oss-sec: by author
RSS Feed
About List
All Lists
Previous period
788 messages
starting Dec 13 16 and
ending Dec 08 16
Date index |
Thread index |
Author index
Adam Maris
CVE-2016-9583 jasper: Out of bounds heap read in jpc_pi_nextpcrl() Adam Maris (Dec 13)
CVE-2016-9580 CVE-2016-9581 openjpeg2: heap buffer oevrflows Adam Maris (Dec 09)
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Adam Maris (Oct 18)
CVE-2016-9591 jasper: Use-after-free on heap in jas_matrix_destroy Adam Maris (Dec 16)
CVE-2016-8654 jasper: Heap-based buffer overflow in QMFB code in JPC codec Adam Maris (Nov 29)
Adith Sudhakar
CVE-2016-7067 - CSRF in Monit Service Manager Adith Sudhakar (Oct 27)
Agostino Sarubbo
libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo (Dec 02)
Re: potrace: memory allocation failure Agostino Sarubbo (Oct 10)
jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) Agostino Sarubbo (Nov 20)
Re: Curious about the security of my router fermwair. Agostino Sarubbo (Dec 22)
Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) Agostino Sarubbo (Dec 01)
potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo (Oct 08)
jasper: use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) Agostino Sarubbo (Nov 04)
elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c) Agostino Sarubbo (Nov 09)
mupdf: mujstest: global-buffer-overflow in my_getline (jstest_main.c) Agostino Sarubbo (Oct 16)
libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) Agostino Sarubbo (Dec 01)
libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) Agostino Sarubbo (Oct 08)
Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo (Oct 18)
libming: listmp3: left shift in listmp3.c Agostino Sarubbo (Nov 09)
libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) Agostino Sarubbo (Dec 01)
snzip: memory allocation failure in work_buffer_resize (snzip.c) Agostino Sarubbo (Oct 18)
Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo (Nov 12)
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
mupdf: mujstest: global-buffer-overflow in main (jstest_main.c) Agostino Sarubbo (Oct 16)
imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) Agostino Sarubbo (Nov 19)
jasper: heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) Agostino Sarubbo (Oct 23)
libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo (Nov 09)
jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Agostino Sarubbo (Oct 23)
Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) Agostino Sarubbo (Oct 23)
elfutils: memory allocation failure in allocate_elf (common.h) Agostino Sarubbo (Nov 09)
libav: multiple crashes from the Undefined Behavior Sanitizer Agostino Sarubbo (Dec 01)
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) Agostino Sarubbo (Oct 17)
libav: null pointer dereference in get_vlc2 (get_bits.h) Agostino Sarubbo (Oct 08)
jasper: signed integer overflow in jas_image.c Agostino Sarubbo (Nov 19)
graphicsmagick: memory allocation failure in MagickMalloc (memory.c) Agostino Sarubbo (Oct 08)
Re: potrace: memory allocation failure Agostino Sarubbo (Oct 21)
libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c) Agostino Sarubbo (Nov 09)
jasper: multiple assertion failures Agostino Sarubbo (Nov 16)
mupdf: mujstest: strcpy-param-overlap in main (jstest_main.c) Agostino Sarubbo (Oct 16)
jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) Agostino Sarubbo (Oct 18)
libdwarf: memory allocation failure in do_decompress_zlib (dwarf_init_finish.c) Agostino Sarubbo (Nov 09)
metapixel: multiple assertion failures Agostino Sarubbo (Nov 22)
jasper: memory allocation failure in jas_malloc (jas_malloc.c) Agostino Sarubbo (Oct 18)
imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo (Dec 01)
Re: libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo (Oct 25)
imagemagick: memory allocate failure in AcquireQuantumPixels (quantum.c) Agostino Sarubbo (Oct 08)
libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) Agostino Sarubbo (Nov 09)
graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c) Agostino Sarubbo (Oct 08)
Re: potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo (Oct 17)
imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) Agostino Sarubbo (Oct 20)
graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo (Dec 01)
imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) Agostino Sarubbo (Oct 08)
libming: listswf: NULL pointer dereference in dumpBuffer (read.c) Agostino Sarubbo (Dec 01)
jasper: use after free in jas_realloc (jas_malloc.c) Agostino Sarubbo (Nov 09)
metapixel: heap-based buffer overflow in open_gif_file (rwgif.c) Agostino Sarubbo (Nov 22)
Re: libav: multiple crashes from the Undefined Behavior Sanitizer Agostino Sarubbo (Dec 04)
libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) Agostino Sarubbo (Oct 08)
Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c) Agostino Sarubbo (Oct 08)
Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Agostino Sarubbo (Oct 26)
libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Agostino Sarubbo (Oct 10)
jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) Agostino Sarubbo (Oct 18)
graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c) Agostino Sarubbo (Oct 08)
jasper: NULL pointer dereference in jpc_tsfb_synthesize (jpc_tsfb.c) Agostino Sarubbo (Oct 20)
libtiff: memory allocation failure in _TIFFCheckRealloc (tif_aux.c) Agostino Sarubbo (Nov 09)
libdwarf: negation overflow in dwarf_leb.c Agostino Sarubbo (Nov 19)
potrace: memory allocation failure Agostino Sarubbo (Oct 08)
imagemagick: null pointer must never be null (tiff.c) Agostino Sarubbo (Nov 19)
Agustin Mista
Re: CVE-2016-9584: heap use-after-free on libical Agustin Mista (Dec 19)
CVE-2016-9584: heap use-after-free on libical Agustin Mista (Dec 15)
Aki Tuomi
Important vulnerability in Dovecot (CVE-2016-8652) Aki Tuomi (Dec 02)
Re: Important vulnerability in Dovecot (CVE-2016-8652) Aki Tuomi (Dec 05)
Albert Astals Cid
KMail vulnerabilites: need 3 CVE Albert Astals Cid (Oct 04)
Alex Crawford
Requesting membership to linux-distros Alex Crawford (Oct 20)
Re: Requesting membership to linux-distros Alex Crawford (Oct 20)
Re: Requesting membership to linux-distros Alex Crawford (Oct 22)
Alex Gaynor
Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)
Allan McRae
Addition to linux-distros for Arch Linux Allan McRae (Oct 22)
Amos Jeffries
CVE Request - squid HTTP proxy multiple Information Disclosure issues Amos Jeffries (Dec 17)
Andreas Stieger
CVE-2016-8637: dracut creates world readble initramfs when early cpio is used Andreas Stieger (Nov 07)
Andrej Nemec
CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string Andrej Nemec (Nov 08)
Tcsh: Out-of-bounds read in c_substitute() Andrej Nemec (Dec 06)
Re: Memcached 1.4.32 and earlier buffer overflow. Andrej Nemec (Nov 01)
Andrew W Petro
Re: CVE Request - Webproxy Portlet - cross-user cache over-hits Andrew W Petro (Dec 06)
CVE Request - Webproxy Portlet - cross-user cache over-hits Andrew W Petro (Nov 16)
Andrey Konovalov
CVE Request: Linux: net: out-of-bounds due do a signedness issue when defragging ipv6 Andrey Konovalov (Dec 01)
CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb Andrey Konovalov (Nov 22)
CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE Andrey Konovalov (Dec 02)
Andy Lutomirski
CVE-2016-5195 test case Andy Lutomirski (Oct 27)
Angelos Tzotsos
CVE-2016-8640 pycsw SQL injection issue Angelos Tzotsos (Nov 11)
Antoine Beaupré
CVE requests for various ImageMagick issues Antoine Beaupré (Dec 20)
Apache OpenOffice Security
CVE-2016-6803: Apache OpenOffice unquoted search path vulnerability Apache OpenOffice Security (Nov 20)
