oss-sec: by author
RSS Feed
About List
All Lists
Previous period
701 messages
starting Feb 10 17 and
ending Feb 13 17
Date index |
Thread index |
Author index
Adam Caudill
Re: MITRE is adding data intake to its CVE ID process Adam Caudill (Feb 10)
Adam Maris
CVE request for two input validation flaws in gtk-vnc Adam Maris (Feb 03)
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)
Adrien Nader
Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Adrien Nader (Jan 25)
Agostino Sarubbo
Re: podofo: NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) Agostino Sarubbo (Mar 13)
podofo: NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) Agostino Sarubbo (Mar 02)
jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo (Jan 25)
audiofile: heap-based buffer overflow in readValue (FileHandle.cpp) Agostino Sarubbo (Feb 26)
mp3splt: NULL pointer dereference in main (mp3splt.c) Agostino Sarubbo (Jan 29)
another bunch of crashes in podofo Agostino Sarubbo (Mar 02)
Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) Agostino Sarubbo (Mar 13)
Re: mupdf: mujstest: global-buffer-overflow in my_getline (jstest_main.c) Agostino Sarubbo (Mar 13)
mp3splt: invalid free in free_options (options_manager.c) Agostino Sarubbo (Jan 29)
imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862 and CVE-2016-8866) Agostino Sarubbo (Mar 28)
Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Agostino Sarubbo (Mar 13)
pax-utils: dumpelf: multiple divide-by-zero in dumpelf.c Agostino Sarubbo (Feb 04)
Re: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) Agostino Sarubbo (Mar 13)
libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) Agostino Sarubbo (Mar 20)
libtiff: NULL pointer dereference in TIFFReadRawData (tiffinfo.c) Agostino Sarubbo (Jan 01)
zziplib: out of bounds read in zzip_mem_entry_new (memdisk.c) Agostino Sarubbo (Feb 09)
podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) Agostino Sarubbo (Feb 03)
zziplib: assertion failure in seeko.c Agostino Sarubbo (Feb 09)
pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) Agostino Sarubbo (Feb 01)
zziplib: NULL pointer dereference in prescan_entry (fseeko.c) Agostino Sarubbo (Feb 09)
Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo (Mar 24)
podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) Agostino Sarubbo (Feb 01)
Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)
podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) Agostino Sarubbo (Mar 02)
Re: potrace: heap-based buffer overflow in bm_readbody_bmp (bitmap_io.c) (incomplete fix for CVE-2016-8698) Agostino Sarubbo (Mar 26)
pax-utils: dumpelf: two invalid memory read in dumpelf.c Agostino Sarubbo (Feb 04)
podofo: NULL pointer dereference in PoDoFo::PdfColor::operator= (PdfColor.cpp) Agostino Sarubbo (Mar 02)
audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) Agostino Sarubbo (Feb 26)
podofo: heap-based buffer overflow in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo (Mar 02)
libtiff: memcpy-param-overlap in t2p_tile_collapse_left (tiff2pdf.c) Agostino Sarubbo (Jan 01)
jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Agostino Sarubbo (Jan 25)
podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo (Feb 01)
jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 16)
Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)
audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) Agostino Sarubbo (Feb 26)
jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 16)
zziplib: NULL pointer dereference in main (unzzipcat.c) Agostino Sarubbo (Feb 09)
Re: CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Agostino Sarubbo (Mar 16)
podofo: NULL pointer dereference in PoDoFo::PdfXObject::PdfXObject (PdfXObject.cpp) Agostino Sarubbo (Mar 02)
audiofile: multiple ubsan crashes Agostino Sarubbo (Feb 26)
Re: Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Jan 01)
zziplib: heap-based buffer overflow in __zzip_get32 (fetch.c) Agostino Sarubbo (Feb 09)
pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) Agostino Sarubbo (Feb 25)
gnu-paxutils: multiple crashes Agostino Sarubbo (Feb 25)
Re: gnu-paxutils: multiple crashes Agostino Sarubbo (Feb 26)
Re: audiofile: multiple ubsan crashes Agostino Sarubbo (Mar 13)
zziplib: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) Agostino Sarubbo (Feb 09)
Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Mar 25)
Re: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) Agostino Sarubbo (Mar 13)
podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) Agostino Sarubbo (Mar 02)
libpcre: invalid memory read in phar (pcretest.c) Agostino Sarubbo (Mar 20)
Re: libtiff: multiple divide-by-zero Agostino Sarubbo (Mar 25)
Re: mupdf: use-after-free in fz_subsample_pixmap (pixmap.c) Agostino Sarubbo (Mar 26)
Re: mp3splt: NULL pointer dereference in main (mp3splt.c) Agostino Sarubbo (Feb 02)
Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo (Mar 13)
Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo (Jan 17)
podofo: NULL pointer dereference in PdfOutputStream.cpp Agostino Sarubbo (Feb 01)
Re: elfutils: memory allocation failure in allocate_elf (common.h) Agostino Sarubbo (Mar 22)
libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo (Mar 20)
zziplib: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) Agostino Sarubbo (Feb 09)
libtiff: invalid memory READ in t2p_writeproc (tiff2pdf.c) Agostino Sarubbo (Jan 01)
Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo (Mar 06)
audiofile: global buffer overflow in decodeSample (IMA.cpp) Agostino Sarubbo (Feb 26)
Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 09)
Re: audiofile: global buffer overflow in decodeSample (IMA.cpp) Agostino Sarubbo (Mar 13)
podofo: global buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo (Mar 02)
libpcre: NULL pointer dereference in main (pcretest.c) Agostino Sarubbo (Mar 20)
potrace: heap-based buffer overflow in bm_readbody_bmp (bitmap_io.c) (incomplete fix for CVE-2016-8698) Agostino Sarubbo (Mar 03)
podofo: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo (Mar 02)
audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) Agostino Sarubbo (Feb 26)
Re: Re: jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 17)
mp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c) Agostino Sarubbo (Jan 29)
jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo (Jan 16)
jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo (Jan 16)
pax-utils: dumpelf: out of bounds read in dump_notes (dumpelf.c) Agostino Sarubbo (Feb 04)
audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) Agostino Sarubbo (Feb 26)
libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) Agostino Sarubbo (Jan 01)
audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) Agostino Sarubbo (Feb 26)
mupdf: use-after-free in fz_subsample_pixmap (pixmap.c) Agostino Sarubbo (Feb 10)
