oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

658 messages starting Apr 16 17 and ending Apr 06 17
Date index | Thread index | Author index

7b4xrw+5q6jtt69cnwlw

MantisBT - Full admin access vulnerability 7b4xrw+5q6jtt69cnwlw (Apr 16)

Adam Maris

Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris (Jun 15)
Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Adam Maris (Jun 13)

Adrien Nader

Re: [oss-security]Sourcetree arbitrary command execution Adrien Nader (May 03)

Agostino Sarubbo

ytnef: heap-based buffer overflow in SwapDWord (ytnef.c) Agostino Sarubbo (Jun 07)
Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) Agostino Sarubbo (Apr 29)
lame: multiple left shift Agostino Sarubbo (Jun 28)
telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory Agostino Sarubbo (May 01)
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 15)
binutils: two NULL pointer dereference in elflink.c Agostino Sarubbo (Apr 10)
libpcre: heap-based buffer overflow write in pcre2test.c Agostino Sarubbo (May 07)
Re: Qualys Security Advisory - The Stack Clash Agostino Sarubbo (Jun 21)
elfutils: heap-based buffer overflow in check_sysv_hash (elflint.c) Agostino Sarubbo (Apr 10)
ytnef: NULL pointer dereference in MAPIPrint (ytnef.c) Agostino Sarubbo (Jun 07)
ytnef: heap-based buffer overflow in PrintTNEF (ytnefprint/main.c) Agostino Sarubbo (Jun 07)
lame: global-buffer-overflow in II_step_one (layer2.c) Agostino Sarubbo (Jun 28)
imageworsener: two left shift Agostino Sarubbo (Apr 30)
libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
ytnef: heap-based-buffer overflow in SwapWord (ytnef.c) Agostino Sarubbo (Jun 07)
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Apr 29)
lrzip: use-after-free in read_stream (stream.c) Agostino Sarubbo (May 09)
Re: libming: listmp3: left shift in listmp3.c Agostino Sarubbo (Apr 29)
Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) Agostino Sarubbo (Apr 29)
Re: CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) Agostino Sarubbo (Apr 06)
CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c Agostino Sarubbo (Apr 10)
podofo: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp) Agostino Sarubbo (Apr 01)
libaacplus: signed integer overflow, left shift and assertion failure Agostino Sarubbo (Apr 10)
ytnef: heap-based buffer overflow in DecompressRTF (ytnef.c) Agostino Sarubbo (Jun 07)
ytnef: memory allocation failure in TNEFFillMapi (ytnef.c) Agostino Sarubbo (Jun 07)
libmad: heap-based buffer overflow in mad_layer_III (layer3.c) Agostino Sarubbo (May 01)
Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 12)
libcroco: heap overflow and undefined behavior Agostino Sarubbo (Apr 23)
CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata Agostino Sarubbo (Apr 10)
lame: stack-based buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jun 28)
libtiff: multiple UBSAN crashes Agostino Sarubbo (Apr 10)
ettercap: etterfilter: heap-based buffer overflow write Agostino Sarubbo (May 01)
imageworsener: multiple vulnerabilities Agostino Sarubbo (May 23)
elfutils: heap-based buffer overflow in handle_gnu_hash (readelf.c) Agostino Sarubbo (Apr 10)
CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 10)
imageworsener: multiple vulnerabilities Agostino Sarubbo (Apr 23)
binutils: multiple crashes Agostino Sarubbo (May 18)
libsndfile: global buffer overflow in i2les_array (pcm.c) Agostino Sarubbo (May 01)
imageworsener: heap-based buffer overflow in iw_process_cols_to_intermediate (imagew-main.c) Agostino Sarubbo (Apr 30)
CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo (Apr 07)
elfutils: heap-based buffer overflow in check_group (elflint.c) Agostino Sarubbo (Apr 10)
podofo: four null pointer dereference Agostino Sarubbo (Apr 01)
imageworsener: memory allocation failure in my_mallocfn (imagew-cmd.c) Agostino Sarubbo (Apr 30)
lrzip: heap-based buffer overflow write in read_1g (stream.c) Agostino Sarubbo (May 09)
lame: stack-based buffer overflow in III_dequantize_sample (layer3.c) Agostino Sarubbo (Jun 28)
lame: two UBSAN crashes Agostino Sarubbo (Jun 28)
libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 12)
Re: CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo (Apr 29)
elfutils: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) Agostino Sarubbo (Apr 10)
rzip: heap-based buffer overflow in read_buf (stream.c) Agostino Sarubbo (May 01)
lame: heap-based buffer overflow in fill_buffer_resample (util.c) Agostino Sarubbo (Jun 28)
libsndfile: global buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
Re: Information on recent sqlite3 issues? Agostino Sarubbo (May 31)
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp) Agostino Sarubbo (Apr 22)
lrzip: invalid memory read in lzo_decompress_buf (stream.c) Agostino Sarubbo (May 09)
lame: global-buffer-overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jun 28)
Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo (Apr 29)
libmad: assertion failure in layer3.c Agostino Sarubbo (May 01)
lrzip: divide-by-zero in bufRead::get (libzpaq.h) Agostino Sarubbo (May 09)
Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) Agostino Sarubbo (Apr 29)
lrzip: NULL pointer dereference in bufRead::get (libzpaq.h) Agostino Sarubbo (May 09)
qpdf: three infinite loop in libqpdf Agostino Sarubbo (May 23)
lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
libsndfile: invalid memory READ and invalid memory WRITE in flac_buffer_copy (flac.c) Agostino Sarubbo (Apr 13)
libsndfile: invalid memory read in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
lrzip: NULL pointer dereference in join_pthread (stream.c) Agostino Sarubbo (May 09)
elfutils: memory allocation failure in xcalloc (xmalloc.c) Agostino Sarubbo (Apr 10)
podofo: heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp) Agostino Sarubbo (Apr 01)
imageworsener: divide-by-zero in iwgif_record_pixel (imagew-gif.c) Agostino Sarubbo (Apr 23)
libmad: heap-based buffer overflow in mad_bit_skip (bit.c) Agostino Sarubbo (May 01)
libtiff: divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) Agostino Sarubbo (Apr 10)
elfutils: heap-based buffer overflow in check_symtab_shndx (elflint.c) Agostino Sarubbo (Apr 10)
imagemagick: undefined behavior in coders/rle.c Agostino Sarubbo (Apr 10)
Re: CVE request form not working Agostino Sarubbo (May 31)
Re: mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo (Apr 29)
autotrace: multiple vulnerabilities (The autotrace nightmare) Agostino Sarubbo (May 23)
Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) Agostino Sarubbo (Apr 29)
libarchive: two heap-based buffer overflow read Agostino Sarubbo (May 01)
Re: lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
elfutils: memory allocation failure in __libelf_decompress (elf_compress.c) Agostino Sarubbo (Apr 10)

