<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>
Nmap Security Scanner
Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Advertising
About/Contact
Sponsors:
oss-sec
: by thread
RSS Feed
About List
All Lists
Previous period
Next period
578 messages
starting
Apr 02 12 and
ending
Jun 30 12
Date index
| Thread index |
Author index
CVE request: OSClass directory traversal vulnerability
Filippo Cavallarin (Apr 02)
Re: CVE request: OSClass directory traversal vulnerability
Kurt Seifried (Apr 02)
Re: CVE request: OSClass directory traversal vulnerability
Filippo Cavallarin (Apr 02)
Re: CVE request: OSClass directory traversal vulnerability
Kurt Seifried (Apr 02)
Re: CVE request: OSClass directory traversal vulnerability
Henri Salo (Apr 03)
Re: CVE request: OSClass directory traversal vulnerability
Kurt Seifried (Apr 04)
CVEs assigned for Movable Type 4.36 and 5.05 security updates
Henri Salo (Apr 02)
Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
Kevin Grittner (Apr 02)
Re: Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
Steffen Dettmer (Apr 04)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
Henri Salo (Apr 03)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
Kurt Seifried (Apr 03)
CVE-request: Joomla 2012-04 398-20120307 399-20120308
Henri Salo (Apr 03)
Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308
Kurt Seifried (Apr 03)
Fw: [vs] RPM issues
Tomas Hoger (Apr 03)
fix to CVE-2009-4307
akuster (Apr 03)
Re: fix to CVE-2009-4307
Kurt Seifried (Apr 04)
Re: fix to CVE-2009-4307
Xi Wang (Apr 04)
Re: fix to CVE-2009-4307
Petr Matousek (Apr 11)
Re: fix to CVE-2009-4307
Xi Wang (Apr 11)
Re: fix to CVE-2009-4307
Xi Wang (Jun 04)
Re: fix to CVE-2009-4307
akuster (Apr 04)
Re: fix to CVE-2009-4307
Kurt Seifried (Apr 12)
CVE request: privilege escalation in sectool
Vincent Danen (Apr 03)
Re: CVE request: privilege escalation in sectool
Kurt Seifried (Apr 04)
Re: Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1
Ludwig Nussel (Apr 04)
CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-2012-0259
Stefan Cornelius (Apr 04)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
Kurt Seifried (Apr 04)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
Tom Lane (Apr 04)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters
Kurt Seifried (Apr 04)
expat hash collision fix too predictable?
Marcus Meissner (Apr 05)
Re: expat hash collision fix too predictable?
Andreas Ericsson (Apr 05)
Re: expat hash collision fix too predictable?
Kurt Seifried (Apr 05)
CVE Request: slock-0.9 displays modal box after locking
Kurt Seifried (Apr 06)
Re: CVE Request: slock-0.9 displays modal box after locking
Kurt Seifried (Apr 06)
CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
Kurt Seifried (Apr 07)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
Greg Knaddison (Apr 10)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
Kurt Seifried (Apr 10)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
Greg Knaddison (Apr 11)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
Kurt Seifried (Apr 12)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)
Greg Knaddison (Apr 12)
libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173)
Solar Designer (Apr 07)
Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173)
Moritz Muehlenhoff (Apr 07)
CVE request: gajim - code execution and sql injection
David Black (Apr 08)
Re: CVE request: gajim - code execution and sql injection
Kurt Seifried (Apr 08)
Re: CVE request: gajim - code execution and sql injection
Carlos Alberto Lopez Perez (Apr 09)
Re: CVE request: gajim - code execution and sql injection
Kurt Seifried (Apr 09)
Re: CVE request: gajim - code execution and sql injection
Yves-Alexis Perez (Apr 09)
CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface
Kurt Seifried (Apr 08)
Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface
ISPConfig.org - Till Brehm (Apr 09)
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface
Kurt Seifried (Apr 09)
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface
ISPConfig.org - Till Brehm (Apr 10)
Dispute Taggator Plugin for WordPress taggator.php tagid Parameter SQL Injection
Henri Salo (Apr 09)
CVE id request for imagemagick, libpng and tiff
Nico Golde (Apr 10)
Re: CVE id request for imagemagick, libpng and tiff
Kurt Seifried (Apr 10)
Re: CVE id request for imagemagick, libpng and tiff
Nico Golde (Apr 10)
Re: CVE id request for imagemagick, libpng and tiff
Kurt Seifried (Apr 10)
CVE id request for links2
Nico Golde (Apr 10)
Re: CVE id request for links2
Huzaifa Sidhpurwala (Apr 10)
Re: CVE id request for links2
Kurt Seifried (Apr 10)
Re: CVE id request for links2
Nico Golde (Apr 12)
Re: CVE id request for links2
Kurt Seifried (May 06)
gajim insecure file creation when using latex
Nico Golde (Apr 10)
Re: gajim insecure file creation when using latex
Kurt Seifried (Apr 10)
CVE Request: cobbler (Ubuntu-specific)
Marc Deslauriers (Apr 10)
Re: CVE Request: cobbler (Ubuntu-specific)
Kurt Seifried (Apr 10)
CVE Request: FlightGear and Simgear Multiple vulnerabilities
Andres Gomez (Apr 10)
Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities
Kurt Seifried (Apr 10)
CVE id request: wicd
Nico Golde (Apr 11)
Re: CVE id request: wicd
Kurt Seifried (Apr 11)
Re: CVE id request: wicd
Sebastian Krahmer (Apr 16)
