oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

701 messages starting Jan 01 17 and ending Mar 31 17
Date index | Thread index | Author index

Sunday, 01 January

Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions Salvatore Bonaccorso
libtiff: multilple crashes Agostino Sarubbo
libtiff: multiple divide-by-zero Agostino Sarubbo
libtiff: multiple heap-based buffer overflow Agostino Sarubbo
libtiff: invalid memory READ in t2p_writeproc (tiff2pdf.c) Agostino Sarubbo
libtiff: memcpy-param-overlap in t2p_tile_collapse_left (tiff2pdf.c) Agostino Sarubbo
libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) Agostino Sarubbo
libtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c) Agostino Sarubbo
libtiff: NULL pointer dereference in TIFFReadRawData (tiffinfo.c) Agostino Sarubbo
Re: libtiff: multiple heap-based buffer overflow cve-assign
Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) cve-assign
Re: Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo
Multiple issues in OpenH264 1.5.1 Brandon Perry
Re: Multiple issues in OpenH264 1.5.1 Brandon Perry

Monday, 02 January

Re: libtiff: multiple divide-by-zero Leo Famulari
Re: libtiff: multiple divide-by-zero Henri Salo
freeIPA CVEs CVE-2016-9575 (insufficient permission check) & CVE-2016-7030 (DoS) Cedric Buissart

Tuesday, 03 January

Re: Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Sebastian Krahmer
CVE Request: pcsc-lite use-after-free and double-free Peter Wu
Re: CVE Request: pcsc-lite use-after-free and double-free cve-assign

Wednesday, 04 January

Firejail local root exploit Sebastian Krahmer
Re: Firejail local root exploit cve-assign

Thursday, 05 January

Re: Firejail local root exploit KellerFuchs
CVE Request: Irssi Multiple Vulnerabilities (2017/01) Ailin Nemui
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas
Re: Re: Firejail local root exploit Martin Carpenter

Friday, 06 January

Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01) cve-assign
Re: Firejail local root exploit cve-assign
Re: Re: Firejail local root exploit Marcus Meissner
Re: Firejail local root exploit cve-assign
Re: Re: Firejail local root exploit sivmu
Re: Re: Firejail local root exploit Lizzie Dixon

Saturday, 07 January

Re: CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem
CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem
Re: Re: Firejail local root exploit Martin Carpenter
Re: Re: Firejail local root exploit Martin Carpenter
Re: Firejail local root exploit cve-assign
Re: Firejail local root exploit cve-assign

Sunday, 08 January

CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso
Re: Re: Firejail local root exploit Martin Carpenter
Re: Re: Firejail local root exploit Simon McVittie
Re: Re: Firejail local root exploit Brad Spengler
Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign
Re: Re: Firejail local root exploit Martin Carpenter

Monday, 09 January

Re: [Security] Qt QXmlSimpleReader Thiago Macieira
ark vulnerability: need CVE Albert Astals Cid
Re: ark vulnerability: need CVE cve-assign
[SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka
Re: Re: CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso

Tuesday, 10 January

CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Andreas Stieger
CVE request: python-pysaml2 XML external entity attack Sébastien Delafond
CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8 Andreas Stieger
CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Cesar Pereida Garcia
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald
Docker 1.12.6 - Security Advisory Nathan McCauley
Re: Docker 1.12.6 - Security Advisory Kurt Seifried
Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign
Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8 cve-assign
Re: CVE request: python-pysaml2 XML external entity attack cve-assign
Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 cve-assign
Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert

Wednesday, 11 January

Re: Docker 1.12.6 - Security Advisory Andreas Stieger
Re: Docker 1.12.6 - Security Advisory Trevor Jay
Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Carlos Martín Nieto
[CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions Sysdream Labs
Introducing sodium_compat, a PHP polyfill for libsodium Scott Arciszewski
Four BIND vulnerabilities have been disclosed today (11 January) that are fixed in new security releases ISC Security Officer
ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters Simon McVittie
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Huzaifa Sidhpurwala
CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" Salvatore Bonaccorso

Thursday, 12 January

invalid free in GNU ed before 1.14.1 Hanno Böck
Re: invalid free in GNU ed before 1.14.1 Florian Weimer
Re: invalid free in GNU ed before 1.14.1 Hanno Böck
CVE Request: Irssi out of bounds read in format string Ailin Nemui
CVE Request: MUJS null pointer dereference and Heap buffer overflow write Dileep Kumar
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Casper Thomsen
Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write cve-assign
Re: CVE Request: Irssi out of bounds read in format string cve-assign
Re: invalid free in GNU ed before 1.14.1 cve-assign
Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" cve-assign

Friday, 13 January

Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski
linux-distros subscription Michal Hrusecky
CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio P J P
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez
Re: Re: Fuzzing jasper Tomas Hoger
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Daniel Kahn Gillmor
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann
CVE-2017-0357: iucode-tool (v1.4 to v2.1): heap buffer overflow on -tr loader Henrique de Moraes Holschuh
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez
Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann
CVE Request: Wordpress: 8 security issues in 4.7 Craig Small
Duplicates of CVE-2015-8789 CVE-2015-8790 for libebml from TALOS reports? Salvatore Bonaccorso