Ailin Nemui

Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 07)
FYI: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 06)

Aki Tuomi

CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication Aki Tuomi (Apr 11)

Alan Coopersmith

Re: Vixie/ISC Cron group crontab to root escalation Alan Coopersmith (Jun 12)
Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Jun 08)

Alexander Bergmann

CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 21)
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 22)

Alexander Potapenko

Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko (Jun 12)
Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko (Jun 20)

Alexandre Rebert

CVE request: sthttpd remote heap buffer overflow Alexandre Rebert (Jun 15)

Alex O'Ree

jUDDI Security Bulletin Alex O'Ree (May 18)

Alistair Crooks

Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)

Andreas Lausch-Waas

Re: alloca in inline functions can be dangerous Andreas Lausch-Waas (Apr 15)

Andreas Stieger

Re: Security bug report read-protected Andreas Stieger (Jun 09)
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Andreas Stieger (Jun 29)
Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)

Andrej Nemec

Re: CVE Request - XStream: DoS when unmarshalling void Andrej Nemec (Apr 12)
Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c Andrej Nemec (Apr 25)
Re: CVE Request: Two memory corruption vulnerabilities ldns 1.7 Andrej Nemec (Apr 27)
Re: CVE request: sthttpd remote heap buffer overflow Andrej Nemec (Jun 15)
CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Andrej Nemec (Apr 20)
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Andrej Nemec (Apr 24)
Re: two vulns in uClibc-0.9.33.2 Andrej Nemec (Jun 15)
Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)

Andrey Konovalov

Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (May 10)
Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets Andrey Konovalov (May 30)
Linux kernel: CVE-2017-9074: out-of-bounds read in ip6_fragment Andrey Konovalov (May 30)
Linux kernel: CVE-2017-9242: out-of-bounds write in __ip6_append_data Andrey Konovalov (May 30)

Andy Lutomirski

Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Andy Lutomirski (Jun 25)

Anil Madhavapeddy

CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy (Jun 23)
Re: CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy (Jun 23)

Anthony Baker

[CVE-2017-5649] Apache Geode information disclosure vulnerability Anthony Baker (Apr 04)

Anthony Sasadeusz

Re: How to request a CVE for open source projects Anthony Sasadeusz (May 22)

Antoine Beaupré

Re: kedpm: Information leak via the command history file Antoine Beaupré (Apr 27)
kedpm: Information leak via the command history file Antoine Beaupré (Apr 26)

Ariel Zelivansky

CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine's package manager) Ariel Zelivansky (Jun 25)

Ari Kauppi

CVE-2017-8797 Linux kernel: nfsd: remote DoS Ari Kauppi (Jun 27)
CVE-2017-7645 Linux kernel: nfsd: remote DoS Ari Kauppi (May 02)
CVE-2017-7895 Linux kernel: nfsd: Remote arbitrary memory read Ari Kauppi (May 02)

Bob Friesenhahn

Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 23)
Re: Is not memory allocation failure a bug? Bob Friesenhahn (Jun 08)
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Bob Friesenhahn (Apr 24)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 20)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 22)
Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)

Brad Spengler

Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 23)
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler (Apr 18)
Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler (Apr 16)
Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Brad Spengler (Jun 26)

Brandon Perry

Re: Multiple crashes in OpenEXR Brandon Perry (May 22)
Re: Multiple crashes in OpenEXR Brandon Perry (May 12)
Re: Dolibarr ERP & CRM - Multiple Issues Brandon Perry (May 17)
Numerous FreeTDS crashes fixed on master Brandon Perry (May 09)
Re: Numerous FreeTDS crashes fixed on master Brandon Perry (May 10)
Multiple crashes in OpenEXR Brandon Perry (May 12)

Brian May

Re: Re: MySQL - use-after-free after mysql_stmt_close() Brian May (Jun 15)

