oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

689 messages starting Jul 01 16 and ending Sep 30 16
Date index | Thread index | Author index

Friday, 01 July

SQLite Tempdir Selection Vulnerability Andreas Stieger
Re: SQLite Tempdir Selection Vulnerability cve-assign
CVE requests / Advisory: ATutor <= 2.2.1 Matthew Daley
CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay

Saturday, 02 July

[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell

Monday, 04 July

Re: [FD] [oss-security] libical 0.47 SEGV on unknown address Brandon Perry
[CVE-2016-1000007] Pagure: XSS in raw file endpoint Patrick Uiterwijk
Browsing and attaching images considered harmful in Linux Gustavo Grieco

Tuesday, 05 July

BUG_ON crash in linux 4.7-rc6/master skbuff.c Marco Grassi
CVE ID Request : OpenFire multiple vulnerabilities Sysdream Labs
CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay) Christoph Biedl
Fwd: CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Solar Designer
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik
CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Salvatore Bonaccorso
Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif cve-assign
Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c cve-assign
Re: Browsing and attaching images considered harmful in Linux cve-assign

Wednesday, 06 July

Re: Browsing and attaching images considered harmful in Linux Gustavo Grieco
Re: Browsing and attaching images considered harmful in Linux Salvatore Bonaccorso
Malicious primary DNS servers can crash secondaries Florian Weimer
Re: Malicious primary DNS servers can crash secondaries cve-assign

Thursday, 07 July

CVE Request: perl: XSLoader: could load shared library from incorrect location Salvatore Bonaccorso
Re: Malicious primary DNS servers can crash secondaries Remi Gacogne
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad

Friday, 08 July

Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) Jens Erat
On anonymous CVE assignments Lior Kaplan
Re: On anonymous CVE assignments Kurt Seifried
Re: CVE Request: perl: XSLoader: could load shared library from incorrect location cve-assign
Re: On anonymous CVE assignments Glenn Randers-Pehrson
CVE request: apparmor: oops in apparmor_setprocattr() John Johansen

Saturday, 09 July

Re: CVE request: apparmor: oops in apparmor_setprocattr() cve-assign
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) cve-assign
Re: On anonymous CVE assignments Glenn Randers-Pehrson
CVE-2016-4971: wget < 1.18 trusts server-provided filename on HTTP to FTP redirects Solar Designer

Sunday, 10 July

CVE request:SQL injections in TeamPass das das

Monday, 11 July

CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Hanno Böck
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart
Re: CVE request: apparmor: oops in apparmor_setprocattr() Ben Laurie
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Florian Weimer
cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel CAI Qian
Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel cve-assign
Re: CVE request: apparmor: oops in apparmor_setprocattr() Tyler Hicks
CVE-2016-5389: linux kernel - challange ack information leak. Wade Mealing

Tuesday, 12 July

Re: CVE-2016-5389: linux kernel - challange ack information leak. Wade Mealing
Re: Pylint checks not as static as one would think Jakub Wilk
CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c Salvatore Bonaccorso
Vulnerabilities in Apache Archiva 0ang3el 0ang3el
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters
CVE request for the Play Framework David Black
CVE Requests: Information exposure caused by ecryptfs-setup-swap failures Tyler Hicks

Wednesday, 13 July

CVE request: Information leak in LibTIFF Mathias Svensson
CVE requests for Drupal Core - SA-CORE-2016-002 Pere Orga
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco
cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian
Re: CVE requests for Drupal Core - SA-CORE-2016-002 cve-assign
Re: cve request: local DoS by overflowing kernel mount table using shared bind mount cve-assign
CVE Request: openshift-node is logging private RSA keys to the systemd journal Michael Scherer
Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal cve-assign
CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Franco Costantini
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd cve-assign
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Greg KH
CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala

Thursday, 14 July

Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian
Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures cve-assign
Re: CVE request: Information leak in LibTIFF cve-assign
Multiple Bugs in OpenBSD Kernel Jesse Hertz
Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz
Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz
Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c Anonymous
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Jessica Frazelle

Friday, 15 July

[SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows Justin Ross
Re: CVE request for the Play Framework cve-assign
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian
Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Jesse Hertz
CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select Salvatore Bonaccorso

Saturday, 16 July

CVE Request for KNewStuff/KArchive issue David Faure
Re: CVE Request for KNewStuff/KArchive issue cve-assign
Re: CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select cve-assign
Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz
multiple memory corruption issues in lepton Marco Grassi

Sunday, 17 July

CVE requests for Drupal contributed modules Pere Orga
Multiple stored Cross-Site Scripting vulnerabilities affecting three WordPress Plugins Summer of Pwnage
Multiple reflected Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins Summer of Pwnage
Multiple Local File Inclusion vulnerabilities affecting three WordPress Plugins Summer of Pwnage
Re: multiple memory corruption issues in lepton cve-assign
Re: Multiple Bugs in OpenBSD Kernel cve-assign
Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign
Re: CVE request for the Play Framework David Black
Re: Re: CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala
CVE request for webkit js engine javascriptcore jun3 June

