oss-sec: by author
658 messages
starting Apr 16 17 and
ending Apr 06 17
Date index |
Thread index |
Author index
7b4xrw+5q6jtt69cnwlw
MantisBT - Full admin access vulnerability 7b4xrw+5q6jtt69cnwlw (Apr 16)
Adam Maris
Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris (Jun 15)
Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Adam Maris (Jun 13)
Adrien Nader
Re: [oss-security]Sourcetree arbitrary command execution Adrien Nader (May 03)
Agostino Sarubbo
ytnef: heap-based buffer overflow in SwapDWord (ytnef.c) Agostino Sarubbo (Jun 07)
Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) Agostino Sarubbo (Apr 29)
lame: multiple left shift Agostino Sarubbo (Jun 28)
telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory Agostino Sarubbo (May 01)
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 15)
binutils: two NULL pointer dereference in elflink.c Agostino Sarubbo (Apr 10)
libpcre: heap-based buffer overflow write in pcre2test.c Agostino Sarubbo (May 07)
Re: Qualys Security Advisory - The Stack Clash Agostino Sarubbo (Jun 21)
elfutils: heap-based buffer overflow in check_sysv_hash (elflint.c) Agostino Sarubbo (Apr 10)
ytnef: NULL pointer dereference in MAPIPrint (ytnef.c) Agostino Sarubbo (Jun 07)
ytnef: heap-based buffer overflow in PrintTNEF (ytnefprint/main.c) Agostino Sarubbo (Jun 07)
lame: global-buffer-overflow in II_step_one (layer2.c) Agostino Sarubbo (Jun 28)
imageworsener: two left shift Agostino Sarubbo (Apr 30)
libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
ytnef: heap-based-buffer overflow in SwapWord (ytnef.c) Agostino Sarubbo (Jun 07)
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Apr 29)
lrzip: use-after-free in read_stream (stream.c) Agostino Sarubbo (May 09)
Re: libming: listmp3: left shift in listmp3.c Agostino Sarubbo (Apr 29)
Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) Agostino Sarubbo (Apr 29)
Re: CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) Agostino Sarubbo (Apr 06)
CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c Agostino Sarubbo (Apr 10)
podofo: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp) Agostino Sarubbo (Apr 01)
libaacplus: signed integer overflow, left shift and assertion failure Agostino Sarubbo (Apr 10)
ytnef: heap-based buffer overflow in DecompressRTF (ytnef.c) Agostino Sarubbo (Jun 07)
ytnef: memory allocation failure in TNEFFillMapi (ytnef.c) Agostino Sarubbo (Jun 07)
libmad: heap-based buffer overflow in mad_layer_III (layer3.c) Agostino Sarubbo (May 01)
Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 12)
libcroco: heap overflow and undefined behavior Agostino Sarubbo (Apr 23)
CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata Agostino Sarubbo (Apr 10)
lame: stack-based buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jun 28)
libtiff: multiple UBSAN crashes Agostino Sarubbo (Apr 10)
ettercap: etterfilter: heap-based buffer overflow write Agostino Sarubbo (May 01)
imageworsener: multiple vulnerabilities Agostino Sarubbo (May 23)
elfutils: heap-based buffer overflow in handle_gnu_hash (readelf.c) Agostino Sarubbo (Apr 10)
CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 10)
imageworsener: multiple vulnerabilities Agostino Sarubbo (Apr 23)
binutils: multiple crashes Agostino Sarubbo (May 18)
libsndfile: global buffer overflow in i2les_array (pcm.c) Agostino Sarubbo (May 01)
imageworsener: heap-based buffer overflow in iw_process_cols_to_intermediate (imagew-main.c) Agostino Sarubbo (Apr 30)
CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo (Apr 07)
elfutils: heap-based buffer overflow in check_group (elflint.c) Agostino Sarubbo (Apr 10)
podofo: four null pointer dereference Agostino Sarubbo (Apr 01)
imageworsener: memory allocation failure in my_mallocfn (imagew-cmd.c) Agostino Sarubbo (Apr 30)
lrzip: heap-based buffer overflow write in read_1g (stream.c) Agostino Sarubbo (May 09)
lame: stack-based buffer overflow in III_dequantize_sample (layer3.c) Agostino Sarubbo (Jun 28)
lame: two UBSAN crashes Agostino Sarubbo (Jun 28)
libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 12)
Re: CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo (Apr 29)
elfutils: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) Agostino Sarubbo (Apr 10)
rzip: heap-based buffer overflow in read_buf (stream.c) Agostino Sarubbo (May 01)
lame: heap-based buffer overflow in fill_buffer_resample (util.c) Agostino Sarubbo (Jun 28)
libsndfile: global buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
Re: Information on recent sqlite3 issues? Agostino Sarubbo (May 31)
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp) Agostino Sarubbo (Apr 22)
lrzip: invalid memory read in lzo_decompress_buf (stream.c) Agostino Sarubbo (May 09)
lame: global-buffer-overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jun 28)
Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo (Apr 29)
libmad: assertion failure in layer3.c Agostino Sarubbo (May 01)
lrzip: divide-by-zero in bufRead::get (libzpaq.h) Agostino Sarubbo (May 09)
Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) Agostino Sarubbo (Apr 29)
lrzip: NULL pointer dereference in bufRead::get (libzpaq.h) Agostino Sarubbo (May 09)
qpdf: three infinite loop in libqpdf Agostino Sarubbo (May 23)
lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
libsndfile: invalid memory READ and invalid memory WRITE in flac_buffer_copy (flac.c) Agostino Sarubbo (Apr 13)
libsndfile: invalid memory read in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
lrzip: NULL pointer dereference in join_pthread (stream.c) Agostino Sarubbo (May 09)
elfutils: memory allocation failure in xcalloc (xmalloc.c) Agostino Sarubbo (Apr 10)
podofo: heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp) Agostino Sarubbo (Apr 01)
imageworsener: divide-by-zero in iwgif_record_pixel (imagew-gif.c) Agostino Sarubbo (Apr 23)
libmad: heap-based buffer overflow in mad_bit_skip (bit.c) Agostino Sarubbo (May 01)