Re: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp) Agostino Sarubbo (Mar 13)
podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo (Mar 02)
libtiff: multiple divide-by-zero Agostino Sarubbo (Jan 01)
audiofile: multiple crashes Agostino Sarubbo (Feb 26)
Re: podofo: heap-based buffer overflow in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo (Mar 13)
mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 06)
Re: jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Agostino Sarubbo (Mar 13)
zziplib: NULL pointer dereference in main (unzzipcat-mem.c) Agostino Sarubbo (Feb 09)
podofo: multiple crashes Agostino Sarubbo (Feb 01)
Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) Agostino Sarubbo (Mar 13)
Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) Agostino Sarubbo (Mar 13)
Re: jasper: NULL pointer dereference in jpc_tsfb_synthesize (jpc_tsfb.c) Agostino Sarubbo (Mar 13)
zziplib: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) Agostino Sarubbo (Feb 09)
Re: jasper: use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) Agostino Sarubbo (Mar 13)
audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp) Agostino Sarubbo (Feb 26)
Re: libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) Agostino Sarubbo (Mar 24)
pax-utils: scanelf: out of bounds read in scanelf_file_textrel (scanelf.c) Agostino Sarubbo (Feb 01)
Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
Re: podofo: global buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo (Mar 13)
libtiff: multilple crashes Agostino Sarubbo (Jan 01)
audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) Agostino Sarubbo (Feb 26)
zziplib: heap-based buffer overflow in __zzip_get64 (fetch.c) Agostino Sarubbo (Feb 09)
podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo (Mar 02)
libtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c) Agostino Sarubbo (Jan 01)
Re: elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c) Agostino Sarubbo (Mar 22)
podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) Agostino Sarubbo (Feb 01)
libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Jan 01)
Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) Agostino Sarubbo (Mar 13)
Re: podofo: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo (Mar 13)
Re: jasper: heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) Agostino Sarubbo (Mar 13)
Re: potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo (Feb 27)
mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo (Feb 18)
zziplib: load of misaligned address in memdisk.c Agostino Sarubbo (Feb 09)
mp3splt: NULL pointer dereference in free_options (options_manager.c) Agostino Sarubbo (Feb 01)
jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c) Agostino Sarubbo (Jan 25)
libpcre: invalid memory read in match (pcre_exec.c) Agostino Sarubbo (Mar 20)
Re: podofo: NULL pointer dereference in PoDoFo::PdfXObject::PdfXObject (PdfXObject.cpp) Agostino Sarubbo (Mar 13)
audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) Agostino Sarubbo (Feb 26)
Re: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) Agostino Sarubbo (Mar 13)
Re: podofo: NULL pointer dereference in PoDoFo::PdfColor::operator= (PdfColor.cpp) Agostino Sarubbo (Mar 13)
libpcre: heap-based bufffer overflow in regexflip8_or_16 (pcretest.c) Agostino Sarubbo (Mar 20)
A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 09)
podofo: signed integer overflow in PdfParser.cpp Agostino Sarubbo (Feb 01)
Re: podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) Agostino Sarubbo (Feb 02)
Re: podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo (Mar 13)
mupdf: NULL pointer dereference in dodrawpage Agostino Sarubbo (Feb 06)
Re: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) Agostino Sarubbo (Mar 13)
Re: podofo: multiple crashes Agostino Sarubbo (Feb 01)
Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Agostino Sarubbo (Feb 01)
Re: Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo (Jan 17)
Re: mupdf: mujstest: global-buffer-overflow in main (jstest_main.c) Agostino Sarubbo (Mar 13)
Re: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo (Mar 13)
Ailin Nemui
Irssi 1.0.0 minor remote memory leak Ailin Nemui (Feb 05)
Re: CVE Request: Irssi use after free in netjoin condition (2017/03) Ailin Nemui (Mar 20)
CVE Request: Irssi use after free in netjoin condition (2017/03) Ailin Nemui (Mar 11)
CVE Request: Irssi out of bounds read in format string Ailin Nemui (Jan 12)
CVE Request: Irssi Multiple Vulnerabilities (2017/01) Ailin Nemui (Jan 05)
Re: Irssi 1.0.0 minor remote memory leak Ailin Nemui (Feb 05)
Akira Ajisaka
[SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka (Jan 09)
Alan Coopersmith
Re: CVE-2016-3631 - libtiff 4.0.6 illegel read Alan Coopersmith (Mar 18)
Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 23)
Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 21)
Albert Astals Cid
kio vulnerability: need CVE Albert Astals Cid (Feb 28)
ark vulnerability: need CVE Albert Astals Cid (Jan 09)
Alexander E. Patrakov
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)
Alexander Popov
Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 07)
Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 08)
Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 30)
Amos Jeffries
Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
Andreas Stieger
CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Andreas Stieger (Jan 10)
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Andreas Stieger (Feb 03)
CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8 Andreas Stieger (Jan 10)
Re: Docker 1.12.6 - Security Advisory Andreas Stieger (Jan 11)
Re: Re: CVE request: linux kernel - local DoS with cgroup offline code Andreas Stieger (Jan 27)
Andrey Konovalov
Fwd: [scr293903] Linux kernel - upstream Andrey Konovalov (Feb 12)
CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (Mar 31)
Re: Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) Andrey Konovalov (Feb 26)
Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) Andrey Konovalov (Feb 22)
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (Mar 31)
CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() Andrey Konovalov (Feb 06)
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Andrey Konovalov (Mar 24)
Andy LoPresto
[ANNOUNCE] CVE-2017-5635 and CVE-2017-5636 Andy LoPresto (Mar 07)
Anthony Sasadeusz
CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Mar 05)
Re: JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Mar 07)
Ariel Zelivanski
CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivanski (Feb 21)
Ariel Zelivansky
Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky (Feb 26)
Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky (Feb 23)
Assaf Gordon
Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon (Feb 23)
