oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

658 messages starting Jul 01 15 and ending Aug 12 15
Date index | Thread index | Author index

0pc0deFR

Re: Google Chrome Address Spoofing (Request For Comment) 0pc0deFR (Jul 01)

Abhishek J.M

CVE Request: October CMS - Stored XSS in image caption tag Abhishek J.M (Jul 21)

Adam D. Barratt

Re: TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow Adam D. Barratt (Jul 06)

Adam Maris

CVE-2015-1416: vulnerability in patch(1) Adam Maris (Jul 30)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Adam Maris (Aug 12)
Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Adam Maris (Aug 12)
Re: CVE for crypto_get_random() from libsrtp Adam Maris (Aug 11)
CVE for crypto_get_random() from libsrtp Adam Maris (Jul 31)

Adam Zabrocki

Follow-up on Exploiting "BadIRET" vulnerability (CVE-2014-9322) Adam Zabrocki (Jul 04)

a . furieri

Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g a . furieri (Jul 06)

Agostino Sarubbo

Re: siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
libav: divide-by-zero in ff_h263_decode_mba() Agostino Sarubbo (Jul 16)
Re: libav: divide-by-zero in ff_h263_decode_mba() Agostino Sarubbo (Jul 16)

Alessandro Ghedini

Re: [oCERT-2015-009] VLC arbitrary pointer dereference Alessandro Ghedini (Aug 20)
Re: Follow up: PowerDNS Security Advisory 2015-01 Alessandro Ghedini (Jul 07)
Re: Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Alessandro Ghedini (Jul 13)
CVE Request: twig remote code execution Alessandro Ghedini (Aug 21)
CVE Request: cacti multiple SQL injections Alessandro Ghedini (Jul 18)
CVE Request: zendframework SQL injections Alessandro Ghedini (Sep 30)
Re: CVE Request: zendframework SQL injections Alessandro Ghedini (Sep 30)
Re: CVE Request: cacti multiple SQL injections Alessandro Ghedini (Aug 05)
Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Alessandro Ghedini (Jul 13)
Re: CVE Request: twig remote code execution Alessandro Ghedini (Sep 30)
Re: CVE Request: cacti multiple SQL injections Alessandro Ghedini (Sep 30)

Alexander Cherepanov

Re: How serious is undefined behavior? Alexander Cherepanov (Jul 09)
Re: How serious is undefined behavior? Alexander Cherepanov (Jul 13)

Amos Jeffries

CVE Request: Squid HTTP Proxy Denial of Service Amos Jeffries (Sep 17)
CVE Request: Squid HTTP Proxy Denial of Service Amos Jeffries (Sep 17)
CVE Request: Squid HTTP Proxy Denial of Service Amos Jeffries (Sep 17)
Re: Squid HTTP proxy CVE request Amos Jeffries (Jul 09)
Re: Squid HTTP proxy CVE request Amos Jeffries (Jul 08)
Re: Re: Squid HTTP proxy CVE request Amos Jeffries (Jul 17)
Re: Squid HTTP proxy CVE request Amos Jeffries (Jul 14)
Squid HTTP proxy CVE request Amos Jeffries (Jul 06)

Andrea Barisani

[oCERT-2015-009] VLC arbitrary pointer dereference Andrea Barisani (Aug 20)

Andreas Stieger

CVE Request: two security issues in openSSH 6.9 Andreas Stieger (Jul 01)
Re: Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6 Andreas Stieger (Jul 07)
Re: Re: CVE request for wget Andreas Stieger (Sep 29)
CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6 Andreas Stieger (Jul 06)
Re: CVE request for wget Andreas Stieger (Sep 09)

Andrew Nacin

Re: WP Slimstat < 4.1.6 - Referer Header XSS Andrew Nacin (Aug 02)

Andy Lutomirski

Linux x86_64 NMI security issues Andy Lutomirski (Jul 22)
Re: Terminal escape sequences - the new XSS for admins? Andy Lutomirski (Aug 11)
CVE-2015-3290: Linux privilege escalation due to nested NMIs interrupting espfix64 Andy Lutomirski (Aug 04)
Re: Linux x86_64 NMI security issues Andy Lutomirski (Jul 23)
Re: Follow-up on Exploiting "BadIRET" vulnerability (CVE-2014-9322) Andy Lutomirski (Jul 08)
Re: CVE Request: Linux x86_64 NT flag issue - Linux kernel Andy Lutomirski (Aug 29)
CVE Request: Linux x86_64 NT flag issue Andy Lutomirski (Aug 24)
Re: Linux x86_64 NMI security issues Andy Lutomirski (Jul 24)

anidear

Re: Re: [FD] Google Chrome Address Spoofing (Request For Comment) anidear (Jul 02)

Anirudh Anand

CVE Request: GetSimple CMS: Multiple Stored XSS Anirudh Anand (Jul 03)

Ankeet Presswala

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Ankeet Presswala (Jul 27)

Anthony Liguori

Re: CVE Request: AWS s2n Anthony Liguori (Jul 16)

Anti Räis

CVE-Request for stored WCI (a.k.a XSS) in Visual Form Builder 2.7.5 - 2.8.4 Anti Räis (Sep 14)

Arjun Basnet

SEH Local buffer overflow vulnerability Arjun Basnet (Aug 24)

Austin English

CVE request for wget Austin English (Sep 07)
Re: CVE request for wget Austin English (Sep 24)
Re: CVE request for wget Austin English (Sep 28)

Ben Hutchings

Re: CVE Request: UDP checksum DoS Ben Hutchings (Jul 05)
CVE request: Integer overflow in SCSI generic driver in Linux <4.1 Ben Hutchings (Aug 01)
CVE request: Use-after-free in path lookup in Linux 3.11-4.0 inclusive Ben Hutchings (Aug 01)
CVE request: Use-after-free in Linux kernel with aufs mmap patch Ben Hutchings (Sep 10)

Benjamin Randazzo

CVE request: Linux kernel - information leak in md driver Benjamin Randazzo (Jul 28)

Big Whale

Re: Google Chrome Address Spoofing (Request For Comment) Big Whale (Jul 01)
Re: [FD] Google Chrome Address Spoofing (Request For Comment) Big Whale (Jul 02)

Brad Knowles

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brad Knowles (Jul 25)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brad Knowles (Jul 24)

Brandon Perry

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brandon Perry (Jul 24)

Brian Carpenter

CVE Request: use after free in PHP 5.6 and 7 (possibly others) Brian Carpenter (Jul 15)

Cédric Champeau

[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure Cédric Champeau (Jul 16)

Chris Steipp

CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10 Chris Steipp (Aug 12)

Christian Hoffmann

Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)
Re: CVE request: zarafa-autorespond suffers from a potential local privilege escalation Christian Hoffmann (Sep 21)

Christofer Dutz

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Christofer Dutz (Aug 19)

Colm O hEigeartaigh

New security vulnerability for Apache CXF Fediz - CVE-2015-5175 Colm O hEigeartaigh (Aug 26)