libtiff: divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) Agostino Sarubbo (Apr 10)
elfutils: heap-based buffer overflow in check_symtab_shndx (elflint.c) Agostino Sarubbo (Apr 10)
imagemagick: undefined behavior in coders/rle.c Agostino Sarubbo (Apr 10)
Re: CVE request form not working Agostino Sarubbo (May 31)
Re: mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo (Apr 29)
autotrace: multiple vulnerabilities (The autotrace nightmare) Agostino Sarubbo (May 23)
Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) Agostino Sarubbo (Apr 29)
libarchive: two heap-based buffer overflow read Agostino Sarubbo (May 01)
Re: lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
elfutils: memory allocation failure in __libelf_decompress (elf_compress.c) Agostino Sarubbo (Apr 10)
Ailin Nemui
Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 07)
FYI: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 06)
Aki Tuomi
CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication Aki Tuomi (Apr 11)
Alan Coopersmith
Re: Vixie/ISC Cron group crontab to root escalation Alan Coopersmith (Jun 12)
Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Jun 08)
Alexander Bergmann
CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 21)
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 22)
Alexander Potapenko
Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko (Jun 12)
Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko (Jun 20)
Alexandre Rebert
CVE request: sthttpd remote heap buffer overflow Alexandre Rebert (Jun 15)
Alex O'Ree
jUDDI Security Bulletin Alex O'Ree (May 18)
Alistair Crooks
Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
Andreas Lausch-Waas
Re: alloca in inline functions can be dangerous Andreas Lausch-Waas (Apr 15)
Andreas Stieger
Re: Security bug report read-protected Andreas Stieger (Jun 09)
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Andreas Stieger (Jun 29)
Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)
Andrej Nemec
Re: CVE Request - XStream: DoS when unmarshalling void Andrej Nemec (Apr 12)
Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c Andrej Nemec (Apr 25)
Re: CVE Request: Two memory corruption vulnerabilities ldns 1.7 Andrej Nemec (Apr 27)
Re: CVE request: sthttpd remote heap buffer overflow Andrej Nemec (Jun 15)
CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Andrej Nemec (Apr 20)
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Andrej Nemec (Apr 24)
Re: two vulns in uClibc-0.9.33.2 Andrej Nemec (Jun 15)
Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
Andrey Konovalov
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (May 10)
Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets Andrey Konovalov (May 30)
Linux kernel: CVE-2017-9074: out-of-bounds read in ip6_fragment Andrey Konovalov (May 30)
Linux kernel: CVE-2017-9242: out-of-bounds write in __ip6_append_data Andrey Konovalov (May 30)
Andy Lutomirski
Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Andy Lutomirski (Jun 25)
Anil Madhavapeddy
CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy (Jun 23)
Re: CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy (Jun 23)
Anthony Baker
[CVE-2017-5649] Apache Geode information disclosure vulnerability Anthony Baker (Apr 04)
Anthony Sasadeusz
Re: How to request a CVE for open source projects Anthony Sasadeusz (May 22)
Antoine Beaupré
Re: kedpm: Information leak via the command history file Antoine Beaupré (Apr 27)
kedpm: Information leak via the command history file Antoine Beaupré (Apr 26)
Ariel Zelivansky
CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine's package manager) Ariel Zelivansky (Jun 25)
Ari Kauppi
CVE-2017-8797 Linux kernel: nfsd: remote DoS Ari Kauppi (Jun 27)
CVE-2017-7645 Linux kernel: nfsd: remote DoS Ari Kauppi (May 02)
CVE-2017-7895 Linux kernel: nfsd: Remote arbitrary memory read Ari Kauppi (May 02)
Bob Friesenhahn
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 23)
Re: Is not memory allocation failure a bug? Bob Friesenhahn (Jun 08)
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Bob Friesenhahn (Apr 24)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 20)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 22)
Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)
Brad Spengler
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 23)
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler (Apr 18)
Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler (Apr 16)
Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Brad Spengler (Jun 26)
Brandon Perry
Re: Multiple crashes in OpenEXR Brandon Perry (May 22)
Re: Multiple crashes in OpenEXR Brandon Perry (May 12)
Re: Dolibarr ERP & CRM - Multiple Issues Brandon Perry (May 17)
Numerous FreeTDS crashes fixed on master Brandon Perry (May 09)
Re: Numerous FreeTDS crashes fixed on master Brandon Perry (May 10)
Multiple crashes in OpenEXR Brandon Perry (May 12)
Brian May
Re: Re: MySQL - use-after-free after mysql_stmt_close() Brian May (Jun 15)
Brian Wolff
Re: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Brian Wolff (May 01)
Bryan Call
[ANNOUNCE] Chunking and content-length vulnerability in ATS - CVE-2017-5659 Bryan Call (Apr 17)
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call (Apr 17)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2017-0005 Carlos Alberto Lopez Perez (Jun 21)
WebKitGTK+ Security Advisory WSA-2017-0003 Carlos Alberto Lopez Perez (Apr 06)
WebKitGTK+ Security Advisory WSA-2017-0004 Carlos Alberto Lopez Perez (May 25)
Casper . Dik
Re: Vixie/ISC Cron group crontab to root escalation Casper . Dik (Jun 12)
Chris Coulson
CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload Chris Coulson (Jun 27)
Chris Douglas
CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability Chris Douglas (Apr 25)
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas (Apr 25)
Christey, Steven M.
