oss-sec: by date
RSS Feed
About List
All Lists
Previous period
839 messages
starting Mar 31 15 and
ending Jun 30 15
Date index |
Thread index |
Author index
Tuesday, 31 March
CVE request: MediaWiki 1.24.2/1.23.9/1.19.24 Chris Steipp
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Larry W. Cashdollar
Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar
Signature Bypass in several JSON Web Token Libraries (CVEs Needed?) Jeremy Spilman
Wednesday, 01 April
CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop William Robinet
[SECURITY ANNOUNCEMENT] CVE-2015-0225 Jake Luciani
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier
CVE request: Buffer overflow in das_watchdog Florian Weimer
CVE Request: Linux mishandles int80 fork from 64-bit tasks Andrew Lutomirski
Thursday, 02 April
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
RE: membership request to the closed linux-distros security mailing list Sona Sarmadi
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel
RE: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel
Re: CVE Request: Linux mishandles int80 fork from 64-bit tasks cve-assign
Re: CVE request: Buffer overflow in das_watchdog cve-assign
Re: cve-assign delays mancha
Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
Re: membership request to the closed linux-distros security mailing list Kash Pande
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Roland Dreier
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Haggai Eran
CVE Request : IPv6 Hop limit lowering via RA messages D.S. Ljungmark
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Haggai Eran
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Solar Designer
Re: membership request to the closed linux-distros security mailing list Seth Arnold
Re: CVE Request : IPv6 Hop limit lowering via RA messages Dan McDonald
Fwd: CVE Request : IPv6 Hop limit lowering via RA messages Eitan Adler
Re: membership request to the closed linux-distros security mailing list Daniel Micay
Friday, 03 April
Re: Re: libyaml / YAML-LibYAML DoS Jan Rusnacko
Re: CVE Request : IPv6 Hop limit lowering via RA messages Jim Thompson
Re: CVE Request : IPv6 Hop limit lowering via RA messages D.S. Ljungmark
Re: CVE Request : IPv6 Hop limit lowering via RA messages Loganaden Velvindron
Linux namespaces: It is possible to escape from bind mounts Jann Horn
Palinopsia bug Hanno Böck
RE: membership request to the closed linux-distros security mailing list Sona Sarmadi
Request CVE for LinuxNode - DoS vulnerability Iain R. Learmonth
Re: membership request to the closed linux-distros security mailing list Seth Arnold
CVE request: Caja / MATE Desktop Environment: caja automounts USB flash drives and CD/DVD drives while session is locked Mike Gabriel
Re: membership request to the closed linux-distros security mailing list Seth Arnold
Re: Request CVE for LinuxNode - DoS vulnerability cve-assign
Saturday, 04 April
Re: CVE Request : IPv6 Hop limit lowering via RA messages cve-assign
Re: CVE request: Caja / MATE Desktop Environment: caja automounts USB flash drives and CD/DVD drives while session is locked cve-assign
Re: Linux namespaces: It is possible to escape from bind mounts cve-assign
Sunday, 05 April
CVE request: XSS in WP Super Cache < 1.4.3 Hanno Böck
Re: CVE request: XSS in WP Super Cache < 1.4.3 Matthew Daley
CVE request: WordPress plugin wassup cross-site scripting vulnerability Henri Salo
Monday, 06 April
Re: Advisory: CVE-2014-9708: Appweb Web Server Gsunde Orangen
Re: Request CVE for LinuxNode - DoS vulnerability cve-assign
Socat security advisory 6 - Possible DoS with fork (update: CVE-Id: CVE-2015-1379; fix for version 2) Gerhard Rieger
CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues Salvatore Bonaccorso
Re: CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues cve-assign
Re: Linux namespaces: It is possible to escape from bind mounts Andy Lutomirski
Re: Linux namespaces: It is possible to escape from bind mounts cve-assign
CVE request: Module::Signature before 0.75 - multiple vulnerabilities John Lightsey
Re: Re: CVE Request : IPv6 Hop limit lowering via RA messages Marcus Meissner
Tuesday, 07 April
Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24 cve-assign
ntp security release today Marcus Meissner
Re: ntp security release today Kurt Seifried
CVE-2015-1773 Apache Flex reflected XSS vulnerability Tom Chiverton
Hanno Boeck found Heartbleed using afl + ASan! David A. Wheeler
Re: Hanno Boeck found Heartbleed using afl + ASan! Michal Zalewski
Re: Hanno Boeck found Heartbleed using afl + ASan! Seth Arnold
chrony security release as well Kurt Seifried
redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown Reed Loden
CVE request netfilter connection tracking accounting. Wade Mealing
Re: Hanno Boeck found Heartbleed using afl + ASan! David A. Wheeler
Re: Hanno Boeck found Heartbleed using afl + ASan! Michal Zalewski
CVE Request: libX11: buffer overflow in MakeBigReq macro Marc Deslauriers
Re: Hanno Boeck found Heartbleed using afl + ASan! David A. Wheeler
Wednesday, 08 April
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Yann Droneaud
CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Thomas B. Rücker
Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Thomas B. Rücker
Re: CVE request netfilter connection tracking accounting. - Linux kernel cve-assign
Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 cve-assign
Thursday, 09 April
Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Florian Weimer
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Marc Deslauriers
CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems Martin Prpic
Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder Petr Matousek
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Yann Droneaud
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Alan Coopersmith
CVE Request for ceph-deploy world-readable keyring permissions Andreas Stieger
CVE request: Incorrect default permissions in Zarafa (zarafa-search-plus) Robert Scheck
Re: CVE Request for ceph-deploy world-readable keyring permissions cve-assign
Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign
Apache Tomcat partial file upload DoS CVE-2014-0230 Kurt Seifried
CVE request - NodeBB Persistent XSS through Markdown Shubham Shah
Friday, 10 April
CVE Request: MySQL Null Pointer Dereference Joshua Rogers
Re: Re: [CVE Requests] rsync and librsync collisions Vitezslav Cizek
Re: CVE Request: MySQL Null Pointer Dereference Tomas Hoger
Kernel oops on 32 bits arch Pierre Schweitzer
REJECT CVE-2015-1861 Kurt Seifried
CVE-2015-0276: Kallithea: Lack of CSRF attack protection enables gaining unauthorised access to users' accounts Andrew Shadura
Re: Re: [CVE Requests] rsync and librsync collisions mancha