Re: gnu-paxutils: multiple crashes Assaf Gordon (Feb 25)
Bálint Réczey
CVE request: Use after free in libmysqlclient.so (was: Re: Use after free in libmysqlclient.so) Bálint Réczey (Feb 01)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey (Feb 23)
Ben Tasker
RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
Bob Friesenhahn
GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 23)
Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 24)
Re: Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 28)
Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
Brad Spengler
Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Brad Spengler (Jan 20)
Brandon Perry
Re: Multiple issues in OpenH264 1.5.1 Brandon Perry (Jan 01)
Multiple issues in OpenH264 1.5.1 Brandon Perry (Jan 01)
Brian May
Re: Dealing with CVEs that apply to unspecified package versions Brian May (Mar 18)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2017-0001 Carlos Alberto Lopez Perez (Jan 17)
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
WebKitGTK+ Security Advisory WSA-2017-0002 Carlos Alberto Lopez Perez (Feb 10)
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
Carlos Martín Nieto
Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Carlos Martín Nieto (Jan 11)
Casper Thomsen
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Casper Thomsen (Jan 12)
Cedric Buissart
CVE-2017-2591 389 Directory Server: DoS via OOB heap read in "attribute uniqueness" plugin Cedric Buissart (Jan 18)
freeIPA CVEs CVE-2016-9575 (insufficient permission check) & CVE-2016-7030 (DoS) Cedric Buissart (Jan 02)
pcs: CVE-2017-2661 Improper node name field validation when creating clusters leads to XSS Cedric Buissart (Mar 23)
subscription-manager: CVE-2017-2663 unsafe dbus interface Cedric Buissart (Mar 21)
Cesar Pereida Garcia
CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Cesar Pereida Garcia (Jan 10)
Christian Boltz
CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz (Feb 07)
Re: CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz (Feb 08)
chunibalon
CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon (Jan 30)
CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon (Jan 30)
CVE-2017-2581, CVE-2017-2579, CVE-2017-2580, CVE-2017-2586, CVE-2017-2587: Multiple vulnerabilities in netpbm chunibalon (Feb 05)
Craig Small
CVE Request: Wordpress: 8 security issues in 4.7 Craig Small (Jan 13)
CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Craig Small (Mar 07)
Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Craig Small (Mar 11)
Fwd: [scr305104] wordpress before 4.7.3 Craig Small (Mar 12)
cve-assign
Re: MITRE is adding data intake to its CVE ID process cve-assign (Feb 17)
Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules cve-assign (Feb 08)
Re: podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) cve-assign (Feb 01)
Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 10)
Re: podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) cve-assign (Feb 01)
Re: CVE request virglrenderer: null pointer dereference in vrend_clear cve-assign (Feb 08)
Re: Please assign CVE to PageKit Remote Password Reset Vulnerability cve-assign (Jan 25)
Re: Firejail local root exploit cve-assign (Jan 07)
Re: CVE Request - Samsung Exynos GPU driver OOB read cve-assign (Jan 19)
Re: CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter cve-assign (Jan 17)
Re: CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing cve-assign (Feb 08)
Re: wavpack: multiple out of bounds memory reads cve-assign (Jan 28)
Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests cve-assign (Feb 07)
Re: CVE request Qemu: audio: memory leakage in es1370 device cve-assign (Jan 18)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash cve-assign (Jan 20)
Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)
Re: CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) cve-assign (Feb 01)
Re: Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. cve-assign (Jan 28)
Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) cve-assign (Jan 01)
Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues cve-assign (Feb 04)
Re: podofo: multiple crashes cve-assign (Feb 01)
Re: CVE request: GNU screen escalation cve-assign (Jan 29)
Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 10)
Re: CVE Request: Irssi out of bounds read in format string cve-assign (Jan 12)
Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref cve-assign (Feb 01)
Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues cve-assign (Jan 28)
Re: CVE Request: Plone Sandbox escape vulnerability cve-assign (Jan 18)
Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write cve-assign (Jan 12)
Re: CVE requests: OpenBSD httpd - 2 DoS cve-assign (Feb 01)
Re: MITRE is adding data intake to its CVE ID process cve-assign (Feb 10)
Re: mp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c) cve-assign (Jan 31)
Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm cve-assign (Jan 17)
MITRE is adding data intake to its CVE ID process cve-assign (Feb 08)
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read cve-assign (Feb 04)
Re: CVE request Kernel: kvm: use-after-free issue while creating devices cve-assign (Jan 19)
Re: CVE request Virglrenderer: OOB access while parsing texture instruction cve-assign (Jan 25)
Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) cve-assign (Jan 16)
Re: CVE Request: ffmpeg remote exploitaion results code execution cve-assign (Feb 01)
Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing cve-assign (Jan 20)
Re: CVE request Weblate: information disclosure in password reset form cve-assign (Jan 19)
Re: CVE Request: two flaws in hesiod permitting privilege elevation cve-assign (Jan 20)
Re: invalid free in GNU ed before 1.14.1 cve-assign (Jan 12)
Re: CVE request: XSS in viewvc cve-assign (Feb 08)
Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors cve-assign (Jan 16)
Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" cve-assign (Jan 12)
Re: CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() cve-assign (Feb 06)
Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing cve-assign (Jan 25)
Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion cve-assign (Feb 07)
Re: CVE request: rubygem minitar: directory traversal vulnerability cve-assign (Jan 29)
Re: mp3splt: invalid free in free_options (options_manager.c) cve-assign (Jan 31)
Re: Firejail local root exploit cve-assign (Jan 04)
Re: podofo: NULL pointer dereference in PdfOutputStream.cpp cve-assign (Feb 01)
Re: SSRF issue in the svgsalamander library cve-assign (Jan 29)
Re: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r cve-assign (Feb 01)
Re: mp3splt: NULL pointer dereference in free_options (options_manager.c) cve-assign (Feb 01)
Re: Bugs fixed in libevent 2.1.6 cve-assign (Feb 01)