Cory Benfield

[CVE-2015-3908] Improper TLS Certificate Validation in Ansible Cory Benfield (Jul 14)

cve-assign

Re: CVE request: Qemu: buffer overflow in virtio-serial cve-assign (Aug 06)
Re: CVE Request: Plone header injection cve-assign (Sep 22)
Re: CVE request: screen stack overflow (deep recursion) cve-assign (Sep 02)
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability cve-assign (Jul 30)
Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow cve-assign (Jul 13)
Re: CVE request for vulnerabilities fixed in roundcubemail 1.1.2 and 1.0.6 cve-assign (Jul 06)
Re: DoS attack through Email-Address perl module v1.907 (CVE id request) cve-assign (Sep 30)
Re: CVE request: Integer overflow in SCSI generic driver in Linux <4.1 - Linux kernel cve-assign (Aug 02)
Re: CVE request Qemu: net: virtio-net possible remote DoS cve-assign (Sep 18)
Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD cve-assign (Aug 17)
Re: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 cve-assign (Jul 10)
Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; cve-assign (Jul 18)
Re: CVE request: XSS vulnerability in jsoup related to incomplete tags at EOF cve-assign (Aug 28)
Re: CVE Request: SQLite array overrun in the skip-scan optimization cve-assign (Jul 15)
Re: CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. cve-assign (Aug 20)
Re: CVE request: 2 issues in inspircd cve-assign (Aug 25)
Re: CVE Request: OpenLDAP: ber_get_next denial of service vulnerability cve-assign (Sep 11)
Re: CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege cve-assign (Sep 24)
Re: CVE Request: Request Tracker: cross-site scripting in cryptography interface cve-assign (Aug 17)
Re: CVE request: Zenphoto before 1.4.9 multiple vulnerabilities cve-assign (Jul 18)
Re: CVE Request for glusterfs: fuse check return value of setuid cve-assign (Sep 04)
Re: CVE request: IPython CSRF validation cve-assign (Jul 21)
Re: CVE Request Qemu: net: e1000 infinite loop issue cve-assign (Sep 05)
Re: CVE request: WordPress 4.2.2 and earlier cross-site scripting vulnerability cve-assign (Jul 23)
Re: CVE Request: kmail: Attachments are not encrypted when "automatic encryption" is selected cve-assign (Jul 16)
Re: CVE request: Use-after-free in path lookup in Linux 3.11-4.0 inclusive - Linux kernel cve-assign (Aug 02)
Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" cve-assign (Sep 17)
Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 cve-assign (Jul 27)
Re: CVE Request: 2 FreeType issues cve-assign (Sep 25)
Re: CVE Request - Go net/http library - HTTP smuggling cve-assign (Aug 05)
Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 cve-assign (Jul 20)
Re: CVE Request: ATutor LMS Version 2.2 with stored XSS and file upload issue cve-assign (Aug 18)
Re: CVE request: conntrackd denial of service with unusual network traffic cve-assign (Aug 17)
Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding cve-assign (Aug 17)
Re: Follow up: PowerDNS Security Advisory 2015-01 cve-assign (Jul 10)
Re: CVE request: Linux kernel - information leak in md driver cve-assign (Jul 29)
Re: CVE Request : CSRF in IPython/Jupyter notebook Tree. cve-assign (Sep 14)
Re: CVE request: mktexlsr/texlive: insecure use of /tmp cve-assign (Jul 29)
Re: CVE Request: more php unserializing issues cve-assign (Sep 08)
Re: CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user cve-assign (Sep 05)
Re: CVE Request: Linux x86_64 NT flag issue - Linux kernel cve-assign (Aug 24)
Re: CVE Request: ippusbxd cve-assign (Aug 18)
CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c cve-assign (Sep 14)
Re: nss: SSL_ImplementedCiphers ABI incompatibility may lead to incorrect cipher suites cve-assign (Sep 07)
Re: node.js out of band write cve-assign (Jul 09)
Re: CVE Request: Plone XSS cve-assign (Sep 22)
Re: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 cve-assign (Jul 10)
Re: CVE request for wget cve-assign (Sep 25)
Re: CVE REJECT CVE-2015-3287 cve-assign (Sep 01)
Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp cve-assign (Aug 25)
Re: CVE Request: gollum information disclosure vulnerability cve-assign (Sep 22)
Re: Squid HTTP proxy CVE request cve-assign (Jul 17)
Re: Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 cve-assign (Jul 10)
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) cve-assign (Aug 18)
Re: CVE request: Ganglia-web auth bypass cve-assign (Sep 05)
Re: CVE Request: PHP remote exploits (even more) cve-assign (Sep 08)
Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities cve-assign (Aug 04)
Re: CVE request Qemu: ide: divide by zero issue cve-assign (Sep 10)
Re: DoS in libtiff cve-assign (Sep 22)
Re: CVE Request: UDP checksum DoS cve-assign (Jul 06)
Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection cve-assign (Aug 01)
Re: Duplicate Wireshark CVEs? cve-assign (Aug 13)
Re: Remote file download vulnerability in Wordpress Plugin image-export v1.1 cve-assign (Jul 20)
Re: CVE request - simple-php-captcha - captcha bypass vulnerability cve-assign (Aug 17)
Re: CVE Request: PHP v7 - Code execution vulnerability cve-assign (Aug 20)
Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 cve-assign (Jul 28)
Re: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin cve-assign (Jul 10)
Re: please REJECT CVE-2015-3199 cve-assign (Jul 04)
Re: CVE Request: SuiteCRM Post-Auth Race Condition Shell Upload Remote Code Execution. cve-assign (Aug 06)
Re: CVE Request: Plone Privilege Escalation cve-assign (Sep 22)
Re: CVE request: ansible zone/chroot/jail escape cve-assign (Aug 17)
Re: A new class of security vulns? cve-assign (Jul 30)
Re: CVE Request: Linux x86_64 NT flag issue - Linux kernel cve-assign (Sep 14)
Re: CVE request - remind 3.1.14 and earlier - buffer overflow cve-assign (Aug 06)
Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor cve-assign (Sep 23)
Re: CVE Request for OpenSSH vulnerability - authentication limits bypass cve-assign (Jul 23)
Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets cve-assign (Jul 28)
Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10 cve-assign (Aug 27)
Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets cve-assign (Jul 28)
Re: CVE Request: two security issues in openSSH 6.9 cve-assign (Jul 01)
Re: CVE request CSRF in sogo cve-assign (Jul 10)
Re: CVE Request for OpenSSH vulnerability - authentication limits bypass cve-assign (Jul 22)
Re: CVE Request: UDP checksum DoS cve-assign (Jul 01)
Re: Squid HTTP proxy CVE request cve-assign (Jul 17)
Re: CVE request: Froxlor - information leak cve-assign (Aug 07)
Re: CVE Request: October CMS - Stored XSS in image caption tag cve-assign (Jul 22)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities cve-assign (Aug 21)
Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
Re: CVE Request: PHP v7 - Code execution vulnerability cve-assign (Jul 30)
Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch cve-assign (Sep 22)
Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow cve-assign (Jul 14)
Re: CVE Request for glusterfs: fuse check return value of setuid cve-assign (Sep 04)
Re: CVE-2015-1416: vulnerability in patch(1) cve-assign (Aug 02)
Re: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection. cve-assign (Sep 18)
Re: CVE Request : Serenity Media Player Buffer Overflow cve-assign (Aug 26)
Re: CVE request: vorbis-tools: buffer overflow in aiff_open() cve-assign (Aug 30)
Re: CVE Request: Plone Unauthorized user creation cve-assign (Sep 22)
Re: Retroactive CVE request for Ruby 1.9.2-p330 cve-assign (Jul 13)
Re: Some Wordpress Plugin Stuff cve-assign (Sep 06)