Re: CVE request - NodeBB Persistent XSS through Markdown cve-assign
CVE Request for read-only directory traversal in Etherpad Minify Jeremy Stanley
Re: CVE Request for read-only directory traversal in Etherpad Minify cve-assign
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel
Re: Re: [CVE Requests] rsync and librsync collisions mancha
Re: Re: [CVE Requests] rsync and librsync collisions mancha
Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel
Re: Re: [CVE Requests] rsync and librsync collisions Kurt Seifried
Saturday, 11 April
CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley
Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley
Sunday, 12 April
Corrections to CVE-2015-3297 Jeremy Stanley
CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify Jeremy Stanley
net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙
Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign
Monday, 13 April
Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 Matthew Daley
CVE request for buffer overflow in ppp Sébastien Delafond
CVE request: libksba version 1.3.3 fixes multiple security issues Vasyl Kaigorodov
discourage "CVE only" use of (linux-)distros Solar Designer
Re: CVE request: freebsd/sh stack overflow vulnerability Mark Felder
Re: CVE request: libksba version 1.3.3 fixes multiple security issues Hanno Böck
Re: discourage "CVE only" use of (linux-)distros Kurt Seifried
Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6 cve-assign
CVE-2015-1867 pacemaker: acl read-only access allow role assignment Kurt Seifried
Re: Kernel oops on 32 bits arch cve-assign
Re: CVE request for some NTP stuff Gsunde Orangen
Tuesday, 14 April
Re: discourage "CVE only" use of (linux-)distros cve-assign
Problems in automatic crash analysis frameworks Tavis Ormandy
CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 Hannes Trunde
Re: Problems in automatic crash analysis frameworks cve-assign
Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Alan Coopersmith
Re: Re: Problems in automatic crash analysis frameworks Kurt Seifried
[OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856) Tristan Cacqueray
[CVE-2015-1866] Ember.js XSS Vulnerability With {{view "select"}} Options Matthew Beale
CVE-2015-1864: Multiple HTML and Javascript injections Andrew Shadura
[OSSA 2015-007] S3Token TLS cert verification option not honored (CVE-2015-1852) Tristan Cacqueray
TCP Fast Open local DoS in some Linux stable branches Ben Hutchings
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Buffer overruns in Linux kernel RFC4106 implementation using AESNI Ben Hutchings
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks
Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers
Re: Re: Problems in automatic crash analysis frameworks Michael Samuel
proftpd: Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy Hanno Böck
Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers
Wednesday, 15 April
Re: proftpd: Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy cve-assign
Re: jar(1) -- directory traversal Moritz Muehlenhoff
double-free in gnutls (CRL distribution points parsing) Robert Święcki
Re: Problems in automatic crash analysis frameworks Florian Weimer
Re: Re: Problems in automatic crash analysis frameworks Florian Weimer
Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: CVE request: 2 issues in inspircd Salvatore Bonaccorso
Re: TCP Fast Open local DoS in some Linux stable branches Ben Hutchings
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Problems in automatic crash analysis frameworks Hanno Böck
Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Problems in automatic crash analysis frameworks Jakub Filak
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Problems in automatic crash analysis frameworks cve-assign
Re: Re: Problems in automatic crash analysis frameworks Huzaifa Sidhpurwala
Re: Problems in automatic crash analysis frameworks cve-assign
Re: Re: Problems in automatic crash analysis frameworks Huzaifa Sidhpurwala
Re: double-free in gnutls (CRL distribution points parsing) cve-assign
Re: CVE request for buffer overflow in ppp cve-assign
Re: CVE Request for incomplete fix to CVE-2015-3297 in Etherpad Minify cve-assign
Thursday, 16 April
Re: cve-assign delays cve-assign
Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 cve-assign
Potential CVE request: flaw in comment handling Martin Prpic
Re: Problems in automatic crash analysis frameworks cve-assign
AW: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 Hannes Trunde
Re: Kernel oops on 32 bits arch Pierre Schweitzer
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius
kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer
Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 cve-assign
Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks
Re: kernel: fs.suid_dumpable=2 privilege escalation cve-assign
Re: kernel: fs.suid_dumpable=2 privilege escalation Kees Cook
CVE Request: Arbitary Code Execution in Apache Spark Cluster Akhil Das
[CVE Request] Multiple vulnerabilities in PHP's Phar handling Emmanuel Law
Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Potential CVE request: flaw in comment handling cve-assign
Re: CVE Request: Arbitary Code Execution in Apache Spark Cluster cve-assign
Re: Re: CVE Request: Arbitary Code Execution in Apache Spark Cluster Kurt Seifried
Re: Re: cve-assign delays Reed Loden
Re: CVE Request: Arbitary Code Execution in Apache Spark Cluster Akhil Das
Friday, 17 April
Re: kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer
CVE Request: PHP potential remote code execution with apache 2.4 apache2handler Marc Deslauriers
USERNS allows circumventing MNT_LOCKED Eric Windisch
Re: Problems in automatic crash analysis frameworks Florian Weimer
Re: [CVE Request] Multiple vulnerabilities in PHP's Phar handling cve-assign
Re: CVE Request: PHP potential remote code execution with apache 2.4 apache2handler cve-assign
Re: Problems in automatic crash analysis frameworks Grandma Eubanks
Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI cve-assign
Re: TCP Fast Open local DoS in some Linux stable branches - Linux kernel cve-assign
Re: USERNS allows circumventing MNT_LOCKED - Linux kernel cve-assign
Saturday, 18 April
Exploit for VideoWhisper WP plugins file upload incomplete fix. Larry W. Cashdollar
Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability Henri Salo
Sunday, 19 April
Remote file inclusion in django-markupfield Paul Tagliamonte
Pharaoh - PHAR Comparison Tool Scott Arciszewski
libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment Reed Loden
Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment Michal Zalewski
Re: Remote file inclusion in django-markupfield Salvatore Bonaccorso
Linux: chown() was racy relative to execve() Jann Horn