Saturday, 14 January

[CVE-2016-6814] Apache Groovy Information Disclosure Paul King
Re: [Security] Qt QXmlSimpleReader Solar Designer
Re: [Security] Qt QXmlSimpleReader Thiago Macieira
Re: CVE Request: Wordpress: 8 security issues in 4.7 cve-assign
Re: linux-distros subscription Solar Designer

Sunday, 15 January

PowerDNS Security Advisories 2016-02, 2016-03, 2016-04 and 2016-05 Remi Gacogne
Re: linux-distros subscription Kurt Seifried
Re: linux-distros subscription Solar Designer
CVE-2016-7904: CMS Made Simple <= 2.1.5 CSRF Hongkun Zeng

Monday, 16 January

jasper: multiple crashes with UBSAN Agostino Sarubbo
jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo
jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo
jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo
CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors Salvatore Bonaccorso
Re: jasper: multiple crashes with UBSAN cve-assign
Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) cve-assign
Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) cve-assign
Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) cve-assign
Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors cve-assign

Tuesday, 17 January

Re: Re: jasper: multiple crashes with UBSAN Agostino Sarubbo
Re: Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo
Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo
Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo
Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Moritz Muehlenhoff
Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo
CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem P J P
CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Vladis Dronov
Re: CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem Greg Kurz
Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Lokesh Ubuntu
CVE Request: Plone Sandbox escape vulnerability Nathan Van Gheem
CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter Salvatore Bonaccorso
WebKitGTK+ Security Advisory WSA-2017-0001 Carlos Alberto Lopez Perez
CVE request Qemu: audio: memory leakage in ac97 device P J P
CVE request Qemu: audio: memory leakage in es1370 device P J P
Re: jasper: multiple crashes with UBSAN cve-assign
Re: CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm cve-assign
Re: CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter cve-assign

Wednesday, 18 January

CVE-2017-2591 389 Directory Server: DoS via OOB heap read in "attribute uniqueness" plugin Cedric Buissart
Re: CVE Request: Plone Sandbox escape vulnerability cve-assign
Re: CVE request Qemu: audio: memory leakage in ac97 device cve-assign
Re: CVE request Qemu: audio: memory leakage in es1370 device cve-assign
Re: linux-distros subscription Michal Hrusecky
CVE request Kernel: kvm: use-after-free issue while creating devices P J P
CVE request Weblate: information disclosure in password reset form Jelle van der Waa
Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert

Thursday, 19 January

CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest P J P
CVE Request - Samsung Exynos GPU driver OOB read Idler
Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH
Re: CVE request: python-pysaml2 XML external entity attack cve-assign
Re: CVE request Kernel: kvm: use-after-free issue while creating devices cve-assign
Re: CVE request Weblate: information disclosure in password reset form cve-assign
Re: CVE Request - Samsung Exynos GPU driver OOB read cve-assign
CVE Request: two flaws in hesiod permitting privilege elevation Doran Moppert
CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Harshula
RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r

Friday, 20 January

CVE request: cgiemail multiple vulnerabilities Sébastien Delafond
Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH
RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Harshula
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH
Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Brad Spengler
CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb P J P
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH
Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco
CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing P J P
Re: CVE Request: two flaws in hesiod permitting privilege elevation cve-assign
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash cve-assign
Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel cve-assign
Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb cve-assign
Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing cve-assign

Saturday, 21 January

Please assign CVE to PageKit Remote Password Reset Vulnerability Sandeep Kamble
CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow Murray McAllister
Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith

Sunday, 22 January

CVE Request: libXpm < 3.5.12 heap overflow Tobias Stoeckmann
CVE request: lcms2 heap OOB read parsing crafted ICC profile Doran Moppert

Monday, 23 January

Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman
CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing P J P
wavpack: multiple out of bounds memory reads Hanno Böck
Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith
CVE request Virglrenderer: host memory leakage when creating decode context P J P

Tuesday, 24 January

Re: CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow cve-assign
Headsup: systemd v228 local root exploit (CVE-2016-10156) Sebastian Krahmer
CVE request Virglrenderer: OOB access while parsing texture instruction P J P
Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Hanno Böck
CVE request: rubygem minitar: directory traversal vulnerability Max Veytsman
CVE request Qemu: serial: host memory leakage in 16550A UART emulation P J P
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov
CVE request: GNU screen escalation Moritz Muehlenhoff
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay
Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay
Re: CVE request: GNU screen escalation Solar Designer

