oss-sec: by author
RSS Feed
About List
All Lists
Previous period
596 messages
starting Jul 12 17 and
ending Aug 14 17
Date index |
Thread index |
Author index
????????????
Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap ???????????? (Jul 12)
598930392 () qq com
Re: Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap 598930392 () qq com (Jul 14)
Agostino Sarubbo
aacplusenc: NULL pointer dereference in DeleteBitBuffer (bitbuffer.c) Agostino Sarubbo (Sep 07)
Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo (Sep 01)
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
Re: Re: [scr358145] pcre-8.41 - 8.41 Agostino Sarubbo (Jul 10)
Re: Re: [scr379303] A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
mp3gain: invalid memory write in copy_mp (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
libzip: use-after-free in _zip_buffer_free (zip_buffer.c) Agostino Sarubbo (Sep 02)
openjpeg: heap-based buffer overflow in opj_mqc_flush (mqc.c) Agostino Sarubbo (Sep 06)
libfpx: NULL pointer dereference in CDirectory::GetDirEntry (dir.cxx) Agostino Sarubbo (Aug 17)
mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
binutils: heap-based buffer overflow in read_1_byte (dwarf2.c) Agostino Sarubbo (Sep 30)
bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp) Agostino Sarubbo (Sep 22)
libfpx: heap-based buffer overflow in OLEStream::WriteVT_LPSTR (olestrm.cpp) Agostino Sarubbo (Aug 17)
binutils: NULL pointer dereference in scan_unit_for_symbols (dwarf2.c) Agostino Sarubbo (Sep 30)
libfpx: divide-by-zero in CDirVector::GetTable (dirfunc.hxx) Agostino Sarubbo (Aug 17)
xar: NULL pointer dereference in xar_get_path (util.c) Agostino Sarubbo (Jul 10)
mp3gain: global buffer overflow in III_i_stereo (mpglibDBL/layer3.c) Agostino Sarubbo (Sep 14)
openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) Agostino Sarubbo (Sep 06)
graphicsmagick: assertion failure in pixel_cache.c Agostino Sarubbo (Sep 22)
libfpx: NULL pointer dereference in PFileFlashPixView::GetGlobalInfoProperty (f_fpxvw.cpp) Agostino Sarubbo (Aug 17)
binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c) Agostino Sarubbo (Sep 30)
bento4: heap-based buffer overflow in AP4_HdlrAtom::AP4_HdlrAtom (Ap4HdlrAtom.cpp) Agostino Sarubbo (Sep 22)
graphicsmagick: memory allocation failure in MagickMalloc (memory.c) Agostino Sarubbo (Sep 06)
bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp) Agostino Sarubbo (Sep 22)
openjpeg: memory allocation failure in opj_aligned_alloc_n (opj_malloc.c) Agostino Sarubbo (Aug 20)
mp3gain: stack-based buffer overflow in copy_mp (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403) Agostino Sarubbo (Sep 01)
Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo (Sep 26)
binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Agostino Sarubbo (Sep 26)
openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152) Agostino Sarubbo (Sep 06)
graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo (Aug 28)
Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Agostino Sarubbo (Sep 29)
Re: openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152) Agostino Sarubbo (Sep 06)
Re: A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
bento4: NULL pointer dereference in AP4_StdcFileByteStream::ReadPartial (Ap4StdCFileByteStream.cpp) Agostino Sarubbo (Sep 22)
libfpx: NULL pointer dereference in OLEStream::WriteVT_LPSTR (olestrm.cpp) Agostino Sarubbo (Aug 17)
graphicsmagick: heap-based buffer overflow in ReadSUNImage (sun.c) Agostino Sarubbo (Aug 18)
bento4: heap-based buffer overflow in AP4_BitStream::ReadBytes (Ap4BitStream.cpp) Agostino Sarubbo (Sep 22)
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp) Agostino Sarubbo (Sep 22)
Re: Cve issue discussion Agostino Sarubbo (Aug 07)
libfpx: double-free in DfFromLB (docfile.cxx) Agostino Sarubbo (Aug 17)
bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h) Agostino Sarubbo (Sep 22)
Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo (Sep 26)
bento4: NULL pointer dereference in AP4_DataAtom::~AP4_DataAtom (Ap4MetaData.cpp) Agostino Sarubbo (Sep 22)
bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp) Agostino Sarubbo (Sep 22)
Re: openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c) Agostino Sarubbo (Sep 01)
openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c) Agostino Sarubbo (Aug 28)
openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c) Agostino Sarubbo (Aug 28)
graphicsmagick: use-after-free in ReadWMFImage (wmf.c) Agostino Sarubbo (Aug 18)
Re: openjpeg: invalid memory write in tgatoimage (convert.c) Agostino Sarubbo (Sep 01)
mp3gain: stack-based buffer overflow in dct36 (mpglibDBL/layer3.c) Agostino Sarubbo (Sep 14)
Re: openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c) Agostino Sarubbo (Sep 01)
imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c) Agostino Sarubbo (Aug 16)
libzip: memory allocation failure in _zip_cdir_grow (zip_dirent.c) Agostino Sarubbo (Sep 02)
Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo (Sep 26)
mp3gain: memcpy-param-overlap in set_pointer (mpglibDBL/common.c) Agostino Sarubbo (Sep 14)
openjpeg: invalid memory write in tgatoimage (convert.c) Agostino Sarubbo (Aug 28)
libfpx: NULL pointer dereference in wchar.c Agostino Sarubbo (Aug 17)
libarchive: heap-based buffer overflow in xml_data (archive_read_support_format_xar.c) Agostino Sarubbo (Sep 06)
A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
mp3gain: global buffer overflow in III_dequantize_sample (mpglibDBL/layer3.c) Agostino Sarubbo (Sep 14)
