin Prpic (Apr 09)
CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity Martin Prpic (May 21)
Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Martin Prpic (May 12)
CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix Martin Prpic (May 18)
CVE request: vulnerability in wpa_supplicant and hostapd Martin Prpic (May 07)
Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems Martin Prpic (Apr 22)
Cross-site scripting flaw in AskBot Martin Prpic (May 14)

Matthew Beale

[CVE-2015-1866] Ember.js XSS Vulnerability With {{view "select"}} Options Matthew Beale (Apr 14)

Matthew Daley

Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS Matthew Daley (Jun 13)
CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS Matthew Daley (Jun 03)
Re: CVE requests / Advisory: phpMyBackupPro Matthew Daley (Jun 01)
CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley (Apr 11)
Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley (Apr 13)
CVE request / Advisory: Slideshow (Wordpress plugin) - Wordpress option value disclosure Matthew Daley (May 01)
Re: CVE requests / Advisory: phpMyBackupPro Matthew Daley (May 04)
CVE requests / Advisory: phpMyBackupPro Matthew Daley (Apr 24)
Re: CVE request: XSS in WP Super Cache < 1.4.3 Matthew Daley (Apr 05)

Matthew Wilkes

Re: CVE Request: Django CMS Matthew Wilkes (Jun 28)
CVE Request: Django CMS Matthew Wilkes (Jun 27)

Mgr . Martin Žember

CVE Request: wireshark: crash on a sample capture file genbroad.snoop Mgr . Martin Žember (May 11)

Michael Catanzaro

CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured Michael Catanzaro (Jun 08)
Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured Michael Catanzaro (Jun 08)

Michael Gilbert

Re: Bug#786909: chromium: unconditionally downloads binary blob Michael Gilbert (Jun 18)
Re: Bug#786909: chromium: unconditionally downloads binary blob Michael Gilbert (Jun 15)

Michael Samuel

Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
Re: PostgreSQL - Predictable cancel key Michael Samuel (Jun 16)
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)
Re: Re: Problems in automatic crash analysis frameworks Michael Samuel (Apr 14)
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Apr 10)

Michael Scherer

CVE Request / Ansible: insecure permission on a directory when using spacewalk inventory Michael Scherer (May 01)
Local privileges escalation in rubygem open-uri-cached Michael Scherer (May 05)
CVE Request / Saltstack SSL verification disabling for alibabab cloud module Michael Scherer (May 01)
Re: Re: CVE Request / Ansible: insecure permission on a directory when using spacewalk inventory Michael Scherer (May 02)

Michael Tokarev

Re: QEMU 2.3.0 tmp vulns CVE request Michael Tokarev (May 16)

Michał Staruch

Re: [oCERT-2015-003] MySQL SSL/TLS downgrade Michał Staruch (Apr 29)

Michal Zalewski

Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment Michal Zalewski (Apr 19)
Re: Hanno Boeck found Heartbleed using afl + ASan! Michal Zalewski (Apr 07)
Re: Hanno Boeck found Heartbleed using afl + ASan! Michal Zalewski (Apr 07)

Mike Gabriel

Re: CVE request: Caja / MATE Desktop Environment: caja automounts USB flash drives and CD/DVD drives while session is locked Mike Gabriel (May 04)
CVE request: Caja / MATE Desktop Environment: caja automounts USB flash drives and CD/DVD drives while session is locked Mike Gabriel (Apr 03)

Moritz Muehlenhoff

Re: jar(1) -- directory traversal Moritz Muehlenhoff (Apr 15)

Nick Boyce

Re: CVE-2015-3243 rsyslog: some log files are created world-readable Nick Boyce (Jun 20)