CVE-2016-6804 Apache OpenOfice Advisory Apache OpenOffice Security (Nov 20)
Arpit Agarwal
[SECURITY] CVE-2016-5001: Apache Hadoop Information Disclosure Arpit Agarwal (Dec 16)
Baozeng Ding
CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync Baozeng Ding (Dec 02)
CVE Request: -- Linux kernel: double free in netlink_dump Baozeng Ding (Dec 02)
Bastien ROUCARIES
Imagemagick heap overflow Bastien ROUCARIES (Nov 13)
Ben Tasker
Re: WordPress (all versions): SPOF, RCE, and Negligence Ben Tasker (Nov 21)
Re: WordPress (all versions): SPOF, RCE, and Negligence Ben Tasker (Nov 21)
Ben Woods
dcraw and CVE-2015-8366 + CVE-2015-8367 Ben Woods (Oct 15)
Bob Friesenhahn
GraphicsMagick CVE Request - WPG Reader Issues Bob Friesenhahn (Oct 07)
GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow Bob Friesenhahn (Oct 01)
Libtiff 4.0.7 release fixes many security issues Bob Friesenhahn (Nov 22)
Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Bob Friesenhahn (Dec 01)
Re: Re: CVE Request: libtiff: heap buffer overflow/read outside of array Bob Friesenhahn (Nov 09)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Bob Friesenhahn (Oct 05)
Brad Spengler
Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Brad Spengler (Dec 07)
Brandon Perry
Handful of libass issues Brandon Perry (Oct 04)
Re: Re: Handful of libass issues Brandon Perry (Oct 27)
Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry (Dec 15)
Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry (Dec 15)
Brian 'geeknik' Carpenter
CVE Request: libtiff: heap buffer overflow/read outside of array Brian 'geeknik' Carpenter (Nov 09)
CVE Request: libtiff: read outside buffer in _TIFFPrintField() Brian 'geeknik' Carpenter (Nov 12)
CAI Qian
CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation CAI Qian (Oct 13)
Re: cve request: systemd-machined: information exposure for docker containers CAI Qian (Oct 13)
CVE request: linux kernel - local DoS with cgroup offline code CAI Qian (Nov 04)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2016-0006 Carlos Alberto Lopez Perez (Nov 04)
Casper Thomsen
Re: Ruby:HTTP Header injection in 'net/http' Casper Thomsen (Dec 08)
Cedric Buissart
CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions Cedric Buissart (Nov 21)
Re: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Cedric Buissart (Oct 19)
CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/ Cedric Buissart (Oct 26)
Cedric Staub
CVE request: multiple issues in go-jose package Cedric Staub (Nov 02)
Chaim Sanders
OWASP Core Rule Set v3.0.0 (final) Released. Chaim Sanders (Nov 14)
ChenQin
CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf ChenQin (Nov 18)
Chet Ramey
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Oct 07)
Christian Rebischke
veracrypt security fixes in 1.19 Christian Rebischke (Oct 18)
Christopher Shannon
[ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon (Dec 09)
Cory Benfield
CVE-2016-9015: Python urllib3 1.17 and 1.18 certificate verification failure Cory Benfield (Oct 27)
cve-assign
Re: imagemagick mogrify use after free cve-assign (Oct 02)
Re: CVE Request: IrRegular Expressions resource exhaustion in regex compilation [was: Re: [oss-security] CVE Request: resource exhaustion in regex expression handling in WebKit] cve-assign (Dec 15)
Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH cve-assign (Oct 19)
Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream cve-assign (Oct 24)
Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) cve-assign (Oct 21)
Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files cve-assign (Dec 15)
Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign (Dec 15)
Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips cve-assign (Nov 21)
Re: libpng NULL pointer dereference bugfix cve-assign (Dec 30)
Re: CVE request: Linux panic on fragemented IPv6 traffic (icmp6_send) cve-assign (Dec 08)
Re: CVE request: tomcat privilege escalations in Debian packaging cve-assign (Dec 02)
Re: CVE Request: another recursion in GRE cve-assign (Oct 14)
Re: CVE request - DCMTK remote stack buffer overflow cve-assign (Dec 17)
Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) cve-assign (Dec 02)
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host cve-assign (Nov 04)
Re: CVE Request: zlib security issues found during audit cve-assign (Dec 05)
Re: Imagemagick heap overflow cve-assign (Nov 14)
Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE cve-assign (Dec 02)
Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues cve-assign (Dec 17)
Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza cve-assign (Dec 11)
Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute cve-assign (Oct 30)
Re: CVE request: XXE in perl Image::Info and XML::Twig cve-assign (Nov 04)
Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read cve-assign (Oct 10)
Re: CVE assignment for PHP 5.6.27 and 7.0.12 cve-assign (Oct 18)
Re: CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment cve-assign (Nov 01)
Re: X.Org security advisory: Protocol handling issues in X Window System client libraries cve-assign (Oct 04)
Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) cve-assign (Oct 23)
Re: CVE Request: Linux: net: out-of-bounds due do a signedness issue when defragging ipv6 cve-assign (Dec 01)
Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string cve-assign (Nov 08)
Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) cve-assign (Dec 04)
Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) cve-assign (Oct 22)
Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource cve-assign (Dec 07)
Re: CVE request: Kernel: kvm: stack memory information leakage cve-assign (Dec 01)
Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 23)
Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive cve-assign (Dec 02)
Re: graphicsmagick: memory allocation failure in MagickMalloc (memory.c) cve-assign (Oct 15)
Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort cve-assign (Dec 04)
Re: CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks cve-assign (Oct 11)
Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions cve-assign (Dec 31)
Re: libming: listmp3: left shift in listmp3.c cve-assign (Nov 10)
Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch cve-assign (Oct 10)
Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)
Re: Handful of libass issues cve-assign (Nov 01)
Re: CVE request for tor cve-assign (Oct 19)
Re: CVE request:Lynx invalid URL parsing with '?' cve-assign (Nov 04)
Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) cve-assign (Oct 22)
Re: CVE Request: salt confidentiality issue cve-assign (Nov 25)
Re: roundcube code execution via mail() cve-assign (Dec 08)
Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 cve-assign (Nov 06)
Re: CVE Request: html5lib: potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers cve-assign (Dec 07)
Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 28)
Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx cve-assign (Oct 03)
Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick cve-assign (Oct 15)
Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) cve-assign (Nov 22)
Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) cve-assign (Nov 11)
Re: bubblewrap LPE cve-assign (Oct 13)
Re: GraphicsMagick CVE Request - WPG Reader Issues cve-assign (Oct 08)
Re: librsvg and cairo are causing libpng to write out-of-bounds cve-assign (Oct 26)
Re: CVE Request - TRE & musl libc regex integer overflows in buffer size computations cve-assign (Oct 19)
Re: imagemagick: null pointer must never be null (tiff.c) cve-assign (Nov 22)