Brian Wolff

Re: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Brian Wolff (May 01)

Bryan Call

[ANNOUNCE] Chunking and content-length vulnerability in ATS - CVE-2017-5659 Bryan Call (Apr 17)
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call (Apr 17)

Carlos Alberto Lopez Perez

WebKitGTK+ Security Advisory WSA-2017-0005 Carlos Alberto Lopez Perez (Jun 21)
WebKitGTK+ Security Advisory WSA-2017-0003 Carlos Alberto Lopez Perez (Apr 06)
WebKitGTK+ Security Advisory WSA-2017-0004 Carlos Alberto Lopez Perez (May 25)

Casper . Dik

Re: Vixie/ISC Cron group crontab to root escalation Casper . Dik (Jun 12)

Chris Coulson

CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload Chris Coulson (Jun 27)

Chris Douglas

CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability Chris Douglas (Apr 25)
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas (Apr 25)

Christey, Steven M.

RE: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Christey, Steven M. (Jun 26)

Christos Zoulas

Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
Re: TIOCSTI not going away Christos Zoulas (Jun 29)
Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)
Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)

Cliff Perry

Re: Reminder about CVE process? Cliff Perry (May 08)

Colm O hEigeartaigh

Two new security advisories for Apache CXF Fediz Colm O hEigeartaigh (May 16)
New security advisories for Apache CXF Colm O hEigeartaigh (Apr 18)

Damien Regad

Re: MantisBT - Full admin access vulnerability - CVE-2017-7615 Damien Regad (Apr 16)

Daniel Beck

Multiple vulnerabilities in Jenkins Daniel Beck (Apr 26)

Daniel Kahn Gillmor

Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 17)
Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 18)

Daniel Micay

Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 19)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)

Daniel Stenberg

[SECURITY ADVISORY] curl: URL file scheme drive letter buffer overflow Daniel Stenberg (Jun 13)
[SECURITY ADVISORY] curl: TLS session resumption client cert bypass (again) Daniel Stenberg (Apr 18)
[SECURITY ADVISORY] curl: --write-out out of buffer read Daniel Stenberg (Apr 04)
[SECURITY ADVISORY] c-ares NAPTR parser out of bounds access Daniel Stenberg (Jun 19)

David Black

Re: CVE-2017-8291 ghostscript remote code execution David Black (Apr 28)

Dawid Golunski

Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 26)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 24)
[white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski (May 03)
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 19)
SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 24)
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 26)
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski (May 07)

Dejan Bosanac

[ANNOUNCE] CVE-2015-7559 - DoS in client via shutdown command Dejan Bosanac (Apr 25)

Denis Magda

[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda (Apr 07)
[CVE-2017-7686] Apache Ignite Information Disclosure Denis Magda (Jun 27)

Dimitrios Glynos

Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dimitrios Glynos (Apr 25)

Dirk-Willem van Gulik

CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik (Apr 03)

Dominic Cleal

CVE-2017-2672: Foreman image password disclosure in audit log Dominic Cleal (Apr 06)
CVE-2017-2667: Hammer CLI SSL certificate verification disabled Dominic Cleal (Apr 04)

Dominique Martinet

Re: terminal emulators' processing of escape sequences Dominique Martinet (May 17)
Re: CoreOS membership to linux-distros Dominique Martinet (Jun 28)

Dr. Thomas Orgis

Re: lame: multiple vulnerabilities Dr. Thomas Orgis (Jun 28)

Eduardo Valentin

Re: stackguard fix in Red Hat and Ubuntu kernels Eduardo Valentin (Jun 22)

Emilio Pozuelo Monfort

Re: CVE-request: heap-buffer-overflow in jasper Emilio Pozuelo Monfort (Jun 21)
Re: kedpm: Information leak via the command history file Emilio Pozuelo Monfort (Apr 27)
CVE-2017-8288: gnome-shell may leave extensions enabled in the lock screen Emilio Pozuelo Monfort (Apr 27)

Euan Kemp

Re: CoreOS membership to linux-distros Euan Kemp (Jun 27)
CoreOS membership to linux-distros Euan Kemp (Jun 27)

Fabian Grünbichler

CVE-2017-7979: Linux kernel: local DoS via packet action API Fabian Grünbichler (Apr 20)

fefe

Re: two vulns in uClibc-0.9.33.2 fefe (Jun 20)
two vulns in uClibc-0.9.33.2 fefe (Jun 15)
re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)

Feng Cao

Re: Re: MySQL - use-after-free after mysql_stmt_close() Feng Cao (Jun 15)

Fiedler Roman

AW: terminal emulators' processing of escape sequences Fiedler Roman (May 17)
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)

Filippo Cavallarin

CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 19)

Florent Rougon

CVE-2017-8921: directory traversal vulnerability in FlightGear Florent Rougon (May 12)

Florian Weimer

Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 05)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
Re: libxslt math.random issue Florian Weimer (Apr 05)
Re: Re: libxslt math.random issue Florian Weimer (Apr 07)
Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Florian Weimer (Jun 22)
Re: alloca in inline functions can be dangerous Florian Weimer (Apr 14)
Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 08)
Re: Vixie/ISC Cron group crontab to root escalation Florian Weimer (Jun 13)
Re: Qualys Security Advisory - The Stack Clash Florian Weimer (Jun 22)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (Jun 03)
Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)