CVE Request for Drupal Contributed Advisories on 2012-04-11
Greg Knaddison (Apr 11)
Re: CVE Request for Drupal Contributed Advisories on 2012-04-11
Kurt Seifried (Apr 12)
CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
Henri Salo (Apr 12)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
Kurt Seifried (Apr 12)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
Henri Salo (Apr 13)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
Kurt Seifried (Apr 13)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
Henri Salo (Apr 15)
CVE request: cobbler lack of csrf protection, code execution
David Black (Apr 12)
Re: CVE request: cobbler lack of csrf protection, code execution
Jan Lieskovsky (Apr 12)
Re: CVE request: cobbler lack of csrf protection, code execution
David Black (Apr 12)
Re: CVE request: cobbler lack of csrf protection, code execution
Kurt Seifried (Apr 12)
nginx security advisory: mp4 module vulnerability, CVE-2012-2089
Andrew Alexeev (Apr 12)
CVE Request: Heap corruption in openjpeg
Huzaifa Sidhpurwala (Apr 13)
Re: CVE Request: Heap corruption in openjpeg
Jan Lieskovsky (Apr 13)
Re: CVE Request: Heap corruption in openjpeg
Kurt Seifried (Apr 13)
CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE
Stefan Cornelius (Apr 13)
Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE
Kurt Seifried (Apr 13)
CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4
Henri Salo (Apr 15)
Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4
Kurt Seifried (Apr 16)
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
YGN Ethical Hacker Group (Apr 15)
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities
YGN Ethical Hacker Group (Apr 15)
CVE Requests: Multiple security flaws in csound5
Huzaifa Sidhpurwala (Apr 16)
Re: CVE Requests: Multiple security flaws in csound5
Kurt Seifried (Apr 16)
Re: CVE Requests: Multiple security flaws in csound5
john ffitch (Apr 19)
CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS
Henri Salo (Apr 16)
Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS
Kurt Seifried (Apr 16)
CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi
Henri Salo (Apr 16)
Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi
Kurt Seifried (Apr 16)
CVE Request (minor) -- Two Munin graphing framework flaws
Jan Lieskovsky (Apr 16)
Re: CVE Request (minor) -- Two Munin graphing framework flaws
Kurt Seifried (Apr 16)
Re: CVE Request (minor) -- Two Munin graphing framework flaws
Helmut Grohne (Apr 17)
Re: CVE Request (minor) -- Two Munin graphing framework flaws
Kurt Seifried (Apr 18)
Re: CVE Request (minor) -- Two Munin graphing framework flaws
Helmut Grohne (Apr 18)
Re: CVE Request (minor) -- Two Munin graphing framework flaws
Kurt Seifried (Apr 19)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws
Kenyon Ralph (Apr 19)
Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws
Holger Levsen (Apr 19)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws
Steve Schnepp (Apr 27)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws
Kurt Seifried (Apr 29)
CVE-request: OpenEMR 4.1.0 SQL-injection
Henri Salo (Apr 17)
Re: CVE-request: OpenEMR 4.1.0 SQL-injection
Kurt Seifried (Apr 18)
Re: CVE-request: WordPress 3.1.1
Henri Salo (Apr 17)
Re: CVE-request: WordPress 3.1.1
Kurt Seifried (Apr 18)
Re: CVE-request: WordPress 3.1.1
Henri Salo (Apr 19)
Re: CVE-request: WordPress 3.1.1
Kurt Seifried (Apr 19)
<Possible follow-ups>
Re: CVE-request: WordPress 3.1.1
Henri Salo (Apr 17)
CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core
Henri Salo (Apr 17)
Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core
Kurt Seifried (Apr 18)
Acuity CMS 2.6.x <= Cross Site Scripting
YGN Ethical Hacker Group (Apr 17)
Stack-based buffer overflow in musl libc 0.8.7 and earlier
Rich Felker (Apr 18)
Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier
Kurt Seifried (Apr 18)
CVE request: Xorg input device format string flaw
Kees Cook (Apr 18)
Re: CVE request: Xorg input device format string flaw
Kurt Seifried (Apr 18)
Re: CVE request: Xorg input device format string flaw
Kees Cook (Apr 18)
Re: CVE request: Xorg input device format string flaw
Kurt Seifried (Apr 19)
CVE Request for Drupal Contributed Advisories on 2012-04-18
Greg Knaddison (Apr 18)
Re: CVE Request for Drupal Contributed Advisories on 2012-04-18
Kurt Seifried (Apr 19)
CVE request -- kernel: kvm: device assignment page leak
Petr Matousek (Apr 19)
Re: CVE request -- kernel: kvm: device assignment page leak
Kurt Seifried (Apr 19)
CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer
Jan Lieskovsky (Apr 19)
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer
Caolán McNamara (Apr 19)
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer
Miklos Vajna (Apr 19)
Re: Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer
Moritz Muehlenhoff (Apr 19)
CVE request: latex2man / texlive
Matthias Weckbecker (Apr 19)
Re: CVE request: latex2man / texlive
Kurt Seifried (Apr 19)
CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
Petr Matousek (Apr 19)
Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
Kurt Seifried (Apr 19)
CVE request: pid namespace leak in kernel 3.0 and 3.1