Re: CVE Request - Remote DoS vulnerabilities in BitlBee cve-assign (Jan 31)
Re: CVE Request: pcsc-lite use-after-free and double-free cve-assign (Jan 03)
Re: CVE request Qemu: audio: memory leakage in ac97 device cve-assign (Jan 18)
Re: Requesting CVE for calibre file disclosure cve-assign (Jan 31)
Re: CVE Requests: libgd: potential unsigned onderflow, denial-of-service in gdImageCreateFromGd2Ctx and signed overflow in gd_io.c cve-assign (Jan 28)
Re: CVE Request: Wordpress: 8 security issues in 4.7 cve-assign (Jan 14)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel cve-assign (Jan 20)
Re: CVE request: PostfixAdmin allows to delete protected aliases cve-assign (Feb 07)
Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) cve-assign (Jan 16)
Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 cve-assign (Jan 10)
Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early cve-assign (Feb 04)
Re: CVE request: multiples vulnerabilities in Revive Adserver cve-assign (Feb 01)
Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest cve-assign (Feb 06)
Re: Firejail local root exploit cve-assign (Jan 07)
Re: CVE Request: libXpm < 3.5.12 heap overflow cve-assign (Jan 25)
Re: CVE request: multiples vulnerabilities in libplist cve-assign (Feb 01)
Re: CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow cve-assign (Jan 24)
Re: CVE request Virglrenderer: host memory leakage when creating decode context cve-assign (Jan 25)
Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)
Re: jasper: multiple crashes with UBSAN cve-assign (Jan 16)
Re: [tigervnc-announce] TigerVNC 1.7.1 cve-assign (Jan 25)
Re: CVE request for two input validation flaws in gtk-vnc cve-assign (Feb 04)
Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) cve-assign (Jan 16)
Re: CVE request: cgiemail multiple vulnerabilities cve-assign (Jan 28)
Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd cve-assign (Feb 01)
Re: podofo: signed integer overflow in PdfParser.cpp cve-assign (Feb 01)
Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 08)
Re: Firejail local root exploit cve-assign (Jan 06)
Re: jasper: multiple crashes with UBSAN cve-assign (Jan 17)
Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile cve-assign (Jan 25)
Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation cve-assign (Jan 25)
Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 19)
Re: libtiff: multiple heap-based buffer overflow cve-assign (Jan 01)
Re: CVE Request: s-nail local root cve-assign (Feb 06)
Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8 cve-assign (Jan 10)
Re: Firejail local root exploit cve-assign (Jan 06)
Re: ark vulnerability: need CVE cve-assign (Jan 09)
Re: Multiple memory access issues in gstreamer cve-assign (Feb 01)
Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01) cve-assign (Jan 06)
Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb cve-assign (Jan 20)
Re: podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) cve-assign (Feb 04)
Damien Regad
Advisory: XSS in MantisBT Source Integration Plugin (CVE-2017-6958) Damien Regad (Mar 17)
Advisory: XSS issues in MantisBT (CVE-2017-6797, CVE-2017-6799) Damien Regad (Mar 10)
Advisory: XSS issues in MantisBT (CVE-2017-6973, CVE-2017-7241, CVE-2017-7309) Damien Regad (Mar 30)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Feb 01)
Jenkins plugins -- multiple vulnerabilities Daniel Beck (Mar 20)
Daniel Kahn Gillmor
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Daniel Kahn Gillmor (Jan 13)
Daniel Micay
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
Daniel Stenberg
[SECURITY ADVISORY]: curl SSL_VERIFYSTATUS ignored Daniel Stenberg (Feb 21)
Dan McDonald
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)
Dan Williams
Security issue in Linux kernel (v4.5+) persistent memory enabling Dan Williams (Mar 07)
Dave Null
Re: information about pwn2own Kernel problem Dave Null (Mar 23)
David Manouchehri
Re: FW: [DSA 3775-1] tcpdump security update] David Manouchehri (Jan 30)
Re: CVE request: sunxi-debug (root privilege escalation in Allwinner kernel) David Manouchehri (Feb 15)
Dawid Golunski
Re: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Dawid Golunski (Feb 17)
Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski (Jan 13)
dequis
CVE Request - Remote DoS vulnerabilities in BitlBee dequis (Jan 30)
Dileep Kumar
CVE Request: MUJS null pointer dereference and Heap buffer overflow write Dileep Kumar (Jan 12)
Dominic Cleal
CVE-2016-7078: Foreman organization/location authorization vulnerability Dominic Cleal (Feb 22)
Dominik Stadler
CVE-2017-5644 - Possible DOS (Denial of Service) in Apache POI versions prior to 3.15 Dominik Stadler (Mar 20)
Don A. Bailey
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Don A. Bailey (Mar 16)
Doran Moppert
Re: CVE request: XXE in Openpyxl Doran Moppert (Feb 07)
Re: Re: CVE request: XXE in Openpyxl Doran Moppert (Feb 13)
three issues in xorg (CVE-2016-2624, CVE-2016-2625, CVE-2016-2626) Doran Moppert (Feb 28)
CVE Request: two flaws in hesiod permitting privilege elevation Doran Moppert (Jan 19)
Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert (Jan 18)
spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer overflow from crafted messages Doran Moppert (Feb 22)
CVE request: lcms2 heap OOB read parsing crafted ICC profile Doran Moppert (Jan 22)
Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert (Jan 10)
Re: three issues in xorg (CVE-*2017*-2624, CVE-*2017*-2625, CVE-*2017*-2626) Doran Moppert (Feb 28)
Egidio Romano
[KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability Egidio Romano (Feb 06)
Emilio Pozuelo Monfort
Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Emilio Pozuelo Monfort (Mar 07)
Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Emilio Pozuelo Monfort (Mar 06)
Re: CVE Request: Irssi use after free in netjoin condition (2017/03) Emilio Pozuelo Monfort (Mar 12)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort (Feb 23)
Eric Dumazet
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Eric Dumazet (Mar 24)
Eyal Itkin
CVE publication request - CVE 2016-8636 Eyal Itkin (Feb 11)
Fabio Olive Leite
Re: MITRE is adding data intake to its CVE ID process Fabio Olive Leite (Feb 16)
Florian Weimer
Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)
CVE-2016-10228: glibc iconv program can hang when invoked with the -c option Florian Weimer (Mar 01)
FOXMOLE Advisories
[FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues FOXMOLE Advisories (Feb 02)
inoERP - Multiple Issues FOXMOLE Advisories (Mar 27)
George Dunlap
Re: [Xen-devel] [Xen-users] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy George Dunlap (Feb 13)
Georg Lukas
CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability Georg Lukas (Feb 09)
Greg KH
Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 20)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH (Jan 20)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH (Jan 20)
Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 19)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH (Jan 20)
Greg Kurz
Re: CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem Greg Kurz (Jan 17)
Guido Berhoerster
Re: MITRE is adding data intake to its CVE ID process Guido Berhoerster (Feb 10)
Gustavo Grieco
Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 20)
Re: Re: CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Gustavo Grieco (Feb 08)
Multiple DoS parsing and executing extended regex expressions in GNU libc Gustavo Grieco (Feb 09)
Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 27)
Hanno Böck
Multiple memory access issues in gstreamer Hanno Böck (Feb 01)
invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
Re: invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
Re: podofo: multiple crashes Hanno Böck (Feb 01)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
wavpack: multiple out of bounds memory reads Hanno Böck (Jan 23)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Hanno Böck (Jan 24)
One byte stack buffer overflow in keepassxc / zxcvbn-c Hanno Böck (Mar 04)
Re: podofo: multiple crashes Hanno Böck (Feb 01)
Harshula
CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Harshula (Jan 19)
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Harshula (Jan 20)
Henrique de Moraes Holschuh
CVE-2017-0357: iucode-tool (v1.4 to v2.1): heap buffer overflow on -tr loader Henrique de Moraes Holschuh (Jan 13)
Henri Salo
Re: FW: [DSA 3775-1] tcpdump security update] Henri Salo (Feb 01)
Re: libtiff: multiple divide-by-zero Henri Salo (Jan 02)
Re: MITRE is adding data intake to its CVE ID process Henri Salo (Feb 15)
CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Henri Salo (Feb 12)
Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Henri Salo (Feb 14)
Hongkun Zeng
CVE-2016-7904: CMS Made Simple <= 2.1.5 CSRF Hongkun Zeng (Jan 15)
Huzaifa Sidhpurwala
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Huzaifa Sidhpurwala (Jan 11)
Ian Zimmerman
Re: A note about the multiple crashes in zziplib Ian Zimmerman (Feb 14)
Re: CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Ian Zimmerman (Feb 08)
Re: MITRE is adding data intake to its CVE ID process Ian Zimmerman (Feb 13)
Re: MITRE is adding data intake to its CVE ID process Ian Zimmerman (Feb 13)
idl3r
RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 19)
RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 20)
Idler
CVE Request - Samsung Exynos GPU driver OOB read Idler (Jan 19)
Ion Ionescu
Re: Firejail local root exploit Ion Ionescu (Jan 29)
ISC Security Officer
BIND9 CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash ISC Security Officer (Feb 08)
Four BIND vulnerabilities have been disclosed today (11 January) that are fixed in new security releases ISC Security Officer (Jan 11)
Jakub Wilk
Re: Multiple DoS parsing and executing extended regex expressions in GNU libc Jakub Wilk (Feb 09)
Re: git-hub: missing sanitization of data received from GitHub Jakub Wilk (Feb 16)
James Morris
Re: [ANNOUNCE] Linux Security Summit 2017 - CFP James Morris (Mar 24)
[ANNOUNCE] Linux Security Summit 2017 - CFP James Morris (Mar 24)
Jeffrey Walton
Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Jeffrey Walton (Jan 25)
Jelle van der Waa
CVE request Weblate: information disclosure in password reset form Jelle van der Waa (Jan 18)
Jens Heyens
CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion Jens Heyens (Feb 07)
Jeremy Stanley
Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
[OSSA-2017-002] Nova logs sensitive context from notification exceptions (CVE-2017-7214) Jeremy Stanley (Mar 23)
[OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) Jeremy Stanley (Jan 26)
Jerome Athias
Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias (Mar 16)
Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias (Mar 16)
Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias (Mar 18)
John Haxby
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read John Haxby (Feb 03)
Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
Josh Bressers
Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1) Josh Bressers (Feb 10)
Justin Steven
Re: curiosity for CVE-2016-10000 Justin Steven (Feb 03)
KARBOWSKI Piotr
Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. KARBOWSKI Piotr (Jan 28)
KellerFuchs
Re: Firejail local root exploit KellerFuchs (Jan 05)
Kristian Erik Hermansen
Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Kristian Erik Hermansen (Feb 03)
Kristian Fiskerstrand
Re: Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. Kristian Fiskerstrand (Jan 28)
Kurt Seifried
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 12)
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 10)
Re: curiosity for CVE-2016-10000 Kurt Seifried (Feb 03)
Re: linux-distros subscription Kurt Seifried (Jan 15)
Re: Dealing with CVEs that apply to unspecified package versions Kurt Seifried (Mar 15)
Re: Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
Re: Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 13)
Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Kurt Seifried (Mar 07)
Larry W. Cashdollar
Multiple Blind SQL injection vulnerability in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar (Mar 09)
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Larry W. Cashdollar (Mar 02)
Two Content Injection vulnerabilities in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar (Mar 13)
Remote file upload vulnerabilities in multiple wordpress plugins Larry W. Cashdollar (Mar 06)
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2 Larry W. Cashdollar (Mar 01)
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1 Larry W. Cashdollar (Mar 01)
Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar (Mar 14)
Two Content Injection vulnerabilities in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar (Mar 20)
Re: Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar (Mar 15)
Multiple Unauthenticated blind SQL injections in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar (Mar 22)
Laszlo Boszormenyi (GCS)
CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Laszlo Boszormenyi (GCS) (Feb 01)
Leo Famulari
Re: CVE Request: ffmpeg remote exploitaion results code execution Leo Famulari (Jan 31)
Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Leo Famulari (Feb 21)
Bugs fixed in libevent 2.1.6 Leo Famulari (Jan 31)
Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer Leo Famulari (Feb 12)
Re: Dealing with CVEs that apply to unspecified package versions Leo Famulari (Mar 15)
FW: [DSA 3775-1] tcpdump security update] Leo Famulari (Jan 30)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari (Feb 23)