CVE request Dan McDonald
Re: CVE request Solar Designer
Monday, 20 April
Re: CVE request Qemu: malicious PRDT flow from guest to host P J P
Re: Linux: chown() was racy relative to execve() - Linux kernel cve-assign
Re: redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown cve-assign
Re: CVE request Qemu: malicious PRDT flow from guest to host cve-assign
Re: CVE request - illumos cve-assign
Re: CVE request - illumos Dan McDonald
Xen Security Advisory 132 - Information leak through XEN_DOMCTL_gettscinfo Xen . org security team
Re: Xen Security Advisory 132 - Information leak through XEN_DOMCTL_gettscinfo cve-assign
Re: Buffer overruns in Linux kernel RFC4106 implementation using AESNI Ben Hutchings
use-after-free in src/libnetfilter_cthelper.c Seth Arnold
Tuesday, 21 April
Re: Re: CVE request Qemu: malicious PRDT flow from guest to host P J P
CVE-2015-1781 in glibc Florian Weimer
Re: CVE request Qemu: malicious PRDT flow from guest to host cve-assign
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙
Re: Re: CVEs for Drupal contributed modules - January 2015 cve-assign
Re: Re: CVEs for Drupal contributed modules - January 2015 Pere Orga
CVE Request for ZFS on Linux Kash Pande
Re: CVE Request for ZFS on Linux cve-assign
Re: CVE Request for ZFS on Linux Kash Pande
Wednesday, 22 April
Re: CVE Request for ZFS on Linux cve-assign
Re: use-after-free in src/libnetfilter_cthelper.c Pablo Neira Ayuso
Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems Martin Prpic
Xen Security Advisory 132 (CVE-2015-3340) - Information leak through XEN_DOMCTL_gettscinfo Xen . org security team
wpa_supplicant P2P SSID processing vulnerability Jouni Malinen
Re: CVE requests for Drupal contributed modules cve-assign
Re: CVE requests for Drupal contributed modules cve-assign
Re: Re: CVEs for Drupal contributed modules - January 2015 cve-assign
USBCreator D-Bus service Tavis Ormandy
Re: USBCreator D-Bus service Solar Designer
Re: USBCreator D-Bus service Tavis Ormandy
Re: USBCreator D-Bus service Seth Arnold
Re: USBCreator D-Bus service Tavis Ormandy
Re: USBCreator D-Bus service Solar Designer
Re: Re: USBCreator D-Bus service Seth Arnold
Re: USBCreator D-Bus service Tavis Ormandy
Re: Re: USBCreator D-Bus service Marc Deslauriers
Re: USBCreator D-Bus service Solar Designer
Re: Re: USBCreator D-Bus service Tavis Ormandy
Re: CVE request: Module::Signature before 0.75 - multiple vulnerabilities Salvatore Bonaccorso
Re: Re: USBCreator D-Bus service Kurt Seifried
Re: USBCreator D-Bus service Kurt Seifried
Thursday, 23 April
Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems cve-assign
PowerDNS Security Advisory 2015-01 Peter van Dijk
Incorrect handling of self signed certificates in OpenFire XMPP Server Simon Waters
Re: CVE request: Module::Signature before 0.75 - multiple vulnerabilities cve-assign
open(2) with side effects Florian Weimer
Re: open(2) with side effects Stephane Chazelas
Re: Re: open(2) with side effects Florian Weimer
AW: Re: open(2) with side effects Fiedler Roman
CVE Request: texlive: insecure use of /tmp in mktexlsr Vasyl Kaigorodov
tlsdate havoc ahead - default host randomizes tls timestamps Hanno Böck
Re: tlsdate havoc ahead - default host randomizes tls timestamps Sven Kieske
Re: open(2) with side effects Jann Horn
Re: Problems in automatic crash analysis frameworks Florian Weimer
WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request Jing Wang
Friday, 24 April
Re: tlsdate havoc ahead - default host randomizes tls timestamps Florian Weimer
CVE request: X server crash by client Marcus Meissner
Re: Abusing TZ for fun (and little profit) Florian Weimer
CVE Request: vBulletin 5 - Private Messages Input Validation Failure Patrick William
Re: USBCreator D-Bus service Grandma Eubanks
CVE requests / Advisory: phpMyBackupPro Matthew Daley
CVE request: Perl XML::LibXML Tilmann Haak
Re: CVE Request: vBulletin 5 - Private Messages Input Validation Failure cve-assign
Re: CVE request: X server crash by client cve-assign
Saturday, 25 April
Re: Re: CVE request: X server crash by client Marcus Meissner
CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) Pere Orga
Insufficient TLS Protection in Composer (PHP) Pádraic Brady
CVE request - TelescopeJS Information Leakage: User BCrypt password hash post-authentication Shubham Shah
Sunday, 26 April
Possible CVE Request: Wordpress 4.1.2 security release Salvatore Bonaccorso
CVE request: Dovecot remote DoS on TLS connections Hanno Böck
Re: CVE request: Dovecot remote DoS on TLS connections cve-assign
Monday, 27 April
CVE request: incomplete fix for CVE-2013-4422 Pierre Schweitzer
Re: CVE request: incomplete fix for CVE-2013-4422 cve-assign
WordPress 4.2.1 security update - CVE please Kurt Seifried
Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso
Re: WordPress 4.2.1 security update - CVE please Alessandro Ghedini
Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso
Re: CVE request: X server crash by client Alan Coopersmith
CVE request: kernel overestimates the available entropy in random pools Wade Mealing
Re: CVE request: kernel overestimates the available entropy in random pools Solar Designer
Tuesday, 28 April
CVE request libaxl <= 0.6.9 J. M. Bogaard
Re: Re: CVE request: Dovecot remote DoS on TLS connections Hanno Böck
Limited DoS in mailman (requires non standard config) Kurt Seifried
Re: Limited DoS in mailman (requires non standard config) Mark Sapiro
Re: Possible CVE Request: Wordpress 4.1.2 security release cve-assign
Re: Re: Possible CVE Request: Wordpress 4.1.2 security release Hanno Böck
Re: Limited DoS in mailman (requires non standard config) Kurt Seifried
Re: Limited DoS in mailman (requires non standard config) Mark Sapiro
Wednesday, 29 April
CVE policy clarification request Amos Jeffries
[oCERT-2015-003] MySQL SSL/TLS downgrade Andrea Barisani
Re: [oCERT-2015-003] MySQL SSL/TLS downgrade Michał Staruch
Re: CVE policy clarification request cve-assign
Re: CVE request libaxl <= 0.6.9 cve-assign
Re: CVE request - TelescopeJS Information Leakage: User BCrypt password hash post-authentication cve-assign
Re: CVE request: Perl XML::LibXML cve-assign
Thursday, 30 April
Re: Re: CVE policy clarification request Amos Jeffries
Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015) Hanno Böck
Re: CVE policy clarification request - Squid 3.5.4 etc. cve-assign
Re: [oCERT-2015-003] MySQL SSL/TLS downgrade Jon Oberheide
Re: Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015) cve-assign
Friday, 01 May
Re: [Pdns-announce] PowerDNS Security Advisory 2015-01 Peter van Dijk
CVE-2015-3455 - SQUID-2015:1 Incorrect X509 server certificate validation Amos Jeffries
On sanctioned MITMs mancha
Re: On sanctioned MITMs Hanno Böck
Re: On sanctioned MITMs Kurt Seifried
Re: On sanctioned MITMs Dean Pierce
