oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

738 messages starting Jan 02 16 and ending Mar 31 16
Date index | Thread index | Author index

Saturday, 02 January

CVE Request: MantisBT SOAP API can be used to disclose confidential settings Damien Regad
CVE Request: PCRE Library Heap Overflow Vulnerability Guanxing Wen
Re: CVE Request: PCRE Library Heap Overflow Vulnerability cve-assign

Sunday, 03 January

CVE request: esoTalk 1.0.0g4 cross-site scripting vulnerability Henri Salo
Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings cve-assign
phpecc/phpecc - Timing side-channel in ECDSA signature verification Paragon Initiative Enterprises Security Team
use-after-free in tidy-html5 Gustavo Grieco

Monday, 04 January

CVE request Qemu: net: ne2000: OOB r/w in ioport operations P J P
Re: CVE request Qemu: net: ne2000: OOB r/w in ioport operations cve-assign
CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash P J P
CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash P J P
Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings Damien Regad
Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash cve-assign
Re: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash cve-assign
CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso
Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php cve-assign
CVE Request: python-rsa signature forgery Filippo Valsorda
Remote Command Injection in Ruby Gem colorscore <=0.0.4 Reed Loden
Re: CVE Request: python-rsa signature forgery cve-assign

Tuesday, 05 January

Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger
CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso
Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso
CVE request for radicale Yves-Alexis Perez
Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger
CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed Vladis Dronov
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn

Wednesday, 06 January

Re: CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed cve-assign
Re: CVE request for radicale cve-assign
CVE request -- NULL dereference in libdwarf xiaoqixue_1
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman
Re: CVE request for radicale Guillaume Ayoub
CVE Request: Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 CSW Research Lab
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn
Discuss: Daily/weekly cron jobs best practices halfdog
CVE request: Missing normalization in ruby gem rack-attack <4.3.1 when used with ruby on rails Reed Loden

Thursday, 07 January

CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS P J P
CVE id request: dhcpcd Nico Golde
Re: CVE id request: dhcpcd cve-assign
CVE request: WP Symposium Pro Social Network plugin XSS and Critical CSRF Rahul Pratap Singh
[OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548) Tristan Cacqueray
Re: CVE request for radicale cve-assign
CVE request for vulnerability in OpenStack Nova Grant Murphy
Re: CVE request for vulnerability in OpenStack Nova cve-assign
Fwd: Integer overflow in the JasPer's jas_matrix_create() function Solar Designer
Re: CVE request -- NULL dereference in libdwarf cve-assign
Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files cve-assign
Re: Integer overflow in the JasPer's jas_matrix_create() function cve-assign

Friday, 08 January

CVE Request: WordPress: cross-site scripting vulnerability fixed in new 4.4.1 release Salvatore Bonaccorso
Re: CVE Request: WordPress: cross-site scripting vulnerability fixed in new 4.4.1 release cve-assign
CVE-2016-1231, CVE-2016-1232: Prosody XMPP server multiple vulnerabilities Matthew Wild
Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Moritz Muehlenhoff
Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer cve-assign
Qemu: ide: ahci use-after-free vulnerability in aio port commands P J P

Saturday, 09 January

Re: Qemu: ide: ahci use-after-free vulnerability in aio port commands cve-assign

Sunday, 10 January

Re: CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso
CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter Salvatore Bonaccorso
Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter cve-assign
CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege VeraCrypt Team
CVE request: Arbitrary search execution in ruby gems auto_select2 <0.5.0 and auto_awesomeplete <=0.0.3 Reed Loden

Monday, 11 January

Re: Re: Integer overflow in the JasPer's jas_matrix_create() function Stefan Cornelius
CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions. Wade Mealing
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer Stelios Tsampas
CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent Stelios Tsampas
CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P
CVE Request: click Jamie Strandboge
Re: CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions. cve-assign
CVE requests for Drupal contributed modules Pere Orga
CVE for node.js websockets (ws) Kurt Seifried

Tuesday, 12 January

Re: CVE for node.js websockets (ws) cve-assign
Re: Discuss: Daily/weekly cron jobs best practices Tim Brown
CVE Request: Vtiger CRM 6.4 Authenticated Remote Code Execution Benjamin Daniel Mussler
Re: CVE Request: click Jamie Strandboge
CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability Rahul Pratap Singh
Re: CVE Request: Vtiger CRM 6.4 Authenticated Remote Code Execution cve-assign
Re: CVE Request: click cve-assign
CVE request for Kubernetes api server: patch operation should use patched object to check admission control Kurt Seifried
Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations cve-assign
Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations P J P
CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy Kurt Seifried
[OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749) Grant Murphy
GRR <= 3.0.0-RC1 (all versions) RCE with privilege escalation through file upload filter bypass (authenficated) Jean-Marie Bourbon
ISC DHCP CVE-2015-8605: UDP payload length not properly checked ISC Security Officer
Re: Discuss: Daily/weekly cron jobs best practices David W. Hodgins
Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function limingxing

Wednesday, 13 January

Fwd: FFmpeg: stealing local files with HLS+concat Vladimir Dubrovin
Re: Fwd: FFmpeg: stealing local files with HLS+concat Alexander Cherepanov
CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Rahul Pratap Singh
Re: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function cve-assign
[security] Go security release v1.5.3 Jason Buberel
Overlayfs ovl_setattr missing permission checks (CVE-2015-8660) halfdog