Marcus Meissner (Apr 19)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eugene Teo (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eric W. Biederman (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eugene Teo (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Pavel Emelyanov (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eric W. Biederman (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Pavel Emelyanov (Apr 21)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eric W. Biederman (Apr 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Marcus Meissner (Apr 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eric W. Biederman (Apr 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Marcus Meissner (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eric W. Biederman (Apr 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Marcus Meissner (Apr 22)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Kurt Seifried (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Marcus Meissner (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Kurt Seifried (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Andrew Morton (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
Eric W. Biederman (Apr 20)
CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used
Eugene Teo (Apr 20)
Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used
Kurt Seifried (Apr 20)
OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Solar Designer (Apr 20)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Solar Designer (Apr 22)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Solar Designer (Apr 22)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Tomas Hoger (Apr 24)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Tavis Ormandy (Apr 24)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Solar Designer (Apr 24)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
Tavis Ormandy (Apr 24)
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
pinto.elia () gmail com (Apr 20)
<Possible follow-ups>
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
pinto.elia () gmail com (Apr 20)
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
pinto.elia () gmail com (Apr 20)
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
pinto.elia () gmail com (Apr 20)
CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103
Stefan Cornelius (Apr 20)
CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version
Jan Lieskovsky (Apr 20)
Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version
Kurt Seifried (Apr 20)
CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data
Jan Lieskovsky (Apr 22)
Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data
Kurt Seifried (Apr 23)
Security vulnerabilities fixed in WordPress 3.3.2
Henri Salo (Apr 23)
Re: Security vulnerabilities fixed in WordPress 3.3.2
cve-assign (Apr 23)
Re: Re: Security vulnerabilities fixed in WordPress 3.3.2
Kurt Seifried (Apr 23)
Asterisk AST-2012-004 AST-2012-005 AST-2012-006
cve-assign (Apr 23)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
Florian Weimer (Apr 24)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
Sebastian Krahmer (Apr 24)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
Florian Weimer (Apr 24)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
Sebastian Krahmer (Apr 24)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
Florian Weimer (Apr 24)
CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
Ludwig Nussel (Apr 24)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
Kurt Seifried (Apr 24)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
Vincent Danen (Apr 30)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
Ludwig Nussel (May 02)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
Vincent Danen (May 02)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
Marc Deslauriers (Apr 30)
CVE Request: use after free bug in "quota" handling in hugetlb code
Marcus Meissner (Apr 24)
Re: CVE Request: use after free bug in "quota" handling in hugetlb code
Kurt Seifried (Apr 24)
CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap
Jan Lieskovsky (Apr 24)
Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap
Kurt Seifried (Apr 24)
CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
Kurt Seifried (Apr 25)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
Kurt Seifried (Apr 25)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
Henri Salo (Apr 25)
<Possible follow-ups>
CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
Kurt Seifried (Apr 25)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
Florian Weimer (Apr 25)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated
Henri Salo (Apr 25)
CERT Linux Triage Tools 1.0 Released INFO#208126
CERT(R) Coordination Center (Apr 25)
CVE request: two flaws fixed in rubygem-mail 2.4.4
Vincent Danen (Apr 25)
Re: CVE request: two flaws fixed in rubygem-mail 2.4.4
Kurt Seifried (Apr 26)
CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
Jan Lieskovsky (Apr 26)
Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
Kurt Seifried (Apr 26)
CVE Request: programming error in crypt(3)
Xin Li (Apr 26)
Re: CVE Request: programming error in crypt(3)
Kurt Seifried (Apr 27)
Re: CVE Request: programming error in crypt(3)
Eitan Adler (Apr 27)
Re: CVE Request: programming error in crypt(3)
Kurt Seifried (Apr 27)
Re: CVE Request: programming error in crypt(3)
Kurt Seifried (Apr 27)
Re: CVE Request: programming error in crypt(3)
Xin Li (Apr 27)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
