oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

738 messages starting Jan 25 16 and ending Mar 14 16
Date index | Thread index | Author index

Aaron Patterson

[CVE-2015-7580] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson (Jan 25)
[CVE-2015-7579] XSS vulnerability in rails-html-sanitizer Aaron Patterson (Jan 25)
[CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. Aaron Patterson (Jan 25)
[CVE-2016-0752] Possible Information Leak Vulnerability in Action View Aaron Patterson (Jan 25)
[CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Aaron Patterson (Jan 25)
[CVE-2016-0753] Possible Input Validation Circumvention in Active Model Aaron Patterson (Jan 25)
[CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. Aaron Patterson (Jan 25)
[CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson (Jan 25)
[CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson (Jan 25)

Adam Caudill

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill (Mar 05)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill (Mar 04)

Adam D. Barratt

Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Adam D. Barratt (Mar 03)

Adam Jacobs

RE: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Adam Jacobs (Jan 27)

Adam Maris

CVE request: Heap buffer overflow in pcretest Adam Maris (Feb 29)

Alan Coopersmith

Re: Access to /dev/pts devices via pt_chown and user namespaces Alan Coopersmith (Feb 23)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith (Mar 06)
Re: [Pixman] create_bits(): Cast the result of height * stride to size_t Alan Coopersmith (Feb 25)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith (Mar 09)

Albert Astals Cid

Re: KDE Plasma vulnerability: need CVE Albert Astals Cid (Feb 09)
KDE Plasma vulnerability: need CVE Albert Astals Cid (Feb 09)

Alexander Cherepanov

Re: Fwd: FFmpeg: stealing local files with HLS+concat Alexander Cherepanov (Jan 13)
Re: snprintf return value misuse in a lot of projects Alexander Cherepanov (Feb 13)

Alexander E. Patrakov

Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)

Alex Gaynor

STARTTLS for this list? Alex Gaynor (Feb 11)

Amos Jeffries

Re: Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service Amos Jeffries (Feb 16)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Amos Jeffries (Mar 06)
CVE request: Squid HTTP Caching Proxy multiple denial of service issues Amos Jeffries (Feb 24)
CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service Amos Jeffries (Feb 15)

anarcat

Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression anarcat (Feb 05)
Re: CVE request: out-of-bounds write with cpio 2.11 anarcat (Jan 29)

Andrea Di Pasquale

ArpON (ARP handler inspection) 3.0-ng release Andrea Di Pasquale (Jan 30)

Andreas Dilger

Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger (Mar 29)
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger (Mar 31)

Andreas Lindh

CVE request for Media Player Classic Andreas Lindh (Feb 10)

Andreas Stieger

CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access Andreas Stieger (Feb 09)
Re: Socat security advisory 7 - Created new 2048bit DH modulus Andreas Stieger (Feb 04)
Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)

Andrew Gallagher

Re: Prime example of a can of worms Andrew Gallagher (Jan 21)

Andy Lutomirski

CVE Request: x86 Linux TLB flush bug Andy Lutomirski (Jan 24)
Partial SMAP bypass on 64-bit Linux kernels Andy Lutomirski (Feb 26)

Arshan Dabirsiaghi

CVE request: Kryo (Java serialization API) Arshan Dabirsiaghi (Mar 01)

Art Manion

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion (Mar 04)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion (Mar 10)

Arun Suresh

CVE-2015-1776: Apache Hadoop MapReduce, disclosure of encrypted data Arun Suresh (Feb 15)

Asbjorn Hojmark

Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Asbjorn Hojmark (Jan 28)

Ask Bjørn Hansen

Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Ask Bjørn Hansen (Jan 28)

Aurelien Jarno

Re: pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] Aurelien Jarno (Feb 28)

Austin English

Re: Re: CVE request for wget Austin English (Feb 18)

Balint Reczey

Re: Address Sanitizer local root Balint Reczey (Feb 18)

Bart de Water

CVE request: DoS vulnerability in Ruby gem Paperclip Bart de Water (Mar 14)

Bart van Tuil

Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil (Jan 18)
Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil (Jan 19)

Benjamin Daniel Mussler

CVE Request: Vtiger CRM 6.4 Authenticated Remote Code Execution Benjamin Daniel Mussler (Jan 12)

Ben Pfaff

CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch Ben Pfaff (Mar 28)

Bob Beck

Re: Re: CVE's for SSLv2 support Bob Beck (Mar 01)
Re: Re: CVE's for SSLv2 support Bob Beck (Mar 01)

Bob Friesenhahn

Re: Re: CVE-Request - GNU Awk. Bob Friesenhahn (Mar 14)

Boyle, Stephen V.

RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Boyle, Stephen V. (Mar 09)

Brian May

imagemagick: request for CVEs Brian May (Feb 22)

Brian Wallace

CVE Request - Multiple remote command injection vulnerabilities in Veil-Evasion RPC Brian Wallace (Mar 31)

Cantor, Scott

CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Cantor, Scott (Feb 25)

Carlos Alberto Lopez Perez

Re: WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez (Mar 14)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 09)
WebKitGTK+ Security Advisory WSA-2016-0003 Carlos Alberto Lopez Perez (Mar 31)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 11)
WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez (Mar 11)
WebKitGTK+ Security Advisory WSA-2016-0001 Carlos Alberto Lopez Perez (Feb 01)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 10)

Carlos Santana

[Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android Carlos Santana (Feb 21)

Charlemagne Lasse

Re: Missing fixes for CVEs in upstream dcraw Charlemagne Lasse (Mar 05)

Chris Steipp

CVE Request: RESTBase 0.9.2 (security release) Chris Steipp (Jan 20)

Christopher Shannon

[ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon (Mar 10)
[ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking Christopher Shannon (Mar 10)
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon (Mar 17)

Claus Ibsen

CVE-2015-5344 - Apache Camel medium disclosure vulnerability Claus Ibsen (Jan 29)

Cord Beermann

Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Cord Beermann (Mar 03)

Cornea, Alexandru

CVE Request: Linux kernel USB hub invalid memory access in hub_activate() Cornea, Alexandru (Feb 23)