Wednesday, 25 January

Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing cve-assign
Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation cve-assign
Re: CVE request Virglrenderer: host memory leakage when creating decode context cve-assign
Re: CVE request Virglrenderer: OOB access while parsing texture instruction cve-assign
Re: [tigervnc-announce] TigerVNC 1.7.1 cve-assign
Re: CVE Request: libXpm < 3.5.12 heap overflow cve-assign
jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo
jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c) Agostino Sarubbo
jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Agostino Sarubbo
Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Salvatore Bonaccorso
Re: jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c) Salvatore Bonaccorso
Re: jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Salvatore Bonaccorso
Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile cve-assign
Re: Please assign CVE to PageKit Remote Password Reset Vulnerability cve-assign
Multiple PHP object injection vulnerabilities affecting three WordPress Plugins Summer of Pwnage
Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Adrien Nader
Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Jeffrey Walton

Thursday, 26 January

CVE Requests: libgd: potential unsigned onderflow, denial-of-service in gdImageCreateFromGd2Ctx and signed overflow in gd_io.c Salvatore Bonaccorso
Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux up201407890
Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Noryungi
[OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) Jeremy Stanley
Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux up201407890
CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues Salvatore Bonaccorso
SSRF issue in the svgsalamander library Luc Lynx

Friday, 27 January

Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog
Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco
Re: Re: CVE request: linux kernel - local DoS with cgroup offline code Andreas Stieger
CVE Request: s-nail local root wapiflapi
Use after free in libmysqlclient.so pali

Saturday, 28 January

Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. KARBOWSKI Piotr
Re: Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. Kristian Fiskerstrand
Multiple vulnerabilities affecting two WordPress Plugins (XSS, CSRF & SQLi) Summer of Pwnage
Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues cve-assign
Re: CVE Requests: libgd: potential unsigned onderflow, denial-of-service in gdImageCreateFromGd2Ctx and signed overflow in gd_io.c cve-assign
Re: Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. cve-assign
Re: CVE request: cgiemail multiple vulnerabilities cve-assign
Re: wavpack: multiple out of bounds memory reads cve-assign

Sunday, 29 January

Re: CVE request: rubygem minitar: directory traversal vulnerability cve-assign
Re: SSRF issue in the svgsalamander library cve-assign
Re: CVE request: GNU screen escalation cve-assign
Re: Firejail local root exploit Ion Ionescu
mp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c) Agostino Sarubbo
mp3splt: invalid free in free_options (options_manager.c) Agostino Sarubbo
mp3splt: NULL pointer dereference in main (mp3splt.c) Agostino Sarubbo
Requesting CVE for calibre file disclosure Martin Pitt

Monday, 30 January

FW: [DSA 3775-1] tcpdump security update] Leo Famulari
CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer P J P
Re: FW: [DSA 3775-1] tcpdump security update] David Manouchehri
CVE Request - Remote DoS vulnerabilities in BitlBee dequis
CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon
CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon
Re: Re: CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem P J P
CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon P J P

Tuesday, 31 January

CVE request: multiples vulnerabilities in Revive Adserver Nicolas Grégoire
CVE request: multiples vulnerabilities in libplist nikola.sc
Re: mp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c) cve-assign
Re: mp3splt: invalid free in free_options (options_manager.c) cve-assign
Re: Requesting CVE for calibre file disclosure cve-assign
Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign
Re: CVE Request - Remote DoS vulnerabilities in BitlBee cve-assign
CVE Request: ffmpeg remote exploitaion results code execution Paul Cher
Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Sebastian Krahmer
CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r Max Veytsman
CVE requests: OpenBSD httpd - 2 DoS Pierre Kim
Re: Re: Firejail local root exploit Thomas Deutschmann
Bugs fixed in libevent 2.1.6 Leo Famulari
Re: CVE Request: ffmpeg remote exploitaion results code execution Leo Famulari

Wednesday, 01 February

Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky
Re: FW: [DSA 3775-1] tcpdump security update] Henri Salo
mp3splt: NULL pointer dereference in free_options (options_manager.c) Agostino Sarubbo
pax-utils: scanelf: out of bounds read in scanelf_file_textrel (scanelf.c) Agostino Sarubbo
pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) Agostino Sarubbo
CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode P J P
Multiple memory access issues in gstreamer Hanno Böck
CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Laszlo Boszormenyi (GCS)
Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky
Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Agostino Sarubbo
podofo: multiple crashes Agostino Sarubbo
podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) Agostino Sarubbo
podofo: signed integer overflow in PdfParser.cpp Agostino Sarubbo
podofo: NULL pointer dereference in PdfOutputStream.cpp Agostino Sarubbo
podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo
podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) Agostino Sarubbo
Re: podofo: multiple crashes Hanno Böck
Re: podofo: multiple crashes Agostino Sarubbo
CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd P J P
Re: podofo: multiple crashes Hanno Böck
CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref P J P
CVE update - fixed in Apache Ranger 0.6.3 Velmurugan Periasamy
CVE request: Use after free in libmysqlclient.so (was: Re: Use after free in libmysqlclient.so) Bálint Réczey
Multiple vulnerabilities in Jenkins Daniel Beck
Re: CVE Request: ffmpeg remote exploitaion results code execution cve-assign
Re: CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) cve-assign
Re: CVE request: multiples vulnerabilities in Revive Adserver cve-assign
Re: CVE request: multiples vulnerabilities in libplist cve-assign
Re: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r cve-assign
Re: CVE requests: OpenBSD httpd - 2 DoS cve-assign
Re: Bugs fixed in libevent 2.1.6 cve-assign
Re: mp3splt: NULL pointer dereference in free_options (options_manager.c) cve-assign
Re: Multiple memory access issues in gstreamer cve-assign
Re: podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) cve-assign
Re: podofo: signed integer overflow in PdfParser.cpp cve-assign
Re: podofo: NULL pointer dereference in PdfOutputStream.cpp cve-assign
Re: podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) cve-assign
Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd cve-assign
Re: podofo: multiple crashes cve-assign
Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref cve-assign