Nitin Venkatesh

Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability Nitin Venkatesh (May 09)
Request for CVE - XSS Vulnerabilities in Wordpress Roomcloud plugin v1.1(rev @1115307) Nitin Venkatesh (May 09)
CVE Request - CSRF and XSS in Encrypted Contact Form Wordpress Plugin v1.0.4 Nitin Venkatesh (May 15)
CVE Request - Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 Nitin Venkatesh (Jun 15)
CVE Request - CSRF vulnerability in the Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 Nitin Venkatesh (Jun 19)
Re: Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability Nitin Venkatesh (May 23)

Noel Kuntze

Re: StrongSwan VPN client for Android leaks username to rouge server Noel Kuntze (May 29)

Pablo Neira Ayuso

Re: use-after-free in src/libnetfilter_cthelper.c Pablo Neira Ayuso (Apr 22)

Pádraic Brady

CVE Request: Insufficient TLS Protection in Composer (PHP) Pádraic Brady (May 11)
Re: PHP and some == wonkiness Pádraic Brady (May 04)
Insufficient TLS Protection in Composer (PHP) Pádraic Brady (Apr 25)

Pádraig Brady

coreutils sort heap overflow Pádraig Brady (May 14)

Patrick William

CVE Request: vBulletin 5 - Private Messages Input Validation Failure Patrick William (Apr 24)

Paul Tagliamonte

Remote file inclusion in django-markupfield Paul Tagliamonte (Apr 19)

Paul Wouters

Re: Logjam attack / Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Paul Wouters (May 20)

Pedro Ribeiro

[CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL Pedro Ribeiro (May 05)

Pere Orga

CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) Pere Orga (Apr 25)
Re: Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Apr 21)
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) Pere Orga (Jun 12)

Peter Bex

CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure Peter Bex (Jun 15)

Peter van Dijk

PowerDNS Security Advisory 2015-01 Peter van Dijk (Apr 23)
Re: [Pdns-announce] PowerDNS Security Advisory 2015-01 Peter van Dijk (May 01)

Petr Matousek

Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function Petr Matousek (Jun 25)
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function Petr Matousek (Jun 25)
Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder Petr Matousek (Apr 09)
Re: Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest->host escape Petr Matousek (Jun 10)
CVE-2015-3214 qemu: i8254: out-of-bounds memory access in pit_ioport_read function Petr Matousek (Jun 17)
Please REJECT CVE-2015-3242 Petr Matousek (Jun 25)
CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function Petr Matousek (Jun 25)
CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function Petr Matousek (Jun 10)

Philip Pettersson

CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root Philip Pettersson (Jun 15)
CVE-2015-1325 apport race conditions / ubuntu local root Philip Pettersson (May 21)
Re: CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root Philip Pettersson (Jun 16)

Philipp Kern

Re: CVE request: libinfinity did not correctly check certificates for validity Philipp Kern (May 13)
CVE request: libinfinity did not correctly check certificates for validity Philipp Kern (May 12)

Phill MV

CVE Request: bson-ruby DoS and possible injection Phill MV (Jun 05)

Pierre Schweitzer

Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 17)
CVE request: incomplete fix for CVE-2013-4422 Pierre Schweitzer (Apr 27)
Re: Kernel oops on 32 bits arch Pierre Schweitzer (Apr 16)
Kernel oops on 32 bits arch Pierre Schweitzer (Apr 10)
Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 16)
Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 15)

P J P

CVE request Linux kernel: fs: udf kernel oops P J P (Jun 02)
CVE request Linux kernel: ns: user namespaces panic P J P (May 29)
Re: Re: CVE request Qemu: malicious PRDT flow from guest to host P J P (Apr 21)
Re: CVE request Qemu: malicious PRDT flow from guest to host P J P (Apr 20)
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 03)
CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage P J P (Jun 02)
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 05)
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 04)
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 07)
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 07)
CVE request Linux kernel: udf: information leakage when reading symlink P J P (Jun 03)

P. Taylor Goetz

[CVE-2015-3188] Apache Storm remote code execution vulnerability P. Taylor Goetz (Jun 19)

Raphaël Rigo

CVE request for attic : encrypted backups attack Raphaël Rigo (May 25)