Henri Salo (Apr 27)
<Possible follow-ups>
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
Henri Salo (May 04)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
Kurt Seifried (May 04)
weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Vincent Danen (Apr 27)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Florian Weimer (Apr 28)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Vincent Danen (Apr 30)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Florian Weimer (May 01)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Florian Weimer (May 01)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Vincent Danen (May 02)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)
Kurt Seifried (Apr 29)
CVE request: webcalendar before 1.2.5 XSS
Hanno Böck (Apr 28)
Re: CVE request: webcalendar before 1.2.5 XSS
Henri Salo (Apr 28)
Re: CVE request: webcalendar before 1.2.5 XSS
Henri Salo (Apr 30)
Page disclosure/cve updated in wiki
Henri Salo (Apr 29)
CVE-request: SilverStripe before 2.4.4
Henri Salo (Apr 30)
Re: CVE-request: SilverStripe before 2.4.4
Kurt Seifried (Apr 30)
Re: CVE-request: SilverStripe before 2.4.4
Kurt Seifried (May 01)
CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS
Hanno Böck (Apr 30)
Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS
Kurt Seifried (May 01)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Solar Designer (May 02)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
Steve Grubb (May 02)
CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service
Marcus Meissner (May 02)
Re: CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service
Kurt Seifried (May 02)
temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles
cve-assign (May 02)
CVE Request for Drupal contributed modules
Greg Knaddison (May 03)
Re: CVE Request for Drupal contributed modules
Kurt Seifried (May 03)
<Possible follow-ups>
CVE Request for Drupal contributed modules
Greg Knaddison (May 30)
Re: CVE Request for Drupal contributed modules
Greg Knaddison (Jun 04)
Re: CVE Request for Drupal contributed modules
Solar Designer (Jun 04)
Re: CVE Request for Drupal contributed modules
Greg Knaddison (Jun 04)
Re: CVE Request for Drupal contributed modules
Kurt Seifried (Jun 14)
Re: CVE Request for Drupal contributed modules
Henri Salo (Jun 15)
Re: CVE Request for Drupal contributed modules
Kurt Seifried (Jun 15)
Re: CVE Request for Drupal contributed modules
Steven M. Christey (Jun 27)
CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Marcus Meissner (May 03)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Marcus Meissner (May 04)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Steve Beattie (May 04)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Kurt Seifried (May 04)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Marcus Meissner (May 04)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Kurt Seifried (May 05)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Ludwig Nussel (May 04)
Security issue in libav/ffmpeg
Jamie Strandboge (May 03)
CVE Request: more tight ioctl permissions in dl2k driver
Marcus Meissner (May 04)
Re: CVE Request: more tight ioctl permissions in dl2k driver
Marcus Meissner (May 04)
Re: CVE Request: more tight ioctl permissions in dl2k driver
Kurt Seifried (May 04)
Re: CVE Request: more tight ioctl permissions in dl2k driver
Florian Weimer (May 04)
Re: CVE Request: more tight ioctl permissions in dl2k driver
Marcus Meissner (May 07)
Debian/Ubuntu php_crypt_revamped.patch
Solar Designer (May 04)
Re: Debian/Ubuntu php_crypt_revamped.patch
Kurt Seifried (May 04)
Re: Debian/Ubuntu php_crypt_revamped.patch
Solar Designer (May 04)
Re: Debian/Ubuntu php_crypt_revamped.patch
Daniel Kahn Gillmor (May 04)
Re: Debian/Ubuntu php_crypt_revamped.patch
Michael Gilbert (May 04)
Re: Debian/Ubuntu php_crypt_revamped.patch
Kurt Seifried (May 05)
CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module
Jan Lieskovsky (May 04)
Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module
Kurt Seifried (May 04)
PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
Solar Designer (May 04)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
Marcus Meissner (May 04)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
Mike O'Connor (May 04)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
Tomas Hoger (May 09)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
cve-assign (May 09)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
Kurt Seifried (May 09)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)
Vincent Danen (May 09)
[OSSA 2012-006] Horizon session fixation and reuse
Russell Bryant (May 05)
CVE request: A Pidgin remote crash
Mark Doliner (May 07)
Re: CVE request: A Pidgin remote crash
Kurt Seifried (May 07)
connman heads up / CVE requests
Sebastian Krahmer (May 07)
Re: connman heads up / CVE requests
Jan Lieskovsky (May 07)
Re: connman heads up / CVE requests
Sebastian Krahmer (May 07)
Re: connman heads up / CVE requests
Kurt Seifried (May 07)
Re: connman heads up / CVE requests
Sebastian Krahmer (May 09)
CVE request: Linux kernel: Buffer overflow in HFS plus filesystem
Timo Warns (May 07)
Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem
Kurt Seifried (May 07)
CVE Request: Pidgin XMPP remote crash (#62)
Kurt Seifried (May 07)
Re: CVE Request: Pidgin XMPP remote crash (#62)