imagemagick: use-after-free in DestroyImage (image.c) Agostino Sarubbo (Aug 16)
Re: graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403) Agostino Sarubbo (Sep 01)
graphicsmagick: use-after-free in CloseBlob (blob.c) Agostino Sarubbo (Jul 18)
bladeenc: global buffer overflow in iteration_loop (loop.c) Agostino Sarubbo (Sep 21)
Re: A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
bento4: NULL pointer dereference in AP4_Atom::SetType (Ap4Atom.h) Agostino Sarubbo (Sep 22)
libmirage: NULL pointer dereference in mirage_stream_get_filename (stream.c) Agostino Sarubbo (Aug 21)
xar: NULL pointer dereference in xar_unserialize (archive.c) Agostino Sarubbo (Jul 10)
mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
graphicsmagick: invalid memory read in SetImageColorCallBack (image.c) Agostino Sarubbo (Aug 18)
mp3gain: stack-based buffer overflow in filterYule (gain_analysis.c) Agostino Sarubbo (Sep 14)
Ailin Nemui
Irssi 1.0.4: CVE-2017-10965, CVE-2017-10966. Ailin Nemui (Jul 07)
akuster
Re: CoreOS membership to linux-distros (updated) akuster (Aug 01)
Re: Tcpdump 4.9.2 akuster (Sep 13)
Alan Coopersmith
Re: systemd fails to parse user that should run service Alan Coopersmith (Jul 05)
Devil's Ivy (CVE-2017-9765) in gSOAP 2.7 up to 2.8.47 Alan Coopersmith (Jul 19)
Re: Estimate for the total number of exploitable bugs in large linux distro? Alan Coopersmith (Jul 14)
Re: CVE Request: Multiple security issues in OpenJPEG Alan Coopersmith (Aug 22)
Alexander Batischev
Podbeuter podcast fetcher: remote code execution Alexander Batischev (Sep 16)
Re: Podbeuter podcast fetcher: remote code execution Alexander Batischev (Sep 17)
Alexander Popov
Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov (Aug 24)
Re: Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov (Aug 29)
Alex R
CVE-2017-7687: Libprocess might crash when decoding a malformed request. Alex R (Sep 26)
CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path. Alex R (Sep 26)
Andreas Stieger
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)
Re: Devil's Ivy (CVE-2017-9765) in gSOAP 2.7 up to 2.8.47 Andreas Stieger (Jul 19)
Andrey Konovalov
Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Andrey Konovalov (Aug 10)
Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Andrey Konovalov (Aug 13)
Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov (Aug 04)
Re: Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov (Sep 01)
Annie Cherkaev
CVE-2017-12762: buffer overflow in ISDN linux driver Annie Cherkaev (Aug 10)
Anthony Baker
[SECURITY] CVE-2017-9797 Apache Geode client/server authentication vulnerability Anthony Baker (Sep 29)
[SECURITY] CVE-2017-9794 Apache Geode gfsh query vulnerability Anthony Baker (Sep 29)
Anthony Liguori
Re: Why send bugs embargoed to distros? Anthony Liguori (Sep 23)
Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 14)
Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 14)
Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
Anthony Sasadeusz
CVE ID for JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Jul 08)
Armis Security
Linux BlueBorne vulnerabilities Armis Security (Sep 13)
Re: Linux BlueBorne vulnerabilities Armis Security (Sep 14)
ben
Re: [scr358145] pcre-8.41 - 8.41 ben (Jul 10)
Ben Seri
Re: Linux BlueBorne vulnerabilities Ben Seri (Sep 15)
Re: Linux BlueBorne vulnerabilities Ben Seri (Sep 15)
Ben Tasker
Re: systemd fails to parse user that should run service Ben Tasker (Jul 06)
Re: systemd fails to parse user that should run service Ben Tasker (Jul 05)
Bertrand Delacretaz
CVE-2016-5394 : Apache Sling XSS vulnerability Bertrand Delacretaz (Jul 18)
CVE-2016-6798 : Apache Sling XXE vulnerability Bertrand Delacretaz (Jul 18)
Bobby Broughton
RE: linux-distros list membership application - CloudLinux Bobby Broughton (Jul 02)
Bob Friesenhahn
Re: Linux kernel CVEs not mentioned on oss-security Bob Friesenhahn (Sep 26)
Re: A bunch of duplicate CVEs requested for?? bho.. Bob Friesenhahn (Aug 29)
Re: Cve issue discussion Bob Friesenhahn (Aug 07)
Re: Linux kernel CVEs not mentioned on oss-security Bob Friesenhahn (Sep 26)
Brad Spengler
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Brad Spengler (Aug 05)
Re: Linux kernel CVEs not mentioned on oss-security Brad Spengler (Sep 28)
Brandon Perry
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Brandon Perry (Jul 14)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2017-0007 Carlos Alberto Lopez Perez (Aug 25)
WebKitGTK+ Security Advisory WSA-2017-0006 Carlos Alberto Lopez Perez (Jul 25)
Casper . Dik
Re: systemd fails to parse user that should run service Casper . Dik (Jul 05)
chbi
Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3 chbi (Sep 28)
Re: Stored XSS vulnerability in eGroupware Community Edition <= 16.1.20170703 chbi (Sep 29)
CVE-2017-12850, CVE-2017-12851: Privilege Escalation in Kanboard <= v1.0.45 chbi (Aug 15)
CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS chbi (Sep 28)
Re: CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS chbi (Sep 29)
Stored XSS vulnerability in eGroupware Community Edition <= 16.1.20170703 chbi (Sep 28)
Re: CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS chbi (Sep 28)
Re: Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3 chbi (Sep 29)
Cliff Perry
Re: Why send bugs embargoed to distros? Cliff Perry (Sep 25)
cve-request
Re: [scr379303] A bunch of duplicate CVEs requested for?? bho.. cve-request (Aug 29)
Daisuke Noguchi[NRIセキュア 野口]
ConnMan #ConnManDo Vulnerability Daisuke Noguchi[NRIセキュア 野口] (Aug 29)
Damien Regad