Thursday, 02 February

Re: CVE requests: OpenBSD httpd - 2 DoS Pierre Kim
[FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues FOXMOLE Advisories
curiosity for CVE-2016-10000 Vladis Dronov
Re: mp3splt: NULL pointer dereference in main (mp3splt.c) Agostino Sarubbo
Re: podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) Agostino Sarubbo
CVE request tigervnc: vnc server can crash when TLS handshake terminates early Matthias Gerstner
Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Wade Mealing
Re: curiosity for CVE-2016-10000 Marcus Meissner

Friday, 03 February

Re: curiosity for CVE-2016-10000 Justin Steven
podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) Agostino Sarubbo
CVE request for two input validation flaws in gtk-vnc Adam Maris
Re: curiosity for CVE-2016-10000 Vladis Dronov
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read John Haxby
Re: curiosity for CVE-2016-10000 Kurt Seifried
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Andreas Stieger
Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Kristian Erik Hermansen

Saturday, 04 February

pax-utils: dumpelf: out of bounds read in dump_notes (dumpelf.c) Agostino Sarubbo
pax-utils: dumpelf: multiple divide-by-zero in dumpelf.c Agostino Sarubbo
pax-utils: dumpelf: two invalid memory read in dumpelf.c Agostino Sarubbo
Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues cve-assign
Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early cve-assign
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read cve-assign
Re: podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) cve-assign
Re: CVE request for two input validation flaws in gtk-vnc cve-assign

Sunday, 05 February

Re: CVE Request: s-nail local root wapiflapi
CVE-2017-2581, CVE-2017-2579, CVE-2017-2580, CVE-2017-2586, CVE-2017-2587: Multiple vulnerabilities in netpbm chunibalon
Irssi 1.0.0 minor remote memory leak Ailin Nemui
Re: Irssi 1.0.0 minor remote memory leak Ailin Nemui
Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Wade Mealing

Monday, 06 February

mupdf: NULL pointer dereference in dodrawpage Agostino Sarubbo
mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo
CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() Andrey Konovalov
[KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability Egidio Romano
CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest P J P
Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign
Re: CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() cve-assign
Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest cve-assign
Re: CVE Request: s-nail local root cve-assign

Tuesday, 07 February

CVE request: XXE in Openpyxl Sébastien Delafond
CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz
a simple replacement for setuid and confinement systems Peter Grandi
CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests P J P
CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion Jens Heyens
Re: CVE request: XXE in Openpyxl Doran Moppert
Re: CVE request: PostfixAdmin allows to delete protected aliases cve-assign
Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests cve-assign
Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion cve-assign

Wednesday, 08 February

CVE Request: Nova-LXD incorrectly applied Neutron security group rules Tyler Hicks
CVE request virglrenderer: null pointer dereference in vrend_clear P J P
CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing P J P
CVE request: XSS in viewvc Sébastien Delafond
Re: CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Ian Zimmerman
BIND9 CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash ISC Security Officer
Re: CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz
Re: Re: CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Gustavo Grieco
Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules cve-assign
Re: CVE request virglrenderer: null pointer dereference in vrend_clear cve-assign
Re: CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing cve-assign
Re: CVE request: XSS in viewvc cve-assign
MITRE is adding data intake to its CVE ID process cve-assign
Re: MITRE is adding data intake to its CVE ID process P J P

Thursday, 09 February

Re: MITRE is adding data intake to its CVE ID process Simon McVittie
zziplib: heap-based buffer overflow in __zzip_get32 (fetch.c) Agostino Sarubbo
zziplib: heap-based buffer overflow in __zzip_get64 (fetch.c) Agostino Sarubbo
zziplib: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) Agostino Sarubbo
zziplib: NULL pointer dereference in main (unzzipcat-mem.c) Agostino Sarubbo
zziplib: out of bounds read in zzip_mem_entry_new (memdisk.c) Agostino Sarubbo
zziplib: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) Agostino Sarubbo
zziplib: NULL pointer dereference in prescan_entry (fseeko.c) Agostino Sarubbo
zziplib: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) Agostino Sarubbo
zziplib: NULL pointer dereference in main (unzzipcat.c) Agostino Sarubbo
zziplib: load of misaligned address in memdisk.c Agostino Sarubbo
zziplib: assertion failure in seeko.c Agostino Sarubbo
A note about the multiple crashes in zziplib Agostino Sarubbo
[OpenStack OSSN 0065] Users of Glance may be able to replace active image data Luke Hinds
Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley
Re: MITRE is adding data intake to its CVE ID process Peter Bex
Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo
Re: Re: Firejail local root exploit Thomas Deutschmann
Multiple DoS parsing and executing extended regex expressions in GNU libc Gustavo Grieco
Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis
CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability Georg Lukas
Re: Multiple DoS parsing and executing extended regex expressions in GNU libc Jakub Wilk
Re: MITRE is adding data intake to its CVE ID process Amos Jeffries

