oss-sec: by author
RSS Feed
About List
All Lists
Previous period
237 messages
starting Jun 29 19 and
ending Jun 14 19
Date index |
Thread index |
Author index
Ailin Nemui
Irssi 1.2.1/1.1.3/1.0.8: CVE-2019-13045 Ailin Nemui (Jun 29)
Akira Ajisaka
CVE-2018-8029: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (May 30)
Aki Tuomi
Multiple vulnerabilities in Dovecot 2.3 Aki Tuomi (Apr 30)
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Aki Tuomi (Apr 18)
Alan Coopersmith
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alan Coopersmith (Jun 15)
Aleksa Sarai
CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack Aleksa Sarai (May 27)
Alexander Potapenko
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 17)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 24)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 25)
Alex Gaynor
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)
Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 25)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 24)
Andor Molnar
[CVE-2019-0201] Information disclosure vulnerability in Apache ZooKeeper Andor Molnar (May 20)
Andrea Cosentino
[SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel Andrea Cosentino (May 24)
[SECURITY] New security advisory CVE-2019-0194 released for Apache Camel Andrea Cosentino (Apr 30)
[SECURITY] New security advisory CVE-2019-0188 released for Apache Camel Andrea Cosentino (May 24)
andreas
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)
Andrey Konovalov
CVE-2019-11683: "GRO packet of death" issue in the Linux kernel Andrey Konovalov (May 02)
Anthony Liguori
Re: linux-distros membership application - Microsoft Anthony Liguori (Jun 27)
Apache Security Team
Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328) Apache Security Team (Apr 23)
Ash Berlin-Taylor
CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component Ash Berlin-Taylor (Apr 10)
Bob Friesenhahn
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 25)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 16)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 25)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
GraphicsMagick 1.3.32 security fixes, plus one of special mention Bob Friesenhahn (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
Brandon Perry
Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird Brandon Perry (Jun 14)
Brandon Philips
[ANNOUNCE] Security regression in Kubernetes kubelet v1.13.6 and v1.14.2 only - CVE-2019-11245 Brandon Philips (May 31)
Bruno P. Kinoshita
[CVE-2018-17201]: Apache Commons Imaging information disclosure vulnerability Bruno P. Kinoshita (May 03)
[CVE-2018-17202]: Apache Commons Imaging information disclosure vulnerability Bruno P. Kinoshita (May 03)
Carlton Gibson
Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358) Carlton Gibson (Jun 03)
Colin Snover
[CVE-2019-9826] phpBB Native Fulltext Search denial of service Colin Snover (Apr 29)
Damien Miller
Announce: OpenSSH 8.0 released Damien Miller (Apr 17)
Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 31)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 17)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 30)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 13)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 11)
Multiple vulnerabilities in Jenkins Daniel Beck (Apr 10)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 03)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 21)
Daniel Gruno
[CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS Daniel Gruno (Apr 20)
Daniel Ruggeri
CVE-2019-0215: mod_ssl access control bypass Daniel Ruggeri (Apr 02)
CVE-2019-0217: mod_auth_digest access control bypass Daniel Ruggeri (Apr 02)
CVE-2019-0196: mod_http2, read-after-free on a string compare Daniel Ruggeri (Apr 02)
CVE-2019-0220: URL normalization inconsistincies Daniel Ruggeri (Apr 02)
CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts Daniel Ruggeri (Apr 02)
CVE-2019-0197: mod_http2, possible crash on late upgrade Daniel Ruggeri (Apr 02)
Daniel Stenberg
[SECURITY ADVISORY] curl: TFTP receive buffer overflow Daniel Stenberg (May 22)
curl: Windows OpenSSL engine code injection Daniel Stenberg (Jun 23)
[SECURITY ADVISORY] curl: Integer overflows in curl_url_set Daniel Stenberg (May 22)
Dave Brondsema
[CVE-2019-10085] Apache Allura XSS vulnerability Dave Brondsema (Jun 18)
David A. Wheeler
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz David A. Wheeler (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz David A. Wheeler (Jun 24)
Dmitry Vyukov
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Dmitry Vyukov (Jun 24)
Emmanuel Lecharny
[CVE-2019-0231] MINA SSLFilter security Issue Emmanuel Lecharny (Apr 14)
Erik Winkels
PowerDNS Security Advisories 2019-04 and 2019-05 Erik Winkels (Jun 21)
Federico Manuel Bento
Linux kernel < 4.8 local generic ASLR bypass for setuid binaries Federico Manuel Bento (Apr 03)