Monday, 18 July

Re: CVE request for webkit js engine javascriptcore Solar Designer
A CGI application vulnerability for PHP, Go, Python and others Richard Rowe
Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried
Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer
CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) Alexander Sulfrian
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak
Re: CVE-2016-5321: libtiff 4.0.6 DumpModeDecode(): Ddos akuster
Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero akuster
Re: A CGI application vulnerability for PHP, Go, Python and others Jan Schaumann
libupnp write files via POST Hanno Böck
[ANNOUNCE] Django security releases issued: 1.10 release candidate 1, 1.9.8, and 1.8.14 Tim Graham
Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer
Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried
ISC security issue CVE-2016-2775 (potential denial-of-service attack against lwres functionality in BIND) Michael McNally
Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign
Ruining the Magic of Magento's Encryption Library Scott Arciszewski
Re: Ruining the Magic of Magento's Encryption Library Scott Arciszewski

Tuesday, 19 July

CVE ID Request: FOG Project Multiple Vulnerabilities Sysdream Labs
subuid security patches for shadow package Sebastian Krahmer
Re: subuid security patches for shadow package Sebastian Krahmer
Re: subuid security patches for shadow package Eric W. Biederman

Wednesday, 20 July

Buffer overflow in libarchive-3.2.0 Christian Wressnegger
Re: subuid security patches for shadow package cve-assign
Re: CVE request for the Play Framework Will Sargent
Multiple vulnerabilities affecting five WordPress Plugins (XSS, CSRF & SQLi) Summer of Pwnage
Re: libupnp write files via POST cve-assign
CVE request: multiple issues fixed in GNU libidn 1.33 Andreas Stieger
Re: [Pkg-shadow-devel] subuid security patches for shadow package Nicolas François
CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen
Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Lucian Cojocar
Re: Buffer overflow in libarchive-3.2.0 Christian Wressnegger

Thursday, 21 July

Re: CVE request: multiple issues fixed in GNU libidn 1.33 cve-assign
mupdf library use after free Marco Grassi
Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution cve-assign
Re: mupdf library use after free cve-assign
Re: A CGI application vulnerability for PHP, Go, Python and others Peter Bex

Friday, 22 July

Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Salvatore Bonaccorso
panic at big_key_preparse #4.7-r6/rc7 & master zer0mem
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison
Re: panic at big_key_preparse #4.7-r6/rc7 & master Greg KH
Re: A CGI application vulnerability for PHP, Go, Python and others - CHICKEN eggs cve-assign

Saturday, 23 July

XSS vulnerability in ILIAS before version 5.1.3, 5.0.11 and 4.4.14 Walter
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar

Sunday, 24 July

Fwd: CVE for PHP 5.5.38 issues Lior Kaplan
Re: Fwd: CVE for PHP 5.5.38 issues cve-assign
CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing
Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Greg KH
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing

Monday, 25 July

Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Bálint Réczey
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Solar Designer
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS Larry W. Cashdollar
CVE-2016-4451, CVE-2016-4475: Foreman organizations/locations API/UI privilege escalations Dominic Cleal
CVE-2016-4995: Foreman information disclosure through unauthorized template previews Dominic Cleal
CVE-2016-5390: Foreman information disclosure in host interfaces/parameters API Dominic Cleal
Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck
CVE request Qemu: scsi: esp: oob write access while reading ESP command P J P

Tuesday, 26 July

Xen Security Advisory 182 (CVE-2016-6258) - x86: Privilege escalation in PV guests Xen . org security team
Xen Security Advisory 183 (CVE-2016-6259) - x86: Missing SMAP whitelisting in 32-bit exception / event delivery Xen . org security team
Reflected XSS & SQLi in HugeIT slideshow v1.0.4 Larry W. Cashdollar
SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla Larry W. Cashdollar
cve request: systemd-machined: information exposure for docker containers CAI Qian
CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD Jesse Hertz
Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command cve-assign
Re: CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD cve-assign
Re: cve request: systemd-machined: information exposure for docker containers cve-assign
Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Gustavo Grieco
Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 cve-assign
Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) cve-assign
Re: Use after free in my_login() function of DBD::mysql (Perl module) cve-assign

Wednesday, 27 July

CVE request : a stored XSS in Xcloner for wordpress limingxing
CVE request: Jenkins plugin 'Cucumber Reports' 1.3.0 to 2.5.1 disabled XSS protection mechanism Daniel Beck
CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS P J P
CVE Request: DBD-mysql: use-after-free in mysql_dr_error Salvatore Bonaccorso
Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error cve-assign
Xen Security Advisory 184 (CVE-2016-5403) - virtio: unbounded memory allocation issue Xen . org security team
Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke
Re: Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh
Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke
Re: Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Gustavo Grieco
Re: cve request: systemd-machined: information exposure for docker containers Jesse Hertz
Re: cve request: systemd-machined: information exposure for docker containers Jessica Frazelle
Re: Ruining the Magic of Magento's Encryption Library cve-assign
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Luis Henriques
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Greg KH