Advisory: XSS issues in MantisBT (CVE-2017-12061, CVE-2017-12062) Damien Regad (Aug 01)
CVE-2017-12419: Arbitrary File Read in MantisBT install.php script Damien Regad (Aug 04)
Re: Advisory: XSS issues in MantisBT (CVE-2017-12061, CVE-2017-12062) Damien Regad (Aug 01)
Daniel Beck
Re: Jenkins plugins -- multiple vulnerabilities Daniel Beck (Aug 23)
Jenkins SAML Plugin 1.0.2 and earlier stored secrets unencrypted Daniel Beck (Aug 08)
Jenkins plugins -- multiple vulnerabilities Daniel Beck (Aug 07)
Jenkins plugins -- multiple vulnerabilities Daniel Beck (Jul 11)
Daniel Kahn Gillmor
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor (Aug 16)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 06)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor (Aug 16)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
Daniel Micay
Re: systemd fails to parse user that should run service Daniel Micay (Jul 05)
Re: systemd fails to parse user that should run service Daniel Micay (Jul 05)
Daniel Shahaf
[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released Daniel Shahaf (Aug 10)
Daniel Skowroński
systemd fails to parse user that should run service Daniel Skowroński (Jul 02)
Daniel Stenberg
[SECURITY ADVISORY] curl: FILE buffer read out of bounds Daniel Stenberg (Aug 08)
[SECURITY ADVISORY] curl: URL globbing out of bounds read Daniel Stenberg (Aug 08)
[SECURITY ADVISORY] curl: TFTP sends more than buffer size Daniel Stenberg (Aug 08)
Dave Chinner
CVE-2017-14340: Linux kernel: xfs: unprivileged user kernel oops Dave Chinner (Sep 13)
David Jardin
Re: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure David Jardin (Sep 28)
Denis Ovsienko
Arch Linux and tcpdump 4.9.2 Denis Ovsienko (Sep 08)
tcpdump 4.9.2 is fully available Denis Ovsienko (Sep 13)
Dhiru Kholia
Potential security bugs in "eapmd5pass" software (3 CVE IDs) Dhiru Kholia (Jul 31)
Four memory safety bugs in "sipcrack" package (2 CVE IDs) Dhiru Kholia (Jul 26)
Dmitry V. Levin
Re: linux-distros list membership application - CloudLinux Dmitry V. Levin (Jul 04)
Doran Moppert
CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings Doran Moppert (Aug 16)
Dr. Thomas Orgis
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Dr. Thomas Orgis (Sep 14)
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Dr. Thomas Orgis (Sep 14)
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
Efraim Flashner
Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Efraim Flashner (Sep 27)
Emilio Pozuelo Monfort
Re: CVE-2017-9772: OCaml release 4.04.2 Emilio Pozuelo Monfort (Sep 27)
Eric Blake
Re: systemd fails to parse user that should run service Eric Blake (Jul 05)
Euan Kemp
CoreOS membership to linux-distros (updated) Euan Kemp (Jul 18)
Evy Bongers
CVE-2017-12425: Varnish HTTP Cache 4.0.1 to 5.1.2 DoS vulnerability Evy Bongers (Aug 09)
Florent Rougon
CVE-2017-13709: Incorrect access control in FlightGear Florent Rougon (Aug 27)
Florian Weimer
Insecure DNS dependency in many Kerberos deployments Florian Weimer (Aug 16)
CVE-2017-11671: GCC generates incorrect code for RDRAND/RDSEED intrinsics Florian Weimer (Jul 27)
Re: GNU Emacs 25.2 enriched text remote code execution Florian Weimer (Sep 12)
Franz Pletz
Re: NIX-2017-0003: LDAP with useTLS option disabled TLS peer verification Franz Pletz (Jul 21)
GbigMao
Re: Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap GbigMao (Jul 17)
Georgi Guninski
Estimate for the total number of exploitable bugs in large linux distro? Georgi Guninski (Jul 14)
Glenn Randers-Pehrson
Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
Re: Cve issue discussion Glenn Randers-Pehrson (Aug 09)
Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
Graham Christensen
NIX-2017-0003: LDAP with useTLS option disabled TLS peer verification Graham Christensen (Jul 19)
Greg KH
Re: Estimate for the total number of exploitable bugs in large linux distro? Greg KH (Jul 14)
Re: CoreOS membership to linux-distros (updated) Greg KH (Jul 20)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 26)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 28)
Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
Re: Integer overflow in bttv driver Greg KH (Aug 28)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 27)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 26)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 28)
gremlin
Re: accepting new members to (linux-)distros lists gremlin (Jul 03)
Re: CoreOS membership to linux-distros (updated) gremlin (Jul 20)
Guido Günther
Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Guido Günther (Sep 30)
Guido Vranken
11 remote vulnerabilities (inc. 2x RCE) in FreeRADIUS packet parsers Guido Vranken (Jul 17)
OpenVPN CVE-2017-12166: remote buffer overflow Guido Vranken (Sep 28)
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Guido Vranken (Sep 28)
Hank Leininger
CVS and ssh command injection (see CVE-2017-1000117, etc.) Hank Leininger (Aug 10)
Hanno Böck
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Hanno Böck (Aug 20)
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Hanno Böck (Jul 14)
clamav: Out of bounds read and segfault in xar parser Hanno Böck (Sep 29)
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Hanno Böck (Sep 29)
unrar-free/unrar-gpl: directory traversal and other issues Hanno Böck (Aug 20)
Why send bugs embargoed to distros? Hanno Böck (Sep 23)
Optionsbleed bug in Apache HTTPD Hanno Böck (Sep 18)
Re: Estimate for the total number of exploitable bugs in large linux distro? Hanno Böck (Jul 14)
Henri S.