Thursday, 14 January

Re: Fwd: FFmpeg: stealing local files with HLS+concat cve-assign
Re: [security] Go security release v1.5.3 Solar Designer
CVE Request: CGit - Multiple vulnerabilities Jason A. Donenfeld
Re: CVE Request: CGit - Multiple vulnerabilities Jason A. Donenfeld
nodejs Buffer(number) is unsafe #4660 Kurt Seifried
Re: CVE Request: CGit - Multiple vulnerabilities cve-assign
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory
[CVE Request] Multiple PHP issues Emmanuel Law
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann
Re: [CVE Request] Multiple PHP issues cve-assign
Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy Kurt Seifried
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann
Re: CVE request for Kubernetes api server: patch operation should use patched object to check admission control cve-assign
Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy cve-assign

Friday, 15 January

Security issues in GOsa Mike Gabriel
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yves-Alexis Perez
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign
Re: Security issues in GOsa cve-assign
Re: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Kurt Seifried
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 cve-assign
Re: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Tomas Hoger
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Rich Felker
CVE request Qemu: i386: null pointer dereference in vapic_write P J P
Re: Discuss: Daily/weekly cron jobs best practices halfdog

Saturday, 16 January

It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski
Re: CVE Request: Commentator WordPress Plugin 2.5.2 XSS Vulnerability Henri Salo
Setgid/Setuid binary writing privilege escalation halfdog
Re: CVE request Qemu: i386: null pointer dereference in vapic_write cve-assign
Re: Setgid/Setuid binary writing privilege escalation Simon McVittie

Sunday, 17 January

[vs] moodle security release Marina Glancy

Monday, 18 January

Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil
Buffer Overflow in lha compression utility Paris Zoumpouloglou
Out-of-bounds Read in the OpenJpeg's opj_j2k_update_image_data and opj_tgt_reset function limingxing
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer
Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Scott Arciszewski
Re: Out-of-bounds Read in the OpenJpeg's opj_j2k_update_image_data and opj_tgt_reset function cve-assign
Re: Buffer Overflow in lha compression utility cve-assign

Tuesday, 19 January

Security bugs in Linux kernel sound subsystem Johannes Segitz
Linux kernel: use after free in keyring facility. Wade Mealing
Re:[oss-security] Re: Buffer Overflow in lha compression utility xiaoqixue_1
CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco
[OSSA 2016-003] Heat denial of service through template-validate (CVE-2015-5295) Tristan Cacqueray
Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Bart van Tuil
CVE Request: Quick CMS v 6.1 XSS Vulnerability Rahul Pratap Singh
CVE Request: Quick Cart v6.6 XSS Vulnerability Rahul Pratap Singh
Fwd: out of bound write in libdwarf -20151114 Qixue Xiao
CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines P J P
CVE assignment request for security bugs fixed in glibc 2.23 Florian Weimer
Re: CVE assignment request for security bugs fixed in glibc 2.23 Kurt Seifried
Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck
Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco
Re: CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Pray3r
OpenCart users, switch to OpenCart-CE immediately Scott Arciszewski
Overlayfs and devpts issues in namespaces halfdog
Re: CVE for node.js websockets (ws) Kurt Seifried
CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c causing BIND named to exit Jeremy C. Reed
CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate. Jeremy C. Reed
Re: CVE assignment request for security bugs fixed in glibc 2.23 cve-assign

Wednesday, 20 January

Re: CVE assignment request for security bugs fixed in glibc 2.23 Florian Weimer
Xen Security Advisory 167 (CVE-2016-1570) - PV superpage functionality missing sanity checks Xen . org security team
Xen Security Advisory 168 (CVE-2016-1571) - VMX: intercept issue with INVLPG on non-canonical address Xen . org security team
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud
Security issue in eCryptfs-utils (CVE-2016-1572) Tyler Hicks
Re: Prime example of a can of worms Kurt Seifried
Re: Prime example of a can of worms Daniel Kahn Gillmor
Re: Prime example of a can of worms Kurt Seifried
imlib2 may need some CVEs assigned Mark Felder
Re: Prime example of a can of worms Daniel Kahn Gillmor
Re: Prime example of a can of worms Kurt Seifried
Re: Prime example of a can of worms Hanno Böck
CVE request: Two vulnerabilities in git-fastclone ruby gem Reed Loden
CVE Request: RESTBase 0.9.2 (security release) Chris Steipp
CVE request: Two vulnerabilities in mapbox.js node module Reed Loden
[OSSA 2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738) Tristan Cacqueray
Re: Prime example of a can of worms gremlin
Re: CVE for node.js websockets (ws) cve-assign

Thursday, 21 January

Re: Prime example of a can of worms Florent Daigniere
CVE request for Privoxy 3.0.24 Fabian Keil
Re: Prime example of a can of worms Steve Grubb
Re: Prime example of a can of worms Florent Daigniere
ntp.org stats data logrotation script privilege escalation halfdog
Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines cve-assign
Re: Prime example of a can of worms Andrew Gallagher
Re: CVE request for Privoxy 3.0.24 cve-assign