CSW Research Lab

CVE Request: Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 CSW Research Lab (Jan 06)

cve-assign

Re: CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() cve-assign (Jan 24)
Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver cve-assign (Feb 28)
Re: Access to /dev/pts devices via pt_chown and user namespaces cve-assign (Mar 06)
Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption cve-assign (Mar 06)
Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service cve-assign (Feb 16)
Re: CVE for node.js websockets (ws) cve-assign (Jan 12)
Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot cve-assign (Feb 28)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign (Jan 15)
Re: [CVE Request] Multiple PHP issues cve-assign (Jan 14)
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Jan 26)
Re: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function cve-assign (Jan 13)
Re: CVE request for Kubernetes api server: patch operation should use patched object to check admission control cve-assign (Jan 14)
Re: Aufs Union Filesystem Privilege Escalation In User Namespaces cve-assign (Mar 06)
Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash cve-assign (Jan 04)
Re: CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor cve-assign (Feb 14)
Re: CVE request Qemu: i386: null pointer dereference in vapic_write cve-assign (Jan 16)
Re: Fwd: out of bound write in libdwarf -20151114 cve-assign (Jan 24)
Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault cve-assign (Mar 01)
Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations cve-assign (Jan 12)
Re: CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access cve-assign (Feb 10)
Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 cve-assign (Feb 06)
Re: Integer overflow in the JasPer's jas_matrix_create() function cve-assign (Jan 07)
Re: CVE request: out-of-bounds write with cpio 2.11 cve-assign (Jan 22)
Re: Heap buffer overflow in fgetwln function of libbsd cve-assign (Jan 27)
Re: an out of bound read is found in libdwarf -20151114 cve-assign (Jan 28)
Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)
Re: Out-of-bounds Read in the OpenJpeg's opj_j2k_update_image_data and opj_tgt_reset function cve-assign (Jan 18)
Re: CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement cve-assign (Mar 06)
Re: CVE's for SSLv2 support cve-assign (Mar 01)
Re: CVE request Qemu: net: ne2000: infinite loop in ne2000_receive cve-assign (Mar 02)
Re: CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions. cve-assign (Jan 11)
Re: Miscomputations of elliptic curve scalar multiplications in Nettle cve-assign (Feb 02)
Re: CVE Request: click cve-assign (Jan 12)
Re: Security bugs in Linux kernel sound subsystem cve-assign (Feb 23)
Re: CVE assignment request for security bugs fixed in glibc 2.23 cve-assign (Jan 19)
Re: php: stack overflow when decompressing tar archives cve-assign (Feb 24)
Re: Fwd: FFmpeg: stealing local files with HLS+concat cve-assign (Jan 14)
Re: CVE Request: CGit - Multiple vulnerabilities cve-assign (Jan 14)
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Feb 03)
Re: CVE Request: PHP last release security issues cve-assign (Mar 25)
Re: CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets cve-assign (Feb 23)
Re: CVE Request: Horde: Two cross-site scripting vulnerabilities cve-assign (Feb 06)
Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way cve-assign (Feb 28)
Re: a bug in gif2rgb.c in giflib-5.1.2 cve-assign (Jan 26)
Re: KDE Plasma vulnerability: need CVE cve-assign (Feb 09)
Re: CVE request for vulnerability in OpenStack Nova cve-assign (Jan 07)
Re: CVE request - OpenJPEG : Heap Corruption in opj_free function cve-assign (Mar 16)
Re: CVE Request: PHP-5.5.33: Use after free in WDDX Deserialize when processing XML data cve-assign (Mar 13)
Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate cve-assign (Mar 06)
Re: CVE request - OpenJPEG : Out-Of-Bounds Read in opj_tcd_free_tile function cve-assign (Mar 16)
Re: CVE Request uclibc-ng dns resolver issues cve-assign (Feb 05)
Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability cve-assign (Feb 15)
Re: CVE for node.js websockets (ws) cve-assign (Jan 20)
Re: CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed cve-assign (Jan 06)
Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings cve-assign (Jan 03)
Re: Announce: Portable OpenSSH 7.2p2 released cve-assign (Mar 10)
Re: CVE request Qemu: net: ne2000: OOB r/w in ioport operations cve-assign (Jan 04)
Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression cve-assign (Jan 24)
Re: Heap use after free in Pidgin-OTR plugin cve-assign (Mar 09)
Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode cve-assign (Mar 21)
Re: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read cve-assign (Feb 14)
Re: Partial SMAP bypass on 64-bit Linux kernels cve-assign (Mar 31)
Re: CVE Request: PHP last release security issues cve-assign (Mar 16)
Re: Linux kernel : Denial of service with specially crafted key file. cve-assign (Jan 24)
Re: CVE request -- NULL dereference in libdwarf cve-assign (Jan 07)
Re: CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used cve-assign (Mar 28)
Re: CVE Request: python-rsa signature forgery cve-assign (Jan 04)
Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files cve-assign (Mar 30)
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver) cve-assign (Mar 13)
Re: older fuseiso stuff cve-assign (Mar 29)
Re: CVE request for radicale cve-assign (Jan 07)
Re: Linux potential division by zero in TCP code cve-assign (Jan 25)
Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write cve-assign (Jan 29)
Re: CVE Clarification: Mysqlnd / CVE-2015-3152 cve-assign (Mar 31)
Re: CVE request - XStream: XXE vulnerability cve-assign (Mar 28)
Re: CVE request: ipv4: Don't do expensive useless work during inetdev destroy cve-assign (Mar 15)
Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes cve-assign (Mar 02)
Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter cve-assign (Jan 10)
Re: CVE request for radicale cve-assign (Jan 06)
Re: CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability cve-assign (Feb 04)
Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php cve-assign (Jan 04)
Re: CVE request for Privoxy 3.0.24 cve-assign (Jan 21)
Re: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash cve-assign (Jan 04)
Re: CVE Request : Use-after-free in gifcolor cve-assign (Mar 16)
Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy cve-assign (Jan 14)
Re: CVE Request: x86 Linux TLB flush bug cve-assign (Jan 25)
Re: CVE request - OkHttp Certificate Pining Bypass cve-assign (Feb 17)
Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption cve-assign (Mar 13)
Re: CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) cve-assign (Mar 17)
Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 cve-assign (Feb 10)
Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability cve-assign (Mar 15)
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver) cve-assign (Mar 13)
Re: Security issues in GOsa cve-assign (Jan 15)
Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues cve-assign (Feb 25)
Re: CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function cve-assign (Jan 27)
Re: CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile cve-assign (Mar 13)
Re: CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines cve-assign (Jan 29)
Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow cve-assign (Feb 15)
Re: CVE request - SPIP: 2 vulnerabilities cve-assign (Mar 15)
Re: CVE Request: PCRE Library Heap Overflow Vulnerability cve-assign (Jan 02)
Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode() cve-assign (Jan 24)
Re: CVE request Qemu: usb: integer overflow in remote NDIS control message handling cve-assign (Feb 23)
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver) cve-assign (Mar 13)
Re: CVE's for SSLv2 support cve-assign (Mar 01)
Re: CVE request: Heap buffer overflow in pcretest cve-assign (Feb 29)
Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness cve-assign (Mar 16)
Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files cve-assign (Jan 07)
Re: Linux kernel: Flaw in CXGB3 driver. cve-assign (Feb 11)
Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters cve-assign (Mar 11)
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (wacom driver) cve-assign (Mar 13)
Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols cve-assign (Mar 02)
Re: CVE Request: Host based account hijack attack on php-openid cve-assign (Jan 24)
Re: invalid Read in the JasPer's jas_matrix_clip() function cve-assign (Jan 27)
Re: CVE Request: WordPress: cross-site scripting vulnerability fixed in new 4.4.1 release cve-assign (Jan 08)
Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 02)
Re: CVE Request: FFmpeg issue cve-assign (Feb 02)
Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl cve-assign (Feb 25)
Re: CVE Request: graphite-web: open redirect cve-assign (Feb 17)
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver) cve-assign (Mar 13)
Re: [Pixman] create_bits(): Cast the result of height * stride to size_t cve-assign (Feb 24)
Re: CVE's for SSLv2 support cve-assign (Mar 01)
Re: CVE id request: dhcpcd cve-assign (Jan 07)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign (Jan 15)
Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 16)
Re: Qemu: ide: ahci use-after-free vulnerability in aio port commands cve-assign (Jan 09)
Re: CVE Request: Vtiger CRM 6.4 Authenticated Remote Code Execution cve-assign (Jan 12)
Re: [cairo] Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans cve-assign (Mar 17)
Re: CVE requests for Drupal core (SA-CORE-2016-001) cve-assign (Mar 15)
Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
Re: CVE request - buffer overflow in xdelta3 before 3.0.9 cve-assign (Feb 08)
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver) cve-assign (Mar 30)
Re: CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference cve-assign (Feb 16)
Re: CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function cve-assign (Mar 16)
Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate() cve-assign (Feb 23)
Re: CVE for nodejs hawk cve-assign (Feb 20)
Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 03)
Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer cve-assign (Jan 08)
Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign (Feb 17)
Re: imlib2 may need some CVEs assigned cve-assign (Jan 22)
Re: CVE request: reads out-of-bounds with cpio 2.11 cve-assign (Feb 26)
Re: Buffer Overflow in lha compression utility cve-assign (Jan 18)
Re: CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling cve-assign (Feb 16)
Re: CVE Request -- Buffer overflow in Python-Pillow and PIL cve-assign (Feb 22)
Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes cve-assign (Mar 06)
Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines cve-assign (Jan 21)
Re: CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files cve-assign (Feb 11)
Re: Socat security advisory 8 - Stack overflow in parser cve-assign (Feb 02)
Re: CVE request: didiwiki path traversal vulnerability cve-assign (Feb 19)
Re: Three CVE requests for PHP cve-assign (Mar 16)

