oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

788 messages starting Oct 01 16 and ending Dec 31 16
Date index | Thread index | Author index

Saturday, 01 October

GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow Bob Friesenhahn
Re: imagemagick mogrify global buffer overflow cve-assign
Re: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow cve-assign
imagemagick mogrify use after free Marco Grassi

Sunday, 02 October

cJSON buffer out of bound read Marco Grassi
Re: imagemagick mogrify use after free cve-assign
NSPR 4.12, NSS 3.22.1 and PR_GetEnvSecure Florian Weimer

Monday, 03 October

CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function P J P
CVE request Qemu: net: Infinite loop in mcf_fec_do_tx P J P
CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr P J P
Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function cve-assign
Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx cve-assign
Re: CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr cve-assign
CVE-2016-1246: Buffer overflow in DBD-mysql error reporting (Perl DBI module) Florian Weimer

Tuesday, 04 October

Xen Security Advisory 190 (CVE-2016-7777) - CR0.TS and CR0.EM not always honored for x86 HVM guests Xen . org security team
X.Org security advisory: Protocol handling issues in X Window System client libraries Matthieu Herrb
Re: X.Org security advisory: Protocol handling issues in X Window System client libraries Marcus Meissner
Re: X.Org security advisory: Protocol handling issues in X Window System client libraries cve-assign
CVE Request Steve Richert
CVE request for code execution via gem name collission in bundler (was Re: [oss-security] CVE Request) Hanno Böck
Re: CVE request for code execution via gem name collission in bundler (was Re: [oss-security] CVE Request) cve-assign
KMail vulnerabilites: need 3 CVE Albert Astals Cid
Handful of libass issues Brandon Perry
Re: KMail vulnerabilites: need 3 CVE cve-assign
Re: Handful of libass issues cve-assign
Re: Re: CVE request for code execution via gem name collission in bundler (was Re: [oss-security] CVE Request) Reed Loden

Wednesday, 05 October

Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 Raphael Geissert
CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof Hongkun Zeng
CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload Hongkun Zeng
CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Bob Friesenhahn
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign
CVE request: sunxi-debug (root privilege escalation in Allwinner kernel) David Manouchehri
SPIP vulnerabilities: request for 5 CVE Sysdream Labs
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Jakub Wilk
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Florian Weimer
Re: NSPR 4.12, NSS 3.22.1 and PR_GetEnvSecure Florian Weimer
librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco
CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Doran Moppert
Re: CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Doran Moppert

Thursday, 06 October

[SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Mark Thomas
CVE request: DoS loading a SVG in Firefox Gustavo Grieco
Re: SPIP vulnerabilities: request for 5 CVE cve-assign
Re: librsvg and cairo are causing libpng to write out-of-bounds Glenn Randers-Pehrson
[OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162) Jeremy Stanley
Re: librsvg and cairo are causing libpng to write out-of-bounds John Bowler

Friday, 07 October

CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d P J P
CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd P J P
GraphicsMagick CVE Request - WPG Reader Issues Bob Friesenhahn
Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey

Saturday, 08 October

ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] 连一汉
CVE request: invalid memory accesses parsing object files in libgit2 Gustavo Grieco
Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d cve-assign
Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd cve-assign
Re: GraphicsMagick CVE Request - WPG Reader Issues cve-assign
Re: SPIP vulnerabilities: request for 5 CVE cve-assign
Re: CVE request: invalid memory accesses parsing object files in libgit2 cve-assign
libav: null pointer dereference in get_vlc2 (get_bits.h) Agostino Sarubbo
imagemagick: memory allocate failure in AcquireQuantumPixels (quantum.c) Agostino Sarubbo
imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) Agostino Sarubbo
libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c) Agostino Sarubbo
libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) Agostino Sarubbo
libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) Agostino Sarubbo
graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c) Agostino Sarubbo
graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c) Agostino Sarubbo
graphicsmagick: memory allocation failure in MagickMalloc (memory.c) Agostino Sarubbo
potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo
potrace: memory allocation failure Agostino Sarubbo

Sunday, 09 October

Re: potrace: memory allocation failure Marcus Meissner

Monday, 10 October

Re: potrace: memory allocation failure Agostino Sarubbo
CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.) Dawid Golunski
RE: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Sona Sarmadi
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Salvatore Bonaccorso
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Agostino Sarubbo
CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch P J P
CVE request: Qemu: 9pfs: host memory leakage in v9fs_read P J P
CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines P J P
fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Simon McVittie
Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Szabolcs Nagy
Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Simon McVittie
Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch cve-assign
Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read cve-assign
Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines cve-assign
CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing P J P

Tuesday, 11 October

CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification Ludovic Courtès
linux kernel do_blockdev_direct_IO invalid memory access Marco Grassi
Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH
Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy
Re: linux kernel do_blockdev_direct_IO invalid memory access cve-assign
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign
Re: CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing P J P
CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks Ludovic Courtès
Re: CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification cve-assign
Re: CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks cve-assign
Re: Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH

Wednesday, 12 October

CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow freener
bubblewrap LPE Sebastian Krahmer
CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery Sysdream Labs
CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting Sysdream Labs
CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal Sysdream Labs
CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution Sysdream Labs
CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery Sysdream Labs
Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow freener