RE: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Christey, Steven M. (Jun 26)
Christos Zoulas
Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
Re: TIOCSTI not going away Christos Zoulas (Jun 29)
Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)
Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)
Cliff Perry
Re: Reminder about CVE process? Cliff Perry (May 08)
Colm O hEigeartaigh
Two new security advisories for Apache CXF Fediz Colm O hEigeartaigh (May 16)
New security advisories for Apache CXF Colm O hEigeartaigh (Apr 18)
Damien Regad
Re: MantisBT - Full admin access vulnerability - CVE-2017-7615 Damien Regad (Apr 16)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Apr 26)
Daniel Kahn Gillmor
Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 17)
Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 18)
Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 19)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Daniel Stenberg
[SECURITY ADVISORY] curl: URL file scheme drive letter buffer overflow Daniel Stenberg (Jun 13)
[SECURITY ADVISORY] curl: TLS session resumption client cert bypass (again) Daniel Stenberg (Apr 18)
[SECURITY ADVISORY] curl: --write-out out of buffer read Daniel Stenberg (Apr 04)
[SECURITY ADVISORY] c-ares NAPTR parser out of bounds access Daniel Stenberg (Jun 19)
David Black
Re: CVE-2017-8291 ghostscript remote code execution David Black (Apr 28)
Dawid Golunski
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 26)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 24)
[white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski (May 03)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 19)
SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 24)
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 26)
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski (May 07)
Dejan Bosanac
[ANNOUNCE] CVE-2015-7559 - DoS in client via shutdown command Dejan Bosanac (Apr 25)
Denis Magda
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda (Apr 07)
[CVE-2017-7686] Apache Ignite Information Disclosure Denis Magda (Jun 27)
Dimitrios Glynos
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dimitrios Glynos (Apr 25)
Dirk-Willem van Gulik
CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik (Apr 03)
Dominic Cleal
CVE-2017-2672: Foreman image password disclosure in audit log Dominic Cleal (Apr 06)
CVE-2017-2667: Hammer CLI SSL certificate verification disabled Dominic Cleal (Apr 04)
Dominique Martinet
Re: terminal emulators' processing of escape sequences Dominique Martinet (May 17)
Re: CoreOS membership to linux-distros Dominique Martinet (Jun 28)
Dr. Thomas Orgis
Re: lame: multiple vulnerabilities Dr. Thomas Orgis (Jun 28)
Eduardo Valentin
Re: stackguard fix in Red Hat and Ubuntu kernels Eduardo Valentin (Jun 22)
Emilio Pozuelo Monfort
Re: CVE-request: heap-buffer-overflow in jasper Emilio Pozuelo Monfort (Jun 21)
Re: kedpm: Information leak via the command history file Emilio Pozuelo Monfort (Apr 27)
CVE-2017-8288: gnome-shell may leave extensions enabled in the lock screen Emilio Pozuelo Monfort (Apr 27)
Euan Kemp
Re: CoreOS membership to linux-distros Euan Kemp (Jun 27)
CoreOS membership to linux-distros Euan Kemp (Jun 27)
Fabian Grünbichler
CVE-2017-7979: Linux kernel: local DoS via packet action API Fabian Grünbichler (Apr 20)
fefe
Re: two vulns in uClibc-0.9.33.2 fefe (Jun 20)
two vulns in uClibc-0.9.33.2 fefe (Jun 15)
re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)
Feng Cao
Re: Re: MySQL - use-after-free after mysql_stmt_close() Feng Cao (Jun 15)
Fiedler Roman
AW: terminal emulators' processing of escape sequences Fiedler Roman (May 17)
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
Filippo Cavallarin
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 19)
Florent Rougon
CVE-2017-8921: directory traversal vulnerability in FlightGear Florent Rougon (May 12)
Florian Weimer
Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 05)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
Re: libxslt math.random issue Florian Weimer (Apr 05)
Re: Re: libxslt math.random issue Florian Weimer (Apr 07)
Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Florian Weimer (Jun 22)
Re: alloca in inline functions can be dangerous Florian Weimer (Apr 14)
Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 08)
Re: Vixie/ISC Cron group crontab to root escalation Florian Weimer (Jun 13)
Re: Qualys Security Advisory - The Stack Clash Florian Weimer (Jun 22)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (Jun 03)
Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
FOXMOLE Advisories
Dolibarr ERP & CRM - Multiple Issues FOXMOLE Advisories (May 10)
Frank Ch. Eigler
Re: libxslt math.random issue Frank Ch. Eigler (Apr 07)
Franz Pletz
Re: Re: Qualys Security Advisory - The Stack Clash Franz Pletz (Jun 21)
Glenn Randers-Pehrson
Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson (Jun 08)
Greg KH
Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Greg KH (Apr 17)
Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Greg KH (Jun 26)
Re: stackguard fix in Red Hat and Ubuntu kernels Greg KH (Jun 22)
Re: Kernel 4.1.y might not contain patches for CVE-2016-10229 Greg KH (May 14)
Guido Berhoerster
Re: terminal emulators' processing of escape sequences Guido Berhoerster (May 03)
Re: CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Guido Berhoerster (May 15)
Guido Vranken
rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 03)
4 remote vulnerabilities in OpenVPN Guido Vranken (Jun 21)
Re: 4 remote vulnerabilities in OpenVPN Guido Vranken (Jun 21)
Re: rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 04)
OpenVPN fuzzers released Guido Vranken (Jun 26)
Guillem Jover
Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover (Apr 20)