Damien Miller

OpenSSH Security Advisory: xauth command injection Damien Miller (Mar 10)
Announce: Portable OpenSSH 7.2p2 released Damien Miller (Mar 10)

Damien Regad

CVE Request: MantisBT SOAP API can be used to disclose confidential settings Damien Regad (Jan 02)
Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings Damien Regad (Jan 04)

Daniel Fahlgren

CVE Request uclibc-ng dns resolver issues Daniel Fahlgren (Feb 05)

Daniel Kahn Gillmor

Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)

Daniel Micay

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Daniel Micay (Jan 29)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Daniel Micay (Mar 22)
Re: Address Sanitizer local root Daniel Micay (Feb 17)
Re: Address Sanitizer local root Daniel Micay (Feb 19)
Re: Address Sanitizer local root Daniel Micay (Feb 18)
Re: Address Sanitizer local root Daniel Micay (Feb 17)
Re: Address Sanitizer local root Daniel Micay (Feb 17)
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Daniel Micay (Jan 29)

Daniel Stenberg

libssh2 Truncated Difffie-Hellman secret length Daniel Stenberg (Feb 23)
curl: remote file name path traversal in curl tool for Windows Daniel Stenberg (Jan 31)
curl: NTLM credentials not-checked for proxy connection re-use Daniel Stenberg (Jan 31)

Darren Martyn

Re: Address Sanitizer local root Darren Martyn (Feb 18)
CVE Request(s): VTigerCRM and SugarCRM Darren Martyn (Mar 02)

David A. Wheeler

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)

David Leo

Re: HTTPS Only (Open Source, Python) David Leo (Feb 12)
HTTPS Only (Open Source, Python) David Leo (Feb 11)
Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) David Leo (Feb 15)
Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) David Leo (Feb 17)

David W. Hodgins

Re: Discuss: Daily/weekly cron jobs best practices David W. Hodgins (Jan 12)

Derek Mahar

Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Derek Mahar (Mar 17)

distributed weaknessfiling

Distributed Weakness Filing (DWF) System distributed weaknessfiling (Mar 07)

Dmitry Kasyanov

CVE Request: PHP-5.5.33: Use after free in WDDX Deserialize when processing XML data Dmitry Kasyanov (Mar 13)
CVE Request: PHP-5.5.31: multiple security vulnerabilities Dmitry Kasyanov (Feb 03)
CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile Dmitry Kasyanov (Mar 13)

Dmitry V. Levin

Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 24)
Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin (Feb 23)

Dominic Cleal

CVE-2016-2100: Foreman private bookmarks can be viewed and edited Dominic Cleal (Mar 31)

Elad Alfassa

Transmission BT 2.90 Mac malware. Website compromised? Elad Alfassa (Mar 06)

Emmanuel Law

[CVE Request] Multiple PHP issues Emmanuel Law (Jan 14)

enki

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes enki (Jan 29)

Eric Blake

Re: CVE Request: bash-completion: dequote command injection Eric Blake (Feb 24)

Eric Sandeen

Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Eric Sandeen (Mar 31)

Eric Soroos

CVE Request -- Buffer overflow in Python-Pillow and PIL Eric Soroos (Feb 02)

Eric W. Biederman

Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman (Jan 06)
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman (Jan 05)

Fabian Keil

CVE request for Privoxy 3.0.24 Fabian Keil (Jan 21)

FEIST Josselin

CVE Request : Use-after-free in gifcolor FEIST Josselin (Mar 16)
Re: CVE Request : Use-after-free in accel-ppp FEIST Josselin (Mar 08)
CVE Request : Use-after-free in accel-ppp FEIST Josselin (Feb 10)

Fernando Muñoz

Re: CVE Request: bash-completion: dequote command injection Fernando Muñoz (Feb 24)
CVE Request: bash-completion: dequote command injection Fernando Muñoz (Feb 24)

Fiedler Roman

Feedback and mentoring (reviewer) for logdata-anomaly-miner Fiedler Roman (Feb 17)

Filippo Valsorda

CVE Request: python-rsa signature forgery Filippo Valsorda (Jan 04)

Florent Daigniere

Re: Prime example of a can of worms Florent Daigniere (Jan 21)
Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Florent Daigniere (Feb 17)
Re: Prime example of a can of worms Florent Daigniere (Jan 21)