Thursday, 13 October

Re: bubblewrap LPE cve-assign
Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow cve-assign
Re: bubblewrap LPE Simon McVittie
kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH
Re: cve request: systemd-machined: information exposure for docker containers CAI Qian
CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation CAI Qian
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby
CVE Request: another recursion in GRE Marcus Meissner
Re: CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation cve-assign
docker2aci: infinite loop in deps walking(CVE-2016-8579) 张开翔
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P

Friday, 14 October

Re: CVE Request: another recursion in GRE cve-assign
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek
CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick P J P
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek
CVE request Qemu: net: OOB buffer access in rocker switch emulation P J P
CVE request Qemu: char: divide by zero error in serial_update_parameters P J P
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby
CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf Salvatore Bonaccorso

Saturday, 15 October

Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887) Hanno Böck
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Solar Designer
Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick cve-assign
Re: CVE request Qemu: char: divide by zero error in serial_update_parameters cve-assign
Re: CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf cve-assign
dcraw and CVE-2015-8366 + CVE-2015-8367 Ben Woods
Re: Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887) cve-assign
Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation cve-assign
Re: imagemagick: memory allocate failure in AcquireQuantumPixels (quantum.c) cve-assign
Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) cve-assign
Re: libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c) cve-assign
Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) cve-assign
Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) cve-assign
Re: graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c) cve-assign
Re: graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c) cve-assign
Re: mupdf: use-after-free in pdf_to_num (pdf-object.c) cve-assign
Re: potrace: invalid memory access in findnext (decompose.c) cve-assign
Re: potrace: memory allocation failure cve-assign
Re: Libarchive/bsdtar: multiple crashes cve-assign
Re: potrace: multiple crashes cve-assign
Re: libav: null pointer dereference in get_vlc2 (get_bits.h) cve-assign
Re: Fuzzing jasper cve-assign
Re: graphicsmagick: memory allocation failure in MagickMalloc (memory.c) cve-assign

Sunday, 16 October

Re: Re: Fuzzing jasper Agostino Sarubbo
Re: Fuzzing jasper Agostino Sarubbo
Re: Re: Fuzzing jasper Graham Christensen
mupdf: mujstest: global-buffer-overflow in my_getline (jstest_main.c) Agostino Sarubbo
mupdf: mujstest: global-buffer-overflow in main (jstest_main.c) Agostino Sarubbo
mupdf: mujstest: strcpy-param-overlap in main (jstest_main.c) Agostino Sarubbo
Re: Re: Fuzzing jasper Hanno Böck

Monday, 17 October

Re: Re: Fuzzing jasper Agostino Sarubbo
Re: potrace: invalid memory access in findnext (decompose.c) Johannes Segitz
Re: potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo
imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) Agostino Sarubbo

Tuesday, 18 October

CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Adam Maris
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Remi Collet
jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) Agostino Sarubbo
jasper: memory allocation failure in jas_malloc (jas_malloc.c) Agostino Sarubbo
jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) Agostino Sarubbo
snzip: memory allocation failure in work_buffer_resize (snzip.c) Agostino Sarubbo
libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo
Re: CVE assignment for PHP 5.6.27 and 7.0.12 cve-assign
CVE request for tor Moritz Muehlenhoff
veracrypt security fixes in 1.19 Christian Rebischke
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Gsunde Orangen
Re: CVE assignment for PHP 5.6.27 and 7.0.12 Emmanuel Law
CVE Request - TRE & musl libc regex integer overflows in buffer size computations Rich Felker
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign
CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH 石磊
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried

Wednesday, 19 October

Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski
Re: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Cedric Buissart
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad
Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH cve-assign
Re: CVE Request - TRE & musl libc regex integer overflows in buffer size computations cve-assign
Re: CVE request for tor cve-assign
Re: CVE Request - TRE & musl libc regex integer overflows in buffer size computations Rich Felker
Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH Huzaifa Sidhpurwala
Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) cve-assign

Thursday, 20 October

imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) Agostino Sarubbo
Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) Marcus Meissner
jasper: NULL pointer dereference in jpc_tsfb_synthesize (jpc_tsfb.c) Agostino Sarubbo
Re: CVE Request - Portable UPnP SDK 1.6.19 through 1.8.x cve-assign
CVE-2016-2848 has been disclosed. Michael McNally
Re: CVE-2016-2848 has been disclosed. Florian Weimer
CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst
CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer
Requesting membership to linux-distros Alex Crawford
Re: Requesting membership to linux-distros Kurt Seifried
Re: Requesting membership to linux-distros Alex Crawford

Friday, 21 October

Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) cve-assign
Re: potrace: memory allocation failure Agostino Sarubbo
Re: Requesting membership to linux-distros Kurt Seifried

Saturday, 22 October

Re: Requesting membership to linux-distros Alex Crawford
Addition to linux-distros for Arch Linux Allan McRae
Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) cve-assign
Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) cve-assign
Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) cve-assign
Re: Fuzzing jasper cve-assign

Sunday, 23 October

Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) Agostino Sarubbo
jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Agostino Sarubbo
jasper: heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) Agostino Sarubbo
Re: Fuzzing jasper cve-assign
Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) cve-assign

Monday, 24 October

CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream P J P
CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode P J P
CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS 石磊
Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream cve-assign
Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode cve-assign
Re: Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode P J P
Re: libwmf: memory allocation failure in wmf_malloc (api.c) cve-assign
membership request to the closed linux-distros Sona Sarmadi