Re: CVE-2017-8283 Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover (Apr 27)
Hanno Böck
two heap overflows in raptor Hanno Böck (Jun 07)
Re: lame: multiple vulnerabilities Hanno Böck (Jun 28)
exiv2: multiple memory safety issues Hanno Böck (Jun 30)
Re: libxslt math.random issue Hanno Böck (Apr 06)
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Hanno Böck (May 30)
Re: I found Crash in tcpdump and radare2. Hanno Böck (May 31)
Re: CVE-2017-7592: libtiff: left shift Hanno Böck (Apr 12)
Henri Salo
Re: Multiple crashes in OpenEXR Henri Salo (May 12)
Ian Zimmerman
Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
Re: Vixie/ISC Cron group crontab to root escalation Ian Zimmerman (Jun 08)
Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 16)
Re: Apache XML Graphics FOP information disclosure vulnerability Ian Zimmerman (Apr 18)
Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 14)
rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman (May 17)
Ilya Matveychikov
Linux kernel: stack buffer overflow with controlled payload in get_options() function Ilya Matveychikov (May 30)
Insu Yun
Re: CVE Request: Denial of Service in Dropbox lepton Insu Yun (May 10)
CVE Request: Denial of Service in Dropbox lepton Insu Yun (May 09)
ISC Security Officer
Additional information for packagers concerning recent BIND security vulnerabilities ISC Security Officer (Apr 17)
ISC announces two BIND vulnerabilities ISC Security Officer (Jun 30)
BIND9 CVE-2017-3140 & CVE-2017-3141 ISC Security Officer (Jun 14)
Jacob Champion
CVE-2017-3169: Apache httpd 2.x mod_ssl null pointer dereference Jacob Champion (Jun 19)
CVE-2017-7679: Apache httpd 2.x mod_mime buffer overread Jacob Champion (Jun 19)
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass Jacob Champion (Jun 19)
CVE-2017-7668: Apache httpd 2.x ap_find_token buffer overread Jacob Champion (Jun 19)
Jakub Jirutka
CVE-2017-8301: TLS verification vulnerability in LibreSSL 2.5.1 - 2.5.3 Jakub Jirutka (Apr 27)
Jakub Wilk
Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk (Jun 13)
Berkeley DB reads DB_CONFIG from cwd Jakub Wilk (Jun 10)
RuboCop: insecure use of /tmp Jakub Wilk (May 01)
Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
OpenJDK: java(1): untrusted search path Jakub Wilk (Jun 13)
charset.alias in pkexec/glib/gnulib (was: glibc locale issues) Jakub Wilk (Jun 23)
Jason A. Donenfeld
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
Re: Integer Overflow in rxvt Jason A. Donenfeld (May 01)
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
Re: terminal emulators' processing of escape sequences Jason A. Donenfeld (May 17)
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 26)
Re: Defense in depth patch for rxvt-unicode Jason A. Donenfeld (May 18)
Integer Overflow in rxvt Jason A. Donenfeld (May 01)
alloca in inline functions can be dangerous Jason A. Donenfeld (Apr 10)
CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 24)
Defense in depth patch for rxvt-unicode Jason A. Donenfeld (May 17)
Remotely exploitable crash in dhcpcd Jason A. Donenfeld (Jun 23)
Re: Integer Overflow in rxvt Jason A. Donenfeld (May 16)
Jeff Law
Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 21)
Jeffrey Walton
Crypto++ and invalid read in decompressor class Jeffrey Walton (Jun 06)
Jeremy Stanley
Re: How to request a CVE for open source projects Jeremy Stanley (May 22)
Jim Jagielski
CVE-2017-7659: mod_http2 null pointer dereference Jim Jagielski (Jun 19)
Jodie Cunningham
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Jodie Cunningham (May 22)
Johannes Bauer
Re: Security bug report read-protected Johannes Bauer (Jun 09)
Johannes Segitz
Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 22)
Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
Jörg Schaible
CVE Request - XStream: DoS when unmarshalling void Jörg Schaible (Apr 03)
Josh Bressers
Re: Qualys Security Advisory - The Stack Clash Josh Bressers (Jun 21)
Re: independent volunteers on distros list Josh Bressers (May 29)
Karel Zak
Re: TIOCSTI not going away Karel Zak (Jun 03)
Kash Pande
Re: MITRE is adding data intake to its CVE ID process Kash Pande (Apr 27)
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Kash Pande (May 07)
Kenton Varda
Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda (Apr 17)
Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda (Apr 17)
kseifried () redhat com
Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function kseifried () redhat com (May 30)
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux kseifried () redhat com (May 30)
Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 19)
Re: Re: MySQL - use-after-free after mysql_stmt_close() kseifried () redhat com (Jun 15)
Re: What happens in order to get CVE numbers kseifried () redhat com (Jun 02)
Kurt H Maier
Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt H Maier (Jun 15)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
Kurt Seifried
Re: Arbitrary terminal access via sudo on Linux Kurt Seifried (Jun 02)
Re: Do I have to inform someone about CVE? Kurt Seifried (Jun 15)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Kurt Seifried (May 30)
Re: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Kurt Seifried (May 08)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Apr 27)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt Seifried (Jun 15)
Re: Information on recent sqlite3 issues? Kurt Seifried (Jun 01)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: How to request a CVE for open source projects Kurt Seifried (May 23)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth Kurt Seifried (Jun 26)
Re: What happens in order to get CVE numbers Kurt Seifried (Jun 02)
Re: How long does DWF usually take to issue cve? Kurt Seifried (Jun 08)
Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