CVE request / Advisory: Slideshow (Wordpress plugin) - Wordpress option value disclosure Matthew Daley
Re: On sanctioned MITMs Solar Designer
Re: On sanctioned MITMs mancha
Re: On sanctioned MITMs mancha
CVE Request / Saltstack SSL verification disabling for alibabab cloud module Michael Scherer
Re: On sanctioned MITMs Lyndon Nerenberg
CVE Request / Ansible: insecure permission on a directory when using spacewalk inventory Michael Scherer
Saturday, 02 May
Re: On sanctioned MITMs Eddie Chapman
CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer
Re: CVE Request / Ansible: insecure permission on a directory when using spacewalk inventory James Cammarata
Re: Re: CVE Request / Ansible: insecure permission on a directory when using spacewalk inventory Michael Scherer
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam cve-assign
Re: CVE request / Advisory: Slideshow (Wordpress plugin) - Wordpress option value disclosure cve-assign
Re: On sanctioned MITMs mancha
Re: On sanctioned MITMs Lyndon Nerenberg
Sunday, 03 May
CVE-2015-2170: clamav: crash on crafted upx packed file Sebastian Andrzej Siewior
CVE-2015-2221: clamav: infinite loop condition on crafted y0da cryptor file Sebastian Andrzej Siewior
CVE request - clamav - crashes on crafted upack packed file Sebastian Andrzej Siewior
CVE request - clamav - crash during algorithmic detection on crafted PE file Sebastian Andrzej Siewior
CVE-2015-2222: clamav: crash on crafted petite packed file Sebastian Andrzej Siewior
CVE request: libarchive: Out of bounds read using malformed cpio archive Salvatore Bonaccorso
Re: CVE request: libarchive: Out of bounds read using malformed cpio archive Hanno Böck
Re: USBCreator D-Bus service cve-assign
Re: CVE requests / Advisory: phpMyBackupPro cve-assign
Monday, 04 May
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities - CVE Request Jing Wang
Re: CVE requests / Advisory: phpMyBackupPro Matthew Daley
Re: CVE request: Caja / MATE Desktop Environment: caja automounts USB flash drives and CD/DVD drives while session is locked Mike Gabriel
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray
PHP and some == wonkiness Kurt Seifried
Re: CVE request for vulnerability in OpenStack Keystone cve-assign
Re: PHP and some == wonkiness Pádraic Brady
Please REJECT CVE-2015-3168, I failed to notice that CVE-2015-3164 was already assigned. Kurt Seifried
Re: On sanctioned MITMs Joe Malcolm
Re: PHP and some == wonkiness Florian Weimer
Tuesday, 05 May
Re: PHP and some == wonkiness mancha
Re: PHP and some == wonkiness Florian Weimer
About PHP and CVE-2015-1353 Remi Collet
[CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL Pedro Ribeiro
Re: PHP and some == wonkiness mancha
CVE Request: GnuTLS: GNUTLS-SA-2015-2: MD5-based ServerKeyExchange signature accepted by default Salvatore Bonaccorso
Re: PHP and some == wonkiness mancha
Re: Problems in automatic crash analysis frameworks Florian Weimer
[OSSA 2015-008] Potential Keystone cache backend password leak in log (CVE-2015-3646) Tristan Cacqueray
Silent security fixes in virtuoso-opensource Florian Weimer
Re: PHP and some == wonkiness Grandma Eubanks
Local privileges escalation in rubygem open-uri-cached Michael Scherer
Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Re: Problems in automatic crash analysis frameworks Florian Weimer
Re: Problems in automatic crash analysis frameworks Tavis Ormandy
Wednesday, 06 May
Re: PHP and some == wonkiness Sliv TaMere
Re: Local privileges escalation in rubygem open-uri-cached cve-assign
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Vasily Kulikov
Thursday, 07 May
Re: CVE request: Dovecot remote DoS on TLS connections Sven Kieske
Re: CVE request: Dovecot remote DoS on TLS connections Hanno Böck
Linux kernel pointer poisoning (was: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam) Vasily Kulikov
Re: Linux kernel pointer poisoning (was: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam) Vasily Kulikov
CVE request: vulnerability in wpa_supplicant and hostapd Martin Prpic
Re: CVE request: vulnerability in wpa_supplicant and hostapd Solar Designer
Re: CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Hector Marco-Gisbert
CVE Request: zeromq downgrade attack Alessandro Ghedini
CVE-2015-0847 in nbd-server Florian Weimer
Docker 1.6.1 - Security Advisory [150507] Eric Windisch
beaker vulns fixed in version 20.1 Kurt Seifried
CVE-2015-3429: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme Henri Salo
Friday, 08 May
Re: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1 Hannes Trunde
Saturday, 09 May
Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability Nitin Venkatesh
Request for CVE - XSS Vulnerabilities in Wordpress Roomcloud plugin v1.1(rev @1115307) Nitin Venkatesh
Re: CVE request: vulnerability in wpa_supplicant and hostapd Jouni Malinen
CVE request: hostapd/wpa_supplicant - WPS UPnP vulnerability with HTTP chunked transfer encoding Jouni Malinen
CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing Jouni Malinen
Re: CVE request: vulnerability in wpa_supplicant and hostapd Jouni Malinen
CVE requests: didjvu, pdf2djvu: insecure use of /tmp Jakub Wilk
CVE for Jentu Kash Pande
openwall phpass fallback mode Kash Pande
Sunday, 10 May
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Salvatore Bonaccorso
Re: CVE for Jentu cve-assign
Re: CVE Request: zeromq downgrade attack Salvatore Bonaccorso
Monday, 11 May
Re: About PHP and CVE-2015-1353 - please REJECT Remi Collet
Re: openwall phpass fallback mode Solar Designer
[oCERT-2015-006] dcraw input sanitization errors Andrea Barisani
CVE Request: wireshark: crash on a sample capture file genbroad.snoop Mgr . Martin Žember
CVE Request: Insufficient TLS Protection in Composer (PHP) Pádraic Brady
Tuesday, 12 May
CVE request: libinfinity did not correctly check certificates for validity Philipp Kern
CVE Request: phpbb open redirect Alessandro Ghedini
Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Martin Prpic
Re: CVE Request: wireshark: crash on a sample capture file genbroad.snoop Stuart Henderson
Re: CVE Request: phpbb open redirect Hanno Böck
CVE request for proxychains-ng : current path as the first directory for the library search path Mamoru TASAKA
Two invalid read errors / heap overflows in SQLite (TFPA 006/2015) Hanno Böck
Re: [oCERT-2015-006] dcraw input sanitization errors cve-assign
CVE request for vulnerability in OpenStack Horizon Tristan Cacqueray
Re: CVE Request: phpbb open redirect cve-assign
Wednesday, 13 May
CVE Request: OSSIM multiple vulnerabilities Damien Cauquil
Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive Xen . org security team
VENOM - CVE-2015-3456 Jason Geffner
CVE request for vhost/scsi possible memory corruption. Wade Mealing
Request 2 CVE-IDs for Zeus Voting System DaKnOb