Friday, 10 February

mupdf: use-after-free in fz_subsample_pixmap (pixmap.c) Agostino Sarubbo
Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Xen . org security team
Re: Use after free in libmysqlclient.so pali
WebKitGTK+ Security Advisory WSA-2017-0002 Carlos Alberto Lopez Perez
Re: Use after free in libmysqlclient.so Solar Designer
Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid
Re: MITRE is adding data intake to its CVE ID process John Haxby
Re: Re: Use after free in libmysqlclient.so Simon McVittie
Re: MITRE is adding data intake to its CVE ID process Stiepan
Re: MITRE is adding data intake to its CVE ID process Simon McVittie
Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer
RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H
Re: MITRE is adding data intake to its CVE ID process Seth Arnold
RE: MITRE is adding data intake to its CVE ID process Ben Tasker
RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H
Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1) Josh Bressers
Re: MITRE is adding data intake to its CVE ID process Tim
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried
Re: MITRE is adding data intake to its CVE ID process Guido Berhoerster
RE: MITRE is adding data intake to its CVE ID process Williams, Ken
Re: MITRE is adding data intake to its CVE ID process Mats Wichmann
Re: MITRE is adding data intake to its CVE ID process Tim
Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz
Re: MITRE is adding data intake to its CVE ID process cve-assign
Re: MITRE is adding data intake to its CVE ID process Adam Caudill
Re: MITRE is adding data intake to its CVE ID process Tim

Saturday, 11 February

Re: [Xen-users] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Roger Pau Monné
Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff
CVE publication request - CVE 2016-8636 Eyal Itkin
Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn
Re: Use after free in libmysqlclient.so pali
Re: Re: Use after free in libmysqlclient.so pali
posting without being subscribed (was: Use after free in libmysqlclient.so) Solar Designer
Re: posting without being subscribed pali
Re: posting without being subscribed Solar Designer
Re: MITRE is adding data intake to its CVE ID process Solar Designer

Sunday, 12 February

Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer Leo Famulari
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried
Fwd: [scr293903] Linux kernel - upstream Andrey Konovalov
CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Henri Salo
CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo P J P
CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state P J P

Monday, 13 February

Re: CVE request: XXE in Openpyxl Sébastien Delafond
Re: [Xen-devel] [Xen-users] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy George Dunlap
RE: CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 李强
RE: [security-vendor] [oss-security] Re: MITRE is adding data intake to its CVE ID process Radzykewycz, T (Radzy)
Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid
RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H
Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Xen . org security team
CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx P J P
Re: MITRE is adding data intake to its CVE ID process Ian Zimmerman
Re: MITRE is adding data intake to its CVE ID process Ian Zimmerman
Re: Re: MITRE is adding data intake to its CVE ID process Kurt Seifried
Re: Re: CVE request: XXE in Openpyxl Doran Moppert

Tuesday, 14 February

Re: CVE request: XXE in Openpyxl Sébastien Delafond
Re: A note about the multiple crashes in zziplib Agostino Sarubbo
Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Vladis Dronov
Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Henri Salo
Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Vladis Dronov
Re: A note about the multiple crashes in zziplib Ian Zimmerman
CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers P J P
Re: Pending CVE requests for glibc Moritz Muehlenhoff

Wednesday, 15 February

Re: MITRE is adding data intake to its CVE ID process Henri Salo
CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync P J P
Xen Security Advisory 207 - memory leak when destroying guest without PT devices Xen . org security team
Advisory X41-2017-002: Multiple Vulnerabilities in ytnef X41 D-Sec GmbH Advisories
Re: MITRE is adding data intake to its CVE ID process Raphael Geissert
Re: CVE request: XXE in Openpyxl Sébastien Delafond
CVE-2017-5993 Virglrenderer: host memory leakage when initialising blitter context P J P
CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state P J P
Re: CVE request: sunxi-debug (root privilege escalation in Allwinner kernel) David Manouchehri
Linux: CVE-2017-6001: Incomplete fix for CVE-2016-6786: perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race Salvatore Bonaccorso
CVE-2017-6000 Qemu: crypto: memory leakage in qcrypto_ivgen_essiv_init P J P