Daniel Kahn Gillmor

Re: Terminal escape sequences - the new XSS for admins? Daniel Kahn Gillmor (Aug 11)

Daniel Micay

Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
Re: How serious is undefined behavior? Daniel Micay (Jul 06)
Re: Linux x86_64 NMI security issues Daniel Micay (Jul 29)
Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 22)
Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Daniel Micay (Sep 21)
Re: s/party/hack like it's 1999 Daniel Micay (Sep 26)

Daniel Wood

Re: [FD] Google Chrome Address Spoofing (Request For Comment) Daniel Wood (Jul 02)

Darren Martyn

CVE Request: SuiteCRM Post-Auth Race Condition Shell Upload Remote Code Execution. Darren Martyn (Aug 05)

Dave Chinner

Re: CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw Dave Chinner (Jul 29)

Dave Horsfall

Re: Re: Terminal escape sequences - the new XSS for admins? Dave Horsfall (Aug 12)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Dave Horsfall (Jul 25)

David Black

CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection. David Black (Sep 17)
Re: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection. David Black (Sep 20)

David Holland

Re: s/party/hack like it's 1999 David Holland (Sep 21)
Re: s/party/hack like it's 1999 David Holland (Sep 26)

David Leo

Google Chrome Address Spoofing - Google's Opinion David Leo (Jul 05)
Re: Google Chrome Address Spoofing (Request For Comment) David Leo (Jul 01)

David Meikle

[CVE-2015-3271] Apache Tika information disclosure vulnerability David Meikle (Aug 13)

David Walser

Re: CVE REJECT noise David Walser (Aug 19)

Dawa Ometto

CVE Request: gollum information disclosure vulnerability Dawa Ometto (Sep 20)

Dejan Bosanac

[ANNOUNCE] CVE-2015-1830 - Path traversal leading to unauthenticated RCE in ActiveMQ Dejan Bosanac (Aug 17)

Dianne Skoll

CVE request - remind 3.1.14 and earlier - buffer overflow Dianne Skoll (Jul 28)

Dirk Wetter

New release (2.6.) of testssl.sh Dirk Wetter (Sep 16)

Dis close

Re: CVE Request - LFI/Path Traversal in NextGen Gallery WordPress Plugin. Dis close (Sep 01)
Re: CVE Request - LFI/Path Traversal in NextGen Gallery WordPress Plugin. Dis close (Sep 01)
CVE Request - LFI/Path Traversal in NextGen Gallery WordPress Plugin. Dis close (Aug 28)
Re: CVE Request : Serenity Media Player Buffer Overflow Dis close (Aug 27)
CVE Request : Serenity Media Player Buffer Overflow Dis close (Aug 26)

Dominic Cleal

CVE-2015-5282: Foreman stored XSS in parameter hide checkbox Dominic Cleal (Sep 21)

Emmanuel Lecharny

[ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released Emmanuel Lecharny (Jul 07)

Eric Charles

Apache James Server 2.3.2 security vulnerability fixed Eric Charles (Sep 30)

FEIST Josselin

Use-after-free (and double-free) in Jasper JPEG-200 (CVE-2015-5221) FEIST Josselin (Aug 20)
CVE Request : Use-after-free in openjpeg FEIST Josselin (Sep 15)

Fernando Muñoz

Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz (Jul 10)
Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Fernando Muñoz (Jul 13)

Fiedler Roman

AW: Re: CVE request: screen stack overflow (deep recursion) Fiedler Roman (Sep 02)
Re: Security issues in LXC (CVE-2015-1331 and CVE-2015-1334) Fiedler Roman (Jul 22)

Florian Weimer

CVE-2014-8873 was fixed in DSA-3235-1 Florian Weimer (Jul 18)
Alleged libstdc++ vulnerabilities Florian Weimer (Aug 14)
Re: CVE request: uglify-js node.js module <2.4.24 incorrectly handles non-boolean comparisons during minification Florian Weimer (Aug 24)
Is CVE-2015-4650 a duplicate, leak, or just a typo? Florian Weimer (Aug 12)
Re: Re: ezmlm warning Florian Weimer (Jul 17)
nss: SSL_ImplementedCiphers ABI incompatibility may lead to incorrect cipher suites Florian Weimer (Sep 07)
Re: Re: ezmlm warning Florian Weimer (Jul 16)
CVE request: conntrackd denial of service with unusual network traffic Florian Weimer (Aug 14)
Re: CVE request: BD-J implementation in libbluray Florian Weimer (Sep 24)
Re: CVE Request for glusterfs: fuse check return value of setuid Florian Weimer (Aug 18)
Several low impact ntp.org ntpd issues Florian Weimer (Aug 25)
Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities Florian Weimer (Sep 22)
Re: CVE Request: libgcrypt hardening for RSA-CRT leak Florian Weimer (Sep 08)
CVE request: XSS vulnerability in jsoup related to incomplete tags at EOF Florian Weimer (Aug 28)
Re: Terminal escape sequences - the new XSS for admins? Florian Weimer (Aug 11)
Re: Two new vulnerabilities in BIND: CVE-2015-5722 and CVE-2015-5986 are now public Florian Weimer (Sep 03)
CVE-2015-5228 & CVE-2015-5231 in the criu service daemon Florian Weimer (Aug 25)
Re: node.js out of band write Florian Weimer (Jul 06)
Re: nss: SSL_ImplementedCiphers ABI incompatibility may lead to incorrect cipher suites Florian Weimer (Sep 09)
Re: s/party/hack like it's 1999 Florian Weimer (Sep 21)
Re: CVE Request - Go net/http library - HTTP smuggling Florian Weimer (Jul 29)
Factoring RSA Keys With TLS Perfect Forward Secrecy Florian Weimer (Sep 02)
Re: CVE-2015-1416: vulnerability in patch(1) Florian Weimer (Aug 01)
CVE request: screen stack overflow (deep recursion) Florian Weimer (Aug 31)
CVE-2015-5237: Integer overflow in protobuf serialization (currently minor) Florian Weimer (Aug 27)
Re: CVE request: urlfetch range handling flaw in Cyrus IMAP Florian Weimer (Sep 30)
CVE-2015-5232: various /tmp races in opa-fm, opa-ff Florian Weimer (Sep 22)

Fourny Dimitri

CVE Request: PHP v7 - Code execution vulnerability Fourny Dimitri (Jul 30)

François Labrèche

CVE request - simple-php-captcha - captcha bypass vulnerability François Labrèche (Aug 09)

Gengjia Chen

CVE Request: Arm Mali gpu driver Dos vulnerability Gengjia Chen (Sep 22)