Re: Is not memory allocation failure a bug? Kurt Seifried (Jun 08)
Re: CoreOS membership to linux-distros Kurt Seifried (Jun 27)
Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Kurt Seifried (Jun 26)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Kurt Seifried (Apr 04)
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Kurt Seifried (Apr 24)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kurt Seifried (Jun 26)
Kyle R
Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kyle R (Jun 27)
larry mccay
[ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS larry mccay (May 26)
Larry W. Cashdollar
SQL Injection in Wordpress plugin surveys v1.01.8 Larry W. Cashdollar (May 30)
Blind SQL Injection in Wordpress Plugin Easy Team Manager v1.3.2 Larry W. Cashdollar (May 30)
Arbitrary file upload vulnerability in Wordpress plugin flickr-picture-backup v0.7 Larry W. Cashdollar (Apr 30)
Blind SQL Injection in Wordpress plugin eventr v1.02.2 Larry W. Cashdollar (May 30)
Unauthenticated Stored XSS Vulnerability in Wordpress plugin gift-certificate-creator v1.0 Larry W. Cashdollar (Jun 02)
Blind SQL Injection and persistent XSS in Wordpress plugin image-gallery-with-slideshow v1.5.2 Larry W. Cashdollar (Apr 05)
Leandro Pereira
Re: alloca in inline functions can be dangerous Leandro Pereira (Apr 10)
Leo Famulari
Re: What happens in order to get CVE numbers Leo Famulari (Jun 02)
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Leo Famulari (Apr 15)
Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari (Jun 23)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari (Jun 23)
Liguori, Anthony
Re: unresponsive distros Liguori, Anthony (Jun 01)
Re: unresponsive distros Liguori, Anthony (Jun 01)
Re: unresponsive distros Liguori, Anthony (Jun 01)
Linus Torvalds
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds (Jun 24)
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds (Jun 23)
Lizzie Dixon
Re: TIOCSTI not going away Lizzie Dixon (Jun 03)
Madhan Neethiraj
CVE updates: fixes in Apache Atlas 0.8-incubating Madhan Neethiraj (May 23)
CVE updates: fixes in Apache Atlas 0.7.1-incubating Madhan Neethiraj (May 08)
Manh Dung Nguyen
Re: Invalid writes and reads in libxml2 Manh Dung Nguyen (May 21)
Mansour Moufid
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Mansour Moufid (Jun 26)
Marcel Böhme
Invalid writes and reads in libxml2 Marcel Böhme (May 14)
Marc Lehmann
Re: Defense in depth patch for rxvt-unicode Marc Lehmann (May 17)
Re: terminal emulators' processing of escape sequences Marc Lehmann (May 17)
Re: terminal emulators' processing of escape sequences Marc Lehmann (May 16)
Marcus Meissner
Re: Qualys Security Advisory - The Stack Clash Marcus Meissner (Jun 19)
Re: CVE-2017-7874 versus CVE-2009-1185 ? Marcus Meissner (Apr 19)
CVE-2017-8291 ghostscript remote code execution Marcus Meissner (Apr 27)
Re: libcroco: heap overflow and undefined behavior Marcus Meissner (Apr 24)
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Marcus Meissner (Apr 04)
Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner (Jun 22)
Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner (May 05)
Re: Is not memory allocation failure a bug? Marcus Meissner (Jun 08)
Re: binutils: two NULL pointer dereference in elflink.c Marcus Meissner (Apr 10)
libxslt math.random issue Marcus Meissner (Apr 05)
Re: libxslt math.random issue Marcus Meissner (Apr 06)
Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner (Jun 22)
Re: How to request a CVE for open source projects Marcus Meissner (May 22)
Marek Hulán
CVE-2017-7505: User scoped in organization with permissions for user management can manage administrators that are not assigned to any organization on Foreman 1.5+ Marek Hulán (Jun 02)
Mark Thomas
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service Mark Thomas (Apr 10)
Martin
Re: How to request a CVE for open source projects Martin (May 22)
[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints Martin (May 19)
Martin Prpic
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Martin Prpic (Apr 03)
Matt Gilman
[ANNOUNCE] Apache NiFi CVE-2017-7667 and CVE-2017-7665 Matt Gilman (Jun 11)
Matthias Gerstner
CVE-2017-7572: backintime: usage of deprecated unix-process polkit authorization subject opens a race condition during authorization Matthias Gerstner (Apr 07)
Matt Sicker
CVE-2017-5645: Apache Log4j socket receiver deserialization vulnerability Matt Sicker (Apr 17)
Medical Wei
lxterminal: insecurely uses /tmp for a socket file Medical Wei (May 08)
Michael Catanzaro
How to request a CVE for open source projects Michael Catanzaro (May 22)
Michael McNally
ISC announces three BIND vulnerabilities Michael McNally (Apr 12)
Michael Scherer
rkhunter: [CVE-2017-7480] Potential RCE after MiTM due to clear text download without signature Michael Scherer (Jun 29)
Michal Zalewski
Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
Re: terminal emulators' processing of escape sequences Michal Zalewski (May 01)
Mike O'Connor
Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)
Mikhail Utin
malicious hypervisor threat was ignored but it is real Mikhail Utin (Jun 27)
Moritz Bechler
Code Execution through a variety Java (Un-)Marshallers Moritz Bechler (May 22)
Moritz Muehlenhoff
Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 04)
Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 01)
Information on recent sqlite3 issues? Moritz Muehlenhoff (May 31)
Murray McAllister
Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister (Jun 13)
Re: Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister (Jun 13)
Nicholas Luedtke
Re: Information on recent sqlite3 issues? Nicholas Luedtke (Jun 01)
Nick Boyce
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Nick Boyce (Apr 15)
Nick Kralevich
Re: TIOCSTI not going away Nick Kralevich (Jun 29)
nospam