Thursday, 28 July

CVE Request: redis: World readable .rediscli_history Salvatore Bonaccorso
CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode P J P
CVE request: Wireshark 2.0.5 and 1.12.13 security releases Andreas Stieger
CVE Request Qemu: virtio: infinite loop in virtqueue_pop P J P
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped
Re: cve request: systemd-machined: information exposure for docker containers Simon McVittie
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh
Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop cve-assign
Re: CVE Request: redis: World readable .rediscli_history cve-assign
SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla Larry W. Cashdollar
Reflected XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Larry W. Cashdollar
CVE-Request Buffer overflow ImageMagick Ibrahim el-sayed
paps: heap overflow when processing crafted file Agostino Sarubbo
Re: CVE-Request Buffer overflow ImageMagick cve-assign
Re: paps: heap overflow when processing crafted file cve-assign

Friday, 29 July

Re: Re: paps: heap overflow when processing crafted file Agostino Sarubbo
CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Huzaifa Sidhpurwala
cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node 张开翔
CVE request: mongodb: world-readable .dbshell history file Sébastien Delafond
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck
Re: CVE request: multiple issues fixed in GNU libidn 1.33 Hanno Böck
Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks cve-assign
Re: CVE request: mongodb: world-readable .dbshell history file cve-assign
Re: paps: heap overflow when processing crafted file cve-assign
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped

Saturday, 30 July

Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Hanno Böck
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck

Sunday, 31 July

badUSB exploit - affects all Linux distros פאי פי
Multiple vulnerabilities affecting four WordPress Plugins & one Theme Summer of Pwnage
Re: badUSB exploit - affects all Linux distros Greg KH
Re: badUSB exploit - affects all Linux distros Greg KH
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Joshua J. Drake
CVE Request: Linux >= 4.5 double fetch leading to heap overflow Scott Bauer
Re: Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Huzaifa Sidhpurwala

Monday, 01 August

Announce: OpenSSH 7.3 released Damien Miller
Re: cve request: systemd-machined: information exposure for docker containers Shiz
Re: CVE request: Wireshark 2.0.5 and 1.12.13 security releases cve-assign
CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 petrella.pietro
Re: Re: CVE request: mongodb: world-readable .dbshell history file Grant Ridder
Re: CVE Request: Linux >= 4.5 double fetch leading to heap overflow cve-assign
Re: CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 cve-assign
CVE Request: CSRF in Grails console Dario Bertini
CVE request: XSS vulns in Dotclear v2.9.1 陈瑞琦
Re: CVE request: mongodb: world-readable .dbshell history file Sébastien Delafond

Tuesday, 02 August

glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) Florian Weimer
CVE Request ImageMagick buffer overflow Ibrahim el-sayed
Re: Ruby:HTTP Header injection in 'net/http' Marcus Meissner
CVE Request: Denial-of-Service / Unexploitable Memory Corruption in mmap() on OpenBSD Jesse Hertz
Multiple vulnerabilities affecting seven WordPress (XSS, CSRF, SQLi) Summer of Pwnage
Re: CVE Request ImageMagick buffer overflow cve-assign
Re: CVE Request: CSRF in Grails console cve-assign
Re: CVE Request: Denial-of-Service / Unexploitable Memory Corruption in mmap() on OpenBSD cve-assign
Re: CVE request: XSS vulns in Dotclear v2.9.1 cve-assign
Re: CVE Request: CSRF in Grails console Dario Bertini
CVE request:Heap overflow vulns in MuPDF redrain root

Wednesday, 03 August

[SECURITY VULNERABILITY] curl: TLS session resumption client cert bypass Daniel Stenberg
[SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Daniel Stenberg
[SECURITY VULNERABILITY] curl: use of connection struct after free Daniel Stenberg
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh
CVE-2016-6301: busybox: NTP server denial of service flaw Martin Prpic
Re: CVE request:Heap overflow vulns in MuPDF cve-assign
Grails Console is still vulnerable to CSRF CVE-2016-6521 Dario Bertini
Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node cve-assign

Thursday, 04 August

CVE-2016-6580, Python Priority: DoS via Unlimited Stream Insertion Cory Benfield
CVE-2016-6581, Python HPACK and old Python Hyper releases: HPACK Bomb Cory Benfield
Multiple Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins Summer of Pwnage
CVE-2016-0760: Hive builtin functions “reflect”, “reflect2”, and “java_method” are not blocked in Apache Sentry Sravya Tirukkovalur
Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom 0xr0ot