Thursday, 16 February

Re: git-hub: missing sanitization of data received from GitHub Jakub Wilk
fd.o #99828: two symlink attacks fixed in dbus 1.10.16 Simon McVittie
Re: MITRE is adding data intake to its CVE ID process Fabio Olive Leite
Re: MITRE is adding data intake to its CVE ID process Solar Designer
Re: CVE-2017-6000 Qemu: crypto: memory leakage in qcrypto_ivgen_essiv_init P J P
CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping P J P

Friday, 17 February

Re: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Tomas Hoger
Re: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Dawid Golunski
Re: MITRE is adding data intake to its CVE ID process cve-assign
OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062 Salvatore Bonaccorso

Saturday, 18 February

mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo

Sunday, 19 February

TCPDF: CVE-2017-6100: LFI posting internal files externally abusing default parameter Salvatore Bonaccorso

Monday, 20 February

Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan
Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Solar Designer
Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan

Tuesday, 21 February

CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo P J P
Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Xen . org security team
Re: CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo P J P
CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivanski
Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Leo Famulari
[SECURITY ADVISORY]: curl SSL_VERIFYSTATUS ignored Daniel Stenberg
RE: CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 李强

Wednesday, 22 February

CVE-2016-7078: Foreman organization/location authorization vulnerability Dominic Cleal
Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) Andrey Konovalov
munin: CVE-2017-6188: Local file write vulnerability Salvatore Bonaccorso
CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit P J P
util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner
spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer overflow from crafted messages Doran Moppert

Thursday, 23 February

Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky
Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck
Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner
Re: [Xen-devel] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Roger Pau Monné
Re: Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Steven Haigh
Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon
Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Xen . org security team
Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck
Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages Xen . org security team
Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey
Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort
Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn
Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari
Advisory X41-2017-004: Multiple Vulnerabilities in tnef X41 D-Sec GmbH Advisories
Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann
Linux: CVE-2017-6214: ipv4/tcp: infinite loop in tcp_splice_read() Salvatore Bonaccorso
CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifier P J P
CVE-2017-6210 Virglrenderer: null pointer dereference in vrend_decode_reset P J P
GraphicsMagick heap out of bounds write issue Bob Friesenhahn

Friday, 24 February

Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo Matthias Gerstner
Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo Matthias Gerstner
Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn
CVE-2017-6317 Virglrenderer: memory leakage issue in add_shader_program P J P

Saturday, 25 February

pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) Agostino Sarubbo
gnu-paxutils: multiple crashes Agostino Sarubbo
Re: gnu-paxutils: multiple crashes Assaf Gordon

Sunday, 26 February

Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky
Re: Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) Andrey Konovalov
audiofile: multiple crashes Agostino Sarubbo
audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) Agostino Sarubbo
audiofile: heap-based buffer overflow in readValue (FileHandle.cpp) Agostino Sarubbo
audiofile: global buffer overflow in decodeSample (IMA.cpp) Agostino Sarubbo
audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp) Agostino Sarubbo
audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) Agostino Sarubbo
audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) Agostino Sarubbo
audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) Agostino Sarubbo
audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) Agostino Sarubbo
audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) Agostino Sarubbo
audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) Agostino Sarubbo
audiofile: multiple ubsan crashes Agostino Sarubbo
Re: gnu-paxutils: multiple crashes Agostino Sarubbo

Monday, 27 February

Re: potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo
Linux: CVE-2017-6353: sctp: deny peeloff operation on asocs with threads sleeping on it Salvatore Bonaccorso
CVE-2017-6355 Virglrenderer: integer overflow while creating shader object P J P
CVE Request: PHP with Zend OPCache code permission/sensitive data protection vulnerability php-dev

Tuesday, 28 February

Re: CVE Request: PHP with Zend OPCache code permission/sensitive data protection vulnerability php-dev
Re: Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn
Advisory X41-2017-001: Multiple Vulnerabilities in X.org X41 D-Sec GmbH Advisories
Linux: irda: Fix lockdep annotations in hashbin_delete() (CVE-2017-6348) Salvatore Bonaccorso
Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347) Salvatore Bonaccorso
Linux: packet: fix races in fanout_add() (CVE-2017-6346) Salvatore Bonaccorso
Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345) Salvatore Bonaccorso
kio vulnerability: need CVE Albert Astals Cid
three issues in xorg (CVE-2016-2624, CVE-2016-2625, CVE-2016-2626) Doran Moppert
Re: three issues in xorg (CVE-*2017*-2624, CVE-*2017*-2625, CVE-*2017*-2626) Doran Moppert
Multiple Cross-Site Scripting vulnerabilities affecting various WordPress Plugins Summer of Pwnage
Multiple Cross-Site Request Forgery vulnerabilities affecting various WordPress Plugins Summer of Pwnage
Multiple vulnerabilities affecting various WordPress Plugins Summer of Pwnage
Re: kio vulnerability: need CVE P J P
CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state P J P

Wednesday, 01 March

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2 Larry W. Cashdollar
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1 Larry W. Cashdollar
CVE-2016-10228: glibc iconv program can hang when invoked with the -c option Florian Weimer
CVE-2017-6414 Qemu: libcacard: host memory leakage while creating new APDU P J P