Kurt Seifried (May 07)
Re: CVE Request: Pidgin XMPP remote crash (#62)
Kurt Seifried (May 07)
CVE request: mybb before 1.6.7
Hanno Böck (May 07)
Re: CVE request: mybb before 1.6.7
Kurt Seifried (May 07)
Re: CVE Request -- kernel: futex: clear robust_list on execve
Solar Designer (May 08)
Re: CVE Request -- kernel: futex: clear robust_list on execve
Solar Designer (May 08)
Re: CVE Request -- kernel: futex: clear robust_list on execve
Petr Matousek (May 09)
Re: CVE Request -- kernel: futex: clear robust_list on execve
Solar Designer (May 10)
Re: CVE Request -- kernel: futex: clear robust_list on execve
Petr Matousek (May 09)
CVE-request: MyBB before 1.6.1
Henri Salo (May 08)
Re: CVE-request: MyBB before 1.6.1
Kurt Seifried (May 08)
CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure
Alex Legler (May 08)
Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure
Kurt Seifried (May 08)
CVE request: Piwik before 1.7
Hanno Böck (May 08)
Re: CVE request: Piwik before 1.7
Kurt Seifried (May 09)
Re: CVE request: Piwik before 1.7
Henri Salo (May 13)
Re: CVE request: Piwik before 1.7
Hanno Böck (May 13)
Re: CVE request: Piwik before 1.7
Kurt Seifried (May 13)
Re: CVE request: Piwik before 1.7
Nicob (May 13)
Re: CVE request: Piwik before 1.7
Henri Salo (Jun 08)
CVE request: XSS and SQL injection in serendipity before 1.7.1
Hanno Böck (May 08)
Re: CVE request: XSS and SQL injection in serendipity before 1.7.1
Kurt Seifried (May 09)
CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
Stefan Cornelius (May 09)
Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
Solar Designer (May 10)
CVE-request: phpMyFAQ default password 1.3.2
Henri Salo (May 10)
Re: CVE-request: phpMyFAQ default password 1.3.2
Kurt Seifried (May 10)
CVE-request: galette sql injection
Johan Cwiklinski (May 10)
Re: CVE-request: galette sql injection
Kurt Seifried (May 11)
CVE Request for Drupal contributed modules - 2012-05-10
Greg Knaddison (May 10)
Re: CVE Request for Drupal contributed modules - 2012-05-10
Kurt Seifried (May 11)
CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE
Henri Salo (May 10)
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE
Kurt Seifried (May 11)
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE
Moritz Muehlenhoff (May 11)
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE
Kurt Seifried (May 12)
OpenSSL invalid TLS/DTLS record attack (CVE-2012-2333)
Solar Designer (May 11)
bug in OpenSSL's CVE-2012-0884 fix
Solar Designer (May 11)
CVE-2012-1597: XSS in eZ Publish
Luc ABRIC (May 11)
CVE request: sympa
micah anderson (May 11)
CVE request: sympa (try again)
micah (May 11)
ezmlm signature mangling [was: Re: CVE request: sympa (try again)]
Daniel Kahn Gillmor (May 12)
Re: ezmlm signature mangling [was: Re: CVE request: sympa (try again)]
Solar Designer (May 12)
Re: CVE request: sympa (try again)
Kurt Seifried (May 12)
Re: CVE request: sympa (try again)
micah anderson (May 12)
Re: CVE request: sympa (try again)
Kurt Seifried (May 12)
Re: CVE request: sympa (try again)
micah anderson (May 15)
Re: CVE request: sympa (try again)
Kurt Seifried (May 15)
CVE request: mahara
Moritz Muehlenhoff (May 11)
Re: CVE request: mahara
Kurt Seifried (May 12)
CVE request: pam_shield
Jonathan Niehof (May 11)
Re: CVE request: pam_shield
Kurt Seifried (May 12)
CVE request: Bytemark Symbiosis
Steve Kemp (May 14)
Re: CVE request: Bytemark Symbiosis
Kurt Seifried (May 14)
socat security advisory
Gerhard Rieger (May 14)
Automatic binary hardening with Autoconf
Solar Designer (May 15)
Re: Automatic binary hardening with Autoconf
Steve Grubb (May 15)
Re: Automatic binary hardening with Autoconf
Steve Grubb (May 15)
Re: Automatic binary hardening with Autoconf
Marcus Meissner (May 15)
Re: Automatic binary hardening with Autoconf
Sebastian Krahmer (May 15)
Using FreeBSD Capsicum for program and library sandboxing
Solar Designer (May 15)
Re: Using FreeBSD Capsicum for program and library sandboxing
Ben Laurie (May 15)
CVE Request: gdk-pixbuf Integer overflow in XBM file loader
Sean Amoss (May 15)
Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader
Kurt Seifried (May 15)
CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability
Henri Salo (May 15)
Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability
Kurt Seifried (May 16)
Format string security flaw in pidgin-otr
Ian Goldberg (May 16)
CVE Request: Planeshift buffer overflow
Andres Gomez (May 17)
Re: CVE Request: Planeshift buffer overflow
Kurt Seifried (May 17)
Re: CVE Request: Planeshift buffer overflow
Andres Gomez (May 17)
Re: CVE Request: Planeshift buffer overflow
Kurt Seifried (May 18)
Re: CVE Request: Planeshift buffer overflow
Andres Gomez (May 18)
Re: CVE Request: Planeshift buffer overflow
Kurt Seifried (May 18)
100 bugs in Open Source C/C++ projects
Eugene Teo (May 18)
CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
Petr Matousek (May 18)
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
Kurt Seifried (May 18)
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
akuster (May 24)
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition
Petr Matousek (May 24)
CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection
Jan Lieskovsky (May 18)
Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection
Kurt Seifried (May 18)
CVE Request -- kernel: incomplete fix for CVE-2011-4131