Florian Weimer

CVE-2016-1234 in glibc glob with GLOB_ALTDIRFUNC Florian Weimer (Mar 07)
Re: CVE assignment request for security bugs fixed in glibc 2.23 Florian Weimer (Jan 20)
CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function Florian Weimer (Feb 16)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 18)
CVE assignment request for security bugs fixed in glibc 2.23 Florian Weimer (Jan 19)
Linux potential division by zero in TCP code Florian Weimer (Jan 25)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 15)
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Florian Weimer (Feb 13)

Fried Wil

Re: CVE Request: Datafari Local File Disclosure Fried Wil (Feb 24)

Georgi Guninski

According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Georgi Guninski (Mar 03)
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Georgi Guninski (Mar 03)

Gerhard Rieger

Socat security advisory 8 - Stack overflow in parser Gerhard Rieger (Feb 01)
Socat security advisory 7 - Created new 2048bit DH modulus Gerhard Rieger (Feb 01)

Grant Murphy

CVE request for vulnerability in OpenStack Nova Grant Murphy (Jan 07)
[OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749) Grant Murphy (Jan 12)

Grant Ridder

Re: CVE's for SSLv2 support Grant Ridder (Mar 01)

gremlin

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies gremlin (Mar 05)
Re: Prime example of a can of worms gremlin (Jan 20)
Re: CVE's for SSLv2 support gremlin (Mar 01)
Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) gremlin (Feb 15)

Gsunde Orangen

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Gsunde Orangen (Mar 06)
Re: Re: Announce: Portable OpenSSH 7.2p2 released Gsunde Orangen (Mar 11)

Guanxing Wen

CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen (Jan 02)

Guillaume Ayoub

Re: CVE request for radicale Guillaume Ayoub (Jan 06)

Gustavo Grieco

Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco (Mar 30)
CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files Gustavo Grieco (Feb 09)
CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode Gustavo Grieco (Mar 21)
CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco (Mar 30)
Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
CVE request: reads out-of-bounds with cpio 2.11 Gustavo Grieco (Feb 25)
Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 Gustavo Grieco (Feb 06)
Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Feb 12)
[Pixman] create_bits(): Cast the result of height * stride to size_t Gustavo Grieco (Feb 24)
CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 Gustavo Grieco (Feb 06)
Re: use-after-free in tidy-html5 Gustavo Grieco (Feb 11)
use-after-free in tidy-html5 Gustavo Grieco (Jan 03)
Re: use-after-free in tidy-html5 Gustavo Grieco (Jan 25)
Re: Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 29)
tidy-html5: infinite loop parsing an html file Gustavo Grieco (Mar 04)
tidy-html5: read out-of-bounds in TextEndsWithNewline Gustavo Grieco (Feb 28)
[cairo] Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans Gustavo Grieco (Mar 17)

Gynvael Coldwind

Re: Address Sanitizer local root Gynvael Coldwind (Feb 18)
Re: Re: Address Sanitizer local root Gynvael Coldwind (Feb 18)

halfdog

Overlayfs over Fuse Privilege Escalation in USERNS halfdog (Feb 23)
User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs halfdog (Feb 23)
Aufs Union Filesystem Privilege Escalation In User Namespaces halfdog (Feb 23)
Overlayfs and devpts issues in namespaces halfdog (Jan 19)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies halfdog (Mar 10)
Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software halfdog (Feb 12)
Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
Overlayfs ovl_setattr missing permission checks (CVE-2015-8660) halfdog (Jan 13)
Discuss: Daily/weekly cron jobs best practices halfdog (Jan 06)
ntp.org stats data logrotation script privilege escalation halfdog (Jan 21)
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software halfdog (Feb 13)
Setgid/Setuid binary writing privilege escalation halfdog (Jan 16)
Re: Discuss: Daily/weekly cron jobs best practices halfdog (Jan 15)
Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)
Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog (Feb 23)

Hanno Böck

Miscomputations of elliptic curve scalar multiplications in Nettle Hanno Böck (Feb 02)
Several out of bounds reads in ProFTPD Hanno Böck (Mar 11)
Re: Address Sanitizer local root Hanno Böck (Feb 18)
Re: Prime example of a can of worms Hanno Böck (Jan 20)
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Hanno Böck (Mar 03)
ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck (Mar 11)
Heap use after free in Pidgin-OTR plugin Hanno Böck (Mar 09)
Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)
Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck (Mar 11)
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Hanno Böck (Feb 13)
Heap buffer overflow in fgetwln function of libbsd Hanno Böck (Jan 27)

Hans Jerry Illikainen

php: stack overflow when decompressing tar archives Hans Jerry Illikainen (Feb 22)

Hazel

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Hazel (Jan 29)

Heiko Schlittermann

Exim CVE-2016-1531 fixed Heiko Schlittermann (Mar 03)

Henri Salo

Re: CVE request: XSS in WP Super Cache < 1.4.3 Henri Salo (Mar 12)
CVE request: esoTalk 1.0.0g4 cross-site scripting vulnerability Henri Salo (Jan 03)
Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Henri Salo (Jan 16)

Hoz de la Hoz Enrique de la

CVE request: simpleSAMLphp 1.14 information leakage Hoz de la Hoz Enrique de la (Mar 08)

Hugues ANGUELKOV

CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Hugues ANGUELKOV (Mar 29)
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Hugues ANGUELKOV (Mar 31)

Huzaifa Sidhpurwala

Two flaws - libjpeg and libtiff Huzaifa Sidhpurwala (Mar 30)

Ignace Mouzannar

CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)
Re: CVE request: didiwiki path traversal vulnerability Ignace Mouzannar (Feb 19)

ISC Security Officer

ISC DHCP vulnerability CVE-2016-2774 is now public ISC Security Officer (Mar 07)
ISC DHCP CVE-2015-8605: UDP payload length not properly checked ISC Security Officer (Jan 12)

Jakub Wilk

Re: Access to /dev/pts devices via pt_chown and user namespaces Jakub Wilk (Feb 27)

James Morris

[ANNOUNCE] Linux Security Summit 2016 - CFP James Morris (Mar 25)

Jamie Strandboge

Re: CVE Request: click Jamie Strandboge (Jan 12)
CVE Request: click Jamie Strandboge (Jan 11)

Jann Horn

pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] Jann Horn (Feb 28)

Jan Schaumann

Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)

Jason A. Donenfeld

Re: CVE Request: CGit - Multiple vulnerabilities Jason A. Donenfeld (Jan 14)
cloud-init follows symlinks for ssh authorized_keys Jason A. Donenfeld (Feb 15)
CVE Request: CGit - Multiple vulnerabilities Jason A. Donenfeld (Jan 14)
Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld (Jan 15)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld (Jan 15)
Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)
Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld (Mar 07)