Grant Murphy

[OSSA 2015-013] Glance task flow may fail to delete image from backend (CVE-2015-3289) Grant Murphy (Jul 28)
[OSSA-2015-019] Glance image status manipulation (CVE-2015-5251) Grant Murphy (Sep 22)

Grant Ridder

Re: ezmlm warning Grant Ridder (Jul 16)

Greg KH

Re: Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Greg KH (Sep 22)
Re: s/party/hack like it's 1999 Greg KH (Sep 21)
Re: Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Greg KH (Sep 23)

gremlin

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser gremlin (Jul 26)

Gsunde Orangen

Re: Re: CVE Request: UDP checksum DoS Gsunde Orangen (Jul 10)

Guanxing Wen

Re: CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen (Aug 18)
CVE Request: PCRE Library Heap Overflow in compile_regex() Guanxing Wen (Aug 23)
CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen (Aug 05)

Gustavo Grieco

DoS in libtiff Gustavo Grieco (Sep 21)
Multiple memory corruptions caused by uninitialized values in JasPer 1.900 Gustavo Grieco (Aug 26)
CVE Request: Buffer overflow in global memory affecting optipng 0.7.5 Gustavo Grieco (Sep 23)
Out of bounds read using malformed tar archive in GNU Tar and BSD Tar Gustavo Grieco (Aug 31)
Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) Gustavo Grieco (Aug 16)
Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
Re: DoS in libtiff Gustavo Grieco (Sep 23)
CVE Request: gdk-pixbuf heap overflow and DoS Gustavo Grieco (Jul 17)
Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 07)
Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
Out-of-bounds read in wget and curl using CVE-2015-2059 Gustavo Grieco (Jul 06)
CVE Request: Use-after-free in optipng 0.6.4 Gustavo Grieco (Sep 16)

Hanno Böck

Re: Heap overflow and DoS in unzip 6.0 Hanno Böck (Sep 15)
How serious is undefined behavior? Hanno Böck (Jul 06)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Hanno Böck (Jul 26)
Re: Out of bounds read using malformed tar archive in GNU Tar and BSD Tar Hanno Böck (Aug 31)

Hector Marco-Gisbert

Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib Hector Marco-Gisbert (Jul 03)
CVE Request: Glibc Pointer guarding weakness Hector Marco-Gisbert (Sep 05)

Henri Salo

CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities Henri Salo (Aug 04)
CVE request: Easy!Appointments 1.0 Missing HTTPOnly flag Henri Salo (Jul 27)
CVE request: WordPress plugin sp-client-document-manager Blind SQL Injection Henri Salo (Jul 16)
CVE request: Zenphoto before 1.4.9 multiple vulnerabilities Henri Salo (Jul 16)
CVE request: WordPress 4.2.2 and earlier cross-site scripting vulnerability Henri Salo (Jul 23)
CVE request: Easy!Appointments 1.0 cross-site scripting vulnerability Henri Salo (Jul 27)
CVE request: Easy!Appointments 1.0 Cross-Site Request Forgery and Insufficiently Protected Credentials vulnerabilities Henri Salo (Jul 27)
Re: WP Slimstat < 4.1.6 - Referer Header XSS Henri Salo (Aug 02)

Huzaifa Sidhpurwala

Pending CVE requests for glibc Huzaifa Sidhpurwala (Sep 08)
Re: Re: CVE Request Qemu: net: e1000 infinite loop issue Huzaifa Sidhpurwala (Sep 06)
CVE Request: Information disclosure in pcre Huzaifa Sidhpurwala (Aug 03)
CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Huzaifa Sidhpurwala (Jul 30)
Re: CVE Request: gdk-pixbuf heap overflow and DoS Huzaifa Sidhpurwala (Aug 13)
CVE Request: Memory corruption in libvncserver < 0.9.8 Huzaifa Sidhpurwala (Sep 02)
Re: CVE Request: Information disclosure in pcre Huzaifa Sidhpurwala (Aug 03)
Re: Re: CVE Request Qemu: net: e1000 infinite loop issue Huzaifa Sidhpurwala (Sep 07)
CVE Request: squid: Nonce replay vulnerability in Digest authentication Huzaifa Sidhpurwala (Sep 30)
Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Huzaifa Sidhpurwala (Aug 03)

ISC Security Officer

Two new vulnerabilities in BIND: CVE-2015-5722 and CVE-2015-5986 are now public ISC Security Officer (Sep 02)
Re: Is CVE-2015-4650 a duplicate, leak, or just a typo? ISC Security Officer (Aug 12)

Ivan Novikov

CVE request: Ganglia-web auth bypass Ivan Novikov (Sep 04)

Jamie Strandboge

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Jamie Strandboge (Jul 23)

Jan Kara

CVE-2015-5706: kernel: Use-after-free in path lookup Jan Kara (Aug 17)

Jann Horn

Re: TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow Jann Horn (Jul 09)
OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Jann Horn (Sep 02)

Jan Rusnacko

Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Jan Rusnacko (Jul 28)

Jason A. Donenfeld

Re: siege: off-by-one in load_conf() Jason A. Donenfeld (Jul 20)
Re: Linux x86_64 NMI security issues Jason A. Donenfeld (Aug 04)
Re: CVE Request for OpenSSH vulnerability - authentication limits bypass Jason A. Donenfeld (Jul 22)

Jason Buberel

CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Jul 29)
Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 12)
Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Jul 29)
Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 10)
Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 04)
Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 12)
Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 06)

jean-marie.bourbon () armaturetech com

TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow jean-marie.bourbon () armaturetech com (Jul 06)

Jeff Collins

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Jeff Collins (Jul 27)

Jeremy Stanley

Re: CVE for crypto_get_random() from libsrtp Jeremy Stanley (Aug 11)
Re: CVE for crypto_get_random() from libsrtp Jeremy Stanley (Aug 11)

Jing Wang

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug Jing Wang (Aug 30)
VuFind 1.0 Web Application Reflected XSS (Cross-site Scripting) 0-Day Bug Security Issue Jing Wang (Sep 25)
Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug Jing Wang (Aug 30)

Joe Bowser

CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Joe Bowser (Sep 22)

John Haxby

Re: How serious is undefined behavior? John Haxby (Jul 06)

Jonathan Salwan

Samsung S4 (GT-I9500) multiple kernel vulnerabilities Jonathan Salwan (Sep 21)

Jonathan Wakely

Re: Alleged libstdc++ vulnerabilities Jonathan Wakely (Aug 14)
Re: Alleged libstdc++ vulnerabilities Jonathan Wakely (Aug 14)

Josh Boyer

Re: Linux x86_64 NMI security issues Josh Boyer (Jul 24)

Joshua Rogers

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Joshua Rogers (Jul 24)
Re: A new class of security vulns? Joshua Rogers (Jul 30)

Jouni Malinen

hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation Jouni Malinen (Jul 08)

Juan Broullón

Re: CVE Request : CSRF in IPython/Jupyter notebook Tree. Juan Broullón (Sep 02)