Friday, 22 January

Re: CVE request: out-of-bounds write with cpio 2.11 cve-assign
Re: Re: Prime example of a can of worms Steve Grubb
Re: imlib2 may need some CVEs assigned cve-assign

Saturday, 23 January

CVE request for prima wlan driver: Address buffer overflow due to invalid length Shawn
CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() Salvatore Bonaccorso

Sunday, 24 January

CVE Request: Host based account hijack attack on php-openid Zemn mez
CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression Salvatore Bonaccorso
CVE Request: tiff: potential out-of-bound write in NeXTDecode() Salvatore Bonaccorso
Re: CVE Request: Host based account hijack attack on php-openid cve-assign
Re: CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() cve-assign
Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression cve-assign
Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode() cve-assign
Re: CVE request for prima wlan driver: Address buffer overflow due to invalid length Nico Golde
PSA: Don't use RNCryptor Scott Arciszewski
CVE Request: x86 Linux TLB flush bug Andy Lutomirski
Linux kernel : Denial of service with specially crafted key file. Wade Mealing
Re: Fwd: out of bound write in libdwarf -20151114 cve-assign
Re: Linux kernel : Denial of service with specially crafted key file. cve-assign

Monday, 25 January

Linux potential division by zero in TCP code Florian Weimer
Out-of-bounds Read in the libxml2's htmlParseNameComplex() function limingxing
Re: use-after-free in tidy-html5 Gustavo Grieco
[CVE-2015-7576] Timing attack vulnerability in basic authentication in Action Controller. Aaron Patterson
[CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Aaron Patterson
[CVE-2015-7577] Nested attributes rejection proc bypass in Active Record. Aaron Patterson
[CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson
[CVE-2015-7579] XSS vulnerability in rails-html-sanitizer Aaron Patterson
[CVE-2016-0752] Possible Information Leak Vulnerability in Action View Aaron Patterson
[CVE-2016-0753] Possible Input Validation Circumvention in Active Model Aaron Patterson
[CVE-2015-7580] Possible XSS vulnerability in rails-html-sanitizer Aaron Patterson
[CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack Aaron Patterson
Re: CVE Request: x86 Linux TLB flush bug cve-assign
Re: Linux potential division by zero in TCP code cve-assign

Tuesday, 26 January

Flaw in mariadb clients SSL certificate validation Sergei Golubchik
CVE Request: WP Easy Gallery v4.1.4 Stored XSS Vulnerability Rahul Pratap Singh
a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign
Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso
Re: a bug in gif2rgb.c in giflib-5.1.2 cve-assign

Wednesday, 27 January

shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Luca BRUNO
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Loganaden Velvindron
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Thomas B . Rücker
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Kurt Seifried
CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function Salvatore Bonaccorso
Re: [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack Justin Bull
RE: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Adam Jacobs
Re: CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function cve-assign
CVE-2016-0756: Prosody XMPP server: insecure dialback key generation/validation algorithm Matthew Wild
Heap buffer overflow in fgetwln function of libbsd Hanno Böck
CVE request for Drupal contributed module (Open Atrium - Access Bypass - SA-CONTRIB-2016-003) Pere Orga
Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Rob Janssen
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Zach W.
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Richard Johnson
invalid Read in the JasPer's jas_matrix_clip() function limingxing
Re: Heap buffer overflow in fgetwln function of libbsd cve-assign
Re: invalid Read in the JasPer's jas_matrix_clip() function cve-assign
CVE request: Synology Photo Station command injection and privilege escalation lucas_leong () trend com tw

Thursday, 28 January

Re: an out of bound read is found in libdwarf -20151114 cve-assign
Re: Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Zach W.
Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Ask Bjørn Hansen
Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Rob Janssen
CVE-2015-7521: Apache Hive authorization bug disclosure Sushanth Sowmyan
Re:[oss-security] Re: a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1
CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines P J P
Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Asbjorn Hojmark

Friday, 29 January

Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Hazel
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes enki
CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write P J P
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Scott Herbert
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Daniel Micay
Re: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes Daniel Micay
[OSSA 2016-005] Potential reuse of revoked Identity tokens (CVE-2015-7546) Tristan Cacqueray
Re: CVE request: out-of-bounds write with cpio 2.11 anarcat
Re: Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco
Re: CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines cve-assign
Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write cve-assign
CVE-2015-5344 - Apache Camel medium disclosure vulnerability Claus Ibsen

Saturday, 30 January

ArpON (ARP handler inspection) 3.0-ng release Andrea Di Pasquale

Sunday, 31 January

curl: NTLM credentials not-checked for proxy connection re-use Daniel Stenberg
curl: remote file name path traversal in curl tool for Windows Daniel Stenberg

Monday, 01 February

CVE Request: FFmpeg issue Lucas Leong
Socat security advisory 7 - Created new 2048bit DH modulus Gerhard Rieger
Socat security advisory 8 - Stack overflow in parser Gerhard Rieger
WebKitGTK+ Security Advisory WSA-2016-0001 Carlos Alberto Lopez Perez
[ANNOUNCE] Django releases issued: 1.9.2 (security) and 1.8.9 (bugfix) Tim Graham
Wordpress plugin Reflected XSS in connections v8.5.8 Larry Cashdollar