Jason Buberel

[security] Go security release v1.5.3 Jason Buberel (Jan 13)

Jean-Marie Bourbon

GRR <= 3.0.0-RC1 (all versions) RCE with privilege escalation through file upload filter bypass (authenficated) Jean-Marie Bourbon (Jan 12)

Jeremy C. Reed

CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate. Jeremy C. Reed (Jan 19)
ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088) Jeremy C. Reed (Mar 09)
CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c causing BIND named to exit Jeremy C. Reed (Jan 19)

Johannes Segitz

Security bugs in Linux kernel sound subsystem Johannes Segitz (Jan 19)
ext4 data corruption due to punch hole races Johannes Segitz (Mar 31)
Re: Security bugs in Linux kernel sound subsystem Johannes Segitz (Feb 23)

John Haxby

CVE-2016-0617: linux kernel: hugetlbfs: fix bugs in hugetlb_vmtruncate_list() John Haxby (Feb 08)
Re: CVE Request: bash-completion: dequote command injection John Haxby (Feb 25)

John Scott

RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies John Scott (Mar 10)

Jörg Schaible

CVE request - XStream: XXE vulnerability Jörg Schaible (Mar 25)

Justin Bull

Re: [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Justin Bull (Jan 27)

Justin Yackoski

CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO Justin Yackoski (Mar 16)

Konstantin Serebryany

Re: Address Sanitizer local root Konstantin Serebryany (Feb 17)

Kristian Fiskerstrand

Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Kristian Fiskerstrand (Feb 13)

Kurt Seifried

libssh/libssh2 bits and bytes confusion Kurt Seifried (Feb 23)
Re: Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
Re: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Kurt Seifried (Jan 15)
CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy Kurt Seifried (Jan 12)
Re: Mitre, reserved CVEs and oss-security? Kurt Seifried (Mar 02)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
nodejs Buffer(number) is unsafe #4660 Kurt Seifried (Jan 14)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 10)
Re: CVE assignment request for security bugs fixed in glibc 2.23 Kurt Seifried (Jan 19)
Re: CVE Request: bash-completion: dequote command injection Kurt Seifried (Feb 24)
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Kurt Seifried (Jan 27)
Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy Kurt Seifried (Jan 14)
Re: Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Kurt Seifried (Mar 31)
CVE for nodejs hawk Kurt Seifried (Feb 19)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
Re: Prime example of a can of worms Kurt Seifried (Jan 20)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
Re: Prime example of a can of worms Kurt Seifried (Jan 20)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 11)
Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
Re: Re: CVE-Request - GNU Awk. Kurt Seifried (Mar 14)
Re: Prime example of a can of worms Kurt Seifried (Jan 20)
CVE's for SSLv2 support Kurt Seifried (Mar 01)
CVE for node.js websockets (ws) Kurt Seifried (Jan 11)
Re: Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Kurt Seifried (Mar 16)
CVE request for Kubernetes api server: patch operation should use patched object to check admission control Kurt Seifried (Jan 12)
Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 04)
Re: CVE's for SSLv2 support Kurt Seifried (Mar 01)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried (Mar 09)
Re: CVE for node.js websockets (ws) Kurt Seifried (Jan 19)

Laël Cellier

Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 18)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 16)
server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)
Re: Exploitability of Git's CVE-2016-2315 Laël Cellier (Mar 16)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier (Mar 15)

Larry Cashdollar

Reflected XSS & Blind SQLi in wordpress plugin eshop v6.3.14 Larry Cashdollar (Feb 02)
Wordpress plugin Reflected XSS in connections v8.5.8 Larry Cashdollar (Feb 01)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Larry Cashdollar (Mar 05)

limingxing

invalid Read in the JasPer's jas_matrix_clip() function limingxing (Jan 27)
Out-of-bounds Read in the OpenJpeg's opj_j2k_update_image_data and opj_tgt_reset function limingxing (Jan 18)
Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function limingxing (Jan 12)
Out-of-bounds Read in the libxml2's htmlParseNameComplex() function limingxing (Jan 25)

Loganaden Velvindron

CVE request Loganaden Velvindron (Mar 14)
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Loganaden Velvindron (Jan 27)
Re: CVE's for SSLv2 support Loganaden Velvindron (Mar 01)

Luca BRUNO

shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Luca BRUNO (Jan 27)

Luca Filipozzi

Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Luca Filipozzi (Mar 03)

Lucas Leong

CVE Request: FFmpeg issue Lucas Leong (Feb 01)

lucas_leong () trend com tw

CVE request: Synology Photo Station command injection and privilege escalation lucas_leong () trend com tw (Jan 27)

Manuel Mancera

Re: CVE Request: graphite-web: open redirect Manuel Mancera (Feb 17)
Re: CVE Request: graphite-web: open redirect Manuel Mancera (Feb 18)
CVE Request: graphite-web: open redirect Manuel Mancera (Feb 17)

Marcus Meissner

CVE Request: PHP last release security issues Marcus Meissner (Mar 10)
CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Marcus Meissner (Mar 10)
Re: CVE request Marcus Meissner (Mar 14)
CVE-2004-0230 additions and Linux Kernel fix Marcus Meissner (Mar 03)

Marina Glancy

moodle security release Marina Glancy (Mar 20)
[vs] moodle security release Marina Glancy (Jan 17)

mark

Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies mark (Mar 05)

Mark Felder

imlib2 may need some CVEs assigned Mark Felder (Jan 20)
Re: CVE request rtmpdump: the 6 vulnerabilities have been fixed Mark Felder (Feb 26)

Markus Vervier

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Markus Vervier (Mar 07)

Martin Grigorov

[CVE-2015-7520] Apache Wicket XSS vulnerability Martin Grigorov (Mar 02)

Matthew McPherrin

CVE request - OkHttp Certificate Pining Bypass Matthew McPherrin (Feb 10)

Matthew Wild

CVE-2016-1231, CVE-2016-1232: Prosody XMPP server multiple vulnerabilities Matthew Wild (Jan 08)
CVE-2016-0756: Prosody XMPP server: insecure dialback key generation/validation algorithm Matthew Wild (Jan 27)

Maxim Solodovnik

[CVE-2016-0783] Predictable password reset token Maxim Solodovnik (Mar 25)
[CVE-2016-0784] ZIP file path traversal Maxim Solodovnik (Mar 25)
[CVE-2016-2164] Arbitrary file read via SOAP API Maxim Solodovnik (Mar 25)
[CVE-2016-2163] Stored Cross Site Scripting in Event description Maxim Solodovnik (Mar 25)

me

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies me (Mar 06)

Mike Gabriel

Security issues in GOsa Mike Gabriel (Jan 15)

Mike Prosser

RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Mike Prosser (Mar 04)