Friday, 05 August

Read out-of-bounds parsing bash code in GNU Bash 4.3 Gustavo Grieco
CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference Idler

Sunday, 07 August

CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) Salvatore Bonaccorso

Monday, 08 August

Re: Read out-of-bounds parsing bash code in GNU Bash 4.3 Gustavo Grieco
RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972) Kirill Zaitsev
MatrixSSL Bignum bugs Hanno Böck

Tuesday, 09 August

FreeBSD update components vulns (libarchive, bsdiff, portsnap) Hanno Böck

Wednesday, 10 August

Re: cve request: systemd-machined: information exposure for docker containers CAI Qian
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh

Thursday, 11 August

CVE Requests Facebook HHVM F. Alonso
Re: CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay
[CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson
[CVE-2016-6317] Unsafe Query Generation Risk in Active Record Aaron Patterson
CVE Request Qemu: Information leak in vmxnet3_complete_packet P J P
Re: [CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson
CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation P J P
CVE request Qemu: an infinite loop during packet fragmentation P J P
CVE request: Qemu net: vmxnet3: use after free while writing P J P
CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Kurt Seifried

Friday, 12 August

CVE request: XSS vuln in b2evolution v6.7.4 陈瑞琦
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Maxim Solodovnik
[CVE-2016-6671] ffmpeg buffer overflow when decoding swf 连一汉
Re: [Bug-wget] [oss-security] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen

Saturday, 13 August

libav: heap-based buffer overflow in ff_audio_resample (resample.c) Agostino Sarubbo

Sunday, 14 August

gorgeous squid3
Re: gorgeous Solar Designer
CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex
Re: [Bug-wget] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen
Re: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH
Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi
RE: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi

Monday, 15 August

Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi
Multiple vulnerabilities affecting eleven WordPress Plugins (XSS, CSRF, LFI & object injection) Summer of Pwnage
Fwd: Security vulnerability - read out-of-bounds leads to memory leak Ibrahim el-sayed

Tuesday, 16 August

CVE Request: Default password in openstack / crowbar trove Marcus Meissner
cracklib: Stack-based buffer overflow when parsing large GECOS field Huzaifa Sidhpurwala
firewalld: Firewall configuration can be modified by any logged in user Huzaifa Sidhpurwala
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH
Re: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH

Wednesday, 17 August

RE: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH
Re: CVE-2016-5696: linux kernel - challange ack information leak. Gsunde Orangen
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH
Re: CVE-2016-5696: linux kernel - challange ack information leak. Salvatore Bonaccorso
CVE-2016-4973 gcc: Targets using libssp for SSP are missing -D_FORTIFY_SOURCE functionality Cedric Buissart
Libgcrypt and GnuPG 1.4 RNG output prediction Solar Designer
Re: Libgcrypt and GnuPG 1.4 RNG output prediction Remi Gacogne
CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation Cedric Buissart
Re: Libgcrypt and GnuPG 1.4 RNG output prediction Werner Koch
ModSecurity's OWASP CRS v3.0.0-rc1 Released. Chaim Sanders
MantisBT: XSS in view_all_bug_page.php Damien Regad
Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c) cve-assign
Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures cve-assign
Re: CVE request: Qemu net: vmxnet3: use after free while writing cve-assign
Re: CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation cve-assign
Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet cve-assign
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master cve-assign
Re: CVE request Qemu: an infinite loop during packet fragmentation cve-assign
Re: MantisBT: XSS in view_all_bug_page.php cve-assign
Re: CVE Request: Default password in openstack / crowbar trove cve-assign
Re: CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference cve-assign

Thursday, 18 August

potrace: multiple crashes Agostino Sarubbo
CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang Florian Weimer
CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner
Re: Re: Libgcrypt and GnuPG 1.4 RNG output prediction Andrew Gallagher
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Ben Hutchings
Re: Libgcrypt and GnuPG 1.4 RNG output prediction Solar Designer
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Adam Maris
CVE request - slock, all versions NULL pointer dereference Eric Pruitt
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Willy Tarreau
Re: CVE request - slock, all versions NULL pointer dereference cve-assign
Re: CVE Requests Facebook HHVM cve-assign
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull

Friday, 19 August

Re: Re: CVE request - slock, all versions NULL pointer dereference x ksi
CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Wade Mealing
Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Greg KH
CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation P J P
Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign
Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign
Re: MatrixSSL Bignum bugs cve-assign
Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation cve-assign

Saturday, 20 August

Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage
Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage
memory issues in libksba 1.3.4 and git Pascal Cuoq
TLS testing results - OS distro vulnerabilities Mauri Miettinen

Sunday, 21 August

Re: TLS testing results - OS distro vulnerabilities Kurt Seifried
CVE request: Linux kernel mbcache lock contention denial of service. Wade Mealing
Re: Path traversal vulnerability in WordPress Core Ajax handlers cve-assign