Federico Mena Quintero
Crash / fix in bzip2 Federico Mena Quintero (Jun 03)
Florian Weimer
Re: Nokogiri security update v1.10.3 Florian Weimer (Apr 23)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Florian Weimer (Jun 25)
Fuqian Huang
Linux kernel < 4.14.111 drivers/media/dvb-frontends/cxd2841er.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/nfc/nfcmrvl/usb.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/media/dvb-frontends/horus3a.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/media/pci/saa7164/saa7164-core.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/scsi/cxgbi/cxgb4i/cxgb4i.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/message/fusion/mptscsih.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/scsi/cxgbi/cxgb3i/cxgb3i.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/media/dvb-frontends/helene.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/message/fusion/mptbase.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/net/ethernet/netronome/nfp/nfp_net_debugfs.c kernel address dumps to user space Fuqian Huang (Apr 18)
Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user space Fuqian Huang (Apr 18)
kernel address leak in drivers/media/dvb-frontends/ascot2e.c - linux 4.14.111 LTS Fuqian Huang (Apr 16)
Linux kernel < 4.14.111 drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c kernel address dumps to user space Fuqian Huang (Apr 18)
Gage Hugo
[OSSA-2019-002] neutron-openvswitch-agent: Unable to install new flows on compute nodes when having broken security group rules (CVE-2019-10876) Gage Hugo (Apr 09)
Greg KH
Re: linux-distros membership application - Microsoft Greg KH (Jun 27)
Re: linux-distros membership application - Microsoft Greg KH (Jun 27)
Re: CVE-2019-10142 linux kernel: integer overflow in ioctl handling of fsl hypervisor Greg KH (May 22)
Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Greg KH (Jun 17)
Re: Linux kernel address leaks Greg KH (Apr 18)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Greg KH (Jun 21)
Re: linux-distros membership application - Microsoft Greg KH (Jun 27)
Re: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel Greg KH (May 05)
halfdog
Re: fprintd: found storing user fingerprints without encryption halfdog (May 14)
Re: Re: fprintd: found storing user fingerprints without encryption halfdog (May 10)
Re: fprintd: found storing user fingerprints without encryption halfdog (May 14)
Hanno Böck
XSS via EXIF tag in Serendipity blog Hanno Böck (May 03)
XSS in roundup bug tracker 404 page Hanno Böck (Apr 05)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Hanno Böck (Jun 15)
Havoc Pennington
urllib3: adds system certificates to ssl_context Havoc Pennington (Apr 17)
Re: urllib3: adds system certificates to ssl_context Havoc Pennington (Apr 19)
Heiko Schlittermann
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 05)
CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 05)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Heiko Schlittermann (Jun 04)
Henri Salo
Re: XSS in roundup bug tracker 404 page Henri Salo (Apr 07)
Re: XSS via EXIF tag in Serendipity blog Henri Salo (May 10)
huangwen
CVE-2019-3846:Marvell Wifi Driver mwifiex mwifiex_update_bss_desc_with_ie Heap Overflow huangwen (May 30)
Marvell Wifi Driver mwifiex_uap_parse_tail_ies Heap Overflow huangwen (Jun 01)
Huzaifa Sidhpurwala
3 pacemaker security flaws Huzaifa Sidhpurwala (Apr 17)
Ian Zimmerman
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Ian Zimmerman (Jun 21)
Ishan Chattopadhyaya
Re: CVE-2018-11802: Apache Solr authorization bug vulnerability disclosure Ishan Chattopadhyaya (Apr 24)
Jakub Wilk
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jakub Wilk (Jun 23)
Re: curl: Windows OpenSSL engine code injection Jakub Wilk (Jun 23)
Jamie Strandboge
CVE Request: golang-seccomp incorrectly handles multiple syscall arguments Jamie Strandboge (Apr 24)
Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments Jamie Strandboge (Apr 24)
Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments Jamie Strandboge (Apr 25)
Re: Security issues in snapcraft snap-confine set*id binary Jamie Strandboge (Apr 25)
Jann Horn
Linux kernel: multiple issues Jann Horn (Apr 29)
Jan Pokorný
Re: 3 pacemaker security flaws Jan Pokorný (Apr 18)
Jason A. Donenfeld
DLL injection in Go < 1.12.2 [CVE-2019-9634] Jason A. Donenfeld (Apr 08)
Re: Potential DoS vulnerability in CGit Jason A. Donenfeld (May 19)
Jean-Baptiste Onofré
[SECURITY] New security advisory for CVE-2019-0226 released for Apache Karaf Jean-Baptiste Onofré (May 06)
Jeff Law
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeff Law (Jun 25)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeff Law (Jun 25)
Jeffrey Walton
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeffrey Walton (Jun 25)
Joel Smith
[ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246 Joel Smith (Jun 21)