Re: libtiff: multiple divide-by-zero Leo Famulari (Jan 02)
Lizzie Dixon
Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
Lokesh Ubuntu
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Lokesh Ubuntu (Mar 29)
Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Lokesh Ubuntu (Jan 17)
Luc Lynx
SSRF issue in the svgsalamander library Luc Lynx (Jan 26)
Ludovic Courtès
Dealing with CVEs that apply to unspecified package versions Ludovic Courtès (Mar 15)
Luedtke, Nicholas (HPE Linux Security)
Re: information about pwn2own Kernel problem Luedtke, Nicholas (HPE Linux Security) (Mar 22)
Luke Hinds
[OpenStack OSSN 0065] Users of Glance may be able to replace active image data Luke Hinds (Feb 09)
Maier, Kurt H
RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 13)
RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
Marcus Meissner
information about pwn2own Kernel problem Marcus Meissner (Mar 22)
Re: Re: Firejail local root exploit Marcus Meissner (Jan 06)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 22)
Re: curiosity for CVE-2016-10000 Marcus Meissner (Feb 02)
Mark Felder
CVE Request -- mapr: information disclosure vulnerability Mark Felder (Mar 31)
Re: CVE Request -- mapr: information disclosure vulnerability Mark Felder (Mar 31)
Mark Thomas
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas (Jan 05)
Martin Carpenter
Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
Martin Pitt
Requesting CVE for calibre file disclosure Martin Pitt (Jan 29)
Mats Wichmann
Re: MITRE is adding data intake to its CVE ID process Mats Wichmann (Feb 10)
Matthias Gerstner
CVE request tigervnc: vnc server can crash when TLS handshake terminates early Matthias Gerstner (Feb 02)
Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo Matthias Gerstner (Feb 24)
Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo Matthias Gerstner (Feb 24)
Max Veytsman
CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r Max Veytsman (Jan 31)
CVE request: rubygem minitar: directory traversal vulnerability Max Veytsman (Jan 24)
Michael Young
Re: [Xen-devel] Xen Security Advisory 206 - xenstore denial of service via repeated update Michael Young (Mar 29)
Michal Hrusecky
linux-distros subscription Michal Hrusecky (Jan 13)
Re: linux-distros subscription Michal Hrusecky (Jan 18)
Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky (Feb 01)
Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky (Feb 01)
Mike Gerwitz
Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
Moritz Muehlenhoff
Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Moritz Muehlenhoff (Jan 17)
Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
Re: Pending CVE requests for glibc Moritz Muehlenhoff (Feb 14)
CVE request: GNU screen escalation Moritz Muehlenhoff (Jan 24)
Murray McAllister
CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow Murray McAllister (Jan 21)
Nathan McCauley
Docker 1.12.6 - Security Advisory Nathan McCauley (Jan 10)
Nathan Van Gheem
CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem (Jan 07)
Re: CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem (Jan 07)
CVE Request: Plone Sandbox escape vulnerability Nathan Van Gheem (Jan 17)
Nicolas Grégoire
CVE request: multiples vulnerabilities in Revive Adserver Nicolas Grégoire (Jan 31)
nikola.sc
CVE request: multiples vulnerabilities in libplist nikola.sc (Jan 31)
Noryungi
Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Noryungi (Jan 26)
pali
Re: Use after free in libmysqlclient.so pali (Feb 11)
Use after free in libmysqlclient.so pali (Jan 27)
Re: posting without being subscribed pali (Feb 11)
Re: Use after free in libmysqlclient.so pali (Feb 10)
Re: Re: Use after free in libmysqlclient.so pali (Feb 11)
Pali Rohár
CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár (Mar 17)
Paul Cher
CVE Request: ffmpeg remote exploitaion results code execution Paul Cher (Jan 31)
Paul King
[CVE-2016-6814] Apache Groovy Information Disclosure Paul King (Jan 14)
Peter Bex
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 15)
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
Peter Grandi
a simple replacement for setuid and confinement systems Peter Grandi (Feb 07)
Peter Korsgaard
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
Peter Wu
CVE Request: pcsc-lite use-after-free and double-free Peter Wu (Jan 03)
php-dev
Re: CVE Request: PHP with Zend OPCache code permission/sensitive data protection vulnerability php-dev (Feb 28)
CVE Request: PHP with Zend OPCache code permission/sensitive data protection vulnerability php-dev (Feb 27)
Pierre Kim
CVE requests: OpenBSD httpd - 2 DoS Pierre Kim (Jan 31)
Re: CVE requests: OpenBSD httpd - 2 DoS Pierre Kim (Feb 02)
Pierre Ossman
Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)
Pierre Schweitzer
Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
P J P
CVE-2017-6355 Virglrenderer: integer overflow while creating shader object P J P (Feb 27)
CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping P J P (Feb 16)
CVE request Virglrenderer: OOB access while parsing texture instruction P J P (Jan 24)
CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon P J P (Jan 30)
CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing P J P (Feb 08)
CVE-2017-6000 Qemu: crypto: memory leakage in qcrypto_ivgen_essiv_init P J P (Feb 15)
CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode P J P (Feb 01)
CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state P J P (Feb 15)
CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync P J P (Feb 15)
CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing P J P (Jan 23)
CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state P J P (Feb 28)
CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest P J P (Jan 19)
CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref P J P (Feb 01)
CVE-2017-5993 Virglrenderer: host memory leakage when initialising blitter context P J P (Feb 15)
CVE request Virglrenderer: host memory leakage when creating decode context P J P (Jan 23)
CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio P J P (Jan 13)
CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection P J P (Mar 14)
CVE request Qemu: serial: host memory leakage in 16550A UART emulation P J P (Jan 24)
Re: CVE-2017-6000 Qemu: crypto: memory leakage in qcrypto_ivgen_essiv_init P J P (Feb 16)
CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo P J P (Feb 21)
CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd P J P (Feb 01)
CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests P J P (Feb 07)
CVE request virglrenderer: null pointer dereference in vrend_clear P J P (Feb 08)
CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem P J P (Jan 17)
Re: CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo P J P (Feb 21)
CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing P J P (Jan 20)