Re: VENOM - CVE-2015-3456 Solar Designer
QEMU 2.3.0 tmp vulns CVE request Kurt Seifried
Re: VENOM - CVE-2015-3456 Sebastian Pipping
CVE Request: t1utils: buffer overflow in set_cs_start Salvatore Bonaccorso
Re: CVE request: libinfinity did not correctly check certificates for validity Philipp Kern
Re: CVE request for proxychains-ng : current path as the first directory for the library search path cve-assign
[PATCH 1/4] ozwpan: Use proper check to prevent heap overflow Jason A. Donenfeld
[PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld
[PATCH 3/4] ozwpan: divide-by-zero leading to panic Jason A. Donenfeld
[PATCH 4/4] ozwpan: unchecked signed subtraction leads to DoS Jason A. Donenfeld
[PATCH 2/4] ozwpan: Use unsigned ints to prevent heap overflow Jason A. Donenfeld
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Greg KH
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Greg KH
[PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld
[PATCH 1/4] ozwpan: Use proper check to prevent heap overflow Jason A. Donenfeld
[PATCH 3/4] ozwpan: divide-by-zero leading to panic Jason A. Donenfeld
[PATCH 2/4] ozwpan: Use unsigned ints to prevent heap overflow Jason A. Donenfeld
[PATCH 4/4] ozwpan: unchecked signed subtraction leads to DoS Jason A. Donenfeld
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Solar Designer
Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld
CVE requests: Remote packet-of-death vulnerabilities in Linux Kernel ozwpan driver Jason A. Donenfeld
Re: VENOM - CVE-2015-3456 Solar Designer
Re: VENOM - CVE-2015-3456 Marcus Meissner
RE: VENOM - CVE-2015-3456 Jason Geffner
Thursday, 14 May
Re: Request 2 CVE-IDs for Zeus Voting System DaKnOb
Moving in the wrong direction [was: Re: VENOM - CVE-2015-3456] mancha
Cross-site scripting flaw in AskBot Martin Prpic
security hardening in dbus 1.8.18, 1.9.16: avoiding weak PRNG Simon McVittie
Potential issue in NTP -A option Kurt Seifried
Re: Request 2 CVE-IDs for Zeus Voting System DaKnOb
Re: Potential issue in NTP -A option cve-assign
Read heap overflow / invalid memory access in Wireshark Hanno Böck
Re: Potential issue in NTP -A option Harlan Stenn
re: CVE for Jentu Kash Pande
Re: re: CVE for Jentu Solar Designer
RE: VENOM - CVE-2015-3456 Jason Geffner
Still unfixed? Re: [oss-security] Linux namespaces: It is possible to escape from bind mounts Jann Horn
Re: CVE request for vulnerability in OpenStack Horizon cve-assign
Re: CVE Request: Insufficient TLS Protection in Composer (PHP) Kevin McArthur
Re: re: CVE for Jentu Kash Pande
coreutils sort heap overflow Pádraig Brady
Friday, 15 May
Re: CVE Request: zeromq downgrade attack Alessandro Ghedini
CVE Request - CSRF and XSS in Encrypted Contact Form Wordpress Plugin v1.0.4 Nitin Venkatesh
Saturday, 16 May
Re: QEMU 2.3.0 tmp vulns CVE request Michael Tokarev
about this openssh heap overflow Hanno Böck
Re: CVE Request - CSRF and XSS in Encrypted Contact Form Wordpress Plugin v1.0.4 cve-assign
Re: QEMU 2.3.0 tmp vulns CVE request Jakub Wilk
Re: about this openssh heap overflow mancha
Re: about this openssh heap overflow Hanno Böck
Re: about this openssh heap overflow mancha
Netty/Play's Security Updates (CVE-2015-2156) Luca Carettoni
Sunday, 17 May
[CVE Request/Advisory] Multiple vulnerabilities in PHP's handling of Phar files Emmanuel Law
Moodle security advisories [vs] Marina Glancy
Monday, 18 May
Re: CVE Request: various issues in PHP Lior Kaplan
CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo
CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix Martin Prpic
CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability Bart Dopheide
CVE request: SQLi in FeedWordPress - WordPress plugin Adrián M . F .
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev
Re: CVE request: SQLi in FeedWordPress - WordPress plugin cve-assign
Re: About PHP and CVE-2015-1353 cve-assign
Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module Colton Myers
Tuesday, 19 May
CVE reject request CVE-2015-8146/8147 (was: [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL) Tomas Hoger
CVE request: python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH) Vasyl Kaigorodov
Re: [oCERT-2015-006] dcraw input sanitization errors Stefan Cornelius
CVE Request: nbd denial of service Alessandro Ghedini
Re: CVE reject request CVE-2015-8146/8147 (was: [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL) Alessandro Ghedini
Re: CVE reject request CVE-2015-8146/8147 Marc Deslauriers
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Andrea Palazzo
Re: Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Dennis
Re: CVE reject request CVE-2015-8146/8147 (was: [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL) cve-assign
Re: CVE Request + Advisory: PHP str_repeat() sign mismatch based memory corruption Stanislav Malyshev
Re: CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability cve-assign
Re: CVE request: python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH) cve-assign
Re: coreutils sort heap overflow cve-assign
CVE Request: ipsec-tools Seth Arnold
Wednesday, 20 May
Logjam attack / Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Yves-Alexis Perez
Re: Re: CVE Request: various issues in PHP Vasyl Kaigorodov
JSON-based SQL query construction (Sequelize as an example) Florian Weimer
CVE Request: SuiteCRM Post Auth RCE Darren Martyn
CVE request: Multiple SQL injection vulnerabilities in GigPress - WordPress plugins. Adrián M . F .
Re: Logjam attack / Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Paul Wouters
CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice cve-assign
Re: CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice Yves-Alexis Perez
Re: Logjam attack / Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Alan Coopersmith
Thursday, 21 May
CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer Salvatore Bonaccorso
CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity Martin Prpic
Re: CVE Request: zeromq downgrade attack cve-assign
Re: CVE Request: nbd denial of service cve-assign
[ANNOUNCE] Apache Jackrabbit 2.10.1 released Marcel Reutegger
CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) Julian Reschke
Re: CVE request for vhost/scsi possible memory corruption. cve-assign
CVE-2015-3202 fuse privilege escalation Tavis Ormandy
CVE-2015-1325 apport race conditions / ubuntu local root Philip Pettersson
Re: CVE Request: ipsec-tools cve-assign
Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix cve-assign
CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable Siddharth Sharma
Re: CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable cve-assign
Friday, 22 May
CVE request: Multiple vulnerabilities in some WordPress plugins: NewStatPress & WordPress Landing Pages. Adrián M . F .