FOXMOLE Advisories

Dolibarr ERP & CRM - Multiple Issues FOXMOLE Advisories (May 10)

Frank Ch. Eigler

Re: libxslt math.random issue Frank Ch. Eigler (Apr 07)

Franz Pletz

Re: Re: Qualys Security Advisory - The Stack Clash Franz Pletz (Jun 21)

Glenn Randers-Pehrson

Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson (Jun 08)

Greg KH

Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Greg KH (Apr 17)
Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Greg KH (Jun 26)
Re: stackguard fix in Red Hat and Ubuntu kernels Greg KH (Jun 22)
Re: Kernel 4.1.y might not contain patches for CVE-2016-10229 Greg KH (May 14)

Guido Berhoerster

Re: terminal emulators' processing of escape sequences Guido Berhoerster (May 03)
Re: CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Guido Berhoerster (May 15)

Guido Vranken

rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 03)
4 remote vulnerabilities in OpenVPN Guido Vranken (Jun 21)
Re: 4 remote vulnerabilities in OpenVPN Guido Vranken (Jun 21)
Re: rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 04)
OpenVPN fuzzers released Guido Vranken (Jun 26)

Guillem Jover

Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover (Apr 20)
Re: CVE-2017-8283 Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover (Apr 27)

Hanno Böck

two heap overflows in raptor Hanno Böck (Jun 07)
Re: lame: multiple vulnerabilities Hanno Böck (Jun 28)
exiv2: multiple memory safety issues Hanno Böck (Jun 30)
Re: libxslt math.random issue Hanno Böck (Apr 06)
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Hanno Böck (May 30)
Re: I found Crash in tcpdump and radare2. Hanno Böck (May 31)
Re: CVE-2017-7592: libtiff: left shift Hanno Böck (Apr 12)

Henri Salo

Re: Multiple crashes in OpenEXR Henri Salo (May 12)

Ian Zimmerman

Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
Re: Vixie/ISC Cron group crontab to root escalation Ian Zimmerman (Jun 08)
Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 16)
Re: Apache XML Graphics FOP information disclosure vulnerability Ian Zimmerman (Apr 18)
Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 14)
rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman (May 17)

Ilya Matveychikov

Linux kernel: stack buffer overflow with controlled payload in get_options() function Ilya Matveychikov (May 30)

Insu Yun

Re: CVE Request: Denial of Service in Dropbox lepton Insu Yun (May 10)
CVE Request: Denial of Service in Dropbox lepton Insu Yun (May 09)

ISC Security Officer

Additional information for packagers concerning recent BIND security vulnerabilities ISC Security Officer (Apr 17)
ISC announces two BIND vulnerabilities ISC Security Officer (Jun 30)
BIND9 CVE-2017-3140 & CVE-2017-3141 ISC Security Officer (Jun 14)

Jacob Champion

CVE-2017-3169: Apache httpd 2.x mod_ssl null pointer dereference Jacob Champion (Jun 19)
CVE-2017-7679: Apache httpd 2.x mod_mime buffer overread Jacob Champion (Jun 19)
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass Jacob Champion (Jun 19)
CVE-2017-7668: Apache httpd 2.x ap_find_token buffer overread Jacob Champion (Jun 19)

Jakub Jirutka

CVE-2017-8301: TLS verification vulnerability in LibreSSL 2.5.1 - 2.5.3 Jakub Jirutka (Apr 27)

Jakub Wilk

Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk (Jun 13)
Berkeley DB reads DB_CONFIG from cwd Jakub Wilk (Jun 10)
RuboCop: insecure use of /tmp Jakub Wilk (May 01)
Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
OpenJDK: java(1): untrusted search path Jakub Wilk (Jun 13)
charset.alias in pkexec/glib/gnulib (was: glibc locale issues) Jakub Wilk (Jun 23)

Jason A. Donenfeld

Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
Re: Integer Overflow in rxvt Jason A. Donenfeld (May 01)
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
Re: terminal emulators' processing of escape sequences Jason A. Donenfeld (May 17)
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 26)
Re: Defense in depth patch for rxvt-unicode Jason A. Donenfeld (May 18)
Integer Overflow in rxvt Jason A. Donenfeld (May 01)
alloca in inline functions can be dangerous Jason A. Donenfeld (Apr 10)
CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 24)
Defense in depth patch for rxvt-unicode Jason A. Donenfeld (May 17)
Remotely exploitable crash in dhcpcd Jason A. Donenfeld (Jun 23)
Re: Integer Overflow in rxvt Jason A. Donenfeld (May 16)

Jeff Law

Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 21)

Jeffrey Walton

Crypto++ and invalid read in decompressor class Jeffrey Walton (Jun 06)

Jeremy Stanley

Re: How to request a CVE for open source projects Jeremy Stanley (May 22)

Jim Jagielski

CVE-2017-7659: mod_http2 null pointer dereference Jim Jagielski (Jun 19)

Jodie Cunningham

Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Jodie Cunningham (May 22)

Johannes Bauer

Re: Security bug report read-protected Johannes Bauer (Jun 09)

Johannes Segitz

Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 22)
Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)

Jörg Schaible

CVE Request - XStream: DoS when unmarshalling void Jörg Schaible (Apr 03)

Josh Bressers

Re: Qualys Security Advisory - The Stack Clash Josh Bressers (Jun 21)
Re: independent volunteers on distros list Josh Bressers (May 29)