Petr Matousek (May 18)
Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131
Kurt Seifried (May 18)
sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337)
Solar Designer (May 18)
Re: sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337)
Jan Lieskovsky (May 18)
CVE-2012-2759 WordPress Login With Ajax plugin re-enlistment XSS
cve-assign (May 18)
CVE-2012-2762 Serendipity include/functions_trackbacks.inc.php SQL injection
cve-assign (May 18)
CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions
Michael Gilbert (May 18)
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions
Kurt Seifried (May 18)
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions
Michael Gilbert (May 21)
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions
Kurt Seifried (May 22)
Re: libupnp buffer overflows
Henri Salo (May 19)
RE: libupnp buffer overflows
fabrice.fontaine (May 19)
CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)
Kurt Seifried (May 20)
Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)
Kurt Seifried (May 20)
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
YGN Ethical Hacker Group (May 20)
Acuity CMS 2.6.x <= Arbitrary File Upload
YGN Ethical Hacker Group (May 20)
CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)
Tiago Natel de Moura (May 24)
CVE request: PHP Phar - arbitrary code execution
Felipe Pena (May 20)
Re: CVE request: PHP Phar - arbitrary code execution
Kurt Seifried (May 22)
CVE Request: some drm overflow checks
Marcus Meissner (May 21)
Re: CVE Request: some drm overflow checks
Kurt Seifried (May 22)
CVE-2011-3102 / libxml2
Moritz Muehlenhoff (May 21)
Re: CVE-2011-3102 / libxml2
Jan Lieskovsky (May 22)
CVE request: Serendipity before 1.6.2 SQL Injection
Hanno Böck (May 22)
Re: CVE request: Serendipity before 1.6.2 SQL Injection
Henri Salo (May 22)
Re: CVE request: Serendipity before 1.6.2 SQL Injection
Hanno Böck (May 22)
Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options
maximilian attems (May 22)
Re: Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options
Kurt Seifried (May 22)
Re: Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options
Kurt Seifried (May 22)
CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Jan Lieskovsky (May 22)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Kurt Seifried (May 22)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Stefan Cornelius (Jun 15)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Kurt Seifried (Jun 15)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Behdad Esfahbod (May 23)
<Possible follow-ups>
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Keith Winstein (May 22)
Re: Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
Kurt Seifried (May 23)
Moodle security notifications public
Michael de Raadt (May 23)
CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
Matthias Weckbecker (May 23)
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
Jan Lieskovsky (May 23)
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
Matthias Weckbecker (May 23)
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
Kurt Seifried (May 23)
CVE request: cobbler command injection
David Black (May 23)
Re: CVE request: cobbler command injection
Kurt Seifried (May 23)
CVE Request -- kernel: huge pages: memory leak on mmap failure
Petr Matousek (May 23)
Re: CVE Request -- kernel: huge pages: memory leak on mmap failure
Kurt Seifried (May 23)
CVE request: Multiple vulnerabilities in LogAnalyzer
Filippo Cavallarin (May 23)
Re: CVE request: Multiple vulnerabilities in LogAnalyzer
Kurt Seifried (May 23)
<Possible follow-ups>
CVE request: Multiple vulnerabilities in LogAnalyzer
Filippo Cavallarin (May 23)
CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10
Jan Lieskovsky (May 23)
Re: CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10
Kurt Seifried (May 23)
CVE request: haproxy trash buffer overflow flaw
Vincent Danen (May 23)
Re: CVE request: haproxy trash buffer overflow flaw
Kurt Seifried (May 23)
CVE Request: powerdns does not clear supplementary groups
David Black (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Kurt Seifried (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Steve Grubb (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Miloslav Trmac (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Kurt Seifried (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
David Black (May 25)
Re: CVE Request: powerdns does not clear supplementary groups
Solar Designer (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Kurt Seifried (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Solar Designer (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Steve Grubb (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Solar Designer (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Steve Grubb (May 24)
Re: CVE Request: powerdns does not clear supplementary groups
Christos Zoulas (May 25)
Re: CVE Request: powerdns does not clear supplementary groups
Kurt Seifried (May 25)
Re: CVE Request: powerdns does not clear supplementary groups
Peter van Dijk (May 25)
Re: CVE Request: powerdns does not clear supplementary groups
Kurt Seifried (May 25)
CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation
Dwayne C. Litzenberger (May 25)
CVE-2011-2906 should have been rejected (kernel non-security issue)