Julien Cristau

Re: CVE-2015-5239 Qemu: vnc infinite loop issue Julien Cristau (Sep 02)

Justin Bull

Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Justin Bull (Sep 16)
CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Justin Bull (Sep 06)

Kiall Mac Innes

CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Kiall Mac Innes (Jul 28)
Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Kiall Mac Innes (Jul 28)
Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Kiall Mac Innes (Jul 29)

king cope

CVE Request for OpenSSH vulnerability - authentication limits bypass king cope (Jul 21)

Kuang-che Wu

Re: CVE request: screen stack overflow (deep recursion) Kuang-che Wu (Sep 03)

Kurt Grutzmacher

Re: CVE-2015-6584: XSS in DataTables Kurt Grutzmacher (Sep 15)

Kurt Seifried

CVE REJECT CVE-2015-5192/CVE-2015-5193 Kurt Seifried (Aug 18)
Re: CVE REJECT noise Kurt Seifried (Aug 19)
CVE-2015-3208 hornetq: XXE/SSRF in XPath selector Kurt Seifried (Jul 23)
Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)
Re: Linux x86_64 NMI security issues Kurt Seifried (Jul 22)
Re: CVE-2015-5239 Qemu: vnc infinite loop issue Kurt Seifried (Sep 02)
Re: CVE request for saltstack Kurt Seifried (Aug 13)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Kurt Seifried (Jul 23)
Terminal escape sequences - the new XSS for admins? Kurt Seifried (Aug 11)
Re: CVE request - Processor side channels using out of order execution Kurt Seifried (Aug 19)
Processor side channels using out of order execution Kurt Seifried (Aug 11)
CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw Kurt Seifried (Jul 23)
Audit: log terminal emulator escape sequences handling CVE-2015-5186 Kurt Seifried (Aug 13)
A new class of security vulns? Kurt Seifried (Jul 30)
Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)
please REJECT CVE-2015-3199 Kurt Seifried (Jul 04)
Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Kurt Seifried (Sep 17)
CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference Kurt Seifried (Aug 20)
CVE request for saltstack Kurt Seifried (Aug 13)
CVE REJECT CVE-2015-3287 Kurt Seifried (Sep 01)

Kyle Kelley

Re: CVE Request : CSRF in IPython/Jupyter notebook Tree. Kyle Kelley (Sep 09)
CVE request: IPython CSRF validation Kyle Kelley (Jul 12)
Re: CVE request: IPython CSRF validation Kyle Kelley (Jul 21)

Larry Cashdollar

Re: CVE Request Blind SQL Injection in wordpress plugin dukapress v2.5.9 Larry Cashdollar (Sep 06)

Larry W Cashdollar

CVE Request Blind SQL Injection in wordpress plugin dukapress v2.5.9 Larry W Cashdollar (Aug 22)

Larry W. Cashdollar

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar (Jul 06)
Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Larry W. Cashdollar (Jul 12)
SQL Injection in easy2map-photos wordpress plugin v1.09 Larry W. Cashdollar (Jul 08)
SQL Injection in easy2map wordpress plugin v1.24 Larry W. Cashdollar (Jul 02)
Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Larry W. Cashdollar (Jul 08)
Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Larry W. Cashdollar (Jul 09)
Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Larry W. Cashdollar (Jul 09)
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 16)
Remote file download vulnerability in recent-backups v0.7 wordpress plugin Larry W. Cashdollar (Jul 14)
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin Larry W. Cashdollar (Jul 16)
Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Larry W. Cashdollar (Jul 26)
Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Larry W. Cashdollar (Jul 06)
Re: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Larry W. Cashdollar (Jul 16)
Remote file download vulnerability in Wordpress Plugin image-export v1.1 Larry W. Cashdollar (Jul 13)

Leif Nixon

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 23)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 24)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 24)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 25)

Loren

Re: [oCERT-2015-009] VLC arbitrary pointer dereference Loren (Aug 20)

Luca Bruno

Re: node.js out of band write Luca Bruno (Jul 07)

Luca Carettoni

The Census Project (CII) Luca Carettoni (Jul 11)

Luis Henriques

Re: Re: Linux x86_64 NMI security issues Luis Henriques (Jul 28)

Luke Faraone

CVE-2015-0854: Insecure use of system() in shutter Luke Faraone (Sep 13)
CVE-2015-0853: insecure use of os.system() in svn-workbench Luke Faraone (Sep 13)

MacCarthaigh, Colm

Re: CVE Request: AWS s2n MacCarthaigh, Colm (Jul 16)

mala

CVE request: Flash based XSS in FileAPI.flash.swf mala (Sep 12)

mancha

Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) mancha (Aug 21)
Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) mancha (Aug 27)
Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) mancha (Aug 16)
Re: Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 23)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser mancha (Jul 24)
OpenSSL CVE-2015-1793 tester (alt.chain.fail) mancha (Jul 09)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser mancha (Jul 27)
Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) mancha (Aug 17)
Re: Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 23)
Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 22)

Manuel Gómez

Re: s/party/hack like it's 1999 Manuel Gómez (Sep 17)

Marc Deslauriers

CVE Request: 2 FreeType issues Marc Deslauriers (Sep 11)
CVE Request: SQLite array overrun in the skip-scan optimization Marc Deslauriers (Jul 14)

Marcus Meissner

Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
Re: CVE Request: more php unserializing issues Marcus Meissner (Aug 31)
CVE Request: Wireshark 1.12.7 Marcus Meissner (Sep 08)
CVE Request: more php unserializing issues Marcus Meissner (Aug 19)
CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
Re: CVE Request: more php unserializing issues Marcus Meissner (Aug 31)
CVE Request: PHP remote exploits (even more) Marcus Meissner (Sep 07)
Re: CVE Request: Wireshark 1.12.7 Marcus Meissner (Sep 08)
CVE Request: libgcrypt hardening for RSA-CRT leak Marcus Meissner (Sep 08)

Marina Glancy

moodle security announcements Marina Glancy (Jul 12)
Moodle security release Marina Glancy (Sep 20)

Mark Andrews

Re: Two new vulnerabilities in BIND: CVE-2015-5722 and CVE-2015-5986 are now public Mark Andrews (Sep 03)

Mark Felder

Re: node.js out of band write Mark Felder (Jul 06)
Re: Several low impact ntp.org ntpd issues Mark Felder (Aug 25)
Re: libav: divide-by-zero in ff_h263_decode_mba() Mark Felder (Jul 16)
Re: CVE Request: use after free in PHP 5.6 and 7 (possibly others) Mark Felder (Jul 16)
Re: Squid HTTP proxy CVE request Mark Felder (Jul 17)
Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) Mark Felder (Aug 24)
Re: Heap overflow and DoS in unzip 6.0 Mark Felder (Sep 17)
Re: CVE Request: Use-after-free in optipng 0.6.4 Mark Felder (Sep 17)
Re: CVE-2015-1416: vulnerability in patch(1) Mark Felder (Aug 01)
node.js out of band write Mark Felder (Jul 05)
Re: CVE-2015-1416: vulnerability in patch(1) Mark Felder (Aug 01)
Re: CVE-2015-0854: Insecure use of system() in shutter Mark Felder (Sep 17)
Re: Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow Mark Felder (Jul 12)