John Haxby
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz John Haxby (Jun 24)
Re: linux-distros membership application - Microsoft John Haxby (Jun 27)
Jouni Malinen
wpa_supplicant/hostapd: SAE side-channel attacks Jouni Malinen (Apr 10)
wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment Jouni Malinen (Apr 18)
wpa_supplicant/hostapd: EAP-pwd side-channel attack Jouni Malinen (Apr 10)
hostapd: SAE confirm missing state validation Jouni Malinen (Apr 10)
wpa_supplicant/hostapd: EAP-pwd missing commit validation Jouni Malinen (Apr 10)
Juan Pablo Santos Rodríguez
[CVE-2019-10076] Apache JSPWiki Cross-site scripting vulnerability Juan Pablo Santos Rodríguez (May 19)
[CVE-2019-10077] Apache JSPWiki Cross-site scripting vulnerability Juan Pablo Santos Rodríguez (May 19)
[CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability Juan Pablo Santos Rodríguez (May 19)
Loganaden Velvindron
Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Loganaden Velvindron (Jun 17)
Lou DeGenaro
[ANNOUNCE] CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability fix Lou DeGenaro (May 01)
Marcus Brinkmann
Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients) Marcus Brinkmann (Apr 30)
Marcus Meissner
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Marcus Meissner (Jun 17)
Martin
[SECURITY] CVE-2019-0213: Apache Archiva Stored XSS Martin (Apr 30)
[SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server Martin (Apr 30)
Martin Carpenter
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Martin Carpenter (Jun 26)
Matthew Fernandez
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Matthew Fernandez (Jun 25)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Matthew Fernandez (Jun 25)
Matthias Gerstner
Security issues in snapcraft snap-confine set*id binary Matthias Gerstner (Apr 18)
Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption Matthias Gerstner (May 16)
Linux kernel: no permission check during open() time of /proc/[pid]/maps in kernels < 3.18 Matthias Gerstner (Apr 25)
pam-u2f: CVE-2019-12210: debug_file file descriptor leak, CVE-2019-12209: symlink attack on u2f_keys leading to possible information leak Matthias Gerstner (Jun 05)
Michael Catanzaro
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 Michael Catanzaro (Apr 11)
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003 Michael Catanzaro (May 20)
Michael Ellerman
CVE-2019-12817: Linux kernel: powerpc: Unrelated processes may be able to read/write to each other's virtual memory Michael Ellerman (Jun 24)
Michael McNally
Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Michael McNally (Apr 24)
Michael Vorburger
[CVE-2018-11800] and [CVE-2018-11801] Apache Fineract SQL Injection Vulnerabilities fixed in v1.3.0 Michael Vorburger (May 09)
Mike Dalessio
Re: Nokogiri security update v1.10.3 Mike Dalessio (Apr 23)
Nokogiri security update v1.10.3 Mike Dalessio (Apr 22)
Moritz Muehlenhoff
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Moritz Muehlenhoff (Jun 21)
Neil Griffin
[CVE-2019-0186] The input fields of the Chat Room demo are vulnerable to Cross-Site Scripting (XSS) attacks Neil Griffin (Apr 25)
Nicholas Luedtke
Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Nicholas Luedtke (Jun 18)
Noble Paul
CVE-2018-11802: Apache Solr authorization bug vulnerability disclosure Noble Paul (Apr 24)
Noel Kuntze
Re: Re: fprintd: found storing user fingerprints without encryption Noel Kuntze (May 08)
Re: Re: fprintd: found storing user fingerprints without encryption Noel Kuntze (May 08)
Pascal Cuoq
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Pascal Cuoq (Jun 25)
Peter Korsgaard
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 27)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 25)
P J P
CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources P J P (May 22)
CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS P J P (Apr 07)
CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS P J P (Apr 25)
CVE-2019-12247 QEMU: qemu-guest-agent: integer overflow while running guest-exec command P J P (May 22)
Pramod Rana
Cross Site Scripting | WolfCMS v0.8.3.1 and before Pramod Rana (May 05)
Open source tool | Lets Map Your Network Pramod Rana (May 05)
CSV Injection | Alkacon OpenCMS v10.5.4 and before Pramod Rana (May 05)
Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before Pramod Rana (Apr 30)
Qualys Security Advisory
Re: System Down: A systemd-journald exploit Qualys Security Advisory (May 10)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Qualys Security Advisory (Jun 06)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Qualys Security Advisory (Jun 05)
Raphael Geissert
Apache::Session's use of md5 and more Raphael Geissert (Jun 15)
Re: Apache::Session's use of md5 and more Raphael Geissert (Jun 17)
Robbie Gemmell