Re: mupdf: use-after-free in pdf_to_num (pdf-object.c) cve-assign (Oct 15)
Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField() cve-assign (Nov 14)
Re: KMail vulnerabilites: need 3 CVE cve-assign (Oct 04)
Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks cve-assign (Dec 07)
Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 cve-assign (Oct 25)
Re: Announce: OpenSSH 7.4 released cve-assign (Dec 19)
Re: gajim otr plugin cleartext leak cve-assign (Oct 30)
Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy cve-assign (Dec 08)
Re: libdwarf: negation overflow in dwarf_leb.c cve-assign (Nov 22)
Re: CVE Request - Samsung Exynos fimg2d Multiple Issues cve-assign (Nov 11)
Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641 cve-assign (Dec 30)
Re: Buffer overflow in pycrypto cve-assign (Dec 27)
Re: CVE request Qemu: net: eepro100 memory leakage at device unplug cve-assign (Oct 30)
Re: CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info cve-assign (Dec 05)
Re: CVE Request: resource exhaustion in regex expression handling in WebKit cve-assign (Nov 26)
Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core cve-assign (Nov 10)
Re: kernel: low-severity vfio driver integer overflow - Linux kernel cve-assign (Oct 26)
Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode cve-assign (Oct 24)
Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) cve-assign (Oct 15)
Re: CVE Request: Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 cve-assign (Nov 18)
Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor cve-assign (Dec 05)
Re: potrace: multiple crashes cve-assign (Oct 15)
Re: libav: null pointer dereference in get_vlc2 (get_bits.h) cve-assign (Oct 15)
Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c) cve-assign (Nov 11)
Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d cve-assign (Oct 08)
Re: linux kernel do_blockdev_direct_IO invalid memory access cve-assign (Oct 11)
Re: Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887) cve-assign (Oct 15)
Re: CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync cve-assign (Dec 02)
Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) cve-assign (Oct 19)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign (Oct 11)
Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function cve-assign (Oct 03)
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) cve-assign (Nov 10)
Re: graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c) cve-assign (Oct 15)
Re: CVE Request: SimpleSAMLphp: SSPSA 201612-02: Incorrect signature verification cve-assign (Dec 15)
Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003) cve-assign (Dec 02)
Re: tqdm: insecure use of git cve-assign (Dec 28)
Re: graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c) cve-assign (Oct 15)
Re: potrace: memory allocation failure cve-assign (Oct 15)
Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file cve-assign (Dec 15)
Re: Remote crash in MaraDNS 2.0.13 and git master cve-assign (Nov 14)
Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) cve-assign (Oct 15)
Re: CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr cve-assign (Oct 03)
Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow cve-assign (Oct 13)
Re: Handful of libass issues cve-assign (Oct 04)
Re: CVE requests for Drupal core (SA-CORE-2016-005) cve-assign (Nov 18)
Re: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) cve-assign (Nov 22)
Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Oct 30)
Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf cve-assign (Nov 18)
Re: CVE requests: some issues in gif2webp cve-assign (Oct 27)
Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) cve-assign (Oct 22)
Re: CVE request: linux kernel - local DoS with cgroup offline code cve-assign (Nov 05)
Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) cve-assign (Nov 10)
Re: CVE Request: teeworlds: possible remote code execution on teeworlds client cve-assign (Nov 17)
Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) cve-assign (Dec 04)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign (Oct 05)
Re: Fuzzing jasper cve-assign (Oct 22)
Re: CVE request: DoS loading a SVG in Firefox cve-assign (Nov 26)
Re: CVE request Qemu: usb: redirector: memory leakage when destroying cve-assign (Dec 07)
Re: CVE Request - Portable UPnP SDK 1.6.19 through 1.8.x cve-assign (Oct 20)
Re: cve-request: linux kernel - memory leak in xfs attribute mechanism. cve-assign (Nov 30)
Re: Fuzzing jasper cve-assign (Oct 23)
Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities cve-assign (Dec 22)
Re: CVE request: MyBB multiple vulnerabilities cve-assign (Nov 17)
Re: CVE-2016-9297 LibTIFF regression cve-assign (Nov 18)
Re: CVE Request: Info-Zip zipinfo buffer overflow cve-assign (Dec 05)
Re: CVE request for code execution via gem name collission in bundler (was Re: [oss-security] CVE Request) cve-assign (Oct 04)
Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) cve-assign (Dec 04)
Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd cve-assign (Oct 08)
Re: CVE Request: gstreamer plugins cve-assign (Nov 23)
Re: CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification cve-assign (Dec 04)
Re: CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack cve-assign (Dec 22)
Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb cve-assign (Nov 22)
Re: CVE request: ikiwiki: authorization bypass when reverting changes cve-assign (Dec 20)
Re: potrace: invalid memory access in findnext (decompose.c) cve-assign (Oct 15)
Re: CVE Request: Potential DoS in Crypto++ ASN.1 parser cve-assign (Dec 12)
Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access cve-assign (Oct 30)
Re: CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf cve-assign (Oct 15)
Re: CVE Request: gstreamer plugins cve-assign (Nov 18)
Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines cve-assign (Oct 10)
Re: CVE assignment for PHP 5.6.27 and 7.0.12 cve-assign (Nov 01)
Re: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref cve-assign (Nov 04)
Re: gstreamer multiple issues cve-assign (Dec 04)
Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) cve-assign (Dec 04)
Re: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow cve-assign (Oct 01)
Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 cve-assign (Nov 29)
Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset cve-assign (Dec 07)
Re: CVE requests for various ImageMagick issues cve-assign (Dec 26)
Re: CVE request - integer overflow and crash parsing regex in mujs cve-assign (Oct 30)
Re: libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c) cve-assign (Oct 15)
Re: RCE in Zabbix 2.2 to 3.0.3 cve-assign (Nov 01)
Linux kernel net/ipv4/ip_tunnel.c issue mentioned on netdev cve-assign (Nov 23)
Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) cve-assign (Dec 04)
Re: libav: multiple crashes from the Undefined Behavior Sanitizer cve-assign (Dec 04)
Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) cve-assign (Oct 15)
Re: CVE request Qemu: char: divide by zero error in serial_update_parameters cve-assign (Oct 15)
Re: jasper: multiple assertion failures cve-assign (Nov 16)
Re: CVE request: Jenkins remote code execution vulnerability cve-assign (Nov 14)
Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core cve-assign (Nov 26)
Re: CVE request: Kernel: kvm: out of bounds memory access via vcpu_id cve-assign (Dec 02)
Re: tqdm: insecure use of git cve-assign (Dec 25)
Re: CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification cve-assign (Oct 11)
Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName cve-assign (Nov 24)
Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 18)