Reed Loden

rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020) Reed Loden (Jun 26)
redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown Reed Loden (Apr 07)
Re: Re: cve-assign delays Reed Loden (Apr 16)
CVE request: Content type spoofing in ruby gem paperclip <4.2.2 Reed Loden (Jun 18)
Re: CVE request: Content type spoofing in ruby gem paperclip <4.2.2 Reed Loden (Jun 18)
libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment Reed Loden (Apr 19)

Remi Collet

Re: About PHP and CVE-2015-1353 - please REJECT Remi Collet (May 11)
About PHP and CVE-2015-1353 Remi Collet (May 05)

Responsive Disclosure | HSASec

CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers Responsive Disclosure | HSASec (Jun 24)

Robert Scheck

CVE request: Incorrect default permissions in Zarafa (zarafa-search-plus) Robert Scheck (Apr 09)

Robert Święcki

double-free in gnutls (CRL distribution points parsing) Robert Święcki (Apr 15)

Roland Dreier

Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier (Apr 02)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier (Apr 01)

Salvatore Bonaccorso

CVE Request: GnuTLS: GNUTLS-SA-2015-2: MD5-based ServerKeyExchange signature accepted by default Salvatore Bonaccorso (May 05)
CVE request: libarchive: Out of bounds read using malformed cpio archive Salvatore Bonaccorso (May 03)
Re: CVE Request: zeromq downgrade attack Salvatore Bonaccorso (May 10)
Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850) Salvatore Bonaccorso (Jun 16)
CVE Request: UDP checksum DoS Salvatore Bonaccorso (Jun 30)
CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues Salvatore Bonaccorso (Apr 06)
Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)
Re: CVE request: 2 issues in inspircd Salvatore Bonaccorso (Apr 15)
Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)
Possible CVE Request: Wordpress 4.1.2 security release Salvatore Bonaccorso (Apr 26)
CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer Salvatore Bonaccorso (May 21)
CVE Request: t1utils: buffer overflow in set_cs_start Salvatore Bonaccorso (May 13)
Re: CVE request: Module::Signature before 0.75 - multiple vulnerabilities Salvatore Bonaccorso (Apr 22)
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Salvatore Bonaccorso (May 10)
Re: Remote file inclusion in django-markupfield Salvatore Bonaccorso (Apr 19)

Scott Arciszewski

Suggestions Sought for Appsec Reading List Scott Arciszewski (Jun 07)
Pharaoh - PHAR Comparison Tool Scott Arciszewski (Apr 19)
Re: Suggestions Sought for Appsec Reading List Scott Arciszewski (Jun 08)

Seaman, Chad

Re: CVE Request, multiple WordPress plugins and themes Seaman, Chad (May 27)
Re: Re: MITRE delays persist Seaman, Chad (Jun 09)
CVE Request, multiple WordPress plugins and themes Seaman, Chad (May 27)
Re: Re: CVE Request, multiple WordPress plugins and themes Seaman, Chad (May 28)

Sebastian Andrzej Siewior

CVE-2015-2221: clamav: infinite loop condition on crafted y0da cryptor file Sebastian Andrzej Siewior (May 03)
CVE request - clamav - crashes on crafted upack packed file Sebastian Andrzej Siewior (May 03)
CVE-2015-2222: clamav: crash on crafted petite packed file Sebastian Andrzej Siewior (May 03)
CVE request - clamav - crash during algorithmic detection on crafted PE file Sebastian Andrzej Siewior (May 03)
CVE-2015-2170: clamav: crash on crafted upx packed file Sebastian Andrzej Siewior (May 03)

Sebastian Krahmer

OpenVPN hardening patches Sebastian Krahmer (Jun 24)

Sebastian Pipping

Re: VENOM - CVE-2015-3456 Sebastian Pipping (May 13)