Tuesday, 02 February

Miscomputations of elliptic curve scalar multiplications in Nettle Hanno Böck
Reflected XSS & Blind SQLi in wordpress plugin eshop v6.3.14 Larry Cashdollar
Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow Štefan Šafár
CVE Request -- Buffer overflow in Python-Pillow and PIL Eric Soroos
Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign
Re: Socat security advisory 8 - Stack overflow in parser cve-assign
Re: Re: Socat security advisory 7 - Created new 2048bit DH modulus Seth Arnold
Re: Miscomputations of elliptic curve scalar multiplications in Nettle cve-assign
Re: CVE Request: FFmpeg issue cve-assign

Wednesday, 03 February

CVE Request: PHP-5.5.31: multiple security vulnerabilities Dmitry Kasyanov
CVE Request: Datafari Local File Disclosure PASCAULT Wilfried
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign
Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign

Thursday, 04 February

Re: Socat security advisory 7 - Created new 2048bit DH modulus Andreas Stieger
[OSSA 2016-006] Glance image status manipulation through locations removal (CVE-2016-0757) Tristan Cacqueray
CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability Salvatore Bonaccorso
CVE Request: Open Source Media Center insecure default config Zach W.
Re: CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability cve-assign

Friday, 05 February

CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1 Velmurugan Periasamy
CVE Request uclibc-ng dns resolver issues Daniel Fahlgren
Re: CVE Request uclibc-ng dns resolver issues cve-assign
Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression anarcat

Saturday, 06 February

CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 Gustavo Grieco
Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 Gustavo Grieco
Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 cve-assign
CVE Request: Horde: Two cross-site scripting vulnerabilities Salvatore Bonaccorso
Re: CVE Request: Horde: Two cross-site scripting vulnerabilities cve-assign

Monday, 08 February

CVE request - buffer overflow in xdelta3 before 3.0.9 Stepan Golosunov
Re: CVE request - buffer overflow in xdelta3 before 3.0.9 cve-assign
CVE-2016-0617: linux kernel: hugetlbfs: fix bugs in hugetlb_vmtruncate_list() John Haxby
Libreoffice updater runs over http Sevan Janiyan

Tuesday, 09 February

CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files Gustavo Grieco
CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access Andreas Stieger
KDE Plasma vulnerability: need CVE Albert Astals Cid
Re: KDE Plasma vulnerability: need CVE cve-assign
Re: KDE Plasma vulnerability: need CVE Albert Astals Cid
CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 Seth Arnold

Wednesday, 10 February

CVE request for Media Player Classic Andreas Lindh
CVE Request: Textual IRC Client <= 5.2.7 Remote Command Execution Shubham Shah
Re: CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access cve-assign
Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 cve-assign
CVE Request : Use-after-free in accel-ppp FEIST Josselin
CVE request - OkHttp Certificate Pining Bypass Matthew McPherrin

Thursday, 11 February

Linux kernel: Flaw in CXGB3 driver. Wade Mealing
HTTPS Only (Open Source, Python) David Leo
Re: Linux kernel: Flaw in CXGB3 driver. cve-assign
Re: HTTPS Only (Open Source, Python) P J P
CVE requests for Drupal contributed modules (2016-004, 2016-005) Pere Orga
Re: CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files cve-assign
STARTTLS for this list? Alex Gaynor
Re: STARTTLS for this list? Noel Kuntze
Re: use-after-free in tidy-html5 Gustavo Grieco
Re: STARTTLS for this list? Seth Arnold
Re: STARTTLS for this list? Solar Designer

Friday, 12 February

Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco
Re: HTTPS Only (Open Source, Python) David Leo
Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software halfdog
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Scotty Bauer

Saturday, 13 February

Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software halfdog
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Florian Weimer
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Hanno Böck
snprintf return value misuse in a lot of projects Yuriy M. Kaminskiy
Re: snprintf return value misuse in a lot of projects Alexander Cherepanov
Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software Kristian Fiskerstrand

Sunday, 14 February

CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read Salvatore Bonaccorso
CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor Salvatore Bonaccorso
Re: CVE Request: cacti: Authentication using web authentication as a user, not in the,cacti database allows complete access Paul Gevers
Re: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read cve-assign
Re: CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor cve-assign

Monday, 15 February

CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability Stefan Cornelius
cloud-init follows symlinks for ssh authorized_keys Jason A. Donenfeld
Re: cloud-init follows symlinks for ssh authorized_keys Roman Drahtmueller
CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow Stelios Tsampas
Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) David Leo
Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) Solar Designer
Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability cve-assign
Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow cve-assign
Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) gremlin
CVE-2015-1776: Apache Hadoop MapReduce, disclosure of encrypted data Arun Suresh
CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service Amos Jeffries

Tuesday, 16 February

CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference P J P
CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function Florian Weimer
Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service cve-assign
Re: CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference cve-assign
Re: Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service Amos Jeffries
CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling P J P
Re: CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling cve-assign
Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble
Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign

Wednesday, 17 February

Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Florent Daigniere
Xen Security Advisory 154 (CVE-2016-2270) - x86: inconsistent cachability flags on guest mappings Xen . org security team
Xen Security Advisory 170 (CVE-2016-2271) - VMX: guest user mode may crash guest with non-canonical RIP Xen . org security team
Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) David Leo
Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities cve-assign
Feedback and mentoring (reviewer) for logdata-anomaly-miner Fiedler Roman
CVE Request: graphite-web: open redirect Manuel Mancera
Re: CVE Request: graphite-web: open redirect Manuel Mancera
Address Sanitizer local root Szabolcs Nagy
Re: Address Sanitizer local root Daniel Micay
Re: CVE Request: graphite-web: open redirect cve-assign
Re: Address Sanitizer local root Daniel Micay
Re: Address Sanitizer local root Konstantin Serebryany
CVE-2015-7521: Apache Hive authorization bug disclosure (update) Sushanth Sowmyan
Re: Address Sanitizer local root Daniel Micay
Re: CVE request - OkHttp Certificate Pining Bypass cve-assign
Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities Sandeep Kamble

Thursday, 18 February

Re: Address Sanitizer local root Hanno Böck
Re: Address Sanitizer local root Gynvael Coldwind
Re: Address Sanitizer local root Balint Reczey
Re: Address Sanitizer local root Robert Święcki
Re: CVE Request: graphite-web: open redirect Manuel Mancera
CVE requests for Drupal contributed modules (2016-006, 2016-007) Pere Orga
Re: Re: CVE request for wget Austin English
Re: Address Sanitizer local root Darren Martyn
Re: Re: Address Sanitizer local root Rich Felker
Re: Re: Address Sanitizer local root Gynvael Coldwind
Re: Address Sanitizer local root Daniel Micay

Friday, 19 February

CVE request: didiwiki path traversal vulnerability Ignace Mouzannar
Re: CVE request: didiwiki path traversal vulnerability cve-assign
Re: CVE request: didiwiki path traversal vulnerability Ignace Mouzannar
Re: CVE request: didiwiki path traversal vulnerability cve-assign
Re: Address Sanitizer local root Rich Felker
Re: Address Sanitizer local root Daniel Micay
CVE for nodejs hawk Kurt Seifried

Saturday, 20 February

Re: CVE for nodejs hawk cve-assign
CSRF Vulnerability in Refinery CMS Shravan Kumar
Multiple XSS vulnerabilities in Refinery CMS Shravan Kumar
Re: Multiple XSS vulnerabilities in Refinery CMS Solar Designer

Sunday, 21 February

[Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android Carlos Santana

Monday, 22 February

Re: CVE Request -- Buffer overflow in Python-Pillow and PIL Stefan Cornelius
Re: CVE Request -- Buffer overflow in Python-Pillow and PIL cve-assign
CVE request Qemu: usb: integer overflow in remote NDIS control message handling P J P
imagemagick: request for CVEs Brian May
php: stack overflow when decompressing tar archives Hans Jerry Illikainen
RE: [4-3801000010480] [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android security
CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets Salvatore Bonaccorso

Tuesday, 23 February

Access to /dev/pts devices via pt_chown and user namespaces halfdog
Re: Security bugs in Linux kernel sound subsystem Johannes Segitz
CVE Request: Linux kernel USB hub invalid memory access in hub_activate() Cornea, Alexandru
Re: Access to /dev/pts devices via pt_chown and user namespaces Solar Designer
Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin
Re: CVE request Qemu: usb: integer overflow in remote NDIS control message handling cve-assign
libssh/libssh2 bits and bytes confusion Kurt Seifried
libssh2 Truncated Difffie-Hellman secret length Daniel Stenberg
Re: Security bugs in Linux kernel sound subsystem cve-assign
RE: [4-3801000010480] [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android security
Re: CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets cve-assign
Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate() cve-assign
Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog
Re: Access to /dev/pts devices via pt_chown and user namespaces halfdog
Re: Access to /dev/pts devices via pt_chown and user namespaces Alan Coopersmith
User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs halfdog
Overlayfs over Fuse Privilege Escalation in USERNS halfdog
Aufs Union Filesystem Privilege Escalation In User Namespaces halfdog
Re: Access to /dev/pts devices via pt_chown and user namespaces Simon McVittie

Wednesday, 24 February

Re: Access to /dev/pts devices via pt_chown and user namespaces Dmitry V. Levin
CVE request: Squid HTTP Caching Proxy multiple denial of service issues Amos Jeffries
[Pixman] create_bits(): Cast the result of height * stride to size_t Gustavo Grieco
Re: CVE Request: Datafari Local File Disclosure Fried Wil
Re: [Pixman] create_bits(): Cast the result of height * stride to size_t cve-assign
CVE Request: bash-completion: dequote command injection Fernando Muñoz
Re: Access to /dev/pts devices via pt_chown and user namespaces Serge Hallyn
Re: php: stack overflow when decompressing tar archives cve-assign
CVE requests for Drupal core (SA-CORE-2016-001) Pere Orga
Re: CVE Request: bash-completion: dequote command injection Eric Blake
Re: CVE Request: bash-completion: dequote command injection Fernando Muñoz
Re: CVE Request: bash-completion: dequote command injection Kurt Seifried