Re: Qualys Security Advisory - The Stack Clash nospam (Jun 21)
Oliveira Lima
Request CVE ID for information disclosure present in ForgeRock OpenIDM 4.0.0 and 4.5.0 Oliveira Lima (Apr 07)
Ondřej Surý
Re: CVE for the TSIG issue in knot? Ondřej Surý (Jun 24)
oststrom (public)
CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response oststrom (public) (May 11)
Pali Rohár
Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 12)
MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 08)
MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár (May 03)
Re: MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár (May 03)
Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár (Apr 14)
Pavel Kankovsky
CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass Pavel Kankovsky (May 29)
CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass (erratum) Pavel Kankovsky (Jun 06)
PaX Team
Re: Qualys Security Advisory - The Stack Clash PaX Team (Jun 21)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team (Jun 27)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team (Jun 27)
Perry E. Metzger
libetpan: NULL dereference vulnerability Perry E. Metzger (May 08)
Reminder about CVE process? Perry E. Metzger (May 08)
Re: How to request a CVE for open source projects Perry E. Metzger (May 22)
Peter Bex
CVE request form not working Peter Bex (May 31)
CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid pointer dereference Peter Bex (Jun 01)
Re: CVE request form not working Peter Bex (May 31)
Peter Korsgaard
Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)
P J P
CVE-2017-7718 Qemu: display: cirrus: OOB read access issue P J P (Apr 19)
CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode P J P (May 17)
CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer P J P (May 03)
CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation P J P (Jun 12)
CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host P J P (Apr 19)
CVE-2017-8379 Qemu: input: host memory lekage via keyboard P J P (May 03)
CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create P J P (Apr 03)
CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort P J P (Jun 29)
CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device P J P (May 19)
CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines P J P (Apr 21)
CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr P J P (Apr 25)
CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation P J P (Jun 23)
CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value P J P (Jun 01)
CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 P J P (Apr 26)
CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug P J P (Jun 05)
CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command P J P (Jun 07)
CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write P J P (May 03)
CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug P J P (Jun 06)
CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep P J P (Jun 05)
CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation P J P (May 30)
Qhdwns123
What happens in order to get CVE numbers Qhdwns123 (Jun 02)
How long does DWF usually take to issue cve? Qhdwns123 (Jun 08)
Is not memory allocation failure a bug? Qhdwns123 (Jun 08)
Security bug report read-protected Qhdwns123 (Jun 09)
Re: What happens in order to get CVE numbers Qhdwns123 (Jun 02)
Do I have to inform someone about CVE? Qhdwns123 (Jun 15)
I found Crash in tcpdump and radare2. Qhdwns123 (May 31)
Qualys Security Advisory
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory (May 30)
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
Re: Arbitrary terminal access via sudo on Linux Qualys Security Advisory (Jun 06)
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 28)
Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 19)
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory (Jun 14)
redrain root
[oss-security]Sourcetree arbitrary command execution redrain root (May 03)
Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 29)
Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 28)
Ritwik Ghoshal
Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal (Jun 15)
Robert Święcki
Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 16)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 01)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 03)
Roee Hay
Linux lp.c Out-of-Bounds Write via Kernel Command-line (CVE-2017-1000363) Roee Hay (May 23)
Russ Cox
remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (Apr 24)
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (May 08)
Ryan Munz
Re: terminal emulators' processing of escape sequences Ryan Munz (May 08)
Salvatore Bonaccorso
Re: Vixie/ISC Cron group crontab to root escalation Salvatore Bonaccorso (Jun 09)
Gajim: CVE-2016-10376: possible to remote extract plain-text from encrypted sessions Salvatore Bonaccorso (May 28)
web2py: CVE-2016-10321: does not check if a host is denied before verifying passwords Salvatore Bonaccorso (Apr 10)
Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso (May 07)
Re: Information on recent sqlite3 issues? Salvatore Bonaccorso (Jun 05)
Deluge: CVE-2017-9031: WebUI component: directory traversal vulnerability Salvatore Bonaccorso (May 18)
ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Salvatore Bonaccorso (May 20)
radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks Salvatore Bonaccorso (Apr 30)
Sam Pizzey
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Sam Pizzey (May 03)
Sebastian Krahmer
generic kde LPE Sebastian Krahmer (May 10)
CVE-2017-7874 versus CVE-2009-1185 ? Sebastian Krahmer (Apr 19)
Sebastian Pipping
Expat 2.2.1 security fixes Sebastian Pipping (Jun 17)
Sébastien Delafond
libytnef: CVE-2017-9058: heap-based buffer overflow in SIZECHECK (ytnef.c) Sébastien Delafond (May 18)
Securify B.V.