Vincent Danen (May 25)
Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue
Jan Lieskovsky (May 28)
Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification
Jan Lieskovsky (May 28)
Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification
Jan Lieskovsky (May 29)
Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification
Caolán McNamara (May 29)
linux-distros unsubscriptions
Mark J Cox (May 29)
Re: linux-distros unsubscriptions
Solar Designer (May 29)
CVE Request: XXE vulnerability in Restlet
Nicolas Grégoire (May 29)
Re: CVE Request: XXE vulnerability in Restlet
Kurt Seifried (May 29)
Re: CVE Request: XXE vulnerability in Restlet
Nicolas Grégoire (May 29)
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations
John Haxby (May 29)
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations
Kurt Seifried (May 29)
CVE id request: Multiple buffer overflow in unixODBC
Felipe Pena (May 29)
Re: CVE id request: Multiple buffer overflow in unixODBC
Kurt Seifried (May 29)
Re: CVE id request: Multiple buffer overflow in unixODBC
Tomas Hoger (May 30)
Re: CVE id request: Multiple buffer overflow in unixODBC
Henri Salo (May 30)
Re: CVE id request: Multiple buffer overflow in unixODBC
Kurt Seifried (May 30)
Re: CVE id request: Multiple buffer overflow in unixODBC
Felipe Pena (May 30)
Re: CVE id request: Multiple buffer overflow in unixODBC
Kurt Seifried (May 30)
Re: CVE id request: Multiple buffer overflow in unixODBC
Felipe Pena (May 30)
Re: CVE id request: Multiple buffer overflow in unixODBC
Tomas Hoger (May 31)
Re: CVE id request: Multiple buffer overflow in unixODBC
Kurt Seifried (Jun 06)
CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Florian Weimer (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (May 31)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (Jun 01)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (Jun 01)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (Jun 01)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (Jun 01)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (Jun 07)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Kurt Seifried (Jun 07)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
John Haxby (Jun 08)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
Stefan Behte (Jun 02)
Update of upstream patch links for AST-2012-007 / CVE-2012-2947 advisory needed
Jan Lieskovsky (May 30)
ScriptFu Server Buffer Overflow in GIMP <= 2.6
Joseph Sheridan (May 31)
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-2661)
Aaron Patterson (May 31)
Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660)
Aaron Patterson (May 31)
CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
Jan Lieskovsky (Jun 04)
Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
Kurt Seifried (Jun 04)
Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version
Kurt Seifried (Jun 05)
memory allocator upstream patches
Xi Wang (Jun 05)
Re: memory allocator upstream patches
Jan Lieskovsky (Jun 07)
Re: memory allocator upstream patches
Kurt Seifried (Jun 07)
BIND: Handling of zero length rdata can cause named to terminate unexpectedly
Solar Designer (Jun 05)
CVE request: openldap does not honor TLSCipherSuite configuration option
Vincent Danen (Jun 05)
Re: CVE request: openldap does not honor TLSCipherSuite configuration option
Kurt Seifried (Jun 06)
Re: CVE request: openldap does not honor TLSCipherSuite configuration option
Henri Salo (Jun 06)
CVE request: rack-cache caches sensitive headers (Set-Cookie)
Matthias Weckbecker (Jun 06)
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie)
Jan Lieskovsky (Jun 06)
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie)
Kurt Seifried (Jun 06)
Arbitrary File Upload/Execution in Collabtive
Mark Hoopes (Jun 06)
Re: Arbitrary File Upload/Execution in Collabtive
Kurt Seifried (Jun 06)
Re: Arbitrary File Upload/Execution in Collabtive
Kurt Seifried (Jun 06)
CVE-Request: hyper-v daemon
Sebastian Krahmer (Jun 06)
Re: CVE-Request: hyper-v daemon
Kurt Seifried (Jun 06)
Re: CVE-Request: hyper-v daemon
Kurt Seifried (Jun 06)
Re: CVE-Request: hyper-v daemon
Greg KH (Jun 07)
Re: CVE-Request: hyper-v daemon
Marcus Meissner (Jun 07)
Re: CVE-Request: hyper-v daemon
Greg KH (Jun 07)
Re: CVE-Request: hyper-v daemon
Marcus Meissner (Jun 07)
CVE request: Mojarra allows deployed web applications to read FacesContext from other applications
David Jorm (Jun 07)
Re: CVE request: Mojarra allows deployed web applications to read FacesContext from other applications
Kurt Seifried (Jun 07)
Some notes on CVE's and group privilege dropping
Kurt Seifried (Jun 07)
WHMCS 5.0.2> SQLi CVE Request
Dex (Jun 07)
<Possible follow-ups>
Re: WHMCS 5.0.2> SQLi CVE Request
Dex (Jun 07)
Re: Re: WHMCS 5.0.2> SQLi CVE Request
Kurt Seifried (Jun 11)
CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11
David Hicks (Jun 09)
Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11
Kurt Seifried (Jun 11)
Security vulnerability in MySQL/MariaDB sql/password.c
Sergei Golubchik (Jun 09)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c)
Tomas Hoger (Jun 18)
Re: MySQL CVEs
Kurt Seifried (Jun 19)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c)
Tomas Hoger (Jun 27)
CVE request -- libguestfs: virt-edit doesn't preserve file permissions
Petr Matousek (Jun 11)