Thursday, 25 February

CVE ID Request : Proxmox VE Insecure hostname checking (remote root exploit) Sysdream Labs
CVE ID Request : Centreon remote code execution Sysdream Labs
Re: CVE Request: bash-completion: dequote command injection John Haxby
Re: [Pixman] create_bits(): Cast the result of height * stride to size_t Alan Coopersmith
CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface Sysdream Labs
CVE Request: pkexec tty hijacking via TIOCSTI ioctl up201407890
CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Cantor, Scott
CVE request: reads out-of-bounds with cpio 2.11 Gustavo Grieco
RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Shivaprasad Sadashivappa
Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues cve-assign
Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl cve-assign

Friday, 26 February

Re: CVE request: reads out-of-bounds with cpio 2.11 cve-assign
Re: CVE request rtmpdump: the 6 vulnerabilities have been fixed Mark Felder
Partial SMAP bypass on 64-bit Linux kernels Andy Lutomirski
CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl up201407890

Saturday, 27 February

Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign
Re: Access to /dev/pts devices via pt_chown and user namespaces Jakub Wilk
AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki

Sunday, 28 February

Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov
Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot cve-assign
pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] Jann Horn
Re: pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] Aurelien Jarno
Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way cve-assign
CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Vladis Dronov
tidy-html5: read out-of-bounds in TextEndsWithNewline Gustavo Grieco
Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver cve-assign
Re: Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Vladis Dronov

Monday, 29 February

CVE request: Heap buffer overflow in pcretest Adam Maris
Java Deserialization continued, Analysis Tooling and (potentially) bypassing Application Level Filtering Moritz Bechler
[CVE-2016-2098] Possible remote code execution vulnerability in Action Pack Rafael Mendonça França
[CVE-2016-2097] Possible Information Leak Vulnerability in Action View. Rafael Mendonça França
Re: CVE request: Heap buffer overflow in pcretest cve-assign

Tuesday, 01 March

CVE request Qemu: OOB access in address_space_rw leads to segmentation fault P J P
CVE Request: Linux: aio write triggers integer overflow in some network protocols Salvatore Bonaccorso
CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov
[ANNOUNCE] Django security releases issued: 1.9.3 and 1.8.10 Tim Graham
CVE's for SSLv2 support Kurt Seifried
Re: CVE's for SSLv2 support Loganaden Velvindron
Re: CVE's for SSLv2 support Grant Ridder
Re: CVE's for SSLv2 support gremlin
Re: CVE's for SSLv2 support Stuart Henderson
Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault cve-assign
Re: CVE's for SSLv2 support cve-assign
Re: CVE's for SSLv2 support Kurt Seifried
Re: CVE's for SSLv2 support cve-assign
Re: CVE's for SSLv2 support Kurt Seifried
Re: Re: CVE's for SSLv2 support Tim
CVE request: Kryo (Java serialization API) Arshan Dabirsiaghi
Re: Re: CVE's for SSLv2 support Seth Arnold
Re: CVE's for SSLv2 support cve-assign
Re: Re: CVE's for SSLv2 support Kurt Seifried
Re: Re: CVE's for SSLv2 support Bob Beck
Re: Re: CVE's for SSLv2 support Kurt Seifried
Re: Re: CVE's for SSLv2 support Bob Beck

Wednesday, 02 March

CVE Request(s): VTigerCRM and SugarCRM Darren Martyn
Re: Re: CVE's for SSLv2 support Steve Grubb
[CVE-2015-7520] Apache Wicket XSS vulnerability Martin Grigorov
CVE request Qemu: net: ne2000: infinite loop in ne2000_receive P J P
Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols cve-assign
Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes cve-assign
Re: Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov
Re: CVE Requests: Aufs Union Filesystem Privilege Escalation In User Namespaces Tyler Hicks
CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver Tyler Hicks
Re: CVE request Qemu: net: ne2000: infinite loop in ne2000_receive cve-assign
Mitre, reserved CVEs and oss-security? Paul Wise
Re: Mitre, reserved CVEs and oss-security? Kurt Seifried

Thursday, 03 March

According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Georgi Guninski
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Adam D. Barratt
Exim CVE-2016-1531 fixed Heiko Schlittermann
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Cord Beermann
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Hanno Böck
CVE request Qemu: net: out of bounds read in net_checksum_calculate P J P
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Georgi Guninski
CVE-2004-0230 additions and Linux Kernel fix Marcus Meissner
Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116) Tyler Hicks
Re: According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus Luca Filipozzi

Friday, 04 March

CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption P J P
tidy-html5: infinite loop parsing an html file Gustavo Grieco
CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) Pere Orga
Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion
RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Mike Prosser
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W.