Karel Zak

Re: TIOCSTI not going away Karel Zak (Jun 03)

Kash Pande

Re: MITRE is adding data intake to its CVE ID process Kash Pande (Apr 27)
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Kash Pande (May 07)

Kenton Varda

Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda (Apr 17)
Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda (Apr 17)

kseifried () redhat com

Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function kseifried () redhat com (May 30)
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux kseifried () redhat com (May 30)
Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 19)
Re: Re: MySQL - use-after-free after mysql_stmt_close() kseifried () redhat com (Jun 15)
Re: What happens in order to get CVE numbers kseifried () redhat com (Jun 02)

Kurt H Maier

Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt H Maier (Jun 15)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: How to request a CVE for open source projects Kurt H Maier (May 22)
Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)

Kurt Seifried

Re: Arbitrary terminal access via sudo on Linux Kurt Seifried (Jun 02)
Re: Do I have to inform someone about CVE? Kurt Seifried (Jun 15)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Kurt Seifried (May 30)
Re: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Kurt Seifried (May 08)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Apr 27)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt Seifried (Jun 15)
Re: Information on recent sqlite3 issues? Kurt Seifried (Jun 01)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: How to request a CVE for open source projects Kurt Seifried (May 23)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth Kurt Seifried (Jun 26)
Re: What happens in order to get CVE numbers Kurt Seifried (Jun 02)
Re: How long does DWF usually take to issue cve? Kurt Seifried (Jun 08)
Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
Re: Is not memory allocation failure a bug? Kurt Seifried (Jun 08)
Re: CoreOS membership to linux-distros Kurt Seifried (Jun 27)
Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Kurt Seifried (Jun 26)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Kurt Seifried (Apr 04)
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Kurt Seifried (Apr 24)
Re: How to request a CVE for open source projects Kurt Seifried (May 22)
Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kurt Seifried (Jun 26)

Kyle R

Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kyle R (Jun 27)

larry mccay

[ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS larry mccay (May 26)

Larry W. Cashdollar

SQL Injection in Wordpress plugin surveys v1.01.8 Larry W. Cashdollar (May 30)
Blind SQL Injection in Wordpress Plugin Easy Team Manager v1.3.2 Larry W. Cashdollar (May 30)
Arbitrary file upload vulnerability in Wordpress plugin flickr-picture-backup v0.7 Larry W. Cashdollar (Apr 30)
Blind SQL Injection in Wordpress plugin eventr v1.02.2 Larry W. Cashdollar (May 30)
Unauthenticated Stored XSS Vulnerability in Wordpress plugin gift-certificate-creator v1.0 Larry W. Cashdollar (Jun 02)
Blind SQL Injection and persistent XSS in Wordpress plugin image-gallery-with-slideshow v1.5.2 Larry W. Cashdollar (Apr 05)

Leandro Pereira

Re: alloca in inline functions can be dangerous Leandro Pereira (Apr 10)

Leo Famulari

Re: What happens in order to get CVE numbers Leo Famulari (Jun 02)
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Leo Famulari (Apr 15)
Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari (Jun 23)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari (Jun 23)

Liguori, Anthony

Re: unresponsive distros Liguori, Anthony (Jun 01)
Re: unresponsive distros Liguori, Anthony (Jun 01)
Re: unresponsive distros Liguori, Anthony (Jun 01)

Linus Torvalds

Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds (Jun 24)
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds (Jun 23)

Lizzie Dixon

Re: TIOCSTI not going away Lizzie Dixon (Jun 03)

Madhan Neethiraj

CVE updates: fixes in Apache Atlas 0.8-incubating Madhan Neethiraj (May 23)
CVE updates: fixes in Apache Atlas 0.7.1-incubating Madhan Neethiraj (May 08)

Manh Dung Nguyen

Re: Invalid writes and reads in libxml2 Manh Dung Nguyen (May 21)

Mansour Moufid

Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Mansour Moufid (Jun 26)

Marcel Böhme

Invalid writes and reads in libxml2 Marcel Böhme (May 14)

Marc Lehmann

Re: Defense in depth patch for rxvt-unicode Marc Lehmann (May 17)
Re: terminal emulators' processing of escape sequences Marc Lehmann (May 17)
Re: terminal emulators' processing of escape sequences Marc Lehmann (May 16)

Marcus Meissner

Re: Qualys Security Advisory - The Stack Clash Marcus Meissner (Jun 19)
Re: CVE-2017-7874 versus CVE-2009-1185 ? Marcus Meissner (Apr 19)
CVE-2017-8291 ghostscript remote code execution Marcus Meissner (Apr 27)
Re: libcroco: heap overflow and undefined behavior Marcus Meissner (Apr 24)
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Marcus Meissner (Apr 04)
Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner (Jun 22)
Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner (May 05)
Re: Is not memory allocation failure a bug? Marcus Meissner (Jun 08)
Re: binutils: two NULL pointer dereference in elflink.c Marcus Meissner (Apr 10)
libxslt math.random issue Marcus Meissner (Apr 05)
Re: libxslt math.random issue Marcus Meissner (Apr 06)
Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner (Jun 22)
Re: How to request a CVE for open source projects Marcus Meissner (May 22)

Marek Hulán

CVE-2017-7505: User scoped in organization with permissions for user management can manage administrators that are not assigned to any organization on Foreman 1.5+ Marek Hulán (Jun 02)