Re: A bunch of duplicate CVEs requested for?? bho.. Henri S. (Aug 29)
Henri Salo
Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. Henri Salo (Aug 15)
The Internet Bug Bounty: Data Processing (hackerone.com) Henri Salo (Sep 28)
Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 19)
Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 23)
Re: accepting new members to (linux-)distros lists Henri Salo (Jul 25)
ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 16)
Hooman Ghasem Broujerdi
CVE-IDs request for Apache Kafka desrialization vulnerability via runtime Hooman Ghasem Broujerdi (Jul 18)
Igor Seletskiy
linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 02)
Re: linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 02)
Re: Why send bugs embargoed to distros? Igor Seletskiy (Sep 24)
Re: linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 04)
ISC Security Officer
A recommendation for maintainers of BIND packages (re: DNSSEC validation) ISC Security Officer (Aug 30)
Jakub Wilk
UnRAR: directory traversal + memory safety bugs Jakub Wilk (Aug 14)
Jan H. Schönherr
CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4) Jan H. Schönherr (Sep 15)
Javantea
Re: Estimate for the total number of exploitable bugs in large linux distro? Javantea (Jul 14)
Jeff Elsloo
[ANNOUNCE] Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670 Jeff Elsloo (Jul 07)
Jeffrey Walton
Re: systemd fails to parse user that should run service Jeffrey Walton (Jul 05)
Jeremy Stanley
Re: systemd fails to parse user that should run service Jeremy Stanley (Jul 05)
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Jeremy Stanley (Sep 18)
Jerry Lundström
Re: Tcpdump 4.9.2 Jerry Lundström (Sep 08)
Jesse Hertz
Re: Cve issue discussion Jesse Hertz (Aug 07)
Re: CoreOS membership to linux-distros (updated) Jesse Hertz (Jul 20)
Re: Cve issue discussion Jesse Hertz (Aug 09)
joernchen
Advisory: Git cvsserver OS Command Injection joernchen (Sep 26)
Johannes Segitz
Re: CoreOS membership to linux-distros (updated) Johannes Segitz (Aug 02)
CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Johannes Segitz (Jul 13)
John Haxby
Re: systemd fails to parse user that should run service John Haxby (Jul 05)
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() John Haxby (Aug 03)
Re: Cve issue discussion John Haxby (Aug 07)
Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
Re: Why send bugs embargoed to distros? John Haxby (Sep 25)
Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
Re: systemd fails to parse user that should run service John Haxby (Jul 05)
Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak John Haxby (Jul 31)
Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
Jonas Thiem
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Jonas Thiem (Jul 11)
Jordan Glover
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Jordan Glover (Sep 18)
Kees Cook
Re: CoreOS membership to linux-distros (updated) Kees Cook (Jul 18)
Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 03)
CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations Kristian Fiskerstrand (Jul 14)
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 06)
Re: systemd fails to parse user that should run service Kristian Fiskerstrand (Jul 05)
Re: Estimate for the total number of exploitable bugs in large linux distro? Kristian Fiskerstrand (Jul 14)
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 14)
Re: systemd fails to parse user that should run service Kristian Fiskerstrand (Jul 05)
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
Re: systemd fails to parse user that should run service Kristian Fiskerstrand (Jul 05)
Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand (Jul 03)
kseifried () redhat com
Re: accepting new members to (linux-)distros lists kseifried () redhat com (Jul 06)
Re: accepting new members to (linux-)distros lists kseifried () redhat com (Jul 14)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation kseifried () redhat com (Sep 11)
Kurt H Maier
Re: Why send bugs embargoed to distros? Kurt H Maier (Sep 23)
Kurt Seifried
Re: Podbeuter podcast fetcher: remote code execution Kurt Seifried (Sep 17)
Re: systemd fails to parse user that should run service Kurt Seifried (Jul 06)
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 26)
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 25)
Re: Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Kurt Seifried (Jul 10)
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Kurt Seifried (Sep 29)
Re: accepting new members to (linux-)distros lists Kurt Seifried (Jul 14)
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 26)
Re: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Kurt Seifried (Jul 19)
Re: A bunch of duplicate CVEs requested for?? bho.. Kurt Seifried (Aug 29)
RubyGems flaws Kurt Seifried (Aug 30)
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 26)
Re: Estimate for the total number of exploitable bugs in large linux distro? Kurt Seifried (Jul 14)
Re: Syslog forwarding with IP spoofing Kurt Seifried (Aug 01)
Re: accepting new members to (linux-)distros lists Kurt Seifried (Jul 14)
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
Re: Podbeuter podcast fetcher: remote code execution Kurt Seifried (Sep 17)
Re: Reporting and disclosing Linux kernel vulnerabilities Kurt Seifried (Aug 04)
Larry W. Cashdollar
Blind SQL injection in wordpress plugin event-espresso-free v3.1.37.11.L, fixed in v3.1.37.12.L Larry W. Cashdollar (Jul 11)
Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download Larry W. Cashdollar (Sep 27)
Blind SQL Injection in Wordpress plugin wordpress-gallery-transformation v1.0 Larry W. Cashdollar (Aug 25)
Re: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure Larry W. Cashdollar (Sep 28)
Authenticated Blind SQL Injection vulnerability in Wordpress plugin rk-responsive-contact-form v1.0 Larry W. Cashdollar (Aug 23)
File upload vulnerability in Kindeditor <= 4.1.12 Larry W. Cashdollar (Jul 05)
Joomla extension Easy Joomla Backup v3.2.4 database backup exposure Larry W. Cashdollar (Sep 28)