Re: Linux Kernel use-after-free in SCSI generic device interface cve-assign (Dec 30)
Re: imagemagick: memory allocate failure in AcquireQuantumPixels (quantum.c) cve-assign (Oct 15)
Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 06)
Re: CVE request: invalid memory accesses parsing object files in libgit2 cve-assign (Oct 08)
Re: Qt QXmlSimpleReader cve-assign (Dec 24)
Re: CVE request Qemu: 9pfs: information leakage via xattribute cve-assign (Oct 30)
Re: CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation cve-assign (Oct 13)
Re: CVE request Qemu: 9pfs: memory leakage in v9fs_write cve-assign (Oct 30)
Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation cve-assign (Oct 15)
Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 cve-assign (Dec 12)
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Oct 18)
Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer cve-assign (Dec 07)
Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 08)
Re: Libarchive/bsdtar: multiple crashes cve-assign (Oct 15)
Re: jasper: signed integer overflow in jas_image.c cve-assign (Nov 22)
Re: Fuzzing jasper cve-assign (Oct 15)
Re: CVE Request: libtiff: heap buffer overflow/read outside of array cve-assign (Nov 11)
Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) cve-assign (Nov 11)
Re: jasper: use after free in jas_realloc (jas_malloc.c) cve-assign (Nov 09)
Re: CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout cve-assign (Dec 22)
Re: libwmf: memory allocation failure in wmf_malloc (api.c) cve-assign (Oct 24)
Re: CVE request Qemu: char: use after free issue in char backend cve-assign (Dec 08)
Re: Xen Security Advisory 204 - x86: Mishandling of SYSCALL singlestep during emulation cve-assign (Dec 19)
Re: CVE Request: -- Linux kernel: double free in netlink_dump cve-assign (Dec 04)
Re: CVE request Qemu: memory leakage in v9fs_link cve-assign (Oct 30)
Re: imagemagick mogrify global buffer overflow cve-assign (Oct 01)
Re: bash - popd controlled free cve-assign (Nov 17)
Damien Miller
Announce: OpenSSH 7.4 released Damien Miller (Dec 19)
Daniel Beck
CVE request: Jenkins remote code execution vulnerability Daniel Beck (Nov 12)
Daniel Micay
Re: [kernel-hardening] Re: Stack guard canary massaging Daniel Micay (Oct 31)
Daniel Stenberg
[SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl cookie injection for other servers Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl invalid URL parsing with '#' Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl glob parser write/read out of bounds Daniel Stenberg (Nov 02)
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl double-free in krb5 code Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl use-after-free via shared cookies Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl double-free in curl_maprintf Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl URL unescape heap overflow via integer truncation Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl OOB write via unchecked multiplication Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl: uninitialized random Daniel Stenberg (Dec 22)
[SECURITY ADVISORY] curl: printf floating point buffer overflow Daniel Stenberg (Dec 20)
[SECURITY ADVISORY] curl case insensitive password comparison Daniel Stenberg (Nov 02)
[SECURITY ADVISORY] curl_getdate read out of bounds Daniel Stenberg (Nov 02)
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 04)
David Manouchehri
CVE request: sunxi-debug (root privilege escalation in Allwinner kernel) David Manouchehri (Oct 05)
Dawid Golunski
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Dawid Golunski (Dec 20)
Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 27)
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 25)
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 27)
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski (Oct 19)
Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 29)
CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.) Dawid Golunski (Oct 10)
Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) Dawid Golunski (Nov 16)
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 27)
Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Dawid Golunski (Dec 20)
MySQL / MariaDB / Percona - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / CVE-2016-5616] Dawid Golunski (Nov 14)
MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Dawid Golunski (Nov 14)
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) Dawid Golunski (Dec 28)
Zend Framework (zend-mail) < 2.4.11 Remote Code Execution (CVE-2016-10034) Dawid Golunski (Dec 30)
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 25)
Dominic Cleal
CVE-2016-8634: Foreman stored XSS in orgs/locations wizard step Dominic Cleal (Nov 09)
CVE-2016-8639: Foreman stored XSS in orgs/locations in settings Dominic Cleal (Nov 11)
Doran Moppert
CVE request: icu: stack-based buffer overflow in uloc_getDisplayName Doran Moppert (Nov 24)
CVE request: XXE in perl Image::Info and XML::Twig Doran Moppert (Nov 01)
Re: CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Doran Moppert (Oct 05)
CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Doran Moppert (Oct 05)
dormando
Memcached 1.4.32 and earlier buffer overflow. dormando (Oct 31)
Emmanuel Law
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Emmanuel Law (Oct 18)
eov eov
Vlany: A Linux (LD_PRELOAD) rootkit eov eov (Nov 10)
Eyal Itkin
Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8 Eyal Itkin (Nov 06)
Fernando Muñoz
bash - popd controlled free Fernando Muñoz (Nov 17)
Fiedler Roman
Opensource Python whitebox code analysis tool recommendations Fiedler Roman (Dec 06)
Florent Rougon
Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Florent Rougon (Dec 16)
Florian Pritz
CVE request: Linux panic on fragemented IPv6 traffic (icmp6_send) Florian Pritz (Dec 08)
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Florian Pritz (Dec 27)
Florian Weimer
CVE-2016-1246: Buffer overflow in DBD-mysql error reporting (Perl DBI module) Florian Weimer (Oct 03)
Stack guard canary massaging Florian Weimer (Oct 31)
Re: CVE-2016-2848 has been disclosed. Florian Weimer (Oct 20)
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Florian Weimer (Nov 03)
NSPR 4.12, NSS 3.22.1 and PR_GetEnvSecure Florian Weimer (Oct 02)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Florian Weimer (Oct 05)
Re: NSPR 4.12, NSS 3.22.1 and PR_GetEnvSecure Florian Weimer (Oct 05)
freener
Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow freener (Oct 12)
CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow freener (Oct 12)
Gjoko Krstic
CVE request - DCMTK remote stack buffer overflow Gjoko Krstic (Dec 17)
Glenn Randers-Pehrson
Re: librsvg and cairo are causing libpng to write out-of-bounds Glenn Randers-Pehrson (Oct 06)
libpng NULL pointer dereference bugfix Glenn Randers-Pehrson (Dec 29)
Graham Christensen
Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
Grant Murphy
Re: Opensource Python whitebox code analysis tool recommendations Grant Murphy (Dec 06)
Greg KH
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH (Oct 13)
Re: Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
Gsunde Orangen
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Gsunde Orangen (Oct 18)
Gustavo Grieco
librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 05)
CVE Request: resource exhaustion in regex expression handling in WebKit Gustavo Grieco (Nov 26)
Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco (Oct 30)
CVE request - integer overflow and crash parsing regex in mujs Gustavo Grieco (Oct 30)