Tuesday, 25 October

Re: CVE-2016-7545 -- SELinux sandbox escape Yves-Alexis Perez
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Tomas Hoger
Re: libwmf: memory allocation failure in wmf_malloc (api.c) Marcus Meissner
Re: libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo
Re: libwmf: memory allocation failure in wmf_malloc (api.c) Marcus Meissner
Re: CVE-2016-7545 -- SELinux sandbox escape netblue30
Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 cve-assign
Re: CVE-2016-7545 -- SELinux sandbox escape up201407890
Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Tavis Ormandy
Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 Yves-Alexis Perez
Re: Addition to linux-distros for Arch Linux Solar Designer
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski

Wednesday, 26 October

Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Agostino Sarubbo
Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Simon McVittie
CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/ Cedric Buissart
Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Solar Designer
Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer
Re: Re: librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco
CVE requests: some issues in gif2webp Gustavo Grieco
Re: CVE request: DoS loading a SVG in Firefox Gustavo Grieco
kernel: low-severity vfio driver integer overflow Vlad Tsyrklevich
Re: kernel: low-severity vfio driver integer overflow - Linux kernel cve-assign
Re: librsvg and cairo are causing libpng to write out-of-bounds cve-assign

Thursday, 27 October

Re: CVE requests: some issues in gif2webp cve-assign
Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski
Re: Re: Handful of libass issues Salvatore Bonaccorso
CVE-2016-9015: Python urllib3 1.17 and 1.18 certificate verification failure Cory Benfield
[SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources Mark Thomas
[SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack Mark Thomas
[SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass Mark Thomas
[SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure Mark Thomas
[SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass Mark Thomas
Re: Re: Handful of libass issues Brandon Perry
CVE-2016-5195 test case Andy Lutomirski
CVE request Qemu: net: eepro100 memory leakage at device unplug P J P
CVE request Qemu: 9pfs: memory leakage when creating extended attribute P J P
[OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability Luke Hinds
CVE-2016-7067 - CSRF in Monit Service Manager Adith Sudhakar
Re: [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability Kurt Seifried
CVE request Qemu: 9pfs: information leakage via xattribute P J P

Friday, 28 October

CVE request Qemu: 9pfs: integer overflow leading to OOB access P J P
CVE request Qemu: memory leakage in v9fs_link P J P
CVE request Qemu: 9pfs: memory leakage in v9fs_write P J P

Saturday, 29 October

Re: CVE-2016-5195 test case Solar Designer

Sunday, 30 October

gajim otr plugin cleartext leak Hanno Böck
CVE request - integer overflow and crash parsing regex in mujs Gustavo Grieco
Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco
Re: CVE request Qemu: net: eepro100 memory leakage at device unplug cve-assign
Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute cve-assign
Re: CVE request Qemu: 9pfs: information leakage via xattribute cve-assign
Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access cve-assign
Re: CVE request Qemu: memory leakage in v9fs_link cve-assign
Re: CVE request Qemu: 9pfs: memory leakage in v9fs_write cve-assign
Re: gajim otr plugin cleartext leak cve-assign
Re: CVE request - integer overflow and crash parsing regex in mujs cve-assign
Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign

Monday, 31 October

Stack guard canary massaging Florian Weimer
Re: Stack guard canary massaging Solar Designer
Re: [kernel-hardening] Re: Stack guard canary massaging Daniel Micay
Re: Re: Handful of libass issues Salvatore Bonaccorso
Memcached 1.4.32 and earlier buffer overflow. dormando

Tuesday, 01 November

Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan
Re: Memcached 1.4.32 and earlier buffer overflow. Andrej Nemec
RCE in Zabbix 2.2 to 3.0.3 Martin Prpic
CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment Salvatore Bonaccorso
[ANNOUNCE] Django security releases issued: 1.10.3, 1.9.11, and 1.8.16 Tim Graham
Re: CVE assignment for PHP 5.6.27 and 7.0.12 cve-assign
Re: CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment cve-assign
Re: RCE in Zabbix 2.2 to 3.0.3 cve-assign
Re: Handful of libass issues cve-assign
BIND9 CVE-2016-8864: A problem handling responses containing a DNAME,answer can lead to an assertion failure ISC Security Officer
CVE request: XXE in perl Image::Info and XML::Twig Doran Moppert

Wednesday, 02 November

[SECURITY ADVISORY] curl cookie injection for other servers Daniel Stenberg
[SECURITY ADVISORY] curl case insensitive password comparison Daniel Stenberg
[SECURITY ADVISORY] curl OOB write via unchecked multiplication Daniel Stenberg
[SECURITY ADVISORY] curl double-free in curl_maprintf Daniel Stenberg
[SECURITY ADVISORY] curl double-free in krb5 code Daniel Stenberg
[SECURITY ADVISORY] curl glob parser write/read out of bounds Daniel Stenberg
[SECURITY ADVISORY] curl_getdate read out of bounds Daniel Stenberg
[SECURITY ADVISORY] curl URL unescape heap overflow via integer truncation Daniel Stenberg
[SECURITY ADVISORY] curl use-after-free via shared cookies Daniel Stenberg
[SECURITY ADVISORY] curl invalid URL parsing with '#' Daniel Stenberg
[SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Stuart Henderson
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg
ZJ Invoice 384418 ZJ, do-not-reply
Re: Stack guard canary massaging Seth Arnold
CVE request: multiple issues in go-jose package Cedric Staub

Thursday, 03 November

kernel: fix minor infoleak in get_user_ex() Shawn
CVE request: w3m - multiple vulnerabilities Kuang-che Wu
CVE request:Lynx invalid URL parsing with '?' redrain root
CVE-2016-7035 - pacemaker - improper IPC guarding Jan Pokorný
CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref Vladis Dronov
Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Steve Grubb
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Florian Weimer
Re: CVE request:Lynx invalid URL parsing with '?' Leo Famulari