Mark Thomas

[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service Mark Thomas (Apr 10)

Martin

Re: How to request a CVE for open source projects Martin (May 22)
[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints Martin (May 19)

Martin Prpic

Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Martin Prpic (Apr 03)

Matt Gilman

[ANNOUNCE] Apache NiFi CVE-2017-7667 and CVE-2017-7665 Matt Gilman (Jun 11)

Matthias Gerstner

CVE-2017-7572: backintime: usage of deprecated unix-process polkit authorization subject opens a race condition during authorization Matthias Gerstner (Apr 07)

Matt Sicker

CVE-2017-5645: Apache Log4j socket receiver deserialization vulnerability Matt Sicker (Apr 17)

Medical Wei

lxterminal: insecurely uses /tmp for a socket file Medical Wei (May 08)

Michael Catanzaro

How to request a CVE for open source projects Michael Catanzaro (May 22)

Michael McNally

ISC announces three BIND vulnerabilities Michael McNally (Apr 12)

Michael Scherer

rkhunter: [CVE-2017-7480] Potential RCE after MiTM due to clear text download without signature Michael Scherer (Jun 29)

Michal Zalewski

Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
Re: terminal emulators' processing of escape sequences Michal Zalewski (May 01)

Mike O'Connor

Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)

Mikhail Utin

malicious hypervisor threat was ignored but it is real Mikhail Utin (Jun 27)

Moritz Bechler

Code Execution through a variety Java (Un-)Marshallers Moritz Bechler (May 22)

Moritz Muehlenhoff

Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 04)
Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 01)
Information on recent sqlite3 issues? Moritz Muehlenhoff (May 31)

Murray McAllister

Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister (Jun 13)
Re: Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister (Jun 13)

Nicholas Luedtke

Re: Information on recent sqlite3 issues? Nicholas Luedtke (Jun 01)

Nick Boyce

Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Nick Boyce (Apr 15)

Nick Kralevich

Re: TIOCSTI not going away Nick Kralevich (Jun 29)

nospam

Re: Qualys Security Advisory - The Stack Clash nospam (Jun 21)

Oliveira Lima

Request CVE ID for information disclosure present in ForgeRock OpenIDM 4.0.0 and 4.5.0 Oliveira Lima (Apr 07)

Ondřej Surý

Re: CVE for the TSIG issue in knot? Ondřej Surý (Jun 24)

oststrom (public)

CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response oststrom (public) (May 11)

Pali Rohár

Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 12)
MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 08)
MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár (May 03)
Re: MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár (May 03)
Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár (Apr 14)

Pavel Kankovsky

CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass Pavel Kankovsky (May 29)
CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass (erratum) Pavel Kankovsky (Jun 06)

PaX Team

Re: Qualys Security Advisory - The Stack Clash PaX Team (Jun 21)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team (Jun 27)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team (Jun 27)

Perry E. Metzger

libetpan: NULL dereference vulnerability Perry E. Metzger (May 08)
Reminder about CVE process? Perry E. Metzger (May 08)
Re: How to request a CVE for open source projects Perry E. Metzger (May 22)

Peter Bex

CVE request form not working Peter Bex (May 31)
CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid pointer dereference Peter Bex (Jun 01)
Re: CVE request form not working Peter Bex (May 31)

Peter Korsgaard

Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)

P J P

CVE-2017-7718 Qemu: display: cirrus: OOB read access issue P J P (Apr 19)
CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode P J P (May 17)
CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer P J P (May 03)
CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation P J P (Jun 12)
CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host P J P (Apr 19)
CVE-2017-8379 Qemu: input: host memory lekage via keyboard P J P (May 03)
CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create P J P (Apr 03)
CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort P J P (Jun 29)
CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device P J P (May 19)
CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines P J P (Apr 21)
CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr P J P (Apr 25)
CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation P J P (Jun 23)
CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value P J P (Jun 01)
CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 P J P (Apr 26)
CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug P J P (Jun 05)
CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command P J P (Jun 07)
CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write P J P (May 03)
CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug P J P (Jun 06)
CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep P J P (Jun 05)
CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation P J P (May 30)

Qhdwns123

What happens in order to get CVE numbers Qhdwns123 (Jun 02)
How long does DWF usually take to issue cve? Qhdwns123 (Jun 08)
Is not memory allocation failure a bug? Qhdwns123 (Jun 08)
Security bug report read-protected Qhdwns123 (Jun 09)
Re: What happens in order to get CVE numbers Qhdwns123 (Jun 02)
Do I have to inform someone about CVE? Qhdwns123 (Jun 15)
I found Crash in tcpdump and radare2. Qhdwns123 (May 31)

Qualys Security Advisory

Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory (May 30)
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
Re: Arbitrary terminal access via sudo on Linux Qualys Security Advisory (Jun 06)
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 28)
Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 19)
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory (Jun 14)

redrain root

[oss-security]Sourcetree arbitrary command execution redrain root (May 03)
Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 29)
Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 28)

Ritwik Ghoshal

Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal (Jun 15)

Robert Święcki

Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 16)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 01)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
Re: terminal emulators' processing of escape sequences Robert Święcki (May 03)

Roee Hay

Linux lp.c Out-of-Bounds Write via Kernel Command-line (CVE-2017-1000363) Roee Hay (May 23)