Moritz Bechler

Java Deserialization continued, Analysis Tooling and (potentially) bypassing Application Level Filtering Moritz Bechler (Feb 29)

Moritz Muehlenhoff

Re: Re: Three CVE requests for PHP Moritz Muehlenhoff (Mar 17)
Three CVE requests for PHP Moritz Muehlenhoff (Mar 16)
Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Moritz Muehlenhoff (Jan 08)

Moritz Mühlenhoff

Re: Several out of bounds reads in ProFTPD Moritz Mühlenhoff (Mar 11)

Murphy, Grant

Re: Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode Murphy, Grant (Mar 21)

Nico Golde

two udhcpc (busybox) issues Nico Golde (Mar 11)
CVE id request: dhcpcd Nico Golde (Jan 07)
Re: CVE request for prima wlan driver: Address buffer overflow due to invalid length Nico Golde (Jan 24)

Noel Kuntze

Re: STARTTLS for this list? Noel Kuntze (Feb 11)

op7ic \x00

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)

Paragon Initiative Enterprises Security Team

phpecc/phpecc - Timing side-channel in ECDSA signature verification Paragon Initiative Enterprises Security Team (Jan 03)

Paris Zoumpouloglou

Buffer Overflow in lha compression utility Paris Zoumpouloglou (Jan 18)

PASCAULT Wilfried

CVE Request: Datafari Local File Disclosure PASCAULT Wilfried (Feb 03)

Paul Gevers

Re: CVE Request: cacti: Authentication using web authentication as a user, not in the,cacti database allows complete access Paul Gevers (Feb 14)
please assign CVE for cacti bug 2667: SQL Injection Vulnerability Paul Gevers (Mar 10)

Paul Wise

debbugs for cve-assign () mitre org? Paul Wise (Mar 10)
Mitre, reserved CVEs and oss-security? Paul Wise (Mar 02)

Pere Orga

Remaining CVE IDs for Drupal contributed modules (2014) Pere Orga (Mar 23)
CVE requests for Drupal core (SA-CORE-2016-001) Pere Orga (Feb 24)
CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) Pere Orga (Mar 04)
CVE requests for Drupal contributed modules (2016-004, 2016-005) Pere Orga (Feb 11)
CVE requests for Drupal contributed modules (2016-006, 2016-007) Pere Orga (Feb 18)
CVE request for Drupal contributed module (Open Atrium - Access Bypass - SA-CONTRIB-2016-003) Pere Orga (Jan 27)
CVE requests for Drupal contributed modules Pere Orga (Jan 11)

Peter Bex

Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 05)
Re: Cgit XSS "vulnerability" has no CVE? Peter Bex (Mar 07)

P J P

CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write P J P (Jan 29)
CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash P J P (Jan 04)
Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P (Jan 12)
CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling P J P (Feb 16)
CVE request Qemu: net: ne2000: OOB r/w in ioport operations P J P (Jan 04)
CVE request Qemu: OOB access in address_space_rw leads to segmentation fault P J P (Mar 01)
CVE request Qemu: i386: null pointer dereference in vapic_write P J P (Jan 15)
Re: Re: Partial SMAP bypass on 64-bit Linux kernels P J P (Mar 31)
Re: HTTPS Only (Open Source, Python) P J P (Feb 11)
CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference P J P (Feb 16)
CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS P J P (Jan 07)
CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines P J P (Jan 28)
CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption P J P (Mar 04)
CVE request Qemu: net: out of bounds read in net_checksum_calculate P J P (Mar 03)
CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P (Jan 11)
CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines P J P (Jan 19)
Qemu: ide: ahci use-after-free vulnerability in aio port commands P J P (Jan 08)
CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash P J P (Jan 04)
CVE request Qemu: net: ne2000: infinite loop in ne2000_receive P J P (Mar 02)
CVE request Qemu: usb: integer overflow in remote NDIS control message handling P J P (Feb 22)

Pray3r

Re: CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Pray3r (Jan 19)

Qixue Xiao

Fwd: out of bound write in libdwarf -20151114 Qixue Xiao (Jan 19)

Qualys Security Advisory

Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)

Radzykewycz, T (Radzy)

RE: [security-vendor] Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies Radzykewycz, T (Radzy) (Mar 07)

Rafael Mendonça França

[CVE-2016-2098] Possible remote code execution vulnerability in Action Pack Rafael Mendonça França (Feb 29)
[CVE-2016-2097] Possible Information Leak Vulnerability in Action View. Rafael Mendonça França (Feb 29)

Rahul Pratap Singh

CVE Request: WP Easy Gallery v4.1.4 Stored XSS Vulnerability Rahul Pratap Singh (Jan 26)
CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability Rahul Pratap Singh (Jan 12)
CVE Request: Quick Cart v6.6 XSS Vulnerability Rahul Pratap Singh (Jan 19)
CVE Request: Quick CMS v 6.1 XSS Vulnerability Rahul Pratap Singh (Jan 19)
CVE request: WP Symposium Pro Social Network plugin XSS and Critical CSRF Rahul Pratap Singh (Jan 07)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Rahul Pratap Singh (Mar 06)
CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh (Jan 13)

Reed Loden

Remote Command Injection in Ruby Gem colorscore <=0.0.4 Reed Loden (Jan 04)
CVE request: Two vulnerabilities in git-fastclone ruby gem Reed Loden (Jan 20)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Reed Loden (Mar 09)
CVE request: Missing normalization in ruby gem rack-attack <4.3.1 when used with ruby on rails Reed Loden (Jan 06)
CVE request: Arbitrary search execution in ruby gems auto_select2 <0.5.0 and auto_awesomeplete <=0.0.3 Reed Loden (Jan 10)
CVE request: Two vulnerabilities in mapbox.js node module Reed Loden (Jan 20)

René Rebe

Re: [exact-image] Missing fixes for CVEs in upstream dcraw René Rebe (Mar 05)

Richard Johnson

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Richard Johnson (Jan 27)

Rich Felker

Re: Address Sanitizer local root Rich Felker (Feb 19)
Re: Re: Address Sanitizer local root Rich Felker (Feb 18)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Rich Felker (Jan 15)

Robert Paprocki

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Robert Paprocki (Mar 06)

Robert Święcki

AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki (Feb 27)
Re: Address Sanitizer local root Robert Święcki (Feb 18)
Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki (Mar 18)

Rob Janssen

Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Rob Janssen (Jan 28)
Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Rob Janssen (Jan 27)

Romain Manni-Bucau

[ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases Romain Manni-Bucau (Mar 15)

Roman Drahtmueller

Re: cloud-init follows symlinks for ssh authorized_keys Roman Drahtmueller (Feb 15)

Salva Peiró

Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 15)
CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 07)