Leo Famulari
Re: tcpdump 4.9.2 is fully available Leo Famulari (Sep 24)
Tcpdump 4.9.2 Leo Famulari (Sep 07)
Re: Why send bugs embargoed to distros? Leo Famulari (Sep 25)
Leonid Isaev
Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
Leonid Kanter
Re: linux-distros list membership application - CloudLinux Leonid Kanter (Jul 04)
Levente Polyak
Re: Why send bugs embargoed to distros? Levente Polyak (Sep 23)
Re: tcpdump 4.9.2 is fully available Levente Polyak (Sep 14)
Lior Kaplan
CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan (Jul 05)
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan (Jul 05)
Luciano Bello
Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Luciano Bello (Sep 19)
[CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Luciano Bello (Sep 18)
Ludovic Courtès
Re: Why send bugs embargoed to distros? Ludovic Courtès (Sep 24)
Lukasz Lenart
[ANN] Apache Struts 2.5.12 GA with Security Fixes Release Lukasz Lenart (Jul 13)
[ANN] Apache Struts 2.5.13 GA with Security Fixes Release Lukasz Lenart (Sep 05)
[ANN] Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series Lukasz Lenart (Jul 07)
Re: [ANN] Apache Struts 2.5.13 GA with Security Fixes Release Lukasz Lenart (Sep 05)
[ANN] Apache Struts 2.3.34 General Availability with Security Fixes Release Lukasz Lenart (Sep 07)
[ANN] Apache Struts: S2-049 Security Bulletin update Lukasz Lenart (Aug 10)
Luke Hinds
[OSSN-0081] sha512_crypt is insufficient for password hashing Luke Hinds (Sep 17)
[OpenStack OSSN 0080] Aodh can be used to launder Keystone trusts Luke Hinds (Aug 17)
[OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu Luke Hinds (Jul 21)
Marc Deslauriers
Re: Why send bugs embargoed to distros? Marc Deslauriers (Sep 23)
Marcus Meissner
Re: Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner (Aug 18)
Re: Why send bugs embargoed to distros? Marcus Meissner (Sep 23)
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Marcus Meissner (Sep 04)
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Marcus Meissner (Jul 10)
PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Marcus Meissner (Jul 10)
Re: RubyGems flaws Marcus Meissner (Aug 30)
Re: Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Marcus Meissner (Jul 10)
X.Org X Server stack overflow and information leak Marcus Meissner (Jul 06)
Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner (Aug 18)
Re: systemd fails to parse user that should run service Marcus Meissner (Jul 05)
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Marcus Meissner (Jul 06)
Re: Cve issue discussion Marcus Meissner (Aug 07)
Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner (Aug 18)
Re: Linux kernel CVEs not mentioned on oss-security Marcus Meissner (Sep 27)
Marek Hulán
Foreman 1.1+ stored XSS in organizations/locations assignment to hosts Marek Hulán (Sep 25)
Mark Hatle
Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 01)
Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 03)
Mark Thomas
[SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload Mark Thomas (Sep 19)
[SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure Mark Thomas (Sep 19)
Martin Steigerwald
Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)
Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)
Matthew Daley
Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Matthew Daley (Jul 19)
Matthias Gerstner
firewalld: lockdown whitelist cmdline access check is not secure Matthias Gerstner (Jul 13)
CVE-2017-11171: gnome-session: Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c Matthias Gerstner (Jul 12)
tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner (Jul 24)
Re: tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner (Aug 21)
Re: tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner (Aug 21)
Maxim Solodovnik
CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass Maxim Solodovnik (Jul 13)
CVE-2017-7663 - Apache OpenMeetings - XSS in chat Maxim Solodovnik (Jul 13)
CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation Maxim Solodovnik (Jul 13)
CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers Maxim Solodovnik (Jul 13)
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload Maxim Solodovnik (Jul 13)
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update Maxim Solodovnik (Jul 13)
CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy Maxim Solodovnik (Jul 13)
CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods Maxim Solodovnik (Jul 13)
CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services Maxim Solodovnik (Jul 13)
CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords Maxim Solodovnik (Jul 13)
CVE-2017-7683 - Apache OpenMeetings - Information Disclosure Maxim Solodovnik (Jul 13)
Michael Orlitzky
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
CVE-2017-14681: P3Scan privilege escalation via PID file manipulation Michael Orlitzky (Sep 21)
CVE-2017-14159: OpenLDAP privilege escalation via PID file manipulation Michael Orlitzky (Sep 11)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 07)
CVE-2017-14609 Kannel privilege escalation via PID file manipulation Michael Orlitzky (Sep 20)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 11)
CVE-2017-13649: UnrealIRCd privilege escalation via PID file manipulation Michael Orlitzky (Aug 23)
CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 16)
CVE-2017-14102: MIMEDefang privilege escalation via PID file manipulation Michael Orlitzky (Sep 03)
CVE-2017-14312: Nagios core root privilege escalation via insecure permissions Michael Orlitzky (Sep 17)
CVE-2017-11746: tenshi privilege escalation via PID file manipulation Michael Orlitzky (Aug 17)
Michal Zalewski
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Michal Zalewski (Jul 10)
Mikhail Utin
Re: Syslog forwarding with IP spoofing Mikhail Utin (Aug 01)
Moritz Muehlenhoff
Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff (Sep 26)
Muhammed Mustapha Abiola
Re: Linux kernel CVEs not mentioned on oss-security Muhammed Mustapha Abiola (Sep 27)
ne xo
Cve issue discussion ne xo (Aug 06)