Sebastian Wolfgang Kraemer | HSASec

CVE Request: Arbitrary file upload in Wordpress 4.1.1 Sebastian Wolfgang Kraemer | HSASec (Jun 10)
CVE request for XSS and CSRF vulnerability in wordpress plugin WP-Stats Sebastian Wolfgang Kraemer | HSASec (Jun 17)
CVE Request - Arbitrary file upload in Wordpress Plugin: N-Media file uploader v3.7 Sebastian Wolfgang Kraemer | HSASec (Jun 10)

Sébastien Delafond

CVE request for buffer overflow in ppp Sébastien Delafond (Apr 13)

sec () inventropy us

Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS sec () inventropy us (Jun 15)
Re: Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS sec () inventropy us (Jun 21)

Secure SocketFunneling

Secure Socket Funneling: a new network tool Secure SocketFunneling (Jun 09)

Seth Arnold

Re: Re: Question about world readable config files and commented warnings Seth Arnold (Jun 30)
CVE Request: ipsec-tools Seth Arnold (May 19)
Re: membership request to the closed linux-distros security mailing list Seth Arnold (Apr 03)
Re: USBCreator D-Bus service Seth Arnold (Apr 22)
Re: membership request to the closed linux-distros security mailing list Seth Arnold (Apr 03)
Re: Question about world readable config files and commented warnings Seth Arnold (Jun 30)
Re: Re: USBCreator D-Bus service Seth Arnold (Apr 22)
use-after-free in src/libnetfilter_cthelper.c Seth Arnold (Apr 20)
Re: membership request to the closed linux-distros security mailing list Seth Arnold (Apr 02)
Re: Hanno Boeck found Heartbleed using afl + ASan! Seth Arnold (Apr 07)

Shachar Raindel

RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Apr 02)

Shubham Shah

CVE request - NodeBB Persistent XSS through Markdown Shubham Shah (Apr 09)
CVE request - TelescopeJS Information Leakage: User BCrypt password hash post-authentication Shubham Shah (Apr 25)

Siddharth Sharma

Re: Imagemagick fuzzing bug Siddharth Sharma (Jun 03)
CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable Siddharth Sharma (May 21)

Simon McVittie

security hardening in dbus 1.8.18, 1.9.16: avoiding weak PRNG Simon McVittie (May 14)

Simon Waters

Incorrect handling of self signed certificates in OpenFire XMPP Server Simon Waters (Apr 23)

Sliv TaMere

Re: PHP and some == wonkiness Sliv TaMere (May 06)

Solar Designer

Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Solar Designer (May 13)
Re: CVE request: kernel overestimates the available entropy in random pools Solar Designer (Apr 27)
Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
Re: CVE request: vulnerability in wpa_supplicant and hostapd Solar Designer (May 07)
Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
Re: On sanctioned MITMs Solar Designer (May 01)
Re: USBCreator D-Bus service Solar Designer (Apr 22)
Re: USBCreator D-Bus service Solar Designer (Apr 22)
Re: openwall phpass fallback mode Solar Designer (May 11)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Jun 09)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Solar Designer (Apr 02)
Re: Linux namespaces: It is possible to escape from bind mounts Solar Designer (Jun 12)
Re: re: CVE for Jentu Solar Designer (May 14)
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer (May 02)
CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Jun 06)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Jun 06)
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer (May 02)
Re: USBCreator D-Bus service Solar Designer (Apr 22)
discourage "CVE only" use of (linux-)distros Solar Designer (Apr 13)
Re: CVE request Solar Designer (Apr 19)

Sona Sarmadi

RE: membership request to the closed linux-distros security mailing list Sona Sarmadi (Apr 03)
RE: membership request to the closed linux-distros security mailing list Sona Sarmadi (Apr 02)

Stanislav Malyshev

Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 18)
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev (May 19)

Stefan Cornelius

Re: CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow Stefan Cornelius (Jun 26)
CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow Stefan Cornelius (Jun 26)
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Stefan Cornelius (Jun 15)
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Stefan Cornelius (Jun 03)
Re: [oCERT-2015-006] dcraw input sanitization errors Stefan Cornelius (May 19)
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Apr 16)