Re: CVE Request: zeromq downgrade attack Alessandro Ghedini
Re: CVE request: Multiple SQL injection vulnerabilities in GigPress - WordPress plugins. cve-assign
Re: CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer cve-assign
Feed2JS v1.7 XSS Web Security Vulnerabilities - CVE Request Jing Wang
Innovative WebPAC Pro 2.0 Open Redirect Web Security Vulnerabilities - CVE Request Jing Wang
Re: CVE Request: OSSIM multiple vulnerabilities cve-assign
Re: Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability cve-assign
Re: CVE Request: t1utils: buffer overflow in set_cs_start cve-assign
Re: CVE request: Multiple vulnerabilities in some WordPress plugins: NewStatPress & WordPress Landing Pages. cve-assign
Re: CVE request: Multiple SQL injection vulnerabilities in GigPress - WordPress plugins. cve-assign
Saturday, 23 May
Re: Wordpress Roomcloud plugin v1.1(rev @1115307) XSS vulnerability Nitin Venkatesh
Re: QEMU 2.3.0 tmp vulns CVE request cve-assign
Re: Re: CVE Request for read-only directory traversal in Etherpad frontend tests Jeremy Stanley
CVE Request for WP Fastest Cache plugin 0pc0deFR
Sunday, 24 May
Re: [PATCH 1/4] ozwpan: Use proper check to prevent heap overflow Greg Kroah-Hartman
Monday, 25 May
CVE-2015-3200 Log injection in Lighttpd Jaanus
[OSSA 2015-009] Persistent XSS in Horizon metadata dashboard (CVE-2015-3988) Tristan Cacqueray
CVE request for attic : encrypted backups attack Raphaël Rigo
CVE request: vulnerability in the kernel tty subsystem. Wade Mealing
Tuesday, 26 May
ELF PLT changes in gcc/binutils/glibc Florian Weimer
Re: CVE Request for read-only directory traversal in Etherpad frontend tests cve-assign
[PATCH v2 0/4] ozwpan: Four remote packet-of-death vulnerabilities Jason A. Donenfeld
[PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow Jason A. Donenfeld
[PATCH v2 2/4] ozwpan: Use unsigned ints to prevent heap overflow Jason A. Donenfeld
[PATCH v2 3/4] ozwpan: divide-by-zero leading to panic Jason A. Donenfeld
[PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS Jason A. Donenfeld
Re: CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice Florian Weimer
hwclock(8) SUID privilege escalation up201407890
CVE Request: CSRF vulnerability in OmniAuth request phase Douwe Maan
Re: hwclock(8) SUID privilege escalation Larry W. Cashdollar
Re: [PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow Dan Carpenter
Re: hwclock(8) SUID privilege escalation Stephane Chazelas
Re: [PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS Dan Carpenter
Re: CVE request: vulnerability in the kernel tty subsystem. Greg KH
FreeRDP tmp flaws Kurt Seifried
Re: FreeRDP tmp flaws Kurt Seifried
Question about tmp flaws in non-default build options (e.g. Kerberos DEBUG_ASN1) Kurt Seifried
Re: CVE Request for WP Fastest Cache plugin cve-assign
Re: Re: hwclock(8) SUID privilege escalation Tavis Ormandy
Re: Re: hwclock(8) SUID privilege escalation up201407890
Re: Re: hwclock(8) SUID privilege escalation Stephane Chazelas
Wednesday, 27 May
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger
Re: CVE request: vulnerability in wpa_supplicant and hostapd Tomas Hoger
Re: Question about tmp flaws in non-default build options (e.g. Kerberos DEBUG_ASN1) cve-assign
Re: FreeRDP tmp flaws cve-assign
CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Jason A. Donenfeld
CVE Request, multiple WordPress plugins and themes Seaman, Chad
CVE-2015-1835: Remote exploit of secondary configuration variables in Apache Cordova on Android Joe Bowser
Re: Re: FreeRDP tmp flaws Kurt Seifried
Re: CVE Request, multiple WordPress plugins and themes Seaman, Chad
Re: CVE Request, multiple WordPress plugins and themes Henri Salo
Thursday, 28 May
Re: CVE Request, multiple WordPress plugins and themes cve-assign
Re: Re: CVE Request, multiple WordPress plugins and themes Seaman, Chad
Friday, 29 May
CVE request: XSS and CSRF in WP Smiley plugin for WordPress Henri Salo
[CVE-2015-0839] hp-plugin binary driver verification Enrico Zini
wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect Larry W. Cashdollar
Re: Re: CVE Request: various issues in PHP Tomas Hoger
CVE request Linux kernel: ns: user namespaces panic P J P
StrongSwan VPN client for Android leaks username to rouge server Alexander E. Patrakov
Re: StrongSwan VPN client for Android leaks username to rouge server Noel Kuntze
Re: CVE request: vulnerability in the kernel tty subsystem. Henri Salo
Re: CVE request: vulnerability in the kernel tty subsystem. Greg KH
Re: CVE request Linux kernel: ns: user namespaces panic Andy Lutomirski
Saturday, 30 May
Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Jason A. Donenfeld
Sunday, 31 May
Re: CVE request: XSS and CSRF in WP Smiley plugin for WordPress cve-assign
Re: CVE request for attic : encrypted backups attack cve-assign
CVE Request:PCRE Call Stack Overflow Vulnerability wen_guanxing
CVE Request: PCRE Library Stack Overflow Vulnerability wen_guanxing
Re: CVE request: vulnerability in wpa_supplicant and hostapd cve-assign
Re: [CVE-2015-0839] hp-plugin binary driver verification Daniel Kahn Gillmor
Monday, 01 June
CVE-2015-0848 - Heap overflow on libwmf0.2-7 Fernando Muñoz
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Alessandro Ghedini
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() cve-assign
CVE-2015-3210: PCRE Library Heap Overflow Vulnerability wen_guanxing
CVE-2015-3210: PCRE Library Heap Overflow Vulnerability wen_guanxing
CVE-2015-3210: PCRE Library Heap Overflow Vulnerability wen_guanxing
MITRE delays persist mancha
Re: CVE requests / Advisory: phpMyBackupPro Matthew Daley
Tuesday, 02 June
Xen Security Advisory 128 (CVE-2015-4103) - Potential unintended writes to host MSI message data field via qemu Xen . org security team
Xen Security Advisory 130 (CVE-2015-4105) - Guest triggerable qemu MSI-X pass-through error messages Xen . org security team
Xen Security Advisory 131 (CVE-2015-4106) - Unmediated PCI register access in qemu Xen . org security team
Xen Security Advisory 129 (CVE-2015-4104) - PCI MSI mask bits inadvertently exposed to guests Xen . org security team
CVE request Linux kernel: fs: udf kernel oops P J P
CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage P J P
Stack out of bounds read access in uudecode / sharutils Hanno Böck
Re: Stack out of bounds read access in uudecode / sharutils cve-assign
Re: CVE request: vulnerability in the kernel tty subsystem. cve-assign
Wednesday, 03 June
CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS Matthew Daley
CVE request Linux kernel: udf: information leakage when reading symlink P J P
Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS Henri Salo
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Stefan Cornelius
CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing
CVE Request: mime-support Dennis
Re: CVE Request: mime-support Dennis
Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Dan McDonald
Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Hhjack
Re: CVE request Linux kernel: ns: user namespaces panic cve-assign
Re: CVE request Linux kernel: fs: udf kernel oops cve-assign
Re: CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage cve-assign
Re: CVE request Linux kernel: udf: information leakage when reading symlink cve-assign
Re: Re: Stack out of bounds read access in uudecode / sharutils Hanno Böck
Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Tavis Ormandy