[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability Robbie Gemmell (Apr 23)
Robert Watson
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Robert Watson (Jun 17)
Roman Drahtmueller
Re: Re: fprintd: found storing user fingerprints without encryption Roman Drahtmueller (May 08)
Re: Re: fprintd: found storing user fingerprints without encryption Roman Drahtmueller (May 08)
Salvatore Bonaccorso
Re: Linux kernel: multiple issues Salvatore Bonaccorso (Apr 30)
Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment Salvatore Bonaccorso (Apr 26)
Re: Linux kernel: multiple issues Salvatore Bonaccorso (Apr 29)
Sasha Levin
Re: linux-distros membership application - Microsoft Sasha Levin (Jun 28)
linux-distros membership application - Microsoft Sasha Levin (Jun 26)
Re: linux-distros membership application - Microsoft Sasha Levin (Jun 27)
Security Report
Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Security Report (Jun 17)
Seong-Joong Kim
Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 08)
Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 11)
Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 10)
fprintd: found storing user fingerprints without encryption Seong-Joong Kim (Apr 23)
Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 08)
Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 07)
Re: Re: fprintd: found storing user fingerprints without encryption Seong-Joong Kim (May 08)
Seth Arnold
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Seth Arnold (Jun 24)
Simon Lees
Re: linux-distros membership application - Microsoft Simon Lees (Jun 30)
Simon McVittie
Re: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Simon McVittie (Jun 04)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 24)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Simon McVittie (Jun 21)
CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass Simon McVittie (Jun 11)
Solar Designer
Re: Linux kernel: no permission check during open() time of /proc/[pid]/maps in kernels < 3.18 Solar Designer (Apr 25)
Re: linux-distros membership application - Microsoft Solar Designer (Jun 27)
Re: Apache::Session's use of md5 and more Solar Designer (Jun 15)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Solar Designer (Jun 16)
Re: linux-distros membership application - Microsoft Solar Designer (Jun 28)
Linux kernel address leaks Solar Designer (Apr 18)
Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit Solar Designer (Jun 04)
Re: Marvell Wifi Driver mwifiex_uap_parse_tail_ies Heap Overflow Solar Designer (Jun 04)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Solar Designer (Jun 16)
Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Solar Designer (May 22)
Stuart D. Gathman
Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird Stuart D. Gathman (Jun 14)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Stuart D. Gathman (Jun 24)
Thomas Deutschmann
Re: Crash / fix in bzip2 Thomas Deutschmann (Jun 04)
Tim Pepper
Re: [ANNOUNCE] Security regression in Kubernetes kubelet v1.13.6 and v1.14.2 only - CVE-2019-11245 Tim Pepper (Jun 08)
Tomer Brisker
CVE-2019-3893: Foreman: Compute resource credentials exposed during deletion on API Tomer Brisker (Apr 14)
Tyler Hicks
Re: linux-distros membership application - Microsoft Tyler Hicks (Jun 27)
Re: linux-distros membership application - Microsoft Tyler Hicks (Jun 27)
Vladimir D. Seleznev
Re: Using quilt on untrusted RPM spec files Vladimir D. Seleznev (Jun 04)
Vladis Dronov
CVE-2019-3837: RHEL6: memory leak in tcp_recvmsg() with NET_DMA Vladis Dronov (Apr 03)
Re: Linux kernel < 4.8 local generic ASLR - CVE-ID Vladis Dronov (Apr 15)
CVE-2019-3882: Linux kernel: DoS through vfio/type1 DMA mappings Vladis Dronov (Apr 03)
Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Vladis Dronov (Apr 18)
Wade Mealing
kernel: CVE-2018-16871 nfs: NULL pointer dereference due to an anomalized NFS message sequence Wade Mealing (Jun 02)
CVE-2019-10142 linux kernel: integer overflow in ioctl handling of fsl hypervisor Wade Mealing (May 22)
Wire Snark
Re: Potential DoS vulnerability in CGit Wire Snark (May 19)
Potential DoS vulnerability in CGit Wire Snark (May 19)
X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird X41 D-Sec GmbH Advisories (Jun 13)
X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird X41 D-Sec GmbH Advisories (Jun 13)
X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird X41 D-Sec GmbH Advisories (Jun 13)
X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird X41 D-Sec GmbH Advisories (Jun 13)
Xen . org security team
Xen Security Advisory 297 v1 (CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091) - Microarchitectural Data Sampling speculative side channel Xen . org security team (May 14)
Yves-Alexis Perez
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Yves-Alexis Perez (Jun 21)
zugtprgfwprz
Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird zugtprgfwprz (Jun 14)