CVE requests: some issues in gif2webp Gustavo Grieco (Oct 26)
CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Gustavo Grieco (Nov 05)
Re: CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 26)
CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core Gustavo Grieco (Nov 10)
Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core Gustavo Grieco (Nov 26)
Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco (Nov 07)
CVE request: invalid memory accesses parsing object files in libgit2 Gustavo Grieco (Oct 08)
CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 06)
Re: Re: librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 26)
Hanno Böck
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Hanno Böck (Dec 07)
gstreamer multiple issues Hanno Böck (Dec 01)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck (Nov 04)
Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
roundcube code execution via mail() Hanno Böck (Dec 08)
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Hanno Böck (Dec 26)
CVE request for code execution via gem name collission in bundler (was Re: [oss-security] CVE Request) Hanno Böck (Oct 04)
Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887) Hanno Böck (Oct 15)
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck (Nov 02)
Re: CVE Request: gstreamer plugins Hanno Böck (Nov 19)
gajim otr plugin cleartext leak Hanno Böck (Oct 30)
Re: WordPress (all versions): SPOF, RCE, and Negligence Hanno Böck (Nov 22)
haojun hou
CVE request - BigTree CMS 4.2.13 - Cross-Site Scripting (XSS) haojun hou (Dec 06)
CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS) haojun hou (Nov 24)
CVE request - BigTree CMS 4.2.13 - Cross-Site Scripting (XSS) haojun hou (Nov 24)
CVE request - itdb 1.23 Cross-Site Scripting (XSS) haojun hou (Nov 24)
CVE request -BigTree CMS 4.2.13 Extension Form Builder Multiple Cross-Site Scripting (XSS) haojun hou (Dec 06)
CVE request - BigTree CMS 4.2.13 Extension Form Builder Multiple Cross-Site Scripting (XSS) haojun hou (Nov 24)
Hector Marco
Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 15)
CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 14)
Hector Marco-Gisbert
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable Hector Marco-Gisbert (Nov 14)
Heiko Schlittermann
CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 20)
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 21)
CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of private information) Heiko Schlittermann (Dec 23)
CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information) Heiko Schlittermann (Dec 25)
CVE Request - Exim 4.69-4.87 - disclosure of private information Heiko Schlittermann (Dec 15)
Henri Salo
CVE request: MyBB multiple vulnerabilities Henri Salo (Nov 10)
CVE request: cJSON buffer out of bound read Henri Salo (Nov 07)
CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Henri Salo (Nov 11)
Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Henri Salo (Nov 21)
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Henri Salo (Nov 09)
CVE request: BigTree CMS SQL injection and reflected cross-site scripting vulnerabilities fixed in 4.2.12 / 4.1.16 Henri Salo (Nov 11)
CVE request: Piwik <= 2.16.0 (saveLayout) PHP Object Injection vulnerability Henri Salo (Nov 10)
CVE request: PT-2013-46 Local File Include in Nagios Looking Glass Henri Salo (Dec 15)
CVE-2016-9297 LibTIFF regression Henri Salo (Nov 18)
Hongkun Zeng
CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof Hongkun Zeng (Oct 05)
CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload Hongkun Zeng (Oct 05)
Huawei PSIRT
Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy Huawei PSIRT (Dec 08)
Huzaifa Sidhpurwala
Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH Huzaifa Sidhpurwala (Oct 19)
Ian Zimmerman
Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) Ian Zimmerman (Dec 08)
Re: CVE Request: libtiff: heap buffer overflow/read outside of array Ian Zimmerman (Nov 09)
Re: dcraw and CVE-2015-8366 + CVE-2015-8367 Ian Zimmerman (Dec 01)
Idler
CVE Request - Samsung Exynos fimg2d Multiple Issues Idler (Nov 09)
ISC Security Officer
BIND9 CVE-2016-8864: A problem handling responses containing a DNAME,answer can lead to an assertion failure ISC Security Officer (Nov 01)
Jacobo Avariento
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jacobo Avariento (Nov 17)
Jakub Wilk
Pipelight: broken validation of dependency installer signature Jakub Wilk (Nov 11)
tqdm: insecure use of git Jakub Wilk (Dec 25)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Jakub Wilk (Oct 05)
Re: tqdm: insecure use of git Jakub Wilk (Dec 27)
James McCoy
vim/neovim: Arbitrary command execution (CVE-2016-1248) James McCoy (Nov 22)
Jan Pokorný
CVE-2016-7035 - pacemaker - improper IPC guarding Jan Pokorný (Nov 03)
Jason Cooper
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 16)
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 17)
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 17)
Linux encrypted boot security, was: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 18)
Jeffrey Walton
CVE Request: Potential DoS in Crypto++ ASN.1 parser Jeffrey Walton (Dec 12)
Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
Jeremy Stanley
[OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162) Jeremy Stanley (Oct 06)
Re: Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Jeremy Stanley (Nov 15)
Johannes Segitz
Re: CVE-2016-9963 Exim private information leak Johannes Segitz (Dec 22)
CVE Request: salt confidentiality issue Johannes Segitz (Nov 25)
Re: potrace: invalid memory access in findnext (decompose.c) Johannes Segitz (Oct 17)
John Bowler
Re: librsvg and cairo are causing libpng to write out-of-bounds John Bowler (Oct 06)
John Haxby
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 17)
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 16)
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 13)
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 14)
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 14)
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 17)
Kristian Fiskerstrand
Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Kristian Fiskerstrand (Nov 04)
Kuang-che Wu
CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 03)
CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 21)
Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 25)
Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Dec 14)
Kurt H Maier
Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
Kurt Seifried
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)
Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried (Dec 14)
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 14)
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried (Dec 16)
Re: CVE-2016-9963 Exim private information leak Kurt Seifried (Dec 22)
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried (Oct 18)
Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Kurt Seifried (Nov 21)
Re: Requesting membership to linux-distros Kurt Seifried (Oct 21)
Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried (Dec 14)
Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried (Dec 14)
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried (Oct 18)
Re: Requesting membership to linux-distros Kurt Seifried (Oct 20)
Re: [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability Kurt Seifried (Oct 27)
Larry W. Cashdollar
Mailcwp remote file upload vulnerability incomplete fix v1.100 Larry W. Cashdollar (Nov 08)
Leo Famulari
Re: CVE request:Lynx invalid URL parsing with '?' Leo Famulari (Nov 03)
Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Leo Famulari (Dec 05)