Monday, 22 August

Re: CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation Cedric Buissart
Re: TLS testing results - OS distro vulnerabilities Jakub Wilk
Re: memory issues in libksba 1.3.4 and git Werner Koch
Re: memory issues in libksba 1.3.4 and git Solar Designer
Re: TLS testing results - OS distro vulnerabilities Solar Designer
Re: TLS testing results - OS distro vulnerabilities Jani Kenttala
Re: memory issues in libksba 1.3.4 and git Werner Koch
Re: memory issues in libksba 1.3.4 and git Solar Designer
CVE update (CVE-2016-5395) - Fixed in Apache Ranger 0.6.1 Velmurugan Periasamy
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign
CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands Salvatore Bonaccorso
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH
Re: CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands cve-assign
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign
Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c cve-assign
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Willy Tarreau

Tuesday, 23 August

Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Kurt Seifried
RE: [security-vendor] Re: [oss-security] Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Radzykewycz, T (Radzy)
Fuzzing jasper Agostino Sarubbo
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign
Re: cracklib: Stack-based buffer overflow when parsing large GECOS field Salvatore Bonaccorso
cve request: overlayfs: Fix dentry reference leak CAI Qian

Wednesday, 24 August

CVE request - sudoers on Red Hat, Fedora, Mageia information disclosure Doran Moppert
CVE-2016-6319: Foreman stored XSS in form label helpers Dominic Cleal
CVE-2016-6320: Foreman stored XSS in network interface device identifiers Dominic Cleal
WebKitGTK+ Security Advisory WSA-2016-0005 Carlos Alberto Lopez Perez

Thursday, 25 August

Re: CVE request - sudoers on Red Hat, Fedora, Mageia information disclosure cve-assign
Re: cve request: overlayfs: Fix dentry reference leak cve-assign
Re: CVE request: Linux kernel mbcache lock contention denial of service. cve-assign
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Jordan Bettis

Friday, 26 August

CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Vladis Dronov
Multiple vulnerabilities in RPM – and a rant Hanno Böck
Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit cve-assign
Re: Multiple vulnerabilities in RPM – and a rant Kurt Seifried

Saturday, 27 August

CVE Request - Intelliants Subrion CMS Arbitrary Files Delete 曾鸿坤
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign
MantisBT weakened CSP when using bundled Gravatar plugin Damien Regad

Sunday, 28 August

Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign

Monday, 29 August

Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Vladis Dronov
Re: MantisBT weakened CSP when using bundled Gravatar plugin cve-assign
Re: Re: MantisBT weakened CSP when using bundled Gravatar plugin Reed Loden

Tuesday, 30 August

CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend P J P
Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend P J P
Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend cve-assign
CVE request: Kernel Oops when issuing fcntl on an AUFS directory Ben Hutchings
Re: MantisBT weakened CSP when using bundled Gravatar plugin Damien Regad

Wednesday, 31 August

Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory cve-assign

Thursday, 01 September

cve request: docker swarm node Dos occurs when join a cluster failed using local CA certificate 张开翔
CVE Request: docker swarm node Dos occurs when join a cluster failed using local CA certificate 张开翔
Updated: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar
Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Monica
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried

Friday, 02 September

CVE assignment for PHP 5.6.25 and 7.0.10 Lior Kaplan
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Damien Miller
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried
Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl cve-assign

Sunday, 04 September

Re: CVE ID Request: FOG Project Multiple Vulnerabilities Henri Salo
Re: CVE ID Request: FOG Project Multiple Vulnerabilities Sysdream Labs
CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis Antoine Beaupré

Monday, 05 September

Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Kamil Dudka
Re: CVE request: Linux kernel mbcache lock contention denial of service. Greg KH
CVE request: Plone multiple vulnerabilities Nathan Van Gheem
Re: CVE request: Plone multiple vulnerabilities Nathan Van Gheem
Re: CVE request: Plone multiple vulnerabilities cve-assign
Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis William Pitcock
Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert cve-assign
Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis cve-assign
Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis cve-assign
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica
cve request: docker swarm node Dos occurs when join a cluster failed using local CA certificate Diogo Mónica

Tuesday, 06 September

Re: CVE request: Linux kernel mbcache lock contention denial of service. Andreas Stieger
CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings P J P
CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list P J P
CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages P J P
Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings cve-assign
Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list cve-assign
Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages cve-assign
GraphicsMagick 1.3.25 fixes some security issues Bob Friesenhahn

Wednesday, 07 September

Re: Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages P J P
[SECURITY ADVISORY] curl: Incorrect reuse of client certificates Daniel Stenberg
CVE Request - Portable UPnP SDK 1.6.19 through 1.8.x Scott Tenaglia
ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad
CVE Request: File Roller path traversal Tyler Hicks
CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service yi
CVE Request: OpenJPEG Heap Buffer Overflow Issue 刘科
CVE Request: OpenJPEG Integer Overflow Issue 刘科
Re: CVE Request: File Roller path traversal cve-assign
Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue cve-assign
Re: CVE Request: OpenJPEG Integer Overflow Issue cve-assign
Re: CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service cve-assign