Markus Vervier

CVE Request: AWS s2n Markus Vervier (Jul 14)
Re: CVE Request: AWS s2n Markus Vervier (Jul 14)
Re: CVE Request: AWS s2n Markus Vervier (Jul 22)

Martin Carpenter

CVE request: ansible zone/chroot/jail escape Martin Carpenter (Jul 14)

Martino Dell'Ambrogio

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Martino Dell'Ambrogio (Jul 24)

Martin Prpic

CVE-2015-6584: XSS in DataTables Martin Prpic (Sep 15)
CVE request: zarafa-autorespond suffers from a potential local privilege escalation Martin Prpic (Sep 21)
CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding Martin Prpic (Aug 10)
CVE request: urlfetch range handling flaw in Cyrus IMAP Martin Prpic (Sep 29)
Re: Re: CVE Request - Go net/http library - HTTP smuggling Martin Prpic (Aug 06)
Duplicate Wireshark CVEs? Martin Prpic (Aug 10)

Matthias Bussonnier

CVE Request : CSRF in IPython/Jupyter notebook Tree. Matthias Bussonnier (Sep 02)

Michael McNally

[BIND] CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure Michael McNally (Jul 28)
Re: Is CVE-2015-4650 a duplicate, leak, or just a typo? Michael McNally (Aug 14)

Michael Samuel

Re: CVE for crypto_get_random() from libsrtp Michael Samuel (Aug 20)
Re: CVE for crypto_get_random() from libsrtp Michael Samuel (Aug 01)

Michal Zalewski

Re: Terminal escape sequences - the new XSS for admins? Michal Zalewski (Aug 31)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Michal Zalewski (Jul 25)
Re: Terminal escape sequences - the new XSS for admins? Michal Zalewski (Aug 31)
Re: Terminal escape sequences - the new XSS for admins? Michal Zalewski (Aug 17)

Michele Spagnuolo

Multiple memory corruption vulnerabilities in SoX 14.4.2 Michele Spagnuolo (Jul 22)

MinRK

CVE Request: Maliciously crafted text files in IPython/Jupyter editor MinRK (Sep 16)
Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor MinRK (Sep 22)

Moein Ghasemzadeh

Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Moein Ghasemzadeh (Sep 22)

Moritz Jodeit

Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Moritz Jodeit (Aug 12)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Moritz Jodeit (Aug 12)
CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Moritz Jodeit (Aug 11)

Moritz Muehlenhoff

Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released Moritz Muehlenhoff (Jul 07)
Re: hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation Moritz Muehlenhoff (Aug 16)

Moritz Mühlenhoff

Re: CVE request: 2 issues in inspircd Moritz Mühlenhoff (Aug 15)

Mustafa Al-Bassam

Re: [FD] Google Chrome Address Spoofing (Request For Comment) Mustafa Al-Bassam (Jul 02)

Nathan Van Gheem

CVE Request: Plone Privilege Escalation Nathan Van Gheem (Sep 19)
CVE Request: Plone header injection Nathan Van Gheem (Sep 19)
CVE Request: Plone Unauthorized user creation Nathan Van Gheem (Sep 19)
CVE Request: Plone XSS Nathan Van Gheem (Sep 19)

Nicolas Grégoire

CSRF to RCE in Jenkins Nicolas Grégoire (Sep 01)

Nitin Venkatesh

CVE Request - Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Nitin Venkatesh (Jul 25)
CVE Request - Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 Nitin Venkatesh (Jul 10)
CVE Request - Arbitrary File Download vulnerability in WP Attachment Export Wordpress Plugin v0.2.3 Nitin Venkatesh (Jul 15)
CVE Request - Open Redirect Vulnerability in StageShow Wordpress Plugin v5.0.8 Nitin Venkatesh (Jul 05)
CVE Request - Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14 Nitin Venkatesh (Jul 25)
CVE Request - Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 (and certain versions of v2.1.3 - prior to June 3, 2015) Nitin Venkatesh (Jul 19)
CVE Request - Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 Nitin Venkatesh (Jul 21)

Noel Kuntze

Re: Several low impact ntp.org ntpd issues Noel Kuntze (Aug 25)

Olaf Kirch

Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Olaf Kirch (Sep 18)

oss-security-list

CVE request: Froxlor - information leak oss-security-list (Jul 29)

Pali Rohár

DoS attack through Email-Address perl module v1.907 (CVE id request) Pali Rohár (Sep 27)

pcheng pcheng

CVE-2015-0852 [FreeImage] Integer overflow in PluginPCX.cpp pcheng pcheng (Aug 27)
CVE request: vorbis-tools: buffer overflow in aiff_open() pcheng pcheng (Aug 28)

Pengsu Cheng

CVE request: libgpf: use-after-free vulnerability in Decoder.cpp Pengsu Cheng (Aug 19)

Pere Orga

Re: CVEs requests for Drupal Core (SA-CORE-2015-003) Pere Orga (Aug 27)
CVEs requests for Drupal Core (SA-CORE-2015-003) Pere Orga (Aug 21)
Re: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) Pere Orga (Sep 02)
CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131) Pere Orga (Jul 04)

Petr Matousek

Re: Linux x86_64 NMI security issues Petr Matousek (Jul 23)
Re: Linux x86_64 NMI security issues Petr Matousek (Jul 23)

Philip Pettersson

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Philip Pettersson (Jul 23)

Pieter Lexis

Follow up: PowerDNS Security Advisory 2015-01 Pieter Lexis (Jul 07)
PowerDNS Security Advisory 2015-02 Pieter Lexis (Sep 02)

P J P

CVE-2015-5239 Qemu: vnc infinite loop issue P J P (Sep 02)
CVE Request Qemu: net: e1000 infinite loop issue P J P (Sep 04)
CVE-2015-5158 Qemu: scsi stack buffer overflow P J P (Jul 23)
Re: CVE REJECT noise P J P (Aug 20)
CVE request Qemu: ide: divide by zero issue P J P (Sep 09)
CVE request: Qemu: buffer overflow in virtio-serial P J P (Aug 06)
Re: CVE-2015-5239 Qemu: vnc infinite loop issue P J P (Sep 02)
CVE request Qemu: net: virtio-net possible remote DoS P J P (Sep 18)
CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers P J P (Sep 15)
CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue P J P (Aug 21)
Re: CVE request Qemu: ide: divide by zero issue P J P (Sep 10)
CVE-2015-5278 Qemu: net: avoid infinite loop when receiving packets P J P (Sep 15)

Qinghao Tang

Re: CVE request Qemu: ide: divide by zero issue Qinghao Tang (Sep 11)
CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability Qinghao Tang (Sep 16)
Re: Re: CVE Request Qemu: net: e1000 infinite loop issue Qinghao Tang (Sep 07)
Re: CVE Request Qemu: net: e1000 infinite loop issue Qinghao Tang (Sep 05)

Qualys Security Advisory

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 23)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 31)
CVE-2015-5224 login-utils: file name collision due to incorrect mkstemp use Qualys Security Advisory (Aug 24)