Thursday, 02 March

podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo
podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) Agostino Sarubbo
podofo: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo
podofo: heap-based buffer overflow in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo
podofo: global buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo
podofo: NULL pointer dereference in PoDoFo::PdfColor::operator= (PdfColor.cpp) Agostino Sarubbo
podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) Agostino Sarubbo
podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo
podofo: NULL pointer dereference in PoDoFo::PdfXObject::PdfXObject (PdfXObject.cpp) Agostino Sarubbo
podofo: NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) Agostino Sarubbo
another bunch of crashes in podofo Agostino Sarubbo
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Larry W. Cashdollar

Friday, 03 March

potrace: heap-based buffer overflow in bm_readbody_bmp (bitmap_io.c) (incomplete fix for CVE-2016-8698) Agostino Sarubbo
Re: MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Tomas Hoger

Saturday, 04 March

One byte stack buffer overflow in keepassxc / zxcvbn-c Hanno Böck

Sunday, 05 March

TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program Salvatore Bonaccorso
CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz

Monday, 06 March

Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Emilio Pozuelo Monfort
Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo
Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Tomas Hoger
Remote file upload vulnerabilities in multiple wordpress plugins Larry W. Cashdollar
CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list P J P
Cross-Site Request Forgery in WordPress Press This function allows DoS Summer of Pwnage
WordPress audio playlist functionality is affected by Cross-Site Scripting Summer of Pwnage

Tuesday, 07 March

Re: JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz
[ANNOUNCE] CVE-2017-5635 and CVE-2017-5636 Andy LoPresto
CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Craig Small
Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Emilio Pozuelo Monfort
Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Kurt Seifried
Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov
Security issue in Linux kernel (v4.5+) persistent memory enabling Dan Williams

Wednesday, 08 March

Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov
Concerns about CVE-2017-5972 Wade Mealing
Re: Concerns about CVE-2017-5972 Wade Mealing

Thursday, 09 March

Multiple Blind SQL injection vulnerability in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar
LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Tyler Hicks
CVE Request: Joomla! FLEXIcontent - Incorrect Authorization (Authorization Bypass) Seth Art

Friday, 10 March

Advisory: XSS issues in MantisBT (CVE-2017-6797, CVE-2017-6799) Damien Regad
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan

Saturday, 11 March

Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Craig Small
CVE Request: Irssi use after free in netjoin condition (2017/03) Ailin Nemui

Sunday, 12 March

Re: CVE Request: Irssi use after free in netjoin condition (2017/03) Emilio Pozuelo Monfort
Roundcube: CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element Salvatore Bonaccorso
Fwd: [scr305104] wordpress before 4.7.3 Craig Small

Monday, 13 March

Re: audiofile: global buffer overflow in decodeSample (IMA.cpp) Agostino Sarubbo
Re: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp) Agostino Sarubbo
Re: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) Agostino Sarubbo
Re: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) Agostino Sarubbo
Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) Agostino Sarubbo
Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) Agostino Sarubbo
Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) Agostino Sarubbo
Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) Agostino Sarubbo
Re: audiofile: multiple ubsan crashes Agostino Sarubbo
Re: podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo
Re: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) Agostino Sarubbo
Re: podofo: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo
Re: podofo: heap-based buffer overflow in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo
Re: podofo: global buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo
Re: podofo: NULL pointer dereference in PoDoFo::PdfColor::operator= (PdfColor.cpp) Agostino Sarubbo
Re: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) Agostino Sarubbo
Re: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo
Re: podofo: NULL pointer dereference in PoDoFo::PdfXObject::PdfXObject (PdfXObject.cpp) Agostino Sarubbo
Re: podofo: NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) Agostino Sarubbo
Re: mupdf: mujstest: global-buffer-overflow in my_getline (jstest_main.c) Agostino Sarubbo
Re: mupdf: mujstest: global-buffer-overflow in main (jstest_main.c) Agostino Sarubbo
Re: jasper: NULL pointer dereference in jpc_tsfb_synthesize (jpc_tsfb.c) Agostino Sarubbo
Re: jasper: heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) Agostino Sarubbo
Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Agostino Sarubbo
Re: jasper: use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) Agostino Sarubbo
Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo
Re: jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Agostino Sarubbo
Two Content Injection vulnerabilities in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Tyler Hicks

Tuesday, 14 March

CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection P J P
Xen Security Advisory 211 (CVE-2016-9603) - Cirrus VGA Heap overflow via display refresh Xen . org security team
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan
Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar
Re: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) Solar Designer
Re: audiofile: heap-based buffer overflow in readValue (FileHandle.cpp) Solar Designer

Wednesday, 15 March

Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan
Re: Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar
Dealing with CVEs that apply to unspecified package versions Ludovic Courtès
Re: Dealing with CVEs that apply to unspecified package versions Simon McVittie
Re: Dealing with CVEs that apply to unspecified package versions Seth Arnold
Re: Dealing with CVEs that apply to unspecified package versions Leo Famulari
Re: Dealing with CVEs that apply to unspecified package versions Kurt Seifried
CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex

Thursday, 16 March

Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Don A. Bailey
Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard
Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex
CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Thuan Pham
Re: CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Agostino Sarubbo
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard

Friday, 17 March

Re: CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Thuan Pham
Advisory: XSS in MantisBT Source Integration Plugin (CVE-2017-6958) Damien Regad
CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár
Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Solar Designer
CVE-2017-6967 xrdp PAM auth_start_session() Seth Arnold

Saturday, 18 March

Re: Dealing with CVEs that apply to unspecified package versions Brian May
Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias
Re: CVE-2016-3631 - libtiff 4.0.6 illegel read Alan Coopersmith

Sunday, 19 March

git: CVE-2014-9938: does not sanitize branch names in $PS1 allowing command execution Salvatore Bonaccorso

Monday, 20 March

libpcre: invalid memory read in phar (pcretest.c) Agostino Sarubbo
libpcre: NULL pointer dereference in main (pcretest.c) Agostino Sarubbo
libpcre: invalid memory read in match (pcre_exec.c) Agostino Sarubbo
libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo
libpcre: heap-based bufffer overflow in regexflip8_or_16 (pcretest.c) Agostino Sarubbo
libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) Agostino Sarubbo
Re: CVE Request: Irssi use after free in netjoin condition (2017/03) Ailin Nemui
CVE-2017-5644 - Possible DOS (Denial of Service) in Apache POI versions prior to 3.15 Dominik Stadler
Two Content Injection vulnerabilities in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar
Jenkins plugins -- multiple vulnerabilities Daniel Beck

Tuesday, 21 March

subscription-manager: CVE-2017-2663 unsafe dbus interface Cedric Buissart

Wednesday, 22 March

Re: elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c) Agostino Sarubbo
Re: elfutils: memory allocation failure in allocate_elf (common.h) Agostino Sarubbo
information about pwn2own Kernel problem Marcus Meissner
Multiple Unauthenticated blind SQL injections in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar
Re: information about pwn2own Kernel problem Tyler Hicks
Re: information about pwn2own Kernel problem Luedtke, Nicholas (HPE Linux Security)

Thursday, 23 March

Re: information about pwn2own Kernel problem Dave Null
pcs: CVE-2017-2661 Improper node name field validation when creating clusters leads to XSS Cedric Buissart
[OSSA-2017-002] Nova logs sensitive context from notification exceptions (CVE-2017-7214) Jeremy Stanley
[CVE-2017-6088] EON 5.0 Multiple SQL Injection Sydream Labs
[CVE-2017-6087] EON 5.0 Remote Code Execution Sydream Labs
[CVE-2017-5869] Nuxeo Platform remote code execution Sydream Labs

Friday, 24 March

Re: libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) Agostino Sarubbo
Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo
[ANNOUNCE] Linux Security Summit 2017 - CFP James Morris
Re: [ANNOUNCE] Linux Security Summit 2017 - CFP Solar Designer
Re: [ANNOUNCE] Linux Security Summit 2017 - CFP James Morris
Linux kernel ping socket / AF_LLC connect() sin_family race Solar Designer
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Andrey Konovalov
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Eric Dumazet
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Solar Designer

Saturday, 25 March

Re: libtiff: multiple divide-by-zero Agostino Sarubbo
Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo

Sunday, 26 March

Re: mupdf: use-after-free in fz_subsample_pixmap (pixmap.c) Agostino Sarubbo
Re: potrace: heap-based buffer overflow in bm_readbody_bmp (bitmap_io.c) (incomplete fix for CVE-2016-8698) Agostino Sarubbo

Monday, 27 March

inoERP - Multiple Issues FOXMOLE Advisories
CVE: kernel: drm/vmwgfx: check that number of mip levels is above zero in in vmw_surface_define_ioctl() Vladis Dronov

Tuesday, 28 March

Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan
imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862 and CVE-2016-8866) Agostino Sarubbo
Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Serge E. Hallyn

Wednesday, 29 March

CVE-2017-7294: kernel: drm/vmwgfx: limit mip levels in vmw_surface_define_ioctl() Vladis Dronov
CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Tyler Hicks
Re: information about pwn2own Kernel problem Tyler Hicks
Re: [Xen-devel] Xen Security Advisory 206 - xenstore denial of service via repeated update Michael Young
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Lokesh Ubuntu

Thursday, 30 March

Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Tyler Hicks
Advisory: XSS issues in MantisBT (CVE-2017-6973, CVE-2017-7241, CVE-2017-7309) Damien Regad

Friday, 31 March

CVE-2017-7346: kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() Vladis Dronov
CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov
CVE Request -- mapr: information disclosure vulnerability Mark Felder
Re: CVE Request -- mapr: information disclosure vulnerability Mark Felder

Previous period

Next period