Saturday, 05 March

Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies mark
CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement Salvatore Bonaccorso
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Larry Cashdollar
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tavis Ormandy
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer
Cgit XSS "vulnerability" has no CVE? Peter Bex
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer
Re: Missing fixes for CVEs in upstream dcraw Charlemagne Lasse
Re: [exact-image] Missing fixes for CVEs in upstream dcraw René Rebe
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies gremlin

Sunday, 06 March

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Rahul Pratap Singh
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies me
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Robert Paprocki
Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes cve-assign
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith
Transmission BT 2.90 Mac malware. Website compromised? Elad Alfassa
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Gsunde Orangen
Re: Aufs Union Filesystem Privilege Escalation In User Namespaces cve-assign
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Amos Jeffries
Re: Access to /dev/pts devices via pt_chown and user namespaces cve-assign
Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate cve-assign
Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption cve-assign
Re: CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement cve-assign

Monday, 07 March

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Markus Vervier
Re: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Vladis Dronov
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Simon Ward
CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró
RE: [security-vendor] Re: [oss-security] Concerns about CVE coverage shrinking - direct impact to researchers/companies Radzykewycz, T (Radzy)
CVE Replacement Via Blockchains (was: Concerns about CVE coverage shrinking - direct impact to researchers/companies) Tim
Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld
Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld
Re: Cgit XSS "vulnerability" has no CVE? Peter Bex
Re: Cgit XSS "vulnerability" has no CVE? Jason A. Donenfeld
CVE-2016-1234 in glibc glob with GLOB_ALTDIRFUNC Florian Weimer
ISC DHCP vulnerability CVE-2016-2774 is now public ISC Security Officer
Distributed Weakness Filing (DWF) System distributed weaknessfiling

Tuesday, 08 March

Re: CVE Request : Use-after-free in accel-ppp FEIST Josselin
CVE request: simpleSAMLphp 1.14 information leakage Hoz de la Hoz Enrique de la
[OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140) Tristan Cacqueray
Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140) Tristan Cacqueray

Wednesday, 09 March

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim Brown
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr" X41 D-Sec GmbH Advisories
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Reed Loden
Heap use after free in Pidgin-OTR plugin Hanno Böck
ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088) Jeremy C. Reed
RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Boyle, Stephen V.
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Re: Heap use after free in Pidgin-OTR plugin cve-assign
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez
[OSSA 2016-007.1] Nova host data leak through resize/migration (CVE-2016-2140) ERRATA Tristan Cacqueray
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith

Thursday, 10 March

CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Marcus Meissner
CVE Request: PHP last release security issues Marcus Meissner
RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies John Scott
Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Steve Beattie
OpenSSH Security Advisory: xauth command injection Damien Miller
Announce: Portable OpenSSH 7.2p2 released Damien Miller
[ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon
[ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking Christopher Shannon
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez
please assign CVE for cacti bug 2667: SQL Injection Vulnerability Paul Gevers
Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Timothy D. Morgan
Re: Announce: Portable OpenSSH 7.2p2 released cve-assign
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Zach W.
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion
debbugs for cve-assign () mitre org? Paul Wise
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies halfdog

Friday, 11 March

ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck
Re: Re: Announce: Portable OpenSSH 7.2p2 released Gsunde Orangen
CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver) Vladis Dronov
CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver) Vladis Dronov
CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver) Vladis Dronov
CVE request -- linux kernel: crash on invalid USB device descriptors (wacom driver) Vladis Dronov
CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver) Vladis Dronov
WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez
Several out of bounds reads in ProFTPD Hanno Böck
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Kurt Seifried
Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters cve-assign
Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck
two udhcpc (busybox) issues Nico Golde
Re: Several out of bounds reads in ProFTPD Moritz Mühlenhoff

Saturday, 12 March

Re: CVE request: XSS in WP Super Cache < 1.4.3 Henri Salo

Sunday, 13 March

CVE Request: PHP-5.5.33: Use after free in WDDX Deserialize when processing XML data Dmitry Kasyanov
CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile Dmitry Kasyanov
Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption cve-assign
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver) cve-assign
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver) cve-assign
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver) cve-assign
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (wacom driver) cve-assign
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver) cve-assign
Re: CVE Request: PHP-5.5.33: Use after free in WDDX Deserialize when processing XML data cve-assign
Re: CVE Request: PHP-5.5.33: Out-of-Bound Read in phar_parse_zipfile cve-assign
CVE-Request - GNU Awk. Steve Kemp

Monday, 14 March

CVE request Loganaden Velvindron
Re: CVE request Marcus Meissner
CVE request - OpenJPEG : Out-Of-Bounds Read in opj_tcd_free_tile function 刘科
CVE request - OpenJPEG : Heap Corruption in opj_free function 刘科
CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function 刘科
Re: CVE-Request - GNU Awk. Tomas Hoger
Re: WebKitGTK+ Security Advisory WSA-2016-0002 Tomas Hoger
Re: CVE-Request - GNU Awk. Steve Kemp
Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy
Re: Re: CVE-Request - GNU Awk. Kurt Seifried
Re: WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez
Re: Re: CVE-Request - GNU Awk. Bob Friesenhahn
CVE request: DoS vulnerability in Ruby gem Paperclip Bart de Water

Tuesday, 15 March

Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró
CVE request - SPIP: 2 vulnerabilities Sébastien Delafond
CVE request: ipv4: Don't do expensive useless work during inetdev destroy Vasily Averin
Re: CVE request - SPIP: 2 vulnerabilities cve-assign
server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished cve-2016-2324 and cve-2016-2315) Solar Designer
Re: CVE request: ipv4: Don't do expensive useless work during inetdev destroy cve-assign
Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability Tim Zingelman
[ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases Romain Manni-Bucau
Re: CVE requests for Drupal core (SA-CORE-2016-001) cve-assign
Re: please assign CVE for cacti bug 2667: SQL Injection Vulnerability cve-assign
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Tyler Hicks
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier