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 29)
security
Re: CVE-2017-8291 ghostscript remote code execution security (Apr 27)
Sergio Pena
Re: CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Sergio Pena (May 30)
Seth Arnold
Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
Re: CVE Request: Denial of Service in Dropbox lepton Seth Arnold (May 09)
Re: accepting new members to (linux-)distros lists Seth Arnold (Jun 30)
Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold (May 03)
Re: Re: MySQL - use-after-free after mysql_stmt_close() Seth Arnold (Jun 15)
Shawn
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn (Jun 24)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn (Jun 24)
Shiz
Re: terminal emulators' processing of escape sequences Shiz (May 08)
Simon Lees
Re: terminal emulators' processing of escape sequences Simon Lees (May 17)
Simon MacDonald
CVE-2016-6799: Internal system information leak Simon MacDonald (May 09)
Simon McVittie
Re: accepting new members to (linux-)distros lists Simon McVittie (Jun 28)
Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie (Jun 23)
CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie (Jun 22)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Simon McVittie (May 30)
Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
Re: generic kde LPE Simon McVittie (May 10)
Simon Steiner
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner (Apr 18)
[CVE-2017-5662] Apache Batik information disclosure vulnerability Simon Steiner (Apr 18)
Solar Designer
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
Re: TIOCSTI not going away Solar Designer (Jun 29)
Re: terminal emulators' processing of escape sequences Solar Designer (May 02)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 25)
Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer (Jun 15)
Re: malicious hypervisor threat was ignored but it is real Solar Designer (Jun 27)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 19)
Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
terminal emulators' processing of escape sequences Solar Designer (May 01)
TIOCSTI not going away Solar Designer (Jun 03)
Re: accepting new members to (linux-)distros lists Solar Designer (Jun 30)
independent volunteers on distros list Solar Designer (May 25)
Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Solar Designer (Apr 17)
Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 08)
unresponsive distros Solar Designer (Jun 01)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (May 30)
CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow Solar Designer (Apr 18)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Solar Designer (May 23)
Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
Re: terminal emulators' processing of escape sequences Solar Designer (May 17)
Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
accepting new members to (linux-)distros lists Solar Designer (Jun 28)
Re: ISC announces two BIND vulnerabilities Solar Designer (Jun 30)
Re: I found Crash in tcpdump and radare2. Solar Designer (May 31)
Re: CVE request: remote heap overflow in linux networking stack Solar Designer (Apr 24)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 20)
Re: accepting new members to (linux-)distros lists Solar Designer (Jun 30)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
Re: unresponsive distros Solar Designer (Jun 01)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Solar Designer (Jun 24)
Re: CVE for the TSIG issue in knot? Solar Designer (Jun 24)
NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
Re: accepting new members to (linux-)distros lists Solar Designer (Jun 28)
Re: terminal emulators' processing of escape sequences Solar Designer (May 16)
Re: unresponsive distros Solar Designer (Jun 01)
Re: 4 remote vulnerabilities in OpenVPN Solar Designer (Jun 21)
stackguard fix in Red Hat and Ubuntu kernels Solar Designer (Jun 22)
Re: unresponsive distros Solar Designer (Jun 01)
Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer (Jun 14)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
distros list archive Solar Designer (Jun 24)
civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Solar Designer (Jun 26)
Re: Do I have to inform someone about CVE? Solar Designer (Jun 15)
Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Solar Designer (Apr 01)
Stefan Pietsch
Re: Dolibarr ERP & CRM - Multiple Issues Stefan Pietsch (May 17)
Stephan Zeisberg
CVE Request: Two memory corruption vulnerabilities ldns 1.7 Stephan Zeisberg (Apr 27)
Steve Kemp
Re: terminal emulators' processing of escape sequences Steve Kemp (May 02)
Stiepan
Re: OpenJDK: java(1): untrusted search path Stiepan (Jun 13)
Stuart Gathman
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Stuart Gathman (Apr 25)
Stuart Henderson
Re: Qualys Security Advisory - The Stack Clash Stuart Henderson (Jun 21)
Summer of Pwnage
Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (Apr 20)
Re: Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (May 17)
Sven Dowideit
Re: CoreOS membership to linux-distros Sven Dowideit (Jun 27)
Re: CoreOS membership to linux-distros Sven Dowideit (Jun 28)
Re: accepting new members to (linux-)distros lists Sven Dowideit (Jun 28)