Friday, 04 November

Re: CVE request:Lynx invalid URL parsing with '?' cve-assign
Re: CVE request: XXE in perl Image::Info and XML::Twig cve-assign
Re: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref cve-assign
Re: kernel: fix minor infoleak in get_user_ex() cve-assign
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host cve-assign
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg
Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck
Re: CVE request:Lynx invalid URL parsing with '?' Thomas Dickey
Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck
Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Kristian Fiskerstrand
jasper: use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) Agostino Sarubbo
CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 Nicolas Braud-Santoni
CVE request: linux kernel - local DoS with cgroup offline code CAI Qian
WebKitGTK+ Security Advisory WSA-2016-0006 Carlos Alberto Lopez Perez
Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 Nicolas Braud-Santoni

Saturday, 05 November

CVE Request: PHP with Zend OPCache code permission/sensitive data protection vulnerabilities php-dev
Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski
CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Gustavo Grieco
Re: CVE request: linux kernel - local DoS with cgroup offline code cve-assign

Sunday, 06 November

Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8 Eyal Itkin
Clarification about CVE-2016-1841 for libxslt Salvatore Bonaccorso
Re: nfsd-ganesha allows anyone to call into DBUS? Siddharth Sharma
Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 cve-assign

Monday, 07 November

CVE request: cJSON buffer out of bound read Henri Salo
CVE-2016-8637: dracut creates world readble initramfs when early cpio is used Andreas Stieger
Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff
Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE Maxim Solodovnik

Tuesday, 08 November

Re: Re: CVE request: mat doesn't remove metadata in embedded images in PDFs Salvatore Bonaccorso
Multiple vulnerabilities affecting five WordPress Plugins (XSS & object injection) Summer of Pwnage
Mailcwp remote file upload vulnerability incomplete fix v1.100 Larry W. Cashdollar
CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow tyrande000 () gmail com
CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string Andrej Nemec
CVE request: netcat-traditional nc buffer overflow Paul Tagliamonte
CVE update (CVE-2016-6815) - Fixed in Ranger 0.6.2 Velmurugan Periasamy
Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string cve-assign

Wednesday, 09 November

CVE Request - Samsung Exynos fimg2d Multiple Issues Idler
CVE-2016-7077: information disclosure from association lists shown without authorization Marek Hulán
CVE-2016-8634: Foreman stored XSS in orgs/locations wizard step Dominic Cleal
elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c) Agostino Sarubbo
elfutils: memory allocation failure in allocate_elf (common.h) Agostino Sarubbo
jasper: use after free in jas_realloc (jas_malloc.c) Agostino Sarubbo
libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) Agostino Sarubbo
libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo
libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c) Agostino Sarubbo
libdwarf: memory allocation failure in do_decompress_zlib (dwarf_init_finish.c) Agostino Sarubbo
libtiff: memory allocation failure in _TIFFCheckRealloc (tif_aux.c) Agostino Sarubbo
libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo
libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo
libming: listmp3: left shift in listmp3.c Agostino Sarubbo
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Henri Salo
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo
CVE Request: libtiff: heap buffer overflow/read outside of array Brian 'geeknik' Carpenter
CVE Request: Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 伍惠宇
Re: CVE Request: libtiff: heap buffer overflow/read outside of array Ian Zimmerman
Re: Re: CVE Request: libtiff: heap buffer overflow/read outside of array Bob Friesenhahn
Re: jasper: use after free in jas_realloc (jas_malloc.c) cve-assign

Thursday, 10 November

Vlany: A Linux (LD_PRELOAD) rootkit eov eov
CVE request: Piwik <= 2.16.0 (saveLayout) PHP Object Injection vulnerability Henri Salo
Re: Vlany: A Linux (LD_PRELOAD) rootkit Rich Felker
CVE request: MyBB multiple vulnerabilities Henri Salo
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) cve-assign
Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) cve-assign
Re: libming: listmp3: left shift in listmp3.c cve-assign
CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core Gustavo Grieco
Multiple vulnerabilities affecting three WordPress Plugins (XSS, info disclosure & DoS) Summer of Pwnage
CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow Qian Zhang
Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core cve-assign

Friday, 11 November

CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov
CVE-2016-8639: Foreman stored XSS in orgs/locations in settings Dominic Cleal
Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov
Re: CVE Request: libtiff: heap buffer overflow/read outside of array cve-assign
Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) cve-assign
Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) cve-assign
Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c) cve-assign
Pipelight: broken validation of dependency installer signature Jakub Wilk
Re: CVE Request - Samsung Exynos fimg2d Multiple Issues cve-assign
CVE-2016-8640 pycsw SQL injection issue Angelos Tzotsos
CVE request: BigTree CMS SQL injection and reflected cross-site scripting vulnerabilities fixed in 4.2.12 / 4.1.16 Henri Salo
CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Henri Salo

Saturday, 12 November

Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo
CVE Request: libtiff: read outside buffer in _TIFFPrintField() Brian 'geeknik' Carpenter
Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý
CVE request: Jenkins remote code execution vulnerability Daniel Beck

Sunday, 13 November

Imagemagick heap overflow Bastien ROUCARIES
CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping

Monday, 14 November

Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign
Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý
Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý
OWASP Core Rule Set v3.0.0 (final) Released. Chaim Sanders
MySQL / MariaDB / Percona - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / CVE-2016-5616] Dawid Golunski
MySQL / MariaDB / Percona - Root Privilege Escalation Exploit [ CVE-2016-6664 / CVE-2016-5617 ] Dawid Golunski
Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField() cve-assign
Re: Remote crash in MaraDNS 2.0.13 and git master cve-assign
Re: CVE request: Jenkins remote code execution vulnerability cve-assign
Re: Imagemagick heap overflow cve-assign
Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping
Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign
CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable Hector Marco-Gisbert
CVE-2016-8646: linux kernel - oops in shash_async_export() Wade Mealing
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari

Tuesday, 15 November

Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco
Re: Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Jeremy Stanley
CVE-2016-1249: Out-of-bounds read by DBD::mysql >= version 2.9003 Patrick Galbraith

Wednesday, 16 November

Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247) Dawid Golunski
Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov
jasper: multiple assertion failures Agostino Sarubbo
CVE Request - Webproxy Portlet - cross-user cache over-hits Andrew W Petro
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby
CVE Request: teeworlds: possible remote code execution on teeworlds client Salvatore Bonaccorso
Re: jasper: multiple assertion failures cve-assign

Thursday, 17 November

Re: CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby
bash - popd controlled free Fernando Muñoz
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby
Re: CVE Request: teeworlds: possible remote code execution on teeworlds client cve-assign
Re: bash - popd controlled free cve-assign
Re: CVE request: MyBB multiple vulnerabilities cve-assign
Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jacobo Avariento

Friday, 18 November

Re: CVE request: w3m - multiple vulnerabilities cve-assign
CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf ChenQin
[Bug Report] Vulnerability in libbpg wykcomputer () gmail com
[Bug report] Vulnerability In libbpg-1 wykcomputer () gmail com
[Bug report] Vulnerability In libbpg-2 wykcomputer () gmail com
CVE requests for Drupal core (SA-CORE-2016-005) Pere Orga
[OSSA 2016-013] Network information disclosure through Heat template source URL (CVE-2016-9185) Tristan Cacqueray
Linux encrypted boot security, was: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper
CVE-2016-9297 LibTIFF regression Henri Salo
CVE Request: gstreamer plugins Marcus Meissner
Re: CVE Request: gstreamer plugins cve-assign
Re: CVE Request: Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 cve-assign
Re: CVE-2016-9297 LibTIFF regression cve-assign
Re: CVE requests for Drupal core (SA-CORE-2016-005) cve-assign
Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf cve-assign

Saturday, 19 November

Multiple XSS vulnerabilities affecting five WordPress Plugins Summer of Pwnage
Re: CVE Request: gstreamer plugins Hanno Böck
imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) Agostino Sarubbo
jasper: signed integer overflow in jas_image.c Agostino Sarubbo
libdwarf: negation overflow in dwarf_leb.c Agostino Sarubbo
imagemagick: null pointer must never be null (tiff.c) Agostino Sarubbo

Sunday, 20 November

jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) Agostino Sarubbo
CVE-2016-6804 Apache OpenOfice Advisory Apache OpenOffice Security
CVE-2016-6803: Apache OpenOffice unquoted search path vulnerability Apache OpenOffice Security
Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Salvatore Bonaccorso

Monday, 21 November

CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions Cedric Buissart
WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski
Re: WordPress (all versions): SPOF, RCE, and Negligence Ben Tasker
RE: Multiple XSS vulnerabilities affecting five WordPress Plugins Scott Gravelle
Re: WordPress (all versions): SPOF, RCE, and Negligence Michael Babker
Re: WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski
Re: WordPress (all versions): SPOF, RCE, and Negligence Ben Tasker
Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Henri Salo
Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Kurt Seifried
Re: WordPress (all versions): SPOF, RCE, and Negligence Solar Designer
Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips cve-assign
CVE request: w3m - multiple vulnerabilities Kuang-che Wu
CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode P J P

Tuesday, 22 November

Re: WordPress (all versions): SPOF, RCE, and Negligence Hanno Böck
Re: CVE Request: gstreamer plugins Alex Gaynor
Libtiff 4.0.7 release fixes many security issues Bob Friesenhahn
Xen Security Advisory 191 (CVE-2016-9386) - x86 null segments not always treated as unusable Xen . org security team
Xen Security Advisory 192 (CVE-2016-9382) - x86 task switch to VM86 mode mis-handled Xen . org security team
Xen Security Advisory 193 (CVE-2016-9385) - x86 segment base write emulation lacking canonical address checks Xen . org security team
Xen Security Advisory 194 (CVE-2016-9384) - guest 32-bit ELF symbol table load leaking host data Xen . org security team
Xen Security Advisory 195 (CVE-2016-9383) - x86 64-bit bit test instruction emulation broken Xen . org security team
Xen Security Advisory 196 (CVE-2016-9377,CVE-2016-9378) - x86 software interrupt injection mis-handled Xen . org security team
Xen Security Advisory 197 (CVE-2016-9381) - qemu incautious about shared ring processing Xen . org security team
Xen Security Advisory 198 (CVE-2016-9379,CVE-2016-9380) - delimiter injection vulnerabilities in pygrub Xen . org security team
[SECURITY] CVE-2016-6817 Apache Tomcat Denial of Service Mark Thomas
[SECURITY] CVE-2016-8735 Apache Tomcat Remote Code Execution Mark Thomas
[SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure Mark Thomas
CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb Andrey Konovalov
Re: WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski
vim/neovim: Arbitrary command execution (CVE-2016-1248) James McCoy
metapixel: heap-based buffer overflow in open_gif_file (rwgif.c) Agostino Sarubbo
metapixel: multiple assertion failures Agostino Sarubbo
Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb cve-assign
Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) cve-assign
Re: jasper: signed integer overflow in jas_image.c cve-assign
Re: libdwarf: negation overflow in dwarf_leb.c cve-assign
Re: imagemagick: null pointer must never be null (tiff.c) cve-assign
Re: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) cve-assign