Re: CVE request -- libguestfs: virt-edit doesn't preserve file permissions
Kurt Seifried (Jun 11)
CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
Petr Matousek (Jun 11)
Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
Kurt Seifried (Jun 11)
Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation
Xen . org security team (Jun 12)
Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS
Xen . org security team (Jun 12)
Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
Xen . org security team (Jun 12)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
Florian Weimer (Jun 14)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
Giles Coochey (Jun 15)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
Florian Weimer (Jun 15)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
John Haxby (Jun 15)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
Marcus Meissner (Jun 20)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121)
Florian Weimer (Jun 24)
Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2694)
Aaron Patterson (Jun 12)
Ruby on Rails SQL Injection (CVE-2012-2695)
Aaron Patterson (Jun 12)
CVE request: XSS in uselang http parameter (mediawiki)
Vincent Danen (Jun 14)
Re: CVE request: XSS in uselang http parameter (mediawiki)
Kurt Seifried (Jun 14)
CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network
Huzaifa Sidhpurwala (Jun 15)
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network
Kurt Seifried (Jun 15)
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network
Yves-Alexis Perez (Jun 15)
CVE-2012-3345: symlink attack in ioquake3 >= r1773, < r2253
Simon McVittie (Jun 15)
CVE request: java hashdos vulnerability
Hanno Böck (Jun 15)
Re: CVE request: java hashdos vulnerability
Kurt Seifried (Jun 17)
CVE request: phplist before 2.10.18 XSS and sql injection
Hanno Böck (Jun 16)
Re: CVE request: phplist before 2.10.18 XSS and sql injection
Kurt Seifried (Jun 17)
CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key
Jan Lieskovsky (Jun 18)
Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key
Kurt Seifried (Jun 18)
Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key
Steven M. Christey (Jun 19)
Joomla! Security News 2012-06-19
Henri Salo (Jun 19)
Re: Joomla! Security News 2012-06-19
Kurt Seifried (Jun 19)
mod_security CVE request
Kurt Seifried (Jun 22)
Re: mod_security CVE request
Kurt Seifried (Jun 22)
CVE request: CSRF in eXtplorer
Luciano Bello (Jun 24)
Re: CVE request: CSRF in eXtplorer
Kurt Seifried (Jun 25)
Re: CVE request: CSRF in eXtplorer
Moritz Muehlenhoff (Jun 25)
Re: CVE request: CSRF in eXtplorer
Kurt Seifried (Jun 27)
Re: CVE request: CSRF in eXtplorer
Luciano Bello (Jun 26)
CVE request: Full path disclosure in DokuWiki
Felipe Pena (Jun 24)
Re: CVE request: Full path disclosure in DokuWiki
Kurt Seifried (Jun 25)
Xen vulnerability disclosure process, recent timeline
Solar Designer (Jun 25)
CVE Request: viewvc
Ludwig Nussel (Jun 25)
Re: CVE Request: viewvc
Kurt Seifried (Jun 25)
CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
Jan Lieskovsky (Jun 25)
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
Jan Lieskovsky (Jun 25)
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
Kurt Seifried (Jun 25)
XXE in Zend
Nicolas Grégoire (Jun 26)
Re: XXE in Zend
Nicolas Grégoire (Jun 26)
Re: XXE in Zend
Kurt Seifried (Jun 27)
CVE-2012-2639 reject request (duplicate of CVE-2011-4940)
Jan Lieskovsky (Jun 26)
CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect
Jan Lieskovsky (Jun 27)
Re: CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect
Kurt Seifried (Jun 29)
please verify unusual x.509 constraints are handled
Tavis Ormandy (Jun 27)
Re: please verify unusual x.509 constraints are handled
Ludwig Nussel (Jun 27)
Re: please verify unusual x.509 constraints are handled
Tim (Jun 27)
CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI
Kurt Seifried (Jun 27)
Re: CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI
Kurt Seifried (Jun 27)
CVE request: arbitrary code exec in bcfg2
Vincent Danen (Jun 27)
Re: CVE request: arbitrary code exec in bcfg2
Kurt Seifried (Jun 28)
PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Kurt Seifried (Jun 28)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Pierre Joye (Jun 28)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Kurt Seifried (Jun 28)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Oden Eriksson (Jun 28)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Matthias Weckbecker (Jun 28)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Johannes Schlüter (Jun 28)
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Stuart Henderson (Jun 28)
RE: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Zeev Suraski (Jun 28)
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Kurt Seifried (Jun 28)
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Rasmus Lerdorf (Jun 28)
accountsservice local file disclosure flaw (CVE-2012-2737)
Vincent Danen (Jun 28)
Irfanview Plugins JLS Decompression
Joseph Sheridan (Jun 29)
GIMP FIT File Format DoS
Joseph Sheridan (Jun 29)
RE: GIMP FIT File Format DoS
Morris, Patrick (Jun 29)
Re: RE: GIMP FIT File Format DoS
Benji (Jun 30)
Previous period
Next period
[
Nmap
|
Sec Tools
|
Mailing Lists
|
Site News
|
About/Contact
|
Advertising
|
Privacy
]
RSS Feed
About List
All Lists
Previous period