Stephane Chazelas

Re: Re: hwclock(8) SUID privilege escalation Stephane Chazelas (May 26)
Re: hwclock(8) SUID privilege escalation Stephane Chazelas (May 26)
Re: open(2) with side effects Stephane Chazelas (Apr 23)

Steven M. Christey

Re: MITRE delays persist Steven M. Christey (Jun 09)

Stuart Henderson

Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Stuart Henderson (May 12)

Sven Kieske

Re: CVE request: Dovecot remote DoS on TLS connections Sven Kieske (May 07)
Re: tlsdate havoc ahead - default host randomizes tls timestamps Sven Kieske (Apr 23)
Re: Suggestions Sought for Appsec Reading List Sven Kieske (Jun 08)

Tavis Ormandy

Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 17)
Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Tavis Ormandy (Jun 03)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 16)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
USBCreator D-Bus service Tavis Ormandy (Apr 22)
Re: Re: hwclock(8) SUID privilege escalation Tavis Ormandy (May 26)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 17)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: Problems in automatic crash analysis frameworks Tavis Ormandy (May 05)
Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: Re: USBCreator D-Bus service Tavis Ormandy (Apr 22)
Re: Problems in automatic crash analysis frameworks Tavis Ormandy (May 05)
CVE-2015-3202 fuse privilege escalation Tavis Ormandy (May 21)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)

Thomas B. Rücker

Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Thomas B. Rücker (Apr 08)
CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Thomas B. Rücker (Apr 08)

Tilmann Haak

CVE request: Perl XML::LibXML Tilmann Haak (Apr 24)

Tim Brown

Validating OCSP response signatures Tim Brown (Jun 22)

Tobias Brunner

Re: StrongSwan VPN client for Android leaks username to rouge server Tobias Brunner (Jun 08)

Tomas Hoger

Re: CVE Request: MySQL Null Pointer Dereference Tomas Hoger (Apr 10)
Re: Re: CVE Request: various issues in PHP Tomas Hoger (Jun 15)
CVE reject request CVE-2015-8146/8147 (was: [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL) Tomas Hoger (May 19)
Re: Re: CVE Request: various issues in PHP Tomas Hoger (May 29)
PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request Tomas Hoger (Jun 18)
Re: Re: CVE Request: various issues in PHP Tomas Hoger (Jun 18)
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (May 27)
Re: CVE request: vulnerability in wpa_supplicant and hostapd Tomas Hoger (May 27)
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Apr 09)

Tom Chiverton

CVE-2015-1773 Apache Flex reflected XSS vulnerability Tom Chiverton (Apr 07)

Tomek Rabczak

Cross-Site Request Forgery in Spina CMS Tomek Rabczak (Jun 16)

Tristan Cacqueray

[OSSA 2015-009] Persistent XSS in Horizon metadata dashboard (CVE-2015-3988) Tristan Cacqueray (May 25)
CVE request for vulnerability in OpenStack Horizon Tristan Cacqueray (May 12)
[OSSA 2015-008] Potential Keystone cache backend password leak in log (CVE-2015-3646) Tristan Cacqueray (May 05)
[OSSA 2015-012] Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221) Tristan Cacqueray (Jun 23)
[OSSA 2015-007] S3Token TLS cert verification option not honored (CVE-2015-1852) Tristan Cacqueray (Apr 14)
[OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850) Tristan Cacqueray (Jun 16)
Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) Tristan Cacqueray (Jun 17)
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (May 04)
[OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219) Tristan Cacqueray (Jun 09)
[OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1 Tristan Cacqueray (Jun 17)
[OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856) Tristan Cacqueray (Apr 14)

Tyler Hicks

Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 14)
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 16)
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 15)
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 15)

up201407890

hwclock(8) SUID privilege escalation up201407890 (May 26)
Re: Re: hwclock(8) SUID privilege escalation up201407890 (May 26)