Wednesday, 23 November

Security issue in LXC (CVE-2016-8649) with additional Linux kernel implications Tyler Hicks
Re: CVE request: w3m - multiple vulnerabilities cve-assign
Re: CVE Request: gstreamer plugins cve-assign
Linux kernel net/ipv4/ip_tunnel.c issue mentioned on netdev cve-assign

Thursday, 24 November

CVE request - BigTree CMS 4.2.13 - Cross-Site Scripting (XSS) haojun hou
CVE request - BigTree CMS 4.2.13 Extension Form Builder Multiple Cross-Site Scripting (XSS) haojun hou
CVE request - itdb 1.23 Cross-Site Scripting (XSS) haojun hou
CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS) haojun hou
Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem Wade Mealing
CVE request: icu: stack-based buffer overflow in uloc_getDisplayName Doran Moppert
Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName cve-assign

Friday, 25 November

CVE Request: salt confidentiality issue Johannes Segitz
Re: CVE Request: salt confidentiality issue cve-assign
Re: Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName Steven R. Loomis
Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu

Saturday, 26 November

Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core Gustavo Grieco
CVE Request: resource exhaustion in regex expression handling in WebKit Gustavo Grieco
Re: CVE request: DoS loading a SVG in Firefox cve-assign
Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core cve-assign
Re: CVE Request: resource exhaustion in regex expression handling in WebKit cve-assign

Monday, 28 November

Re: kernel: fix minor infoleak in get_user_ex() cve-assign
CVE-2016-1251 - use after free in DBD::mysql when using prepared statements - medium Michiel Beijen
CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Yongjun Zhang
Re: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Zhe Zhang

Tuesday, 29 November

Xen Security Advisory 201 - ARM guests may induce host asynchronous abort Xen . org security team
Re: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Yongjun Zhang
Re: Re: CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Raphael Geissert
CVE-2016-8654 jasper: Heap-based buffer overflow in QMFB code in JPC codec Adam Maris
Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 cve-assign

Wednesday, 30 November

cve-request: linux kernel - memory leak in xfs attribute mechanism. Wade Mealing
Re: cve-request: linux kernel - memory leak in xfs attribute mechanism. cve-assign
Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov

Thursday, 01 December

CVE request: Kernel: kvm: stack memory information leakage P J P
gstreamer multiple issues Hanno Böck
libav: multiple crashes from the Undefined Behavior Sanitizer Agostino Sarubbo
imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo
libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) Agostino Sarubbo
libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) Agostino Sarubbo
libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) Agostino Sarubbo
libming: listswf: NULL pointer dereference in dumpBuffer (read.c) Agostino Sarubbo
graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo
CVE Request: Linux: net: out-of-bounds due do a signedness issue when defragging ipv6 Andrey Konovalov
Re: dcraw and CVE-2015-8366 + CVE-2015-8367 Ian Zimmerman
CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003) Salvatore Bonaccorso
Re: CVE request: Kernel: kvm: stack memory information leakage cve-assign
Re: CVE Request: Linux: net: out-of-bounds due do a signedness issue when defragging ipv6 cve-assign
Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Bob Friesenhahn
CVE request: Kernel: kvm: out of bounds memory access via vcpu_id P J P

Friday, 02 December

CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive P J P
Important vulnerability in Dovecot (CVE-2016-8652) Aki Tuomi
CVE request: tomcat privilege escalations in Debian packaging Sébastien Delafond
CVE request: 2 issues in tomcat8 Debian packaging Sébastien Delafond
Re: CVE request: Kernel: kvm: out of bounds memory access via vcpu_id cve-assign
Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive cve-assign
Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003) cve-assign
Re: CVE request: tomcat privilege escalations in Debian packaging cve-assign
Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) cve-assign
Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo
CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE Andrey Konovalov
Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE cve-assign
CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync Baozeng Ding
Re: CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync cve-assign
CVE Request: -- Linux kernel: double free in netlink_dump Baozeng Ding

Saturday, 03 December

CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification Salvatore Bonaccorso

Sunday, 04 December

Re: Re: RCE in Zabbix 2.2 to 3.0.3 Salvatore Bonaccorso
Re: CVE Request: -- Linux kernel: double free in netlink_dump cve-assign
Re: libav: multiple crashes from the Undefined Behavior Sanitizer Agostino Sarubbo
Re: libav: multiple crashes from the Undefined Behavior Sanitizer cve-assign
Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) cve-assign
Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) cve-assign
Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) cve-assign
Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) cve-assign
Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) cve-assign
Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort cve-assign
Re: gstreamer multiple issues cve-assign
Re: CVE Request: SimpleSAMLphp: SSPSA 201612-01: Incorrect signature verification cve-assign
CVE Request: zlib security issues found during audit Marcus Meissner