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari (Nov 14)
Buffer overflow in pycrypto Leo Famulari (Dec 26)
Lior Kaplan
CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Oct 18)
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Nov 01)
CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 Lior Kaplan (Dec 12)
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Oct 18)
Ludovic Courtès
CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks Ludovic Courtès (Oct 11)
CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification Ludovic Courtès (Oct 11)
Luka Pusic
CVE request - Vesta Control Panel 0.9.7 <= 0.9.8-16 Local Privilege Escalation Luka Pusic (Dec 21)
Luke Hinds
[OSSN-0074] Nova metadata service should not be used for sensitive information Luke Hinds (Dec 19)
[OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability Luke Hinds (Oct 27)
Marco Grassi
cJSON buffer out of bound read Marco Grassi (Oct 02)
imagemagick mogrify use after free Marco Grassi (Oct 01)
linux kernel do_blockdev_direct_IO invalid memory access Marco Grassi (Oct 11)
Marcus Meissner
Re: libwmf: memory allocation failure in wmf_malloc (api.c) Marcus Meissner (Oct 25)
Re: X.Org security advisory: Protocol handling issues in X Window System client libraries Marcus Meissner (Oct 04)
CVE Request: another recursion in GRE Marcus Meissner (Oct 13)
Linux Kernel use-after-free in SCSI generic device interface Marcus Meissner (Dec 08)
Re: libwmf: memory allocation failure in wmf_malloc (api.c) Marcus Meissner (Oct 25)
Re: why many CVEs are ** RESERVED ** on Mitre Marcus Meissner (Dec 14)
Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) Marcus Meissner (Oct 20)
CVE Request: zlib security issues found during audit Marcus Meissner (Dec 04)
CVE Request: gstreamer plugins Marcus Meissner (Nov 18)
Re: potrace: memory allocation failure Marcus Meissner (Oct 09)
Marek Hulán
CVE-2016-7077: information disclosure from association lists shown without authorization Marek Hulán (Nov 09)
Mark Thomas
[SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure Mark Thomas (Oct 27)
[SECURITY] CVE-2016-8735 Apache Tomcat Remote Code Execution Mark Thomas (Nov 22)
[SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources Mark Thomas (Oct 27)
[SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack Mark Thomas (Oct 27)
[SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass Mark Thomas (Oct 27)
[SECURITY] CVE-2016-6817 Apache Tomcat Denial of Service Mark Thomas (Nov 22)
[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas (Dec 12)
[SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Mark Thomas (Oct 06)
[SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass Mark Thomas (Oct 27)
[SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure Mark Thomas (Nov 22)
Martin Prpic
RCE in Zabbix 2.2 to 3.0.3 Martin Prpic (Nov 01)
Mathieu Pasquet
Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Mathieu Pasquet (Dec 09)
Matthieu Herrb
X.Org security advisory: Protocol handling issues in X Window System client libraries Matthieu Herrb (Oct 04)
Maxim Solodovnik
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE Maxim Solodovnik (Nov 07)
Michael Babker
Re: WordPress (all versions): SPOF, RCE, and Negligence Michael Babker (Nov 21)
Michael Hess
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Michael Hess (Dec 27)
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Michael Hess (Dec 27)
Re: [security] [oss-security] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Michael Hess (Dec 26)
Michael McNally
CVE-2016-2848 has been disclosed. Michael McNally (Oct 20)
Michael Orlitzky
CVE request: Nagios: Incomplete fix for CVE-2016-8641 Michael Orlitzky (Dec 30)
Incomplete fix for CVE-2016-8641 (Nagios local root via (sym)links) Michael Orlitzky (Dec 26)
Michal Zalewski
Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski (Nov 05)
Michiel Beijen
CVE-2016-1251 - use after free in DBD::mysql when using prepared statements - medium Michiel Beijen (Nov 28)
Moritz Muehlenhoff
CVE request for tor Moritz Muehlenhoff (Oct 18)
Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
netblue30
Re: CVE-2016-7545 -- SELinux sandbox escape netblue30 (Oct 25)
Nicholas Prowse
Re: Curious about the security of my router fermwair. Nicholas Prowse (Dec 22)
Nicolas Braud-Santoni
CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 Nicolas Braud-Santoni (Nov 04)
Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 Nicolas Braud-Santoni (Nov 04)
Oleksandr Rudyy
[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage Oleksandr Rudyy (Dec 28)
Ondřej Surý
Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 12)
Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)
Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)
Patrick Galbraith
CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003 Patrick Galbraith (Nov 15)
Paul Tagliamonte
CVE request: netcat-traditional nc buffer overflow Paul Tagliamonte (Nov 08)
Pedro Santos
Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability Pedro Santos (Dec 31)
Pere Orga
CVE requests for Drupal core (SA-CORE-2016-005) Pere Orga (Nov 18)
Peter Bex
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex (Dec 26)
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex (Dec 26)
CVE Request: IrRegular Expressions resource exhaustion in regex compilation [was: Re: [oss-security] CVE Request: resource exhaustion in regex expression handling in WebKit] Peter Bex (Dec 14)
Petr Matousek
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek (Oct 14)
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek (Oct 14)
Philip Pettersson
CVE-2016-8655 Linux af_packet.c race condition (local root) Philip Pettersson (Dec 05)
Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Philip Pettersson (Dec 06)
php-dev
CVE Request: PHP with Zend OPCache code permission/sensitive data protection vulnerabilities php-dev (Nov 05)
Pierre Ernst
Re: CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst (Nov 17)
CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst (Oct 20)
P J P
CVE request: Kernel: kvm: stack memory information leakage P J P (Dec 01)
CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode P J P (Oct 24)
CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function P J P (Oct 03)
CVE request Qemu: net: eepro100 memory leakage at device unplug P J P (Oct 27)
CVE request Qemu: char: use after free issue in char backend P J P (Dec 08)
CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS P J P (Dec 14)
CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities P J P (Dec 20)
CVE request: Qemu: 9pfs: host memory leakage in v9fs_read P J P (Oct 10)
CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource P J P (Dec 06)
CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer P J P (Dec 06)
CVE request Qemu: usb: redirector: memory leakage when destroying redirector P J P (Dec 06)
CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive P J P (Dec 02)
CVE request Qemu: 9pfs: memory leakage in v9fs_write P J P (Oct 28)
CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info P J P (Dec 05)
CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset P J P (Dec 06)
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P (Oct 13)
CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines P J P (Oct 10)
CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout P J P (Dec 20)
CVE request Qemu: char: divide by zero error in serial_update_parameters P J P (Oct 14)
CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd P J P (Oct 07)