Thursday, 08 September

Re: Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue(Internet mail) 刘科
Xen Security Advisory 185 (CVE-2016-7092) - x86: Disallow L3 recursive pagetable for 32-bit PV guests Xen . org security team
Xen Security Advisory 186 (CVE-2016-7093) - x86: Mishandling of instruction pointer truncation during emulation Xen . org security team
Xen Security Advisory 188 (CVE-2016-7154) - use after free in FIFO event channel code Xen . org security team
Xen Security Advisory 187 (CVE-2016-7094) - x86 HVM: Overflow of sh_ctxt->seg_reg[] Xen . org security team
CVE request - Samsumg Mobile Phone SVE-2016-6248: SystemUI Security issue 0xr0ot
Fwd: [scr231911] SVE-2016-6248: SystemUI Security issue 0xr0ot
CVE request: libarchive (pre 3.2.0) denial of service with gzip quine Doran Moppert
CVE for Sentry / OpenCFP Andreas Lindh
CVEs for public Kibana / logstash issues Kurt Seifried
Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine cve-assign
Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names Summer of Pwnage
New security advisory for Apache CXF Fediz - CVE-2016-4464 Colm O hEigeartaigh
CVE Request: Heap Overflow Portable UPnP SDK 1.6.19 through 1.8.x Scott Tenaglia
CVE request - Airmail URLScheme render and file:// xss vulnerability redrain root
multiple crashes in radare2/radiff2 Vahagn Vardanyan
Re: Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names cve-assign
Re: multiple crashes in radare2/radiff2 Solar Designer

Friday, 09 September

CVE request for webp:index overflow,used by memcpy later ChenQin
Fwd: multiple crashes in radare2/radiff2 Vahagn Vardanyan
PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load Remi Gacogne
CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command P J P
Re: GraphicsMagick 1.3.25 fixes some security issues Agostino Sarubbo
ettercap: etterlog: multiple crashes Agostino Sarubbo
Re: CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command cve-assign
Re: CVE request for webp:index overflow,used by memcpy later cve-assign
Re: GraphicsMagick 1.3.25 fixes some security issues Bob Friesenhahn
Re: CVEs for public Kibana / logstash issues Kurt Seifried
Re: ettercap: etterlog: multiple crashes cve-assign
Re: multiple crashes in radare2/radiff2 Tavis Ormandy

Saturday, 10 September

autotrace: out-of-bounds write Agostino Sarubbo
Re: autotrace: out-of-bounds write cve-assign
libav: out-of-bounds stack read Agostino Sarubbo
Re: libav: out-of-bounds stack read cve-assign
Possible CVE request for Redis docker container Kurt Seifried

Sunday, 11 September

CVE Request: XSS vulns in b2evolution v6.7.5 陈瑞琦

Monday, 12 September

nfsd-ganesha allows anyone to call into DBUS? Sebastian Krahmer
CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Solar Designer
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Fried Wil
Re: autotrace: out-of-bounds write Brian May

Tuesday, 13 September

Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) HW42
CVE-2016-6299 mock: privilige escalation via mock-scm Martin Prpic
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released Brian Demers
Heapoverflow in giflib5.1.4 vul
CVE request -libdwarf 20160613 heap-buffer-overflow vul
Re: Heapoverflow in giflib5.1.4 Hanno Böck
Re: Heapoverflow in giflib5.1.4 Solar Designer
libxml with CGI fix watashiwaher
Re: Heapoverflow in giflib5.1.4 Seth Arnold
Re: Heapoverflow in giflib5.1.4 Hanno Böck
Re: libxml with CGI fix Bob Friesenhahn
Re: Heapoverflow in giflib5.1.4 Seth Arnold
[SECURITY VULNERABILITY] curl escape and unescape integer overflows Daniel Stenberg
Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad

Wednesday, 14 September

Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Anonymous
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Moritz Muehlenhoff
CVE-2016-6801: CSRF in Jackrabbit-Webdav using empty content-type Julian Reschke
CVE request for Dropbear SSH <2016.74 Matt Johnston
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Jeremy Stanley
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Seth Arnold
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried
Re: ADOdb PDO driver: incorrect quoting may allow SQL injection cve-assign
Re: CVE request for Dropbear SSH <2016.74 cve-assign
Re: CVE request -libdwarf 20160613 heap-buffer-overflow cve-assign
Re: CVE Request: XSS vulns in b2evolution v6.7.5 cve-assign