Salvatore Bonaccorso

CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor Salvatore Bonaccorso (Feb 14)
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
Re: Partial SMAP bypass on 64-bit Linux kernels Salvatore Bonaccorso (Mar 29)
CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability Salvatore Bonaccorso (Feb 04)
Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso (Jan 05)
CVE Request: tiff: potential out-of-bound write in NeXTDecode() Salvatore Bonaccorso (Jan 24)
CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression Salvatore Bonaccorso (Jan 24)
Re: older fuseiso stuff Salvatore Bonaccorso (Mar 27)
CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() Salvatore Bonaccorso (Jan 23)
CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function Salvatore Bonaccorso (Jan 27)
CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement Salvatore Bonaccorso (Mar 05)
CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read Salvatore Bonaccorso (Feb 14)
CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Salvatore Bonaccorso (Mar 26)
Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso (Jan 10)
CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 04)
CVE Request: Horde: Two cross-site scripting vulnerabilities Salvatore Bonaccorso (Feb 06)
CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets Salvatore Bonaccorso (Feb 22)
Re: CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Salvatore Bonaccorso (Mar 27)
CVE Request: WordPress: cross-site scripting vulnerability fixed in new 4.4.1 release Salvatore Bonaccorso (Jan 08)
CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter Salvatore Bonaccorso (Jan 10)
CVE Request: Linux: aio write triggers integer overflow in some network protocols Salvatore Bonaccorso (Mar 01)
Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 05)

Sandeep Kamble

Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble (Feb 16)
Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble (Feb 17)

Scott Arciszewski

It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski (Jan 16)
PSA: Don't use RNCryptor Scott Arciszewski (Jan 24)
OpenCart users, switch to OpenCart-CE immediately Scott Arciszewski (Jan 19)
Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski (Jan 18)

Scott Herbert

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Scott Herbert (Jan 29)

Scotty Bauer

Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Scotty Bauer (Feb 12)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer (Mar 22)

Sebastian Pipping

Re: expat hash collision fix too predictable? Sebastian Pipping (Mar 18)

Sébastien Delafond

CVE request - SPIP: 2 vulnerabilities Sébastien Delafond (Mar 15)

security

RE: [4-3801000010480] [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android security (Feb 22)
RE: [4-3801000010480] [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android security (Feb 23)

Serge Hallyn

Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Jan 06)
Re: Access to /dev/pts devices via pt_chown and user namespaces Serge Hallyn (Feb 24)
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Jan 05)

Sergei Golubchik

Flaw in mariadb clients SSL certificate validation Sergei Golubchik (Jan 26)

Seth Arnold

Re: STARTTLS for this list? Seth Arnold (Feb 11)
Re: Re: CVE's for SSLv2 support Seth Arnold (Mar 01)
Re: Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Seth Arnold (Mar 30)
CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 Seth Arnold (Feb 09)
Re: Re: Socat security advisory 7 - Created new 2048bit DH modulus Seth Arnold (Feb 02)
CVE Clarification: Mysqlnd / CVE-2015-3152 Seth Arnold (Mar 31)

Sevan Janiyan

Libreoffice updater runs over http Sevan Janiyan (Feb 08)

Shawn

CVE request for prima wlan driver: Address buffer overflow due to invalid length Shawn (Jan 23)

Shivaprasad Sadashivappa

RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Shivaprasad Sadashivappa (Feb 25)

Shravan Kumar

CSRF Vulnerability in Refinery CMS Shravan Kumar (Feb 20)
Multiple XSS vulnerabilities in Refinery CMS Shravan Kumar (Feb 20)

Shubham Shah

CVE Request: Textual IRC Client <= 5.2.7 Remote Command Execution Shubham Shah (Feb 10)

Simon McVittie

Re: Setgid/Setuid binary writing privilege escalation Simon McVittie (Jan 16)
Re: Access to /dev/pts devices via pt_chown and user namespaces Simon McVittie (Feb 23)

Simon Ward

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Simon Ward (Mar 07)

Solar Designer

Re: Multiple XSS vulnerabilities in Refinery CMS Solar Designer (Feb 20)
Re: STARTTLS for this list? Solar Designer (Feb 11)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
Fwd: Integer overflow in the JasPer's jas_matrix_create() function Solar Designer (Jan 07)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 05)
Re: [security] Go security release v1.5.3 Solar Designer (Jan 14)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 22)
Re: Access to /dev/pts devices via pt_chown and user namespaces Solar Designer (Feb 23)
Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) Solar Designer (Feb 15)
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer (Mar 26)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished cve-2016-2324 and cve-2016-2315) Solar Designer (Mar 15)
Re: [ANNOUNCE] Linux Security Summit 2016 - CFP Solar Designer (Mar 25)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 05)

Stefan Cornelius

Re: CVE Request -- Buffer overflow in Python-Pillow and PIL Stefan Cornelius (Feb 22)
Re: Re: Integer overflow in the JasPer's jas_matrix_create() function Stefan Cornelius (Jan 11)
CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability Stefan Cornelius (Feb 15)

Štefan Šafár

Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow Štefan Šafár (Feb 02)

Stelios Tsampas

CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas (Jan 11)
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas (Jan 11)
CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow Stelios Tsampas (Feb 15)
CVE-2016-2385 Kamailio SEAS module heap buffer overflow Stelios Tsampas (Mar 30)

Stepan Golosunov

CVE request - buffer overflow in xdelta3 before 3.0.9 Stepan Golosunov (Feb 08)

Steve Beattie

Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Steve Beattie (Mar 10)

Steve Grubb

Re: Prime example of a can of worms Steve Grubb (Jan 21)
Re: Re: Prime example of a can of worms Steve Grubb (Jan 22)
Re: Re: CVE's for SSLv2 support Steve Grubb (Mar 02)
Re: Re: Partial SMAP bypass on 64-bit Linux kernels Steve Grubb (Mar 31)

Steve Kemp

Re: CVE-Request - GNU Awk. Steve Kemp (Mar 14)
CVE-Request - GNU Awk. Steve Kemp (Mar 13)

Stuart Henderson

Re: CVE's for SSLv2 support Stuart Henderson (Mar 01)

Sushanth Sowmyan

CVE-2015-7521: Apache Hive authorization bug disclosure (update) Sushanth Sowmyan (Feb 17)
CVE-2015-7521: Apache Hive authorization bug disclosure Sushanth Sowmyan (Jan 28)

Sysdream Labs

CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface Sysdream Labs (Feb 25)
CVE ID Request : Proxmox VE Insecure hostname checking (remote root exploit) Sysdream Labs (Feb 25)
CVE ID Request : Centreon remote code execution Sysdream Labs (Feb 25)

Szabolcs Nagy

Address Sanitizer local root Szabolcs Nagy (Feb 17)

Tavis Ormandy

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tavis Ormandy (Mar 05)