CVE request Qemu: net: OOB buffer access in rocker switch emulation P J P (Oct 14)
CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr P J P (Oct 03)
CVE request Qemu: memory leakage in v9fs_link P J P (Oct 28)
Re: CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing P J P (Oct 11)
CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing P J P (Oct 10)
CVE request Qemu: 9pfs: integer overflow leading to OOB access P J P (Oct 28)
CVE request Qemu: net: Infinite loop in mcf_fec_do_tx P J P (Oct 03)
CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode P J P (Nov 21)
CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d P J P (Oct 07)
CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy P J P (Dec 07)
CVE request Qemu: 9pfs: information leakage via xattribute P J P (Oct 27)
CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch P J P (Oct 10)
CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor P J P (Dec 05)
CVE request: Kernel: kvm: out of bounds memory access via vcpu_id P J P (Dec 01)
CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick P J P (Oct 14)
CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks P J P (Dec 06)
CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream P J P (Oct 24)
CVE request Qemu: 9pfs: memory leakage when creating extended attribute P J P (Oct 27)
Re: Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode P J P (Oct 24)
Qian Zhang
CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow Qian Zhang (Nov 10)
Raphael Geissert
Re: Re: CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Raphael Geissert (Nov 29)
Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 Raphael Geissert (Oct 05)
redrain root
CVE request:Lynx invalid URL parsing with '?' redrain root (Nov 03)
Reed Loden
Re: Re: CVE request for code execution via gem name collission in bundler (was Re: [oss-security] CVE Request) Reed Loden (Oct 04)
Remi Collet
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Remi Collet (Oct 18)
Rich Felker
Re: CVE Request - TRE & musl libc regex integer overflows in buffer size computations Rich Felker (Oct 19)
CVE Request - TRE & musl libc regex integer overflows in buffer size computations Rich Felker (Oct 18)
Re: Vlany: A Linux (LD_PRELOAD) rootkit Rich Felker (Nov 10)
Robert Scheck
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck (Nov 02)
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck (Nov 04)
Salvatore Bonaccorso
Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf Salvatore Bonaccorso (Oct 14)
CVE Request: html5lib: potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers Salvatore Bonaccorso (Dec 06)
Re: Re: CVE request: mat doesn't remove metadata in embedded images in PDFs Salvatore Bonaccorso (Nov 08)
CVE Request: teeworlds: possible remote code execution on teeworlds client Salvatore Bonaccorso (Nov 16)
Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Salvatore Bonaccorso (Nov 20)
Re: Re: Remote crash in MaraDNS 2.0.13 and git master Salvatore Bonaccorso (Dec 05)
Re: Re: Handful of libass issues Salvatore Bonaccorso (Oct 27)
Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Salvatore Bonaccorso (Dec 07)
Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso (Dec 14)
Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso (Dec 12)
CVE Request: SimpleSAMLphp: SSPSA 201612-02: Incorrect signature verification Salvatore Bonaccorso (Dec 14)
Re: Re: RCE in Zabbix 2.2 to 3.0.3 Salvatore Bonaccorso (Dec 04)
Re: Re: Handful of libass issues Salvatore Bonaccorso (Oct 31)
CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment Salvatore Bonaccorso (Nov 01)
CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions Salvatore Bonaccorso (Dec 31)
CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003) Salvatore Bonaccorso (Dec 01)
CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification Salvatore Bonaccorso (Dec 03)
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Salvatore Bonaccorso (Oct 10)
CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso (Dec 09)
CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Salvatore Bonaccorso (Dec 14)
Clarification about CVE-2016-1841 for libxslt Salvatore Bonaccorso (Nov 06)
CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
Re: Linux Kernel use-after-free in SCSI generic device interface Salvatore Bonaccorso (Dec 30)
Sam Whited
Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited (Dec 12)
Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited (Dec 12)
Sarah Newman
Re: Opensource Python whitebox code analysis tool recommendations Sarah Newman (Dec 08)
Scott Arciszewski
Re: WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski (Nov 22)
WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski (Nov 21)
Re: WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski (Nov 21)
Scott Gravelle
RE: Multiple XSS vulnerabilities affecting five WordPress Plugins Scott Gravelle (Nov 21)
Seaman, Chad
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad (Oct 19)
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad (Oct 19)
Sebastian Krahmer
bubblewrap LPE Sebastian Krahmer (Oct 12)
Sebastian Pipping
CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 13)
Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
Sébastien Delafond
CVE-2016-1253 most: shell command injection through filenames Sébastien Delafond (Dec 14)
CVE request: tomcat privilege escalations in Debian packaging Sébastien Delafond (Dec 02)
CVE request: 2 issues in tomcat8 Debian packaging Sébastien Delafond (Dec 02)
Seth Arnold
Re: Curious about the security of my router fermwair. Seth Arnold (Dec 21)
Re: Stack guard canary massaging Seth Arnold (Nov 02)
Sevan Janiyan
Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan (Dec 14)
Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan (Dec 14)
Shawn
kernel: fix minor infoleak in get_user_ex() Shawn (Nov 03)
Siddharth Sharma
Re: nfsd-ganesha allows anyone to call into DBUS? Siddharth Sharma (Nov 06)
Simon McVittie
Re: bubblewrap LPE Simon McVittie (Oct 13)
CVE request: ikiwiki: authorization bypass when reverting changes Simon McVittie (Dec 20)
ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery) Simon McVittie (Dec 29)
Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Simon McVittie (Oct 10)
Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Simon McVittie (Oct 26)
fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Simon McVittie (Oct 10)
Solar Designer
Qt QXmlSimpleReader Solar Designer (Dec 24)
CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 20)
Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Solar Designer (Oct 26)
Re: CVE-2016-5195 test case Solar Designer (Oct 29)
Re: WordPress (all versions): SPOF, RCE, and Negligence Solar Designer (Nov 21)
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Solar Designer (Oct 15)
Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 26)
Re: Addition to linux-distros for Arch Linux Solar Designer (Oct 25)
Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Solar Designer (Dec 05)
CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Solar Designer (Dec 05)
Re: Stack guard canary massaging Solar Designer (Oct 31)
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Solar Designer (Dec 27)
Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Solar Designer (Dec 28)
Sona Sarmadi
why many CVEs are ** RESERVED ** on Mitre Sona Sarmadi (Dec 14)
RE: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Sona Sarmadi (Oct 10)
membership request to the closed linux-distros Sona Sarmadi (Oct 24)
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
Re: why many CVEs are ** RESERVED ** on Mitre Sona Sarmadi (Dec 14)
vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi (Dec 14)
Steevee a.k.a Stefanus
Joomla com_blog_calendar SQL Injection Vulnerability Steevee a.k.a Stefanus (Dec 26)
Steve Grubb
Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Steve Grubb (Nov 03)
Steven M. Schweda
CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)
Re: CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)
Steven R. Loomis
Re: Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName Steven R. Loomis (Nov 25)
Steve Richert
CVE Request Steve Richert (Oct 04)
Stuart Henderson
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Stuart Henderson (Nov 02)
Summer of Pwnage
Multiple vulnerabilities affecting three WordPress Plugins (XSS, info disclosure & DoS) Summer of Pwnage (Nov 10)
Multiple vulnerabilities affecting five WordPress Plugins (XSS & object injection) Summer of Pwnage (Nov 08)
Multiple XSS vulnerabilities affecting five WordPress Plugins Summer of Pwnage (Nov 19)
Multiple vulnerabilities affecting three WordPress Plugins (XSS, & PHP object injection) Summer of Pwnage (Dec 11)
Sylvain SARMEJEANNE
CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack Sylvain SARMEJEANNE (Dec 20)
Sysdream Labs
CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal Sysdream Labs (Oct 12)
CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery Sysdream Labs (Oct 12)
Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 07)
CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting Sysdream Labs (Oct 12)
CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution Sysdream Labs (Oct 12)
SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 05)
CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery Sysdream Labs (Oct 12)
Szabolcs Nagy
Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Szabolcs Nagy (Oct 10)
tapper
Re: Curious about the security of my router fermwair. tapper (Dec 22)
Curious about the security of my router fermwair. tapper (Dec 21)
Tavis Ormandy
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 11)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Tavis Ormandy (Oct 25)
CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
Thomas Dickey
Re: CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
Tim Graham
[ANNOUNCE] Django security releases issued: 1.10.3, 1.9.11, and 1.8.16 Tim Graham (Nov 01)
Tomas Hoger
Re: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Tomas Hoger (Dec 21)
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Tomas Hoger (Oct 25)
Tracy Reed
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Tracy Reed (Dec 26)
Tristan Cacqueray
[OSSA 2016-013] Network information disclosure through Heat template source URL (CVE-2016-9185) Tristan Cacqueray (Nov 18)
Tyler Hicks
Security issue in LXC (CVE-2016-8649) with additional Linux kernel implications Tyler Hicks (Nov 23)
CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
Re: CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
tyrande000 () gmail com
CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow tyrande000 () gmail com (Nov 08)
up201407890
Re: CVE-2016-7545 -- SELinux sandbox escape up201407890 (Oct 25)
Velmurugan Periasamy
CVE update (CVE-2016-6815) - Fixed in Ranger 0.6.2 Velmurugan Periasamy (Nov 08)
Vladis Dronov
Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 30)
CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 11)
CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref Vladis Dronov (Nov 03)
kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 11)
Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 16)
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
Vlad Tsyrklevich
kernel: low-severity vfio driver integer overflow Vlad Tsyrklevich (Oct 26)
Wade Mealing
Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem Wade Mealing (Nov 24)
CVE-2016-8646: linux kernel - oops in shash_async_export() Wade Mealing (Nov 14)
cve-request: linux kernel - memory leak in xfs attribute mechanism. Wade Mealing (Nov 30)
wykcomputer () gmail com
[Bug report] Vulnerability In libbpg-2 wykcomputer () gmail com (Nov 18)
[Bug report] Vulnerability In libbpg-1 wykcomputer () gmail com (Nov 18)
[Bug Report] Vulnerability in libbpg wykcomputer () gmail com (Nov 18)
Xen . org security team
Xen Security Advisory 197 (CVE-2016-9381) - qemu incautious about shared ring processing Xen . org security team (Nov 22)
Xen Security Advisory 195 (CVE-2016-9383) - x86 64-bit bit test instruction emulation broken Xen . org security team (Nov 22)
Xen Security Advisory 201 - ARM guests may induce host asynchronous abort Xen . org security team (Nov 29)
Xen Security Advisory 198 (CVE-2016-9379,CVE-2016-9380) - delimiter injection vulnerabilities in pygrub Xen . org security team (Nov 22)
Xen Security Advisory 199 (CVE-2016-9637) - qemu ioport array overflow Xen . org security team (Dec 06)
Xen Security Advisory 200 (CVE-2016-9932) - x86 CMPXCHG8B emulation fails to ignore operand size override Xen . org security team (Dec 13)
Xen Security Advisory 203 (CVE-2016-10025) - x86: missing NULL pointer check in VMFUNC emulation Xen . org security team (Dec 21)
Xen Security Advisory 190 (CVE-2016-7777) - CR0.TS and CR0.EM not always honored for x86 HVM guests Xen . org security team (Oct 04)
Xen Security Advisory 192 (CVE-2016-9382) - x86 task switch to VM86 mode mis-handled Xen . org security team (Nov 22)
Xen Security Advisory 202 (CVE-2016-10024) - x86 PV guests may be able to mask interrupts Xen . org security team (Dec 21)
Xen Security Advisory 201 (CVE-2016-9815,CVE-2016-9816,CVE-2016-9817,CVE-2016-9818) - ARM guests may induce host asynchronous abort Xen . org security team (Dec 07)
Xen Security Advisory 194 (CVE-2016-9384) - guest 32-bit ELF symbol table load leaking host data Xen . org security team (Nov 22)
Xen Security Advisory 193 (CVE-2016-9385) - x86 segment base write emulation lacking canonical address checks Xen . org security team (Nov 22)
Xen Security Advisory 204 - x86: Mishandling of SYSCALL singlestep during emulation Xen . org security team (Dec 19)
Xen Security Advisory 196 (CVE-2016-9377,CVE-2016-9378) - x86 software interrupt injection mis-handled Xen . org security team (Nov 22)
Xen Security Advisory 204 (CVE-2016-10013) - x86: Mishandling of SYSCALL singlestep during emulation Xen . org security team (Dec 19)
Xen Security Advisory 191 (CVE-2016-9386) - x86 null segments not always treated as unusable Xen . org security team (Nov 22)
Yannick Warnier
Re: [security] [oss-security] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Yannick Warnier (Dec 26)
Yongjun Zhang
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Yongjun Zhang (Nov 28)
Re: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Yongjun Zhang (Nov 29)
Yves-Alexis Perez
Re: CVE-2016-7545 -- SELinux sandbox escape Yves-Alexis Perez (Oct 25)
Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 Yves-Alexis Perez (Oct 25)
Zhe Zhang
Re: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Zhe Zhang (Nov 28)
ZJ, do-not-reply
ZJ Invoice 384418 ZJ, do-not-reply (Nov 02)
伍惠宇
CVE Request: Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 伍惠宇 (Nov 09)
张开翔
docker2aci: infinite loop in deps walking(CVE-2016-8579) 张开翔 (Oct 13)
石磊
CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS 石磊 (Oct 24)
CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH 石磊 (Oct 18)
连一汉
[CVE-2016-8595] ffmpeg crashes with an assert 连一汉 (Dec 07)
ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] 连一汉 (Oct 08)
[CVE-2016-9561] ffmpeg crashes on decoding MOV file 连一汉 (Dec 07)
陈瑞琦
CVE Request: file inclusion(traversal/manipulation) in modx revolution 2.5.1 陈瑞琦 (Dec 08)