RE: Cve issue discussion ne xo (Aug 09)
RE: Cve issue discussion ne xo (Aug 07)
Nicholas Luedtke
Re: Linux kernel CVEs not mentioned on oss-security Nicholas Luedtke (Sep 26)
Nicholas Prowse
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Nicholas Prowse (Sep 18)
Nicolas Grégoire
Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Nicolas Grégoire (Aug 31)
CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Nicolas Grégoire (Aug 31)
Nicolas RUFF
Re: CoreOS membership to linux-distros (updated) Nicolas RUFF (Jul 21)
NOIRFATE
ImageMagick : CVE-2017-14741 : Infinite loop in ReadCAPTIONImage NOIRFATE (Sep 26)
Pali Rohár
CVE-2017-10788 for DBD::mysql (Re: [oss-security] Re: MySQL - use-after-free after mysql_stmt_close()) Pali Rohár (Jul 03)
CVE-2017-10789: DBD::mysql - mysql_ssl=1 does not enforce encryption Pali Rohár (Jul 05)
Re: systemd fails to parse user that should run service Pali Rohár (Jul 05)
Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Aug 03)
Re: systemd fails to parse user that should run service Pali Rohár (Jul 05)
Patrick J. Volkerding
Re: systemd fails to parse user that should run service Patrick J. Volkerding (Jul 06)
Patrick Uiterwijk
Re: pagure: private repositories accessible through ssh Patrick Uiterwijk (Jul 22)
Paul Eggert
GNU Emacs 25.2 enriched text remote code execution Paul Eggert (Sep 11)
Perry E. Metzger
Re: systemd fails to parse user that should run service Perry E. Metzger (Jul 05)
Re: systemd fails to parse user that should run service Perry E. Metzger (Jul 05)
Peter Bex
CVE-2017-11343 CHICKEN Scheme: algorithmic complexity attack in hash tables Peter Bex (Jul 16)
Peter Korsgaard
Re: Tcpdump 4.9.2 Peter Korsgaard (Sep 08)
Petr Matousek
Re: Linux BlueBorne vulnerabilities Petr Matousek (Sep 14)
P J P
CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference P J P (Aug 21)
CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register P J P (Sep 25)
CVE-2017-13711 Qemu: Slirp: use-after-free when sending response P J P (Aug 29)
CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging P J P (Jul 07)
CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options P J P (Jul 18)
Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update P J P (Sep 12)
CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image P J P (Sep 07)
CVE-2017-10810 Kernel: virtio-gpu: memory leakage while creating gpu object P J P (Jul 07)
CVE-2017-13673 Qemu: vga: reachable assert failure during during display update P J P (Aug 30)
CVE-2017-11334 Qemu: exec: oob access during dma operation P J P (Jul 17)
CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine P J P (Jul 21)
CVE-2017-13672 Qemu: vga: OOB read access during display update P J P (Aug 30)
Priedhorsky, Reid
Linux kernel CVEs not mentioned on oss-security Priedhorsky, Reid (Sep 25)
Re: Linux kernel CVEs not mentioned on oss-security Priedhorsky, Reid (Sep 26)
P. Taylor Goetz
[CVE-2017-9799] Apache Storm Possible Code Execution As A Different User P. Taylor Goetz (Aug 09)
Qualys Security Advisory
Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Qualys Security Advisory (Sep 26)
Raphael Geissert
Re: Tcpdump 4.9.2 Raphael Geissert (Sep 08)
Reed Loden
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Sep 28)
Remi Gacogne
PowerDNS Security Advisories for dnsdist 2017-01 and 2017-02 Remi Gacogne (Aug 21)
Ritwik Ghoshal
Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal (Aug 12)
Robert Munteanu
CVE-2017-9802: Apache Sling XSS vulnerability Robert Munteanu (Aug 14)
Robert Scheck
Re: systemd fails to parse user that should run service Robert Scheck (Jul 05)
Rob Tompkins
[SECURITY] CVE-2017-12621 Apache Commons Jelly connects to URL with custom doctype definitions. Rob Tompkins (Sep 27)
Russ Allbery
Re: Insecure DNS dependency in many Kerberos deployments Russ Allbery (Aug 17)
Re: Insecure DNS dependency in many Kerberos deployments Russ Allbery (Aug 16)
Sailesh Mukil
CVE-2017-5640 Apache Impala (incubating) Information Disclosure Sailesh Mukil (Jul 10)
Fwd: [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure Sailesh Mukil (Jul 10)
Salvatore Bonaccorso
jabberd2: CVE-2017-10807: Allows to authenticate using SASL ANONYMOUS even if disabled Salvatore Bonaccorso (Jul 04)
Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Salvatore Bonaccorso (Sep 25)
Cacti: CVE-2017-11691: Cross-site scripting vulnerability in user profile management page (auth_profile.php) Salvatore Bonaccorso (Jul 26)
ImageMagick: CVE-2017-11352: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) Salvatore Bonaccorso (Jul 16)
Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Salvatore Bonaccorso (Aug 31)
gnome-exe-thumbnailer: CVE-2017-11421: VBScript script injection when generating thumbnails for MSI files Salvatore Bonaccorso (Jul 19)
Re: CVE for the TSIG issue in knot? Salvatore Bonaccorso (Jul 08)
Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Salvatore Bonaccorso (Sep 22)
Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 14)
Re: Advisory: Git cvsserver OS Command Injection Salvatore Bonaccorso (Sep 28)
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
Re: accepting new members to (linux-)distros lists Salvatore Bonaccorso (Jul 08)
Re: unrar-free/unrar-gpl: directory traversal and other issues Salvatore Bonaccorso (Sep 03)
Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
cacti: CVE-2017-12927: XSS vulnerability in spikekill.php via method parameter Salvatore Bonaccorso (Aug 18)
Shibboleth plugin for WordPress: CVE-2017-14313: XSS vulnerability due to improper use of add_query_arg() Salvatore Bonaccorso (Sep 12)
Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update Salvatore Bonaccorso (Sep 10)
Re: Linux kernel CVEs not mentioned on oss-security Salvatore Bonaccorso (Sep 28)
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Salvatore Bonaccorso (Jul 05)
phamm: CVE-2017-0378: reflected XSS in login page Salvatore Bonaccorso (Jul 19)
Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
mbed TLS: CVE-2017-14032: Bypass of authentication of peer possible when the authentication mode is configured as 'optional' Salvatore Bonaccorso (Aug 30)
