Home page logo
/

549 messages starting Oct 23 12 and ending Dec 02 12
Date index | Thread index | Author index

Agostino Sarubbo

Wrong affected version in the CVE-2012-4511 Agostino Sarubbo (Oct 23)

akuster

Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 09)

Amos Benari

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 Amos Benari (Dec 20)

Andrea Barisani

[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 23)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 27)

Andreas Ericsson

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)

Andres Gomez

CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez (Oct 29)

Andrés Gómez Ramírez

CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
CVE Request: Gimp memory corruption vulnerability Andrés Gómez Ramírez (Nov 21)

Angie Byron

Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)

Attila Bogár

Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Attila Bogár (Nov 22)

Breno Silva

Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Breno Silva (Oct 18)

Caolán McNamara

Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Caolán McNamara (Nov 02)

Chris Coulson

CVE request: use-after-free in libunity-webapps Chris Coulson (Oct 28)

Christey, Steven M.

RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Christey, Steven M. (Oct 30)
RE: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Christey, Steven M. (Nov 05)
RE: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Christey, Steven M. (Nov 09)

Colomban Wendling

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Colomban Wendling (Dec 13)

cve-assign

Re: CVE Request: QT CRIME vulnerability cve-assign (Oct 08)
Re: Fwd: IPv6 DOS vulnerabilities cve-assign (Oct 10)
CVE-2012-5377 through CVE-2012-5383: Windows PATH issues affecting some open-source products cve-assign (Oct 11)
VLC 2.0.3 libpng_plugin CVE-2012-5470 cve-assign (Oct 24)
Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
Dokeos 2.1.1 XSS CVE-2012-5776 cve-assign (Nov 02)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix cve-assign (Nov 09)
Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings cve-assign (Nov 12)
VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855 cve-assign (Nov 12)
HT Editor 2.0.20 buffer overflows CVE-2012-5867 cve-assign (Nov 14)
Re: CVE request: mantis before 1.2.12 cve-assign (Nov 16)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure cve-assign (Nov 16)
CVE-2012-6302 Soapbox 0.3.1 sandbox bypass cve-assign (Dec 10)
CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows cve-assign (Dec 10)
CVE-2012-6306 HCView Write Access Violation with GIF file cve-assign (Dec 10)
CVE-2012-6307 JPEGsnoop Write Access Violation with JPEG file cve-assign (Dec 10)
CVE-2012-6309 Arctic Torrent crash with .torrent file cve-assign (Dec 10)
Re: CVE request: perl-modules cve-assign (Dec 12)
CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues cve-assign (Dec 13)

Daniel Kahn Gillmor

Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
Re: Remote file inclusion by office applications Daniel Kahn Gillmor (Dec 13)

David Black

Re: TTY handling when executing code in different lower-privileged context (su, virt containers) David Black (Nov 06)

David Holland

Isearch insecure temporary files David Holland (Dec 21)
Re: Isearch insecure temporary files David Holland (Dec 21)

David Jorm

CVE request: XSS is Google Web Toolkit (GWT) David Jorm (Oct 30)
Re: CVE Request -- axis2, axis2c David Jorm (Nov 07)
CVE Request: slowloris for tomcat David Jorm (Nov 26)

Derek Martin

Re: rssh: incorrect filtering of command line options Derek Martin (Nov 28)

Eitan Adler

CVE Request: gitolite path traversal vulnerability Eitan Adler (Oct 10)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Eitan Adler (Oct 17)
Re: Medium severity flaw with Perl 5 Eitan Adler (Oct 27)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Eitan Adler (Dec 13)

Emanuele

Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Emanuele (Dec 31)

Fabian Keil

Re: CVE request: ruby file creation due in insertion of illegal NUL character Fabian Keil (Oct 17)
Re: CVE request: Curl insecure usage Fabian Keil (Nov 29)

Florian Weimer

Re: operator new[] overflow checking in G++ Florian Weimer (Nov 05)
CVE request: TYPO3-CORE-SA-2012-005 Florian Weimer (Nov 10)
Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 14)
Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 23)
Robust XML validation Florian Weimer (Dec 12)
Re: Remote file inclusion by office applications Florian Weimer (Dec 14)
Re: Robust XML validation Florian Weimer (Dec 14)
Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 19)

Forest Monsen

CVE Request for Drupal Contributed Modules Forest Monsen (Nov 18)
Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
CVE request for Drupal contributed modules Forest Monsen (Nov 29)
CVE request for Drupal core, and contributed modules Forest Monsen (Dec 19)