Sydream Labs
[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation Sydream Labs (May 23)
Sysdream Labs
[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Sysdream Labs (May 03)
[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin Sysdream Labs (May 03)
Szabolcs Nagy
Re: Re: Qualys Security Advisor -- The Stack Clash Szabolcs Nagy (Jun 23)
Tavis Ormandy
Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy (Apr 28)
Re: terminal emulators' processing of escape sequences Tavis Ormandy (May 19)
Thomas Deutschmann
Re: CVE request: sthttpd remote heap buffer overflow Thomas Deutschmann (Jun 29)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 22)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 23)
Tim Graham
Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Tim Graham (Apr 04)
Todd C. Miller
Re: Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
Re: TIOCSTI not going away Todd C. Miller (Jun 29)
Tristan Cacqueray
[OSSA-2017-004] federated user gets wrong role (CVE-2017-2673) Tristan Cacqueray (Apr 25)
[OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400) Tristan Cacqueray (Apr 05)
Vaibhav Gumashta
CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Vaibhav Gumashta (May 24)
Varun Vasudev
CVE-2017-7669: Apache Hadoop privilege escalation Varun Vasudev (Jun 01)
Vasily Averin
Re: stackguard fix in Red Hat and Ubuntu kernels Vasily Averin (Jun 22)
Velmurugan Periasamy
CVE update - fixed in Apache Ranger 0.7.1 Velmurugan Periasamy (Jun 07)
Vladis Dronov
CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path Vladis Dronov (May 12)
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Vladis Dronov (Apr 04)
CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Vladis Dronov (May 11)
Wade Mealing
CVE-2017-7482 Linux kernel: krb5 ticket decode len check. Wade Mealing (Jun 26)
CVE-2017-7495 kernel : information leak on ext4 when hardware reset. Wade Mealing (May 14)
Waldemar Brodkorb
Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
Xen . org security team
Xen Security Advisory 225 - arm: vgic: Out-of-bound access when sending SGIs Xen . org security team (Jun 20)
Xen Security Advisory 214 (CVE-2017-8904) - grant transfer allows PV guest to elevate privileges Xen . org security team (May 12)
Xen Security Advisory 219 - x86: insufficient reference counts during shadow emulation Xen . org security team (Jun 20)
Xen Security Advisory 213 - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team (May 02)
Xen Security Advisory 215 - possible memory corruption via failsafe callback Xen . org security team (May 02)
Xen Security Advisory 213 (CVE-2017-8903) - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team (May 12)
Xen Security Advisory 218 - Races in the grant table unmap code Xen . org security team (Jun 20)
Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team (Jun 20)
Xen Security Advisory 222 - stale P2M mappings due to insufficient error checking Xen . org security team (Jun 20)
Xen Security Advisory 215 (CVE-2017-8905) - possible memory corruption via failsafe callback Xen . org security team (May 12)
Xen Security Advisory 214 - grant transfer allows PV guest to elevate privileges Xen . org security team (May 02)
Xen Security Advisory 223 - ARM guest disabling interrupt may crash Xen Xen . org security team (Jun 20)
Xen Security Advisory 212 (CVE-2017-7228) - x86: broken check in memory_exchange() permits PV guest breakout Xen . org security team (Apr 04)
Xen Security Advisory 220 - x86: PKRU and BND* leakage between vCPU-s Xen . org security team (Jun 20)
Xen Security Advisory 224 - grant table operations mishandle reference counts Xen . org security team (Jun 20)
Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team (Jun 20)
Xen Security Advisory 221 - NULL pointer deref in event channel poll Xen . org security team (Jun 20)
Xen Security Advisory 217 - page transfer may allow PV guest to elevate privilege Xen . org security team (Jun 20)
Xiaobo Xiang
CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Xiaobo Xiang (Apr 22)
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp) Xiaobo Xiang (Apr 22)
xiaoqixue_1
Re:Re: [oss-security] CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 21)
CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 20)
CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 20)
Yao Wei
CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Yao Wei (May 15)
CVE-2017-8933 libmenu-cache: socket may be blocked by another user Yao Wei (May 15)
Yui Hirasawa
Re: terminal emulators' processing of escape sequences Yui Hirasawa (May 19)
Yury German
Kernel 4.1.y might not contain patches for CVE-2016-10229 Yury German (May 13)
Yves-Alexis Perez
Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
CVE for the TSIG issue in knot? Yves-Alexis Perez (Jun 24)
Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)
Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)
Zach W
Re: two vulns in uClibc-0.9.33.2 Zach W (Jun 16)
李琪
CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program 李琪 (Apr 28)
王永科
CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) 王永科 (Apr 06)
CVE Request: Interger overflow vulnerability in ptp_unpack_OPL function of libmtp (version 1.1.12 and below) 王永科 (Apr 06)