Wednesday, 16 March

Re: Re: Announce: Portable OpenSSH 7.2p2 released Tomas Hoger
CVE Request : Use-after-free in gifcolor FEIST Josselin
CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO Justin Yackoski
Re: Exploitability of Git's CVE-2016-2315 Laël Cellier
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier
Re: Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Kurt Seifried
Re: CVE request: ipv4: Don't do expensive useless work during inetdev destroy Vladis Dronov
Re: CVE Request : Use-after-free in gifcolor cve-assign
Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness cve-assign
Xen Security Advisory 171 (CVE-2016-3157) - I/O port access privilege escalation in x86-64 Linux Xen . org security team
Re: CVE request - OpenJPEG : Out-Of-Bounds Read in opj_tcd_free_tile function cve-assign
Re: CVE request - OpenJPEG : Heap Corruption in opj_free function cve-assign
Re: CVE request - OpenJPEG : Out-Of-Bounds Read in sycc422_to_rgb function cve-assign
Re: CVE Request: PHP last release security issues cve-assign
Three CVE requests for PHP Moritz Muehlenhoff
Re: Three CVE requests for PHP cve-assign

Thursday, 17 March

Re: CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) cve-assign
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Derek Mahar
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon
[cairo] Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans Gustavo Grieco
Re: [cairo] Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans cve-assign
Re: Re: Three CVE requests for PHP Moritz Muehlenhoff

Friday, 18 March

Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315) Laël Cellier
Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki
Re: expat hash collision fix too predictable? Sebastian Pipping

Sunday, 20 March

moodle security release Marina Glancy

Monday, 21 March

CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode Gustavo Grieco
Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode cve-assign
Re: Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode Murphy, Grant

Tuesday, 22 March

Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Scotty Bauer
Re: Re: CVE Request: PHP last release security issues Tyler Hicks
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Daniel Micay

Wednesday, 23 March

Remaining CVE IDs for Drupal contributed modules (2014) Pere Orga

Friday, 25 March

[CVE-2016-0783] Predictable password reset token Maxim Solodovnik
[CVE-2016-0784] ZIP file path traversal Maxim Solodovnik
[CVE-2016-2163] Stored Cross Site Scripting in Event description Maxim Solodovnik
[CVE-2016-2164] Arbitrary file read via SOAP API Maxim Solodovnik
Re: CVE Request: PHP last release security issues cve-assign
[ANNOUNCE] Linux Security Summit 2016 - CFP James Morris
Re: [ANNOUNCE] Linux Security Summit 2016 - CFP Solar Designer
CVE request - XStream: XXE vulnerability Jörg Schaible

Saturday, 26 March

CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Salvatore Bonaccorso
Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption Solar Designer

Sunday, 27 March

Re: older fuseiso stuff Salvatore Bonaccorso
Re: CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used Salvatore Bonaccorso

Monday, 28 March

Re: CVE request - XStream: XXE vulnerability cve-assign
Re: CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used cve-assign
CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2 Velmurugan Periasamy
CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch Ben Pfaff

Tuesday, 29 March

Xen Security Advisory 172 (CVE-2016-3158,CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround Xen . org security team
Re: Partial SMAP bypass on 64-bit Linux kernels Salvatore Bonaccorso
CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Hugues ANGUELKOV
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Yves-Alexis Perez
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger
Re: older fuseiso stuff cve-assign

Wednesday, 30 March

Two flaws - libjpeg and libtiff Huzaifa Sidhpurwala
CVE-2016-2385 Kamailio SEAS module heap buffer overflow Stelios Tsampas
CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver) Vladis Dronov
[OSSA 2016-007.2] Nova host data leak through resize/migration (CVE-2016-2140) ERRATA #2 Tristan Cacqueray
Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver) cve-assign
Re: Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround Yuriy M. Kaminskiy
CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco
Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco
Re: Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Seth Arnold
Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files cve-assign
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Theodore Ts'o

Thursday, 31 March

CVE-2016-2100: Foreman private bookmarks can be viewed and edited Dominic Cleal
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Eric Sandeen
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Kurt Seifried
ext4 data corruption due to punch hole races Johannes Segitz
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Hugues ANGUELKOV
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Andreas Dilger
Re: CVE Request - Linux kernel (multiple versions) ext2/ext3 filesystem DoS Theodore Ts'o
WebKitGTK+ Security Advisory WSA-2016-0003 Carlos Alberto Lopez Perez
CVE Clarification: Mysqlnd / CVE-2015-3152 Seth Arnold
Re: Partial SMAP bypass on 64-bit Linux kernels cve-assign
Re: Re: Partial SMAP bypass on 64-bit Linux kernels Steve Grubb
Re: CVE Clarification: Mysqlnd / CVE-2015-3152 cve-assign
Re: Re: Partial SMAP bypass on 64-bit Linux kernels P J P
CVE Request - Multiple remote command injection vulnerabilities in Veil-Evasion RPC Brian Wallace

Previous period

Next period