Vasily Kulikov

Re: Linux kernel pointer poisoning (was: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam) Vasily Kulikov (May 07)
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Vasily Kulikov (May 06)
Linux kernel pointer poisoning (was: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam) Vasily Kulikov (May 07)

Vasyl Kaigorodov

CVE request: python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH) Vasyl Kaigorodov (May 19)
CVE=2015-1234 disambiguation Vasyl Kaigorodov (Jun 10)
CVE request: pure-ftpd denial of service in glob_() Vasyl Kaigorodov (Jun 18)
CVE request: libksba version 1.3.3 fixes multiple security issues Vasyl Kaigorodov (Apr 13)
Re: Re: CVE Request: various issues in PHP Vasyl Kaigorodov (May 20)
CVE Request: texlive: insecure use of /tmp in mktexlsr Vasyl Kaigorodov (Apr 23)

Vitezslav Cizek

Re: Re: [CVE Requests] rsync and librsync collisions Vitezslav Cizek (Apr 10)

vladz

Re: Question about world readable config files and commented warnings vladz (Jun 30)

Wade Mealing

CVE request: kernel overestimates the available entropy in random pools Wade Mealing (Apr 27)
CVE request netfilter connection tracking accounting. Wade Mealing (Apr 07)
CVE request: Linux kernel - bpf jit optimization flaw can panic kenrel. Wade Mealing (Jun 22)
CVE request for vhost/scsi possible memory corruption. Wade Mealing (May 13)
CVE request: vulnerability in the kernel tty subsystem. Wade Mealing (May 25)

wen_guanxing

CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing (Jun 03)
CVE Request: PCRE Library Stack Overflow Vulnerability wen_guanxing (May 31)
CVE Request:PCRE Call Stack Overflow Vulnerability wen_guanxing (May 31)
Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing (Jun 03)
CVE-2015-3210: PCRE Library Heap Overflow Vulnerability wen_guanxing (Jun 01)
CVE-2015-3210: PCRE Library Heap Overflow Vulnerability wen_guanxing (Jun 01)
CVE-2015-3210: PCRE Library Heap Overflow Vulnerability wen_guanxing (Jun 01)

Wen Xu

Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu (May 02)
CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu (May 02)

William Robinet

CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop William Robinet (Apr 01)

Xen . org security team

Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest->host escape Xen . org security team (Jun 10)
Xen Security Advisory 128 (CVE-2015-4103) - Potential unintended writes to host MSI message data field via qemu Xen . org security team (Jun 02)
Xen Security Advisory 136 (CVE-2015-4164) - vulnerability in the iret hypercall handler Xen . org security team (Jun 11)
Xen Security Advisory 129 (CVE-2015-4104) - PCI MSI mask bits inadvertently exposed to guests Xen . org security team (Jun 02)
Xen Security Advisory 131 (CVE-2015-4106) - Unmediated PCI register access in qemu Xen . org security team (Jun 02)
Xen Security Advisory 134 (CVE-2015-4163) - GNTTABOP_swap_grant_ref operation misbehavior Xen . org security team (Jun 11)
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive Xen . org security team (May 13)
Xen Security Advisory 130 (CVE-2015-4105) - Guest triggerable qemu MSI-X pass-through error messages Xen . org security team (Jun 02)
Xen Security Advisory 132 - Information leak through XEN_DOMCTL_gettscinfo Xen . org security team (Apr 20)
Xen Security Advisory 132 (CVE-2015-3340) - Information leak through XEN_DOMCTL_gettscinfo Xen . org security team (Apr 22)

Yann Droneaud

Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 08)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Yann Droneaud (Apr 09)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 08)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud (Apr 02)

Yves-Alexis Perez

Logjam attack / Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Yves-Alexis Perez (May 20)
Re: CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice Yves-Alexis Perez (May 20)

罗大龙

net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 12)
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 21)

Previous period

Next period