Re: Stack out of bounds read access in uudecode / sharutils cve-assign
Re: Re: Stack out of bounds read access in uudecode / sharutils Joshua Smith
Null pointer access in inflatehd tool (nghttp2) Hanno Böck
Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() wen_guanxing
CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz
Re: Imagemagick fuzzing bug Siddharth Sharma
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P
Thursday, 04 June
Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P
Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Felipe Pena
CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini
Re: CVE request Linux kernel: ns: user namespaces panic cve-assign
Re: CVE requests / Advisory: phpMyBackupPro cve-assign
Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS cve-assign
Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign
Re: Re: Re: Re: Re: Re: CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() Guanxing Wen
Friday, 05 June
Re: CVE Request: redis Lua sandbox escape and arbitrary code execution Alessandro Ghedini
Re: CVE Request: redis Lua sandbox escape and arbitrary code execution cve-assign
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Larry W. Cashdollar
Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman
Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities cve-assign
CVE Request: bson-ruby DoS and possible injection Phill MV
Saturday, 06 June
CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer
Re: CVE Request: bson-ruby DoS and possible injection cve-assign
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer
Sunday, 07 June
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P
Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman
Suggestions Sought for Appsec Reading List Scott Arciszewski
Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P
Monday, 08 June
CVE request for polkit Colin Walters
Re: StrongSwan VPN client for Android leaks username to rouge server Tobias Brunner
Re: Suggestions Sought for Appsec Reading List Sven Kieske
CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured Michael Catanzaro
Re: Suggestions Sought for Appsec Reading List Scott Arciszewski
Re: CVE request for polkit cve-assign
Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured cve-assign
Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured Michael Catanzaro
Tuesday, 09 June
Re: CVE request for polkit Colin Walters
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer
Secure Socket Funneling: a new network tool Secure SocketFunneling
Possible XSS vulnerability on NIST NVD Marek Sebera
Re: MITRE delays persist Steven M. Christey
Re: Re: MITRE delays persist Seaman, Chad
[OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219) Tristan Cacqueray
Re: Re: MITRE delays persist Marcus Meissner
Wednesday, 10 June
Re: Possible XSS vulnerability on NIST NVD Henri Salo
CVE Request - Arbitrary file upload in Wordpress Plugin: N-Media file uploader v3.7 Sebastian Wolfgang Kraemer | HSASec
Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest->host escape Xen . org security team
Re: Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest->host escape Petr Matousek
Re: Possible XSS vulnerability on NIST NVD cve-assign
CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function Petr Matousek
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Larry W. Cashdollar
CVE=2015-1234 disambiguation Vasyl Kaigorodov
Fwd: X.Org/Wayland Security Advisory: Missing authentication in XWayland Alan Coopersmith
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Larry W. Cashdollar
CVE Request: Arbitrary file upload in Wordpress 4.1.1 Sebastian Wolfgang Kraemer | HSASec
Re: CVE=2015-1234 disambiguation Justin Burke
CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales
Thursday, 11 June
CVE-2015-3222 - OSSEC root escalation Andrew Widdersheim
Xen Security Advisory 134 (CVE-2015-4163) - GNTTABOP_swap_grant_ref operation misbehavior Xen . org security team
Xen Security Advisory 136 (CVE-2015-4164) - vulnerability in the iret hypercall handler Xen . org security team
Re: Possible CVE Requests: libmspack: several issues cve-assign
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) cve-assign
OpenSSL Sec Adv 20150611 mancha
Re: Re: MITRE delays persist mancha
Re: OpenSSL Sec Adv 20150611 mancha
Friday, 12 June
Re: OpenSSL Sec Adv 20150611 Jose R R
Re: OpenSSL Sec Adv 20150611 mancha
zip-attachments v1.1.4 wordpress plugin arbitrary file download vulnerability. Larry W. Cashdollar
Re: CVE request for polkit Colin Walters
Re: Linux namespaces: It is possible to escape from bind mounts Solar Designer
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) Pere Orga
Fedora Atomic - downloads updates over HTTP (CVE-2015-3229) Kurt Seifried
Out of bounds read in OpenSSL function X509_cmp_time (CVE-2015-1789) and other minor issues Hanno Böck
Saturday, 13 June
CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Bastian Blank
PostgreSQL - Predictable cancel key Bastian Blank
Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS Matthew Daley
Re: CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Dave Walker
Re: CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Jeremy Stanley
Monday, 15 June
CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure Peter Bex
Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS sec () inventropy us
Re: PostgreSQL - Predictable cancel key Pierre Schweitzer
Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure cve-assign
Re: Re: CVE Request: various issues in PHP Tomas Hoger
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Stefan Cornelius
Re: PostgreSQL - Predictable cancel key Bastian Blank
CVE Request - Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 Nitin Venkatesh
CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root Philip Pettersson
Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings Giancarlo Canales
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 cve-assign
Re: Bug#786909: chromium: unconditionally downloads binary blob Michael Gilbert
Tuesday, 16 June
Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted JSON strings cve-assign
Re: CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root Alban Crequy
Re: PostgreSQL - Predictable cancel key Pierre Schweitzer
Re: CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root Philip Pettersson
Re: PostgreSQL - Predictable cancel key Michael Samuel
Cross-Site Request Forgery in Spina CMS Tomek Rabczak
Re: CVE Request: various issues in PHP cve-assign
[OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850) Tristan Cacqueray
[CVE-2015-3225] Potential Denial of Service Vulnerability in Rack Aaron Patterson
[CVE-2015-1840] CSRF Vulnerability in jquery-ujs and jquery-rails Aaron Patterson
[CVE-2015-3227] Possible Denial of Service attack in Active Support Aaron Patterson
[CVE-2015-3226] XSS Vulnerability in ActiveSupport::JSON.encode Aaron Patterson
[CVE-2015-3224] IP whitelist bypass in Web Console Aaron Patterson
Re: CVE Request - Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 cve-assign
Re: Cross-Site Request Forgery in Spina CMS cve-assign
Re: CVE request for polkit cve-assign
Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz
Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850) Salvatore Bonaccorso
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 Fernando Muñoz