Re: CVE-IDs request for Apache Kafka desrialization vulnerability via runtime Salvatore Bonaccorso (Jul 19)
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
yadm: CVE-2017-11353: race condition allows access to SSH and PGP keys Salvatore Bonaccorso (Jul 16)
Santiago Torres
Re: Estimate for the total number of exploitable bugs in large linux distro? Santiago Torres (Jul 14)
Sean Cassidy
Re: Syslog forwarding with IP spoofing Sean Cassidy (Aug 01)
Sean Owen
CVE-2017-7678 Apache Spark XSS web UI MHTML vulnerability Sean Owen (Jul 12)
CVE-2017-12612 Unsafe deserialization in Apache Spark launcher API Sean Owen (Sep 08)
Sebastian Pipping
CVE-2017-11742 - Expat 2.2.{1,2} LoadLibrary DLL hijacking vulnerability on Windows Sebastian Pipping (Aug 02)
Seth Arnold
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Seth Arnold (Jul 10)
Re: Linux kernel: fixed bug in net/core/flow_dissector.c Seth Arnold (Aug 24)
[cve-request () mitre org: Re: [scr357564] sqlite3 - fix in progress] Seth Arnold (Jul 07)
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Seth Arnold (Jul 14)
Shalin Shekhar Mangar
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Shalin Shekhar Mangar (Jul 07)
CVE-2017-9803: Security vulnerability in kerberos delegation token functionality Shalin Shekhar Mangar (Sep 18)
Simon McVittie
Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 11)
Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
Re: Why send bugs embargoed to distros? Simon McVittie (Sep 23)
Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Simon McVittie (Sep 14)
Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
Re: Linux kernel CVEs not mentioned on oss-security Simon McVittie (Sep 25)
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
Slavco Mihajloski
wordpress <= 4.8.1 SQLi Slavco Mihajloski (Sep 25)
sohu0106
Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak sohu0106 (Jul 30)
Linux kernel: driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak sohu0106 (Jul 30)
Solar Designer
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
Re: CoreOS membership to linux-distros (updated) Solar Designer (Aug 02)
Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 02)
Re: Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Solar Designer (Aug 13)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
Re: CoreOS membership to linux-distros (updated) Solar Designer (Aug 01)
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer (Sep 27)
Re: CoreOS membership to linux-distros (updated) Solar Designer (Jul 21)
Re: Linux kernel CVEs not mentioned on oss-security Solar Designer (Sep 27)
Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak Solar Designer (Jul 31)
Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 14)
Re: CoreOS membership to linux-distros (updated) Solar Designer (Jul 31)
Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 17)
Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer (Sep 17)
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Solar Designer (Aug 10)
LKML thread "mm: larger stack guard gap, between vmas" partially CC'ed to linux-distros Solar Designer (Jul 05)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 06)
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Solar Designer (Jul 05)
Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 14)
Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 27)
Re: Linux kernel CVEs not mentioned on oss-security Solar Designer (Sep 27)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
Re: tcpdump 4.9.2 is fully available Solar Designer (Sep 14)
Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 16)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 17)
Re: Linux kernel CVEs not mentioned on oss-security Solar Designer (Sep 27)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 15)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
Libgcrypt 1.7.8 fixes "Sliding right into disaster" RSA side-channel attack (CVE-2017-7526) Solar Designer (Jul 06)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 01)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
Re: Syslog forwarding with IP spoofing Solar Designer (Aug 01)
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Solar Designer (Sep 27)
Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Solar Designer (Sep 21)
Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 06)
Re: Reporting and disclosing Linux kernel vulnerabilities Solar Designer (Aug 04)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 25)
Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
Stanislav Malyshev
Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Stanislav Malyshev (Jul 10)
Stefan Bodewig
CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty Stefan Bodewig (Aug 01)
Stefan Bühler
pagure: private repositories accessible through ssh Stefan Bühler (Jul 22)
Steve Grubb
Re: Estimate for the total number of exploitable bugs in large linux distro? Steve Grubb (Jul 14)
Steven Miano
Re: Estimate for the total number of exploitable bugs in large linux distro? Steven Miano (Jul 14)
Stiepan
Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
Re: CoreOS membership to linux-distros (updated) Stiepan (Jul 21)
Sysdream Labs
[CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated) Sysdream Labs (Sep 29)
[CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape Sysdream Labs (Sep 29)
[CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation Sysdream Labs (Sep 29)
[CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated) Sysdream Labs (Sep 29)
Thomas Jarosch
Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch (Sep 21)
CVE-2017-1000249: file: stack based buffer overflow Thomas Jarosch (Sep 05)
Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch (Sep 21)
Re: Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Thomas Jarosch (Sep 14)
CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch (Sep 21)
Till Dörges
Re: Why send bugs embargoed to distros? Till Dörges (Sep 23)
Tim Graham