Re: MITRE is adding data intake to its CVE ID process P J P (Feb 08)
CVE-2017-6317 Virglrenderer: memory leakage issue in add_shader_program P J P (Feb 24)
CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer P J P (Jan 30)
Re: kio vulnerability: need CVE P J P (Feb 28)
CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx P J P (Feb 13)
CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list P J P (Mar 06)
CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state P J P (Feb 12)
CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers P J P (Feb 14)
Re: Re: CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem P J P (Jan 30)
CVE request Qemu: audio: memory leakage in es1370 device P J P (Jan 17)
CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifier P J P (Feb 23)
CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb P J P (Jan 20)
CVE-2017-6414 Qemu: libcacard: host memory leakage while creating new APDU P J P (Mar 01)
CVE-2017-6210 Virglrenderer: null pointer dereference in vrend_decode_reset P J P (Feb 23)
CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest P J P (Feb 06)
CVE request Qemu: audio: memory leakage in ac97 device P J P (Jan 17)
CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo P J P (Feb 12)
CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit P J P (Feb 22)
CVE request Kernel: kvm: use-after-free issue while creating devices P J P (Jan 18)
Priedhorsky, Reid
Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid (Feb 10)
Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid (Feb 13)
Radzykewycz, T (Radzy)
RE: [security-vendor] [oss-security] Re: MITRE is adding data intake to its CVE ID process Radzykewycz, T (Radzy) (Feb 13)
Raphael Geissert
Re: MITRE is adding data intake to its CVE ID process Raphael Geissert (Feb 15)
Raphael Hertzog
Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 27)
Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 20)
Remi Gacogne
PowerDNS Security Advisories 2016-02, 2016-03, 2016-04 and 2016-05 Remi Gacogne (Jan 15)
Roger Pau Monné
Re: [Xen-devel] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Roger Pau Monné (Feb 23)
Re: [Xen-users] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Roger Pau Monné (Feb 11)
Salvatore Bonaccorso
Linux: irda: Fix lockdep annotations in hashbin_delete() (CVE-2017-6348) Salvatore Bonaccorso (Feb 28)
Re: Re: CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 09)
TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program Salvatore Bonaccorso (Mar 05)
Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347) Salvatore Bonaccorso (Feb 28)
munin: CVE-2017-6188: Local file write vulnerability Salvatore Bonaccorso (Feb 22)
TCPDF: CVE-2017-6100: LFI posting internal files externally abusing default parameter Salvatore Bonaccorso (Feb 19)
CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues Salvatore Bonaccorso (Jan 26)
Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345) Salvatore Bonaccorso (Feb 28)
Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Salvatore Bonaccorso (Jan 25)
Linux: packet: fix races in fanout_add() (CVE-2017-6346) Salvatore Bonaccorso (Feb 28)
CVE Requests: libgd: potential unsigned onderflow, denial-of-service in gdImageCreateFromGd2Ctx and signed overflow in gd_io.c Salvatore Bonaccorso (Jan 26)
git: CVE-2014-9938: does not sanitize branch names in $PS1 allowing command execution Salvatore Bonaccorso (Mar 19)
Re: jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Salvatore Bonaccorso (Jan 25)
Linux: CVE-2017-6214: ipv4/tcp: infinite loop in tcp_splice_read() Salvatore Bonaccorso (Feb 23)
Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions Salvatore Bonaccorso (Jan 01)
Linux: CVE-2017-6353: sctp: deny peeloff operation on asocs with threads sleeping on it Salvatore Bonaccorso (Feb 27)
Linux: CVE-2017-6001: Incomplete fix for CVE-2016-6786: perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race Salvatore Bonaccorso (Feb 15)
Roundcube: CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element Salvatore Bonaccorso (Mar 12)
Duplicates of CVE-2015-8789 CVE-2015-8790 for libebml from TALOS reports? Salvatore Bonaccorso (Jan 13)
CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" Salvatore Bonaccorso (Jan 11)
CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 08)
Re: jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c) Salvatore Bonaccorso (Jan 25)
OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062 Salvatore Bonaccorso (Feb 17)
CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors Salvatore Bonaccorso (Jan 16)
CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter Salvatore Bonaccorso (Jan 17)
Sandeep Kamble
Please assign CVE to PageKit Remote Password Reset Vulnerability Sandeep Kamble (Jan 21)
Scott Arciszewski
Introducing sodium_compat, a PHP polyfill for libsodium Scott Arciszewski (Jan 11)
Sebastian Krahmer
Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Sebastian Krahmer (Jan 31)
Re: Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Sebastian Krahmer (Jan 03)
Firejail local root exploit Sebastian Krahmer (Jan 04)
Headsup: systemd v228 local root exploit (CVE-2016-10156) Sebastian Krahmer (Jan 24)
Sébastien Delafond
Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 14)
Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 13)
CVE request: python-pysaml2 XML external entity attack Sébastien Delafond (Jan 10)
Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 15)
CVE request: XXE in Openpyxl Sébastien Delafond (Feb 07)
CVE request: XSS in viewvc Sébastien Delafond (Feb 08)
CVE request: cgiemail multiple vulnerabilities Sébastien Delafond (Jan 20)
Serge E. Hallyn
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Serge E. Hallyn (Mar 28)
Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn (Feb 23)
Seth Arnold
CVE-2017-6967 xrdp PAM auth_start_session() Seth Arnold (Mar 17)
Re: MITRE is adding data intake to its CVE ID process Seth Arnold (Feb 10)
Re: Dealing with CVEs that apply to unspecified package versions Seth Arnold (Mar 15)
Seth Art
CVE Request: Joomla! FLEXIcontent - Incorrect Authorization (Authorization Bypass) Seth Art (Mar 09)
Simon McVittie
Re: Dealing with CVEs that apply to unspecified package versions Simon McVittie (Mar 15)
ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters Simon McVittie (Jan 11)
Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 09)
Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
Re: Re: Use after free in libmysqlclient.so Simon McVittie (Feb 10)
fd.o #99828: two symlink attacks fixed in dbus 1.10.16 Simon McVittie (Feb 16)
sivmu
Re: Re: Firejail local root exploit sivmu (Jan 06)
Solar Designer
Re: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) Solar Designer (Mar 14)
Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Solar Designer (Mar 17)
Re: linux-distros subscription Solar Designer (Jan 14)
Linux kernel ping socket / AF_LLC connect() sin_family race Solar Designer (Mar 24)
Re: CVE request: GNU screen escalation Solar Designer (Jan 24)
Re: audiofile: heap-based buffer overflow in readValue (FileHandle.cpp) Solar Designer (Mar 14)
Re: [Security] Qt QXmlSimpleReader Solar Designer (Jan 14)
Re: MITRE is adding data intake to its CVE ID process Solar Designer (Feb 11)
Re: Use after free in libmysqlclient.so Solar Designer (Feb 10)
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Solar Designer (Mar 24)
Re: linux-distros subscription Solar Designer (Jan 15)
posting without being subscribed (was: Use after free in libmysqlclient.so) Solar Designer (Feb 11)
Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Solar Designer (Feb 20)
Re: [ANNOUNCE] Linux Security Summit 2017 - CFP Solar Designer (Mar 24)
Re: posting without being subscribed Solar Designer (Feb 11)
Re: MITRE is adding data intake to its CVE ID process Solar Designer (Feb 16)
Steven Haigh
Re: Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Steven Haigh (Feb 23)
Steven R. Loomis
Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
Stiepan
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 28)
Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 14)
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 10)
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 15)
Summer of Pwnage
Multiple PHP object injection vulnerabilities affecting three WordPress Plugins Summer of Pwnage (Jan 25)
Multiple vulnerabilities affecting various WordPress Plugins Summer of Pwnage (Feb 28)
Multiple Cross-Site Request Forgery vulnerabilities affecting various WordPress Plugins Summer of Pwnage (Feb 28)
Multiple Cross-Site Scripting vulnerabilities affecting various WordPress Plugins Summer of Pwnage (Feb 28)
WordPress audio playlist functionality is affected by Cross-Site Scripting Summer of Pwnage (Mar 06)
Cross-Site Request Forgery in WordPress Press This function allows DoS Summer of Pwnage (Mar 06)
Multiple vulnerabilities affecting two WordPress Plugins (XSS, CSRF & SQLi) Summer of Pwnage (Jan 28)
Sydream Labs
[CVE-2017-5869] Nuxeo Platform remote code execution Sydream Labs (Mar 23)
[CVE-2017-6088] EON 5.0 Multiple SQL Injection Sydream Labs (Mar 23)
[CVE-2017-6087] EON 5.0 Remote Code Execution Sydream Labs (Mar 23)
Sysdream Labs
[CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions Sysdream Labs (Jan 11)
Thiago Macieira
Re: [Security] Qt QXmlSimpleReader Thiago Macieira (Jan 09)
Re: [Security] Qt QXmlSimpleReader Thiago Macieira (Jan 14)
Thomas Deutschmann
Re: Re: Firejail local root exploit Thomas Deutschmann (Feb 09)
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann (Jan 13)
Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann (Jan 13)
Thuan Pham
CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Thuan Pham (Mar 16)
Re: CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Thuan Pham (Mar 17)
Tim
Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
Timothy D. Morgan
Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 20)
Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 20)
Tobias Stöckmann
Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann (Feb 23)
Tobias Stoeckmann
CVE Request: libXpm < 3.5.12 heap overflow Tobias Stoeckmann (Jan 22)
Tomas Hoger
Re: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Tomas Hoger (Feb 17)
Re: Re: Fuzzing jasper Tomas Hoger (Jan 13)
Re: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Tomas Hoger (Mar 03)
Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Tomas Hoger (Mar 06)
Trevor Jay
Re: Docker 1.12.6 - Security Advisory Trevor Jay (Jan 11)
Tyler Hicks
Re: information about pwn2own Kernel problem Tyler Hicks (Mar 22)
CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Tyler Hicks (Mar 29)
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Tyler Hicks (Mar 30)
Re: information about pwn2own Kernel problem Tyler Hicks (Mar 29)
CVE Request: Nova-LXD incorrectly applied Neutron security group rules Tyler Hicks (Feb 08)
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Tyler Hicks (Mar 13)
LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Tyler Hicks (Mar 09)
up201407890
Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux up201407890 (Jan 26)
Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux up201407890 (Jan 26)
Velmurugan Periasamy
CVE update - fixed in Apache Ranger 0.6.3 Velmurugan Periasamy (Feb 01)
Vladis Dronov
Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Vladis Dronov (Feb 14)
CVE: kernel: drm/vmwgfx: check that number of mip levels is above zero in in vmw_surface_define_ioctl() Vladis Dronov (Mar 27)
Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Vladis Dronov (Feb 14)
curiosity for CVE-2016-10000 Vladis Dronov (Feb 02)
CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Vladis Dronov (Jan 17)
CVE-2017-7346: kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() Vladis Dronov (Mar 31)
Re: curiosity for CVE-2016-10000 Vladis Dronov (Feb 03)
CVE-2017-7294: kernel: drm/vmwgfx: limit mip levels in vmw_surface_define_ioctl() Vladis Dronov (Mar 29)
Wade Mealing
Concerns about CVE-2017-5972 Wade Mealing (Mar 08)
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Wade Mealing (Feb 05)
Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Wade Mealing (Feb 02)
Re: Concerns about CVE-2017-5972 Wade Mealing (Mar 08)
wapiflapi
Re: CVE Request: s-nail local root wapiflapi (Feb 05)
CVE Request: s-nail local root wapiflapi (Jan 27)
Williams, Ken
RE: MITRE is adding data intake to its CVE ID process Williams, Ken (Feb 10)
X41 D-Sec GmbH Advisories
Advisory X41-2017-001: Multiple Vulnerabilities in X.org X41 D-Sec GmbH Advisories (Feb 28)
Advisory X41-2017-004: Multiple Vulnerabilities in tnef X41 D-Sec GmbH Advisories (Feb 23)
Advisory X41-2017-002: Multiple Vulnerabilities in ytnef X41 D-Sec GmbH Advisories (Feb 15)
Xen . org security team
Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages Xen . org security team (Feb 23)
Xen Security Advisory 211 (CVE-2016-9603) - Cirrus VGA Heap overflow via display refresh Xen . org security team (Mar 14)
Xen Security Advisory 207 - memory leak when destroying guest without PT devices Xen . org security team (Feb 15)
Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Xen . org security team (Feb 13)
Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Xen . org security team (Feb 10)
Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Xen . org security team (Feb 23)
Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Xen . org security team (Feb 21)
李强
RE: CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 李强 (Feb 21)
RE: CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 李强 (Feb 13)