Thursday, 15 September

Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad
CVE assignment for PHP 5.6.26 and 7.0.11 Lior Kaplan
CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field Marcus Meissner
Libarchive/bsdtar: multiple crashes Agostino Sarubbo
Re: CVE request -libdwarf 20160613 heap-buffer-overflow Agostino Sarubbo
Re: CVE assignment for PHP 5.6.26 and 7.0.11 cve-assign
Does a documentation bug elevate to CVE status? Jeffrey Walton
Re: Does a documentation bug elevate to CVE status? - Crypto++ cve-assign
Re: Does a documentation bug elevate to CVE status? - Crypto++ Jeffrey Walton
Re: Libarchive/bsdtar: multiple crashes Gulshan Singh

Friday, 16 September

CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests P J P
CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc P J P
CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object P J P
Out of bounds heap bugs in glib, heap buffer overflow in gnome-session Hanno Böck
Fwd: CVE-2016-7420 and dev-brach 'trap' ready for testing Jeffrey Walton
CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby
Re: CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests cve-assign
Re: CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc cve-assign
Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object cve-assign
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Flavio Junqueira
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey
linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer() Marco Grassi
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey
libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey
Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) cve-assign
Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer() cve-assign

Saturday, 17 September

[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Flavio Junqueira
Re: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo
CVE request：Exponent CMS 2.3.9 SQL injection vulnerability felix k3y
CVE request：Exponent CMS 2.3.9 SQL injection vulnerabilities felix k3y

Sunday, 18 September

CVE Request: GnuTLS: OCSP validation issue (GNUTLS-SA-2016-3) Salvatore Bonaccorso
CVE request - openjpeg null ptr dereference vul
Re: CVE request - openjpeg null ptr dereference Robert Święcki
Re: CVE request - openjpeg null ptr dereference cve-assign
Re: CVE Request: GnuTLS: OCSP validation issue (GNUTLS-SA-2016-3) cve-assign
Re: GraphicsMagick 1.3.25 fixes some security issues cve-assign
Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerability cve-assign
Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities cve-assign
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby
CVE Request: Multiple security issues in OpenJPEG 刘科

Monday, 19 September

Re: Libarchive/bsdtar: multiple crashes Agostino Sarubbo
Exponent CMS 2.3.9 SQL injection vulnerabilities east wu
Exponent CMS 2.3.9 SQL injection vulnerabilities 王禹哲
CVE request - Exponent CMS 2.3.9 SQL injection 王禹哲
Fwd: CVE-2016-7420 (Info Disclosure due to assert), Crypto++ and down level remediation Jeffrey Walton
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold
CVE Request Qemu: usb: xhci memory leakage during device unplug P J P
CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Seth Arnold
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Brandon Perry
Possible CVE for TLS protocol issue Kurt Seifried
Re: Possible CVE for TLS protocol issue Reed Loden
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Reed Loden
Re: Re: ezmlm warning Reed Loden
Re: Re: ezmlm warning Solar Designer
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana
Re: ezmlm warning Brad Knowles

Tuesday, 20 September

Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby
libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo
Re: CVE Request Qemu: usb: xhci memory leakage during device unplug cve-assign
Re: Possible CVE for TLS protocol issue cve-assign
CVE request for vulnerability in OpenStack Nova Tristan Cacqueray
CVE request：Exponent CMS 2.3.9 xss vulnerability in worldpay Carl Peng
CVE request：Exponent CMS 2.3.9 Arbitrary File Upload vulnerability in expFile.php Carl Peng
CVE request：Exponent CMS 2.3.9 Unrestricted File Upload RCE and Local File include vulnerability DM_

Wednesday, 21 September

CVE request - mujs Heap-Buffer-Overflow write and OOB Read Puzzor
Re: libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c) cve-assign
libav: divide-by-zero in sbr_make_f_master (aacsbr.c) Agostino Sarubbo
Re: CVE request for vulnerability in OpenStack Nova cve-assign
Re: libav: divide-by-zero in sbr_make_f_master (aacsbr.c) cve-assign
Re: CVE Request: ipywidgets executes untrusted JavaScript Jamie Whitacre
Irssi Security Advisory CVE-2016-7044+CVE-2016-7045 A.N.
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Larry W. Cashdollar
CVE Request: XSS Vulnerability in Exponent CMS 2.3.9 王畅
Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) cve-assign

Thursday, 22 September

CVE Request: VLC: Potential divide-by-zero issue ajax secure
kernel: ACPI table override is allowed when securelevel is enabled Vladis Dronov
Re: CVE Request: VLC: Potential divide-by-zero issue Moritz Muehlenhoff
CVE Request - Exponent CMS 2.3.9 multi-vulnerabilities in install code Carl Peng
mupdf: use-after-free in pdf_to_num (pdf-object.c) Agostino Sarubbo
[OSSA 2016-011] Nova may fail to delete images in resize state regression (CVE-2016-7498) Tristan Cacqueray