Russ Cox

remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (Apr 24)
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (May 08)

Ryan Munz

Re: terminal emulators' processing of escape sequences Ryan Munz (May 08)

Salvatore Bonaccorso

Re: Vixie/ISC Cron group crontab to root escalation Salvatore Bonaccorso (Jun 09)
Gajim: CVE-2016-10376: possible to remote extract plain-text from encrypted sessions Salvatore Bonaccorso (May 28)
web2py: CVE-2016-10321: does not check if a host is denied before verifying passwords Salvatore Bonaccorso (Apr 10)
Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso (May 07)
Re: Information on recent sqlite3 issues? Salvatore Bonaccorso (Jun 05)
Deluge: CVE-2017-9031: WebUI component: directory traversal vulnerability Salvatore Bonaccorso (May 18)
ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Salvatore Bonaccorso (May 20)
radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks Salvatore Bonaccorso (Apr 30)

Sam Pizzey

Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Sam Pizzey (May 03)

Sebastian Krahmer

generic kde LPE Sebastian Krahmer (May 10)
CVE-2017-7874 versus CVE-2009-1185 ? Sebastian Krahmer (Apr 19)

Sebastian Pipping

Expat 2.2.1 security fixes Sebastian Pipping (Jun 17)

Sébastien Delafond

libytnef: CVE-2017-9058: heap-based buffer overflow in SIZECHECK (ytnef.c) Sébastien Delafond (May 18)

Securify B.V.

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 29)

security

Re: CVE-2017-8291 ghostscript remote code execution security (Apr 27)

Sergio Pena

Re: CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Sergio Pena (May 30)

Seth Arnold

Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
Re: CVE Request: Denial of Service in Dropbox lepton Seth Arnold (May 09)
Re: accepting new members to (linux-)distros lists Seth Arnold (Jun 30)
Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold (May 03)
Re: Re: MySQL - use-after-free after mysql_stmt_close() Seth Arnold (Jun 15)

Shawn

Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn (Jun 24)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn (Jun 24)

Shiz

Re: terminal emulators' processing of escape sequences Shiz (May 08)

Simon Lees

Re: terminal emulators' processing of escape sequences Simon Lees (May 17)

Simon MacDonald

CVE-2016-6799: Internal system information leak Simon MacDonald (May 09)

Simon McVittie

Re: accepting new members to (linux-)distros lists Simon McVittie (Jun 28)
Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie (Jun 23)
CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie (Jun 22)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Simon McVittie (May 30)
Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
Re: generic kde LPE Simon McVittie (May 10)

Simon Steiner

[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner (Apr 18)
[CVE-2017-5662] Apache Batik information disclosure vulnerability Simon Steiner (Apr 18)

Solar Designer

Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
Re: TIOCSTI not going away Solar Designer (Jun 29)
Re: terminal emulators' processing of escape sequences Solar Designer (May 02)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 25)
Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer (Jun 15)
Re: malicious hypervisor threat was ignored but it is real Solar Designer (Jun 27)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 19)
Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
terminal emulators' processing of escape sequences Solar Designer (May 01)
TIOCSTI not going away Solar Designer (Jun 03)
Re: accepting new members to (linux-)distros lists Solar Designer (Jun 30)
independent volunteers on distros list Solar Designer (May 25)
Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Solar Designer (Apr 17)
Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 08)
unresponsive distros Solar Designer (Jun 01)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (May 30)
CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow Solar Designer (Apr 18)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Solar Designer (May 23)
Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
Re: terminal emulators' processing of escape sequences Solar Designer (May 17)
Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
accepting new members to (linux-)distros lists Solar Designer (Jun 28)
Re: ISC announces two BIND vulnerabilities Solar Designer (Jun 30)
Re: I found Crash in tcpdump and radare2. Solar Designer (May 31)
Re: CVE request: remote heap overflow in linux networking stack Solar Designer (Apr 24)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 20)
Re: accepting new members to (linux-)distros lists Solar Designer (Jun 30)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
Re: unresponsive distros Solar Designer (Jun 01)
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Solar Designer (Jun 24)
Re: CVE for the TSIG issue in knot? Solar Designer (Jun 24)
NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
Re: accepting new members to (linux-)distros lists Solar Designer (Jun 28)
Re: terminal emulators' processing of escape sequences Solar Designer (May 16)
Re: unresponsive distros Solar Designer (Jun 01)
Re: 4 remote vulnerabilities in OpenVPN Solar Designer (Jun 21)
stackguard fix in Red Hat and Ubuntu kernels Solar Designer (Jun 22)
Re: unresponsive distros Solar Designer (Jun 01)
Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer (Jun 14)
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
distros list archive Solar Designer (Jun 24)
civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Solar Designer (Jun 26)
Re: Do I have to inform someone about CVE? Solar Designer (Jun 15)
Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Solar Designer (Apr 01)

Stefan Pietsch

Re: Dolibarr ERP & CRM - Multiple Issues Stefan Pietsch (May 17)

Stephan Zeisberg

CVE Request: Two memory corruption vulnerabilities ldns 1.7 Stephan Zeisberg (Apr 27)

Steve Kemp

Re: terminal emulators' processing of escape sequences Steve Kemp (May 02)

Stiepan

Re: OpenJDK: java(1): untrusted search path Stiepan (Jun 13)