Randy Barlow

Pulp 2.6.4 released for CVE-2015-5263 Randy Barlow (Sep 24)

Raphael Geissert

Re: CVE request: Ganglia-web auth bypass Raphael Geissert (Sep 07)
Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) Raphael Geissert (Aug 17)

Reed Black

Re: Squid HTTP proxy CVE request Reed Black (Jul 09)

Reed Loden

Re: CVE request: Command injection in ruby gem ruby-saml <1.0.0 Reed Loden (Aug 02)
Re: CVE REJECT noise Reed Loden (Aug 19)
CVE request: UnrealIRCd crash issue if SASL is enabled Reed Loden (Aug 16)
Re: CVE request: uglify-js node.js module <2.4.24 incorrectly handles non-boolean comparisons during minification Reed Loden (Aug 24)
Re: CVE request: uglify-js node.js module <2.4.24 incorrectly handles non-boolean comparisons during minification Reed Loden (Aug 24)
CVE request: XEE in ruby gem ruby-saml <1.0.0 Reed Loden (Jul 09)
Re: CVE request: XEE in ruby gem ruby-saml <1.0.0 Reed Loden (Aug 02)
CVE request: Multiple spree ruby gems vulnerabilities (across multiple versions) Reed Loden (Aug 02)
Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Reed Loden (Jul 29)
Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Reed Loden (Jul 29)
Re: Re: ezmlm warning Reed Loden (Jul 16)
CVE request: uglify-js node.js module <2.4.24 incorrectly handles non-boolean comparisons during minification Reed Loden (Aug 24)
Re: Re: ezmlm warning Reed Loden (Jul 16)
CVE request: Command injection in ruby gem ruby-saml <1.0.0 Reed Loden (Jul 09)
CVE request: Multiple XSS and CSRF vulnerabilities in sidekiq ruby gem Reed Loden (Jul 31)
CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Reed Loden (Jul 28)

Responsive Disclosure | HSASec

CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without authentication Responsive Disclosure | HSASec (Jul 02)
CVE request: persistent XSS in Wordpress Plugin NewStatPress v.1.0.3 Responsive Disclosure | HSASec (Jul 01)

Rich Felker

Re: s/party/hack like it's 1999 Rich Felker (Sep 29)
Re: s/party/hack like it's 1999 Rich Felker (Sep 19)

Robert Święcki

Re: Re: Terminal escape sequences - the new XSS for admins? Robert Święcki (Aug 12)

Roney Gomes

Re: [FD] Google Chrome Address Spoofing (Request For Comment) Roney Gomes (Jul 01)

Ryan King

Newsletter Plugin for WordPress Unvalidated Redirects and Forwards URL Vulnerability - CVE Request Ryan King (Jul 03)

Salvatore Bonaccorso

CVE Request: devscripts: licensecheck: arbitrary shell command injection Salvatore Bonaccorso (Jul 31)
CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user Salvatore Bonaccorso (Sep 04)
Re: CVEs requests for Drupal Core (SA-CORE-2015-003) Salvatore Bonaccorso (Aug 26)
Re: CVE-2015-3258 CVE-2015-3279 cups-filters Salvatore Bonaccorso (Jul 03)
CVE Request: kmail: Attachments are not encrypted when "automatic encryption" is selected Salvatore Bonaccorso (Jul 15)
Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch Salvatore Bonaccorso (Sep 21)
Re: CVE-2015-3258 CVE-2015-3279 cups-filters Salvatore Bonaccorso (Jul 03)
Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding Salvatore Bonaccorso (Aug 14)
Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment Salvatore Bonaccorso (Sep 13)
CVE Request: OpenLDAP: ber_get_next denial of service vulnerability Salvatore Bonaccorso (Sep 10)
CVE Request: Request Tracker: cross-site scripting in cryptography interface Salvatore Bonaccorso (Aug 13)

Sam Pizzey

[CVE Request] WP Slimstat < 4.1.6 - Referer Header XSS Sam Pizzey (Jul 29)

Scott Arciszewski

Re: A new class of security vulns? Scott Arciszewski (Jul 30)
Some Wordpress Plugin Stuff Scott Arciszewski (Sep 05)
Re: CVE for crypto_get_random() from libsrtp Scott Arciszewski (Jul 31)

Seaman, Chad

Re: CVE request: persistent XSS in Wordpress Plugin NewStatPress v.1.0.3 Seaman, Chad (Jul 01)

Seth Arnold

CVE Request: ippusbxd Seth Arnold (Aug 10)
Re: Re: CVE Request for glusterfs: fuse check return value of setuid Seth Arnold (Sep 04)
Re: siege: off-by-one in load_conf() Seth Arnold (Jul 14)

sfjro

Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch sfjro (Sep 18)
Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch sfjro (Sep 10)

Shannon Sabens

Re: CVE Request: Information disclosure in pcre Shannon Sabens (Aug 12)

Siddharth Sharma

Re: Duplicate Wireshark CVEs? Siddharth Sharma (Aug 11)
CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced Siddharth Sharma (Aug 27)
CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Aug 18)
Re: CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Sep 02)
Re: CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Aug 25)

Simon McVittie

Re: TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow Simon McVittie (Jul 06)

Solar Designer

Re: Linux x86_64 NMI security issues Solar Designer (Jul 22)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Solar Designer (Jul 29)
CVE-2015-3281 HAProxy information leak vulnerability Solar Designer (Jul 07)
Re: CVE request - simple-php-captcha - captcha bypass vulnerability Solar Designer (Aug 17)
Re: ezmlm warning Solar Designer (Jul 16)
Re: How serious is undefined behavior? Solar Designer (Jul 06)
Re: CVE request for saltstack Solar Designer (Aug 13)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Solar Designer (Aug 12)
Re: [BIND] CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure Solar Designer (Jul 28)
Re: Terminal escape sequences - the new XSS for admins? Solar Designer (Aug 17)
Re: CVE request - simple-php-captcha - captcha bypass vulnerability Solar Designer (Aug 09)
Re: How serious is undefined behavior? Solar Designer (Jul 12)
Re: Linux x86_64 NMI security issues Solar Designer (Jul 29)
Re: CVE request: screen stack overflow (deep recursion) Solar Designer (Sep 03)
Re: s/party/hack like it's 1999 Solar Designer (Sep 19)
Re: s/party/hack like it's 1999 Solar Designer (Sep 19)
Re: Multiple memory corruption vulnerabilities in SoX 14.4.2 Solar Designer (Jul 22)
Re: CVE request - Processor side channels using out of order execution Solar Designer (Aug 19)
Re: CVE request - Processor side channels using out of order execution Solar Designer (Aug 12)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Solar Designer (Aug 12)
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Solar Designer (Aug 13)
Re: Security issues in LXC (CVE-2015-1331 and CVE-2015-1334) Solar Designer (Jul 22)
Re: CVE request: screen stack overflow (deep recursion) Solar Designer (Sep 02)
CVE REJECT noise Solar Designer (Aug 19)
Re: Re: ezmlm warning Solar Designer (Jul 18)
Re: CVE REJECT noise Solar Designer (Aug 19)
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Solar Designer (Jul 29)

sophia

Re: CVE request - Processor side channels using out of order execution sophia (Aug 19)
CVE request - Processor side channels using out of order execution sophia (Aug 12)
Re: CVE request - Processor side channels using out of order execution sophia (Aug 12)
Re: CVE request - Processor side channels using out of order execution sophia (Aug 19)
Re: CVE request - Processor side channels using out of order execution sophia (Aug 19)

sreepriya

CVE Request: ATutor LMS Version 2.2 with stored XSS and file upload issue sreepriya (Aug 12)