Friday, 23 September

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Larry W. Cashdollar
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Larry W. Cashdollar
[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability Martyn Taylor
CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers" Jeffrey Walton
CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite Hu Chaojian
CVEs for vulnerabilities listed in MySQL 5.6.33 release note Thomas Deutschmann
Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite cve-assign
Re: CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers" cve-assign

Saturday, 24 September

CVE Request: irssi: information disclosure vulnerabilit in buf.pl Salvatore Bonaccorso

Sunday, 25 September

CVE-2016-7545 -- SELinux sandbox escape up201407890
ffmpeg afl bugs cookieopfer
Re: ffmpeg afl bugs Solar Designer
Re: ffmpeg afl bugs Michal Zalewski
Re: Re: ffmpeg afl bugs cookieopfer
CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write Vulnerability 陈佩文
Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl cve-assign
Re: ffmpeg afl bugs cve-assign

Monday, 26 September

[CVE-2016-6881] ffmpeg endless loop when dealing with craft swf file. 连一汉
Re: Re: ffmpeg afl bugs Hanno Böck
CVE-2016-7101 - ImageMagick SGI Coder Out-Of-Bounds Read Vulnerability 陈佩文
CVE-2016-7543 -- bash SHELLOPTS+PS4 up201407890
Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk
Re: CVE-2016-7545 -- SELinux sandbox escape John Haxby
Re: Re: ffmpeg afl bugs cookieopfer
Re: CVE-2016-7545 -- SELinux sandbox escape up201407890
Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas
[ANNOUNCE] Django security releases issued: 1.9.10 and 1.8.15 Tim Graham
openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 Doran Moppert
Re: CVE-2016-7543 -- bash SHELLOPTS+PS4 Tavis Ormandy

Tuesday, 27 September

CVE Request: libgd: Integer overflow in function gdImageWebpCtx of gd_webp.c 刘科
CVE Request - OpenSLP 2.0 Memory Corruption Reno Robert
ImageMagick identify "d:" hangs Bob Friesenhahn
Re: ImageMagick identify "d:" hangs Jakub Wilk
Re: ImageMagick identify "d:" hangs Bob Friesenhahn
BIND9 CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request ISC Security Officer
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari
Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign

Wednesday, 28 September

CVE Request: docker2aci: Path traversals present in image converting 张开翔
Re: CVE Request - OpenSLP 2.0 Memory Corruption jericho
Re: CVE Request: docker2aci: Path traversals present in image converting Alex Crawford
Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: CVE Request: libgd: Integer overflow in function gdImageWebpCtx of gd_webp.c cve-assign
Re: CVE Request: docker2aci: Path traversals present in image converting cve-assign
CVE Request: systemd v209+: local denial-of-service attack Andrew Ayer
CVE Requests for Drupal Core - SA-CORE-2016-004 Pere Orga
Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign
Re: CVE Requests for Drupal Core - SA-CORE-2016-004 cve-assign
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: ImageMagick identify "d:" hangs Bob Friesenhahn
Re: ImageMagick identify "d:" hangs Tavis Ormandy
kdesu vulnerability: need CVE Albert Astals Cid
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: ImageMagick identify "d:" hangs Florian Weimer
Re: ImageMagick identify "d:" hangs Florian Weimer

Thursday, 29 September

Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk
Re: kdesu vulnerability: need CVE cve-assign
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas
CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call 张谦
Re: CVE Request - Exponent CMS 2.3.9 multi-vulnerabilities in install code cve-assign
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH
[SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Quentin Casasnovas
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Mario Pirker
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Vitaly Nikolenko
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Hanno Böck
git-hub: missing sanitization of data received from GitHub Jakub Wilk
CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger
[ANNOUNCE][CVE-2016-5019] Apache MyFaces Trinidad 2.1.2 released Mike Kienenberger
[ANNOUNCE][CVE-2016-5019] Apache MyFaces Trinidad 1.2.15 released Mike Kienenberger
[ANNOUNCE][CVE-2016-5019] Apache MyFaces Trinidad 2.0.2 released Mike Kienenberger
Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger
Systemd local denial of service Mark Hatle
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: CVE Request: systemd v209+: local denial-of-service attack cve-assign
Re: git-hub: missing sanitization of data received from GitHub cve-assign

Friday, 30 September

CVE request: b2evolution 6.7.6 Object Injection vulnerability Carl Peng
CVE Request: File Upload & File Delete lead to Unauthorized RCE in Exponent CMS 2.3.9 fyth
CVE request: ExponentCMS 2.x Object Injection and SQLi vulnerabilities Carl Peng
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana
CVE request: pacemaker DoS when pacemaker remote is in use Cedric Buissart
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: ImageMagick identify "d:" hangs Florian Weimer
Re: ImageMagick identify "d:" hangs Tavis Ormandy
Re: CVE request: pacemaker DoS when pacemaker remote is in use cve-assign
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode cve-assign
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski
imagemagick mogrify global buffer overflow Marco Grassi

Previous period

Next period