Stuart Gathman

Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Stuart Gathman (Apr 25)

Stuart Henderson

Re: Qualys Security Advisory - The Stack Clash Stuart Henderson (Jun 21)

Summer of Pwnage

Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (Apr 20)
Re: Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (May 17)

Sven Dowideit

Re: CoreOS membership to linux-distros Sven Dowideit (Jun 27)
Re: CoreOS membership to linux-distros Sven Dowideit (Jun 28)
Re: accepting new members to (linux-)distros lists Sven Dowideit (Jun 28)

Sydream Labs

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation Sydream Labs (May 23)

Sysdream Labs

[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Sysdream Labs (May 03)
[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin Sysdream Labs (May 03)

Szabolcs Nagy

Re: Re: Qualys Security Advisor -- The Stack Clash Szabolcs Nagy (Jun 23)

Tavis Ormandy

Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy (Apr 28)
Re: terminal emulators' processing of escape sequences Tavis Ormandy (May 19)

Thomas Deutschmann

Re: CVE request: sthttpd remote heap buffer overflow Thomas Deutschmann (Jun 29)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 22)
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 23)

Tim Graham

Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Tim Graham (Apr 04)

Todd C. Miller

Re: Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
Re: TIOCSTI not going away Todd C. Miller (Jun 29)

Tristan Cacqueray

[OSSA-2017-004] federated user gets wrong role (CVE-2017-2673) Tristan Cacqueray (Apr 25)
[OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400) Tristan Cacqueray (Apr 05)

Vaibhav Gumashta

CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Vaibhav Gumashta (May 24)

Varun Vasudev

CVE-2017-7669: Apache Hadoop privilege escalation Varun Vasudev (Jun 01)

Vasily Averin

Re: stackguard fix in Red Hat and Ubuntu kernels Vasily Averin (Jun 22)

Velmurugan Periasamy

CVE update - fixed in Apache Ranger 0.7.1 Velmurugan Periasamy (Jun 07)

Vladis Dronov

CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path Vladis Dronov (May 12)
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Vladis Dronov (Apr 04)
CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Vladis Dronov (May 11)

Wade Mealing

CVE-2017-7482 Linux kernel: krb5 ticket decode len check. Wade Mealing (Jun 26)
CVE-2017-7495 kernel : information leak on ext4 when hardware reset. Wade Mealing (May 14)

Waldemar Brodkorb

Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)

Xen . org security team

Xen Security Advisory 225 - arm: vgic: Out-of-bound access when sending SGIs Xen . org security team (Jun 20)
Xen Security Advisory 214 (CVE-2017-8904) - grant transfer allows PV guest to elevate privileges Xen . org security team (May 12)
Xen Security Advisory 219 - x86: insufficient reference counts during shadow emulation Xen . org security team (Jun 20)
Xen Security Advisory 213 - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team (May 02)
Xen Security Advisory 215 - possible memory corruption via failsafe callback Xen . org security team (May 02)
Xen Security Advisory 213 (CVE-2017-8903) - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team (May 12)
Xen Security Advisory 218 - Races in the grant table unmap code Xen . org security team (Jun 20)
Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team (Jun 20)
Xen Security Advisory 222 - stale P2M mappings due to insufficient error checking Xen . org security team (Jun 20)
Xen Security Advisory 215 (CVE-2017-8905) - possible memory corruption via failsafe callback Xen . org security team (May 12)
Xen Security Advisory 214 - grant transfer allows PV guest to elevate privileges Xen . org security team (May 02)
Xen Security Advisory 223 - ARM guest disabling interrupt may crash Xen Xen . org security team (Jun 20)
Xen Security Advisory 212 (CVE-2017-7228) - x86: broken check in memory_exchange() permits PV guest breakout Xen . org security team (Apr 04)
Xen Security Advisory 220 - x86: PKRU and BND* leakage between vCPU-s Xen . org security team (Jun 20)
Xen Security Advisory 224 - grant table operations mishandle reference counts Xen . org security team (Jun 20)
Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team (Jun 20)
Xen Security Advisory 221 - NULL pointer deref in event channel poll Xen . org security team (Jun 20)
Xen Security Advisory 217 - page transfer may allow PV guest to elevate privilege Xen . org security team (Jun 20)

Xiaobo Xiang

CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Xiaobo Xiang (Apr 22)
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp) Xiaobo Xiang (Apr 22)

xiaoqixue_1

Re:Re: [oss-security] CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 21)
CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 20)
CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 20)

Yao Wei

CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Yao Wei (May 15)
CVE-2017-8933 libmenu-cache: socket may be blocked by another user Yao Wei (May 15)

Yui Hirasawa

Re: terminal emulators' processing of escape sequences Yui Hirasawa (May 19)

Yury German

Kernel 4.1.y might not contain patches for CVE-2016-10229 Yury German (May 13)

Yves-Alexis Perez

Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
CVE for the TSIG issue in knot? Yves-Alexis Perez (Jun 24)
Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)
Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)

Zach W

Re: two vulns in uClibc-0.9.33.2 Zach W (Jun 16)

李琪

CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program 李琪 (Apr 28)

王永科

CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) 王永科 (Apr 06)
CVE Request: Interger overflow vulnerability in ptp_unpack_OPL function of libmtp (version 1.1.12 and below) 王永科 (Apr 06)

Previous period

Next period