Monday, 05 December

Re: Re: Remote crash in MaraDNS 2.0.13 and git master Salvatore Bonaccorso
Re: Important vulnerability in Dovecot (CVE-2016-8652) Aki Tuomi
CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks
CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Solar Designer
CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info P J P
Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Leo Famulari
Re: CVE-2016-8740: Apache HTTPD 2.4.17-2.4.23: Server memory can be exhausted and service denied when HTTP/2 is used Solar Designer
CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor P J P
CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda
Re: CVE Request: Info-Zip zipinfo buffer overflow cve-assign
Re: CVE Request: zlib security issues found during audit cve-assign
Re: CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info cve-assign
Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor cve-assign
Re: CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks
Re: CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda
CVE-2016-8655 Linux af_packet.c race condition (local root) Philip Pettersson

Tuesday, 06 December

CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset P J P
CVE request Qemu: usb: redirector: memory leakage when destroying redirector P J P
Xen Security Advisory 199 (CVE-2016-9637) - qemu ioport array overflow Xen . org security team
CVE Request: html5lib: potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers Salvatore Bonaccorso
Tcsh: Out-of-bounds read in c_substitute() Andrej Nemec
Re: CVE Request - Webproxy Portlet - cross-user cache over-hits Andrew W Petro
Opensource Python whitebox code analysis tool recommendations Fiedler Roman
Re: Opensource Python whitebox code analysis tool recommendations Grant Murphy
CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer P J P
CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks P J P
CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource P J P
CVE request - BigTree CMS 4.2.13 - Cross-Site Scripting (XSS) haojun hou
CVE request -BigTree CMS 4.2.13 Extension Form Builder Multiple Cross-Site Scripting (XSS) haojun hou
Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Philip Pettersson

Wednesday, 07 December

Xen Security Advisory 201 (CVE-2016-9815,CVE-2016-9816,CVE-2016-9817,CVE-2016-9818) - ARM guests may induce host asynchronous abort Xen . org security team
Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Hanno Böck
Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Salvatore Bonaccorso
Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Brad Spengler
[CVE-2016-9561] ffmpeg crashes on decoding MOV file 连一汉
[CVE-2016-8595] ffmpeg crashes with an assert 连一汉
Re: CVE request Qemu: usb: redirector: memory leakage when destroying cve-assign
Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset cve-assign
Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer cve-assign
Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource cve-assign
Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks cve-assign
Re: CVE Request: html5lib: potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers cve-assign
CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy P J P

Thursday, 08 December

roundcube code execution via mail() Hanno Böck
CVE request Qemu: char: use after free issue in char backend P J P
CVE Request: file inclusion(traversal/manipulation) in modx revolution 2.5.1 陈瑞琦
Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy Huawei PSIRT
Re: Ruby:HTTP Header injection in 'net/http' Casper Thomsen
CVE request: Linux panic on fragemented IPv6 traffic (icmp6_send) Florian Pritz
Re: CVE request: Linux panic on fragemented IPv6 traffic (icmp6_send) cve-assign
Re: roundcube code execution via mail() cve-assign
Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) Ian Zimmerman
Linux Kernel use-after-free in SCSI generic device interface Marcus Meissner
Re: Opensource Python whitebox code analysis tool recommendations Sarah Newman
Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy cve-assign
Re: CVE request Qemu: char: use after free issue in char backend cve-assign

Friday, 09 December

[ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting Christopher Shannon
CVE-2016-9580 CVE-2016-9581 openjpeg2: heap buffer oevrflows Adam Maris
CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso
Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Mathieu Pasquet

Sunday, 11 December

Multiple vulnerabilities affecting three WordPress Plugins (XSS, & PHP object injection) Summer of Pwnage
Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza cve-assign

Monday, 12 December

[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas
CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 Lior Kaplan
Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited
Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited
Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 cve-assign
CVE Request: Potential DoS in Crypto++ ASN.1 parser Jeffrey Walton
Re: CVE Request: Potential DoS in Crypto++ ASN.1 parser cve-assign
Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso

Tuesday, 13 December

Xen Security Advisory 200 (CVE-2016-9932) - x86 CMPXCHG8B emulation fails to ignore operand size override Xen . org security team
CVE-2016-9583 jasper: Out of bounds heap read in jpc_pi_nextpcrl() Adam Maris

Wednesday, 14 December

vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi
why many CVEs are ** RESERVED ** on Mitre Sona Sarmadi
CVE-2016-1253 most: shell command injection through filenames Sébastien Delafond
Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried
Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan
CVE Request: SimpleSAMLphp: SSPSA 201612-02: Incorrect signature verification Salvatore Bonaccorso
Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried
Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso
Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan
CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Salvatore Bonaccorso
Re: why many CVEs are ** RESERVED ** on Mitre Marcus Meissner
Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried
Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Sona Sarmadi
Re: why many CVEs are ** RESERVED ** on Mitre Sona Sarmadi
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried
CVE Request: IrRegular Expressions resource exhaustion in regex compilation [was: Re: [oss-security] CVE Request: resource exhaustion in regex expression handling in WebKit] Peter Bex
CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso
Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso
CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS P J P

Thursday, 15 December

CVE request: PT-2013-46 Local File Include in Nagios Looking Glass Henri Salo
CVE-2016-9584: heap use-after-free on libical Agustin Mista
Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry
Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry
Re: CVE Request: IrRegular Expressions resource exhaustion in regex compilation [was: Re: [oss-security] CVE Request: resource exhaustion in regex expression handling in WebKit] cve-assign
Re: CVE Request: SimpleSAMLphp: SSPSA 201612-02: Incorrect signature verification cve-assign
Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files cve-assign
Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file cve-assign
CVE Request - Exim 4.69-4.87 - disclosure of private information Heiko Schlittermann
Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign

Friday, 16 December

CVE-2016-9591 jasper: Use-after-free on heap in jas_matrix_destroy Adam Maris
Re: vulnerable version: 4.8.12 and previous versions but xml file says: cpe:/o:linux:linux_kernel:4.8.12"/> Kurt Seifried
Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Florent Rougon
[SECURITY] CVE-2016-5001: Apache Hadoop Information Disclosure Arpit Agarwal

Saturday, 17 December

CVE Request - squid HTTP proxy multiple Information Disclosure issues Amos Jeffries
CVE request - DCMTK remote stack buffer overflow Gjoko Krstic
Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues cve-assign
Re: CVE request - DCMTK remote stack buffer overflow cve-assign

Sunday, 18 December

CVE-2016-9963 Exim private information leak Heiko Schlittermann

Monday, 19 December

[OSSN-0074] Nova metadata service should not be used for sensitive information Luke Hinds
Announce: OpenSSH 7.4 released Damien Miller
Re: CVE-2016-9584: heap use-after-free on libical Agustin Mista
Xen Security Advisory 204 - x86: Mishandling of SYSCALL singlestep during emulation Xen . org security team
Re: Announce: OpenSSH 7.4 released cve-assign
Re: Xen Security Advisory 204 - x86: Mishandling of SYSCALL singlestep during emulation cve-assign
Xen Security Advisory 204 (CVE-2016-10013) - x86: Mishandling of SYSCALL singlestep during emulation Xen . org security team

Tuesday, 20 December

CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities P J P
CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout P J P
CVE requests for various ImageMagick issues Antoine Beaupré
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Dawid Golunski
Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Dawid Golunski
CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack Sylvain SARMEJEANNE
CVE request: ikiwiki: authorization bypass when reverting changes Simon McVittie
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann
[SECURITY ADVISORY] curl: printf floating point buffer overflow Daniel Stenberg
Re: CVE request: ikiwiki: authorization bypass when reverting changes cve-assign

Wednesday, 21 December

Curious about the security of my router fermwair. tapper
Xen Security Advisory 203 (CVE-2016-10025) - x86: missing NULL pointer check in VMFUNC emulation Xen . org security team
Xen Security Advisory 202 (CVE-2016-10024) - x86 PV guests may be able to mask interrupts Xen . org security team
Re: Curious about the security of my router fermwair. Seth Arnold
Re: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Tomas Hoger
CVE request - Vesta Control Panel 0.9.7 <= 0.9.8-16 Local Privilege Escalation Luka Pusic
Re: CVE-2016-9963 Exim private information leak Kurt H Maier
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann
Re: CVE-2016-9963 Exim private information leak Kurt H Maier

Thursday, 22 December

Re: Curious about the security of my router fermwair. tapper
Re: CVE-2016-9963 Exim private information leak Johannes Segitz
Re: Curious about the security of my router fermwair. Agostino Sarubbo
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann
Re: CVE-2016-9963 Exim private information leak Jeffrey Walton
Re: Curious about the security of my router fermwair. Nicholas Prowse
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann
Re: CVE-2016-9963 Exim private information leak Jeffrey Walton
Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann
Re: CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack cve-assign
Re: CVE-2016-9963 Exim private information leak Kurt Seifried
Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities cve-assign
Re: CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout cve-assign
[SECURITY ADVISORY] curl: uninitialized random Daniel Stenberg

Friday, 23 December

CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of private information) Heiko Schlittermann

Saturday, 24 December

Qt QXmlSimpleReader Solar Designer
Re: Qt QXmlSimpleReader cve-assign

Sunday, 25 December

CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information) Heiko Schlittermann
tqdm: insecure use of git Jakub Wilk
Re: tqdm: insecure use of git cve-assign
PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski

Monday, 26 December

Joomla com_blog_calendar SQL Injection Vulnerability Steevee a.k.a Stefanus
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Hanno Böck
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex
Re: [security] [oss-security] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Michael Hess
Re: [security] [oss-security] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Yannick Warnier
Incomplete fix for CVE-2016-8641 (Nagios local root via (sym)links) Michael Orlitzky
Re: CVE requests for various ImageMagick issues cve-assign
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Tracy Reed
Buffer overflow in pycrypto Leo Famulari

Tuesday, 27 December

Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Michael Hess
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Florian Pritz
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Michael Hess
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski
Re: Buffer overflow in pycrypto cve-assign
Re: tqdm: insecure use of git Jakub Wilk
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Solar Designer
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski
Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski

Wednesday, 28 December

[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage Oleksandr Rudyy
Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Solar Designer
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) Dawid Golunski
Re: tqdm: insecure use of git cve-assign

Thursday, 29 December

Re: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski
libpng NULL pointer dereference bugfix Glenn Randers-Pehrson
ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery) Simon McVittie

Friday, 30 December

Re: Linux Kernel use-after-free in SCSI generic device interface Salvatore Bonaccorso
Zend Framework (zend-mail) < 2.4.11 Remote Code Execution (CVE-2016-10034) Dawid Golunski
Re: Linux Kernel use-after-free in SCSI generic device interface cve-assign
Re: libpng NULL pointer dereference bugfix cve-assign
CVE request: Nagios: Incomplete fix for CVE-2016-8641 Michael Orlitzky
Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641 cve-assign

Saturday, 31 December

Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability Pedro Santos
CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions Salvatore Bonaccorso
Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions cve-assign

Previous period

Next period