Django security releases issued: 1.11.5 and 1.10.8 Tim Graham (Sep 05)
Tobias Mueller
CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding Tobias Mueller (Aug 10)
Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding Tobias Mueller (Aug 16)
Tomas Hoger
Re: MySQL - use-after-free after mysql_stmt_close() Tomas Hoger (Aug 02)
varsleak
Re: CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak (Jul 14)
Re: CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak (Jul 18)
CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak (Jul 12)
Vasily Averin
CVE-2017-14106 kernel: net/ipv4: divide by 0 in __tcp_select_window() Vasily Averin (Sep 01)
Vladis Dronov
Re: CVE Request: Multiple security issues in OpenJPEG Vladis Dronov (Aug 23)
[CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 03)
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
Re: CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx() Vladis Dronov (Sep 25)
Re: CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() Vladis Dronov (Sep 18)
CVE-2017-7541: Linux kernel: Memory corruption due to a buffer overflow in brcmf_cfg80211_mgmt_tx() Vladis Dronov (Jul 24)
CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() Vladis Dronov (Sep 18)
CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() Vladis Dronov (Aug 23)
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx() Vladis Dronov (Sep 22)
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
CVE-2017-12153 Linux kernel: nl80211: null pointer dereference in nl80211_set_rekey_data() Vladis Dronov (Sep 13)
VMware Security Response Center
[CVE-2015-5191] local privilege escalation in Open VMware Tools VMware Security Response Center (Jul 24)
Wen Bin Kong
CVE-2017-12882, CVE-2017-12881: Stored XSS and CSRF on Spring Batch Admin before 1.3.0 Wen Bin Kong (Aug 16)
Willem de Bruijn
Linux kernel: CVE-2017-1000111: heap out-of-bounds in AF_PACKET sockets Willem de Bruijn (Aug 10)
William A Rowe Jr
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 William A Rowe Jr (Jul 13)
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest William A Rowe Jr (Jul 13)
Xen . org security team
Xen Security Advisory 219 (CVE-2017-10915) - x86: insufficient reference counts during shadow emulation Xen . org security team (Jul 07)
Xen Security Advisory 222 (CVE-2017-10918) - stale P2M mappings due to insufficient error checking Xen . org security team (Jul 07)
Xen Security Advisory 245 - ARM: Some memory not scrubbed at boot Xen . org security team (Sep 28)
Xen Security Advisory 223 (CVE-2017-10919) - ARM guest disabling interrupt may crash Xen Xen . org security team (Jul 07)
Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team (Aug 29)
Xen Security Advisory 230 - grant_table: possibly premature clearing of GTF_writing / GTF_reading Xen . org security team (Aug 15)
Xen Security Advisory 216 (CVE-2017-10911) - blkif responses leak backend stack data Xen . org security team (Jul 07)
Xen Security Advisory 232 (CVE-2017-14318) - Missing check for grant table Xen . org security team (Sep 12)
Xen Security Advisory 217 (CVE-2017-10912) - page transfer may allow PV guest to elevate privilege Xen . org security team (Jul 07)
Xen Security Advisory 229 (CVE-2017-12134) - linux: Fix Xen block IO merge-ability calculation Xen . org security team (Aug 15)
Xen Security Advisory 231 (CVE-2017-14316) - Missing NUMA node parameter verification Xen . org security team (Sep 12)
Xen Security Advisory 227 (CVE-2017-12137) - x86: PV privilege escalation via map_grant_ref Xen . org security team (Aug 15)
Xen Security Advisory 224 (CVE-2017-10920,CVE-2017-10921,CVE-2017-10922) - grant table operations mishandle reference counts Xen . org security team (Jul 07)
Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team (Aug 15)
Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team (Aug 17)
Xen Security Advisory 220 (CVE-2017-10916) - x86: PKRU and BND* leakage between vCPU-s Xen . org security team (Jul 07)
Xen Security Advisory 235 - add-to-physmap error paths fail to release lock on ARM Xen . org security team (Aug 23)
Xen Security Advisory 234 (CVE-2017-14319) - insufficient grant unmapping checks for x86 PV guests Xen . org security team (Sep 12)
Xen Security Advisory 233 (CVE-2017-14317) - cxenstored: Race in domain cleanup Xen . org security team (Sep 12)
Xen Security Advisory 221 (CVE-2017-10917) - NULL pointer deref in event channel poll Xen . org security team (Jul 07)
Xen Security Advisory 218 (CVE-2017-10913,CVE-2017-10914) - Races in the grant table unmap code Xen . org security team (Jul 07)
Xen Security Advisory 230 (CVE-2017-12855) - grant_table: possibly premature clearing of GTF_writing / GTF_reading Xen . org security team (Aug 15)
Xen Security Advisory 225 (CVE-2017-10923) - arm: vgic: Out-of-bound access when sending SGIs Xen . org security team (Jul 07)
Xen Security Advisory 228 (CVE-2017-12136) - grant_table: Race conditions with maptrack free list handling Xen . org security team (Aug 15)
Yiteng Zhang
Re: [SECURITY ADVISORY] curl: FILE buffer read out of bounds Yiteng Zhang (Aug 11)
Zach W
Re: CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability Zach W (Jul 13)
Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap Zach W (Jul 13)
Александр Носарев
Syslog forwarding with IP spoofing Александр Носарев (Aug 01)
刘科
RE: CVE Request: Multiple security issues in OpenJPEG 刘科 (Aug 29)
RE: CVE Request: Multiple security issues in OpenJPEG 刘科 (Aug 25)
RE: CVE Request: Multiple security issues inOpenJPEG(Internet mail) 刘科 (Aug 23)
RE: CVE Request: Multiple security issues in OpenJPEG 刘科 (Aug 30)
孙浩
CVE-2017-13775: GraphicsMagick 1.3.26 Denial of Service issue in ReadJNXImage() in coders/jnx.c 孙浩 (Aug 30)
CVE-2017-13777: GraphicsMagick 1.3.26 Denial of Service issue in ReadXBMImage() in coders/xbm.c 孙浩 (Aug 30)
CVE-2017-13776: GraphicsMagick 1.3.26 Denial of Service issue in ReadXBMImage() in coders/xbm.c 孙浩 (Aug 30)
连一汉
CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug 连一汉 (Sep 21)
[CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. 连一汉 (Aug 14)