Theodore Ts'o

Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Theodore Ts'o (Mar 31)
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Theodore Ts'o (Mar 30)

Thomas B . Rücker

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Thomas B . Rücker (Jan 27)

Tim

Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 04)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 05)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
CVE Replacement Via Blockchains (was: Concerns about CVE coverage shrinking - direct impact to researchers/companies) Tim (Mar 07)
Re: Re: CVE's for SSLv2 support Tim (Mar 01)

Tim Brown

Re: Discuss: Daily/weekly cron jobs best practices Tim Brown (Jan 12)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim Brown (Mar 09)

Tim Graham

[ANNOUNCE] Django security releases issued: 1.9.3 and 1.8.10 Tim Graham (Mar 01)
[ANNOUNCE] Django releases issued: 1.9.2 (security) and 1.8.9 (bugfix) Tim Graham (Feb 01)

Timothy D. Morgan

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 10)
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan (Mar 09)

Tim Zingelman

Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability Tim Zingelman (Mar 15)

Tomas Hoger

Re: Re: Announce: Portable OpenSSH 7.2p2 released Tomas Hoger (Mar 16)
Re: CVE-Request - GNU Awk. Tomas Hoger (Mar 14)
Re: WebKitGTK+ Security Advisory WSA-2016-0002 Tomas Hoger (Mar 14)
Re: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Tomas Hoger (Jan 15)

Tristan Cacqueray

[OSSA 2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) Tristan Cacqueray (Jan 20)
[OSSA 2016-007.2] Nova host data leak through resize/migration (CVE-2016-2140) ERRATA #2 Tristan Cacqueray (Mar 30)
[OSSA 2016-003] Heat denial of service through template-validate (CVE-2015-5295) Tristan Cacqueray (Jan 19)
[OSSA 2016-007.1] Nova host data leak through resize/migration (CVE-2016-2140) ERRATA Tristan Cacqueray (Mar 09)
Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140) Tristan Cacqueray (Mar 08)
[OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548) Tristan Cacqueray (Jan 07)
[OSSA 2016-006] Glance image status manipulation through locations removal (CVE-2016-0757) Tristan Cacqueray (Feb 04)
[OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140) Tristan Cacqueray (Mar 08)
[OSSA 2016-005] Potential reuse of revoked Identity tokens (CVE-2015-7546) Tristan Cacqueray (Jan 29)

Tyler Hicks

Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116) Tyler Hicks (Mar 03)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Tyler Hicks (Mar 15)
Re: CVE Requests: Aufs Union Filesystem Privilege Escalation In User Namespaces Tyler Hicks (Mar 02)
Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver Tyler Hicks (Mar 02)
Security issue in eCryptfs-utils (CVE-2016-1572) Tyler Hicks (Jan 20)

up201407890

CVE Request: pkexec tty hijacking via TIOCSTI ioctl up201407890 (Feb 25)
CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl up201407890 (Feb 26)

Vasily Averin

CVE request: ipv4: Don't do expensive useless work during inetdev destroy Vasily Averin (Mar 15)

Velmurugan Periasamy

CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1 Velmurugan Periasamy (Feb 05)
CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2 Velmurugan Periasamy (Mar 28)

VeraCrypt Team

CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege VeraCrypt Team (Jan 10)

Vladimir Dubrovin

Fwd: FFmpeg: stealing local files with HLS+concat Vladimir Dubrovin (Jan 13)

Vladis Dronov

CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver) Vladis Dronov (Mar 11)
CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Vladis Dronov (Feb 28)
Re: CVE request: ipv4: Don't do expensive useless work during inetdev destroy Vladis Dronov (Mar 16)
CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver) Vladis Dronov (Mar 11)
CVE request -- linux kernel: crash on invalid USB device descriptors (wacom driver) Vladis Dronov (Mar 11)
CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver) Vladis Dronov (Mar 11)
CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver) Vladis Dronov (Mar 30)
Re: Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov (Mar 02)
Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov (Mar 07)
Re: Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Vladis Dronov (Feb 28)
CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed Vladis Dronov (Jan 05)
CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver) Vladis Dronov (Mar 11)
CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov (Mar 01)

Wade Mealing

CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions. Wade Mealing (Jan 11)
Linux kernel: use after free in keyring facility. Wade Mealing (Jan 19)
Linux kernel : Denial of service with specially crafted key file. Wade Mealing (Jan 24)
Linux kernel: Flaw in CXGB3 driver. Wade Mealing (Feb 11)

X41 D-Sec GmbH Advisories

Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr" X41 D-Sec GmbH Advisories (Mar 09)

Xen . org security team

Xen Security Advisory 171 (CVE-2016-3157) - I/O port access privilege escalation in x86-64 Linux Xen . org security team (Mar 16)
Xen Security Advisory 154 (CVE-2016-2270) - x86: inconsistent cachability flags on guest mappings Xen . org security team (Feb 17)
Xen Security Advisory 167 (CVE-2016-1570) - PV superpage functionality missing sanity checks Xen . org security team (Jan 20)
Xen Security Advisory 170 (CVE-2016-2271) - VMX: guest user mode may crash guest with non-canonical RIP Xen . org security team (Feb 17)
Xen Security Advisory 168 (CVE-2016-1571) - VMX: intercept issue with INVLPG on non-canonical address Xen . org security team (Jan 20)
Xen Security Advisory 172 (CVE-2016-3158,CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround Xen . org security team (Mar 29)

xiaoqixue_1

CVE request -- NULL dereference in libdwarf xiaoqixue_1 (Jan 06)
Re:[oss-security] Re: a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1 (Jan 28)
a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1 (Jan 26)
Re:[oss-security] Re: Buffer Overflow in lha compression utility xiaoqixue_1 (Jan 19)

Yann Droneaud

Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 20)

Yuriy M. Kaminskiy

Re: Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround Yuriy M. Kaminskiy (Mar 30)
snprintf return value misuse in a lot of projects Yuriy M. Kaminskiy (Feb 13)
Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)

Yves-Alexis Perez

CVE request for radicale Yves-Alexis Perez (Jan 05)
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Yves-Alexis Perez (Mar 29)
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yves-Alexis Perez (Jan 15)

Zach W.

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W. (Mar 10)
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Zach W. (Jan 27)
CVE Request: Open Source Media Center insecure default config Zach W. (Feb 04)
Re: Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Zach W. (Jan 28)
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W. (Mar 04)

Zemn mez

CVE Request: Host based account hijack attack on php-openid Zemn mez (Jan 24)

刘科

CVE request - OpenJPEG : Heap Corruption in opj_free function 刘科 (Mar 14)
CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function 刘科 (Mar 14)
CVE request - OpenJPEG : Out-Of-Bounds Read in opj_tcd_free_tile function 刘科 (Mar 14)

Previous period

Next period