Wednesday, 17 June
Re: PostgreSQL - Predictable cancel key Pierre Schweitzer
CVE-2015-3214 qemu: i8254: out-of-bounds memory access in pit_ioport_read function Petr Matousek
CVE request for XSS and CSRF vulnerability in wordpress plugin WP-Stats Sebastian Wolfgang Kraemer | HSASec
Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) Tristan Cacqueray
[OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1 Tristan Cacqueray
Re: Re: CVE Request: jabberd remote information disclosure Hanno Böck
Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales
Thursday, 18 June
CVE request: Content type spoofing in ruby gem paperclip <4.2.2 Reed Loden
Re: Re: CVE Request: various issues in PHP Tomas Hoger
PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request Tomas Hoger
Re: CVE Request: various issues in PHP cve-assign
Re: CVE Request: various issues in PHP cve-assign
Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request cve-assign
CVE request: pure-ftpd denial of service in glob_() Vasyl Kaigorodov
Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign
Re: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales
Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign
Re: CVE request: pure-ftpd denial of service in glob_() cve-assign
CVE-2015-3243 rsyslog: some log files are created world-readable Kurt Seifried
Joomla! Administrator -> web shell esclalation Dean Pierce
Re: Bug#786909: chromium: unconditionally downloads binary blob Michael Gilbert
Re: Bug#786909: chromium: unconditionally downloads binary blob Christoph Anton Mitterer
Re: CVE request: Content type spoofing in ruby gem paperclip <4.2.2 Reed Loden
Friday, 19 June
CVE Request - CSRF vulnerability in the Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 Nitin Venkatesh
[CVE-2015-3188] Apache Storm remote code execution vulnerability P. Taylor Goetz
Saturday, 20 June
Re: CVE-2015-3243 rsyslog: some log files are created world-readable Nick Boyce
CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" Justin Bull
Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function cve-assign
Sunday, 21 June
Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 cve-assign
Re: zip-attachments v1.1.4 wordpress plugin arbitrary file download vulnerability. cve-assign
Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP cve-assign
Re: CVE Request - CSRF vulnerability in the Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 cve-assign
Wordpress Plugin: FTP To Zip 1.8 0pc0deFR
Re: Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS cve-assign
Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP Justin Bull
Re: Yoast Wordpress SEO Plugin <= 2.1.1 Stored, Authenticated XSS sec () inventropy us
Monday, 22 June
[oCERT-2015-008] FreeRADIUS insufficent CRL application Andrea Barisani
Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP cve-assign
Re: Wordpress Plugin: FTP To Zip 1.8 cve-assign
CVE request: IPython XSS in JSON error responses Kyle Kelley
Validating OCSP response signatures Tim Brown
Re: Wordpress Plugin: FTP To Zip 1.8 Abhishek Ghosh
Re: CVE request: IPython XSS in JSON error responses cve-assign
Re: CVE request: IPython XSS in JSON error responses Kyle Kelley
CVE request: Linux kernel - bpf jit optimization flaw can panic kenrel. Wade Mealing
Re: CVE request: Linux kernel - bpf jit optimization flaw can panic kenrel. cve-assign
Tuesday, 23 June
[OSSA 2015-012] Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221) Tristan Cacqueray
Remote file download vulnerability in download-zip-attachments v1.0 Larry W. Cashdollar
Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Larry W. Cashdollar
Wednesday, 24 June
OpenVPN hardening patches Sebastian Krahmer
CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers Responsive Disclosure | HSASec
CVE Request: Information disclosure in MantisBT Damien Regad
Re: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers cve-assign
CVE request: Wesnoth authentication information disclosure Ignacio R. Morelle
Re: CVE Request: Information disclosure in MantisBT cve-assign
Thursday, 25 June
Re: CVE Request: Information disclosure in MantisBT Damien Regad
Please REJECT CVE-2015-3242 Petr Matousek
CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function Petr Matousek
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function cve-assign
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function Petr Matousek
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function cve-assign
Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function Petr Matousek
CVE Request: Anchor CMS - Multiple Stored and DOM Based XSS issues Anirudh Anand
Re: CVE request: Wesnoth authentication information disclosure cve-assign
Linux-PAM 1.2.1 released to address CVE-2015-3238 Dmitry V. Levin
Re: Validating OCSP response signatures cve-assign
CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength() Guanxing Wen
Friday, 26 June
rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020) Reed Loden
Re: CVE Request: PCRE Library Heap Overflow Vulnerability in find_fixedlength() cve-assign
CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow Stefan Cornelius
CVE Request - BigTree CMS - Stored XSS while creating a new user Anirudh Anand
Re: CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow Stefan Cornelius
Re: CVE Request: Anchor CMS - Multiple Stored and DOM Based XSS issues Anirudh Anand
Saturday, 27 June
CVE Request: Django CMS Matthew Wilkes
Sunday, 28 June
Re: CVE Request: Django CMS cve-assign
Re: CVE Request: Django CMS Matthew Wilkes
Monday, 29 June
Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser Hanno Böck
Re: Courier mail server: Write heap overflow in mailbot tool and out of bounds heap read in imap folder parser cve-assign
CVE request: Stack overflow in redcarpet's header_anchor Giancarlo Canales
OpenDaylight security advisory: CVE-2015-3414 CVE-2015-3416 SQLite memory corruption, CVE-2015-4000 LOGJAM TLS MITM David Jorm
Question about world readable config files and commented warnings Kurt Seifried
Re: Question about world readable config files and commented warnings gremlin
Google Chrome Address Spoofing (Request For Comment) David Leo
Re: Google Chrome Address Spoofing (Request For Comment) Alexander E. Patrakov
Tuesday, 30 June
Re: Google Chrome Address Spoofing (Request For Comment) Daniel Micay
Re: Google Chrome Address Spoofing (Request For Comment) Florian Weimer
Re: Google Chrome Address Spoofing (Request For Comment) Daniel Micay
Re: Question about world readable config files and commented warnings Kurt Seifried
Re: Question about world readable config files and commented warnings cve-assign
Re: CVE request: Stack overflow in redcarpet's header_anchor cve-assign
Re: Question about world readable config files and commented warnings Kurt Seifried
Re: Re: Question about world readable config files and commented warnings Seth Arnold
CVE Request: UDP checksum DoS Salvatore Bonaccorso
Re: Question about world readable config files and commented warnings cve-assign
Re: Question about world readable config files and commented warnings Kurt Seifried
Re: Question about world readable config files and commented warnings vladz
Re: Question about world readable config files and commented warnings cve-assign
Re: Question about world readable config files and commented warnings Seth Arnold
Reject CVE-2015-3157 Garth Mollett