Stefan Castille

CVE Request for sogO Open Source Groupware (www.sogo.nu) Stefan Castille (Jul 07)
CVE request CSRF in sogo Stefan Castille (Jul 07)

Stefan Cornelius

Re: CVE Request: Use-after-free in optipng 0.6.4 Stefan Cornelius (Sep 19)
Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 21)
Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Stefan Cornelius (Jul 06)
Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Stefan Cornelius (Jul 30)
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Jul 30)
Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 15)
Re: CVE-2015-3258 CVE-2015-3279 cups-filters Stefan Cornelius (Jul 03)
Re: CVE-2015-5155 - openslp 1.2.1 ParseExtension() DoS vulnerability Stefan Cornelius (Sep 19)
Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Stefan Cornelius (Jul 06)

Stephane Chazelas

Re: Terminal escape sequences - the new XSS for admins? Stephane Chazelas (Aug 11)

Stephan Wiesand

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Stephan Wiesand (Jul 24)

Steve Dickson

Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)

Steve Grubb

Re: Re: Terminal escape sequences - the new XSS for admins? Steve Grubb (Aug 11)
Re: Terminal escape sequences - the new XSS for admins? Steve Grubb (Aug 11)

Stuart Henderson

Re: Re: Duplicate Wireshark CVEs? Stuart Henderson (Aug 14)

Thomas D.

Re: Re: Linux x86_64 NMI security issues Thomas D. (Aug 10)

Tim Brown

Re: Re: [FD] Google Chrome Address Spoofing (Request For Comment) Tim Brown (Jul 02)

Tim Graham

[ANNOUNCE] Django security releases issued (1.4.21, 1.7.9, and 1.8.3) Tim Graham (Jul 08)
[ANNOUNCE] Django security releases issued (1.4.22, 1.7.10, and 1.8.4) Tim Graham (Aug 18)

Tim Waugh

Re: CVE-2015-3258 CVE-2015-3279 cups-filters Tim Waugh (Jul 03)

Tomas Hoger

Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; Tomas Hoger (Jul 21)
Re: CVE Request: Graphviz format string vuln Tomas Hoger (Jul 17)
Re: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203) Tomas Hoger (Aug 17)

Tony Arcieri

Retroactive CVE request for Ruby 1.9.2-p330 Tony Arcieri (Jul 13)

Tristan Cacqueray

[OSSA 2015-017] Nova may fail to delete images in resize state (CVE-2015-3280) Tristan Cacqueray (Sep 01)
[OSSA 2015-018] Neutron firewall rules bypass through port update (CVE-2015-5240) Tristan Cacqueray (Sep 08)
[OSSA 2015-015] Nova instance migration process does not stop when instance is deleted (CVE-2015-3241) Tristan Cacqueray (Aug 25)
[OSSA 2015-014] Glance v2 API host file disclosure through qcow2 backing file (CVE-2015-5163) Tristan Cacqueray (Aug 13)
[OSSA 2015-016] Information leak via Swift tempurls (CVE-2015-5223) Tristan Cacqueray (Aug 26)

Tyler Hicks

Re: Security issue in Linux Kernel Keyring (CVE-2015-1333) Tyler Hicks (Jul 28)
Security issues in LXC (CVE-2015-1331 and CVE-2015-1334) Tyler Hicks (Jul 22)
Security issue in Linux Kernel Keyring (CVE-2015-1333) Tyler Hicks (Jul 27)
Re: RE: strings /libbfd crash Tyler Hicks (Jul 31)
CVE Request: libbfd in binutils (was: strings /libbfd crash) Tyler Hicks (Aug 12)
Security issue in LXC (CVE-2015-1335) Tyler Hicks (Sep 29)

up201407890

s/party/hack like it's 1999 up201407890 (Sep 17)
Re: s/party/hack like it's 1999 up201407890 (Sep 18)

us3r777

CVE requests - Contact Form 7, eZPublish (EZSA-2015-001), Prestashop us3r777 (Sep 22)

Valentinas Bakaitis

Re: Google Chrome Address Spoofing (Request For Comment) Valentinas Bakaitis (Jul 01)

Vasyl Kaigorodov

CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; Vasyl Kaigorodov (Jul 17)
Re: CVE request: pure-ftpd denial of service in glob_() Vasyl Kaigorodov (Jul 09)
CVE request: mktexlsr/texlive: insecure use of /tmp Vasyl Kaigorodov (Jul 28)

Velmurugan Periasamy

CVEs fixed in Ranger 0.5 Velmurugan Periasamy (Aug 05)

VeraCrypt Team

CVE Request - TrueCrypt 7.1a and VeraCrypt 1.14 Local Elevation of Privilege VeraCrypt Team (Sep 22)

Victor Pereira

Re: CVE request for wget Victor Pereira (Sep 09)

Wade Mealing

CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD Wade Mealing (Aug 17)
CVE-2015-5156 : virt-io max-skb-frags heap overflow. Wade Mealing (Aug 05)
CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. Wade Mealing (Aug 17)

William Robinet

CVE-2015-3228 - Ghostscript - Integer overflow William Robinet (Jul 23)

Xen . org security team

Xen Security Advisory 141 (CVE-2015-6654) - printk is not rate-limited in xenmem_add_to_physmap_one Xen . org security team (Sep 01)
Xen Security Advisory 139 (CVE-2015-5166) - Use after free in QEMU/Xen block unplug protocol Xen . org security team (Aug 03)
Xen Security Advisory 137 (CVE-2015-3259) - xl command line config handling stack overflow Xen . org security team (Jul 07)
Xen Security Advisory 142 - libxl fails to honour readonly flag on disks with qemu-xen Xen . org security team (Sep 22)
Xen Security Advisory 138 (CVE-2015-5154) - QEMU heap overflow flaw while processing certain ATAPI commands. Xen . org security team (Jul 27)
Xen Security Advisory 140 (CVE-2015-5165) - QEMU leak of uninitialized heap memory in rtl8139 device model Xen . org security team (Aug 03)
Xen Security Advisory 142 (CVE-2015-7311) - libxl fails to honour readonly flag on disks with qemu-xen Xen . org security team (Sep 22)

Xi Wang

Re: How serious is undefined behavior? Xi Wang (Jul 13)

Yann Ylavic

Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released Yann Ylavic (Jul 07)

z80

Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser z80 (Jul 29)

Zak Siddiqui

RE: Google Chrome Address Spoofing (Request For Comment) Zak Siddiqui (Jul 01)

牛保龙

CVE request - php 7 use after free 牛保龙 (Aug 12)

Previous period

Next period