Frank Lanitz

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Frank Lanitz (Dec 12)

Frédéric Basse

[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse (Dec 19)
Re: [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse (Dec 20)

Gary Driggs

Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Gary Driggs (Oct 21)

George Kargiotakis

Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Nov 14)

Greg KH

Re: Linux kernel handling of IPv6 temporary addresses Greg KH (Nov 14)
Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 19)
Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 19)

Greg Knaddison

Re: CVE request: Drupal SA-CORE-2012-003 Greg Knaddison (Oct 29)
Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)

Guido Berhoerster

Re: Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster (Nov 14)
Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Guido Berhoerster (Nov 19)

halfdog

Re: Re: CVE for Virtualbox 0x8 DoS? halfdog (Oct 18)
TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 05)
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 06)
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 06)

Hanno Böck

CVE request: XSS in piwik before 1.9 Hanno Böck (Oct 21)
CVE request: awstats before 7.1 awredir.pl vulnerability Hanno Böck (Oct 25)
CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
Re: CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
CVE request: opus codec before 1.0.2 Hanno Böck (Dec 11)
Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
CVE request (maybe): magento before 1.7.0.2 Hanno Böck (Dec 31)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Hanno Böck (Dec 31)

Henri Salo

CVE-request for piwigo issues (second request) Henri Salo (Oct 06)
CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo (Oct 07)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Oct 08)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo (Oct 10)
CVE request: Zenphoto admin-news-articles.php date parameter XSS Henri Salo (Oct 11)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Henri Salo (Oct 18)
Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)
Re: Request for linux-distros () vs openwall org membership Henri Salo (Nov 05)
Re: CVE request: thttpd: Denial of Service (App. crash, local) Henri Salo (Dec 12)
Re: Isearch insecure temporary files Henri Salo (Dec 30)
Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Henri Salo (Dec 31)

Huzaifa Sidhpurwala

CVE Rejection: CVE-2012-5239 - Wireshark DRDA dissector infinite loop Huzaifa Sidhpurwala (Oct 03)
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Huzaifa Sidhpurwala (Nov 02)
gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers Huzaifa Sidhpurwala (Nov 06)
libtiff: Stack based buffer overflow when handling DOTRANGE tags Huzaifa Sidhpurwala (Nov 28)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Huzaifa Sidhpurwala (Dec 02)
CVE request: Mysql/Mariadb insecure salt-usage Huzaifa Sidhpurwala (Dec 05)
CVE Request - Multiple security fixes in freetype - 2.4.11 Huzaifa Sidhpurwala (Dec 25)
CVE Request: Charybdis and ircd-ratbox remote crash flaw Huzaifa Sidhpurwala (Jan 01)

Ignatios Souvatzis

CVE id request: xlockmore vulnerability: local access Ignatios Souvatzis (Oct 17)

Jamie Strandboge

CVE Request: owncloud Jamie Strandboge (Nov 30)
CVE request: perl-modules Jamie Strandboge (Dec 11)

Jan Lieskovsky

CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Jan Lieskovsky (Oct 03)
CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Jan Lieskovsky (Oct 05)
CVE Request -- librdmacm (one issue) / ibacm (two issues) Jan Lieskovsky (Oct 11)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Jan Lieskovsky (Oct 18)
CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky (Oct 18)
CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Jan Lieskovsky (Nov 02)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Jan Lieskovsky (Nov 06)
CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Jan Lieskovsky (Nov 07)
CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky (Nov 10)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky (Nov 10)
CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings Jan Lieskovsky (Nov 10)
CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)
Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky (Nov 14)
CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Jan Lieskovsky (Nov 14)
CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Jan Lieskovsky (Nov 15)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky (Nov 20)
CVE Request -- android-tools (server): Insecure temporary file used for logging Jan Lieskovsky (Nov 23)
CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Jan Lieskovsky (Nov 23)
CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky (Nov 23)
CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Jan Lieskovsky (Nov 26)
CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Jan Lieskovsky (Nov 26)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Jan Lieskovsky (Nov 27)
CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Jan Lieskovsky (Nov 29)
CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Jan Lieskovsky (Dec 03)
CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Jan Lieskovsky (Dec 04)
Due to Nagios (core) 3.4.3 history.cgi crash (fulldisclosure/2012/Dec/107 post) Jan Lieskovsky (Dec 12)
Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 12)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 13)
CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Jan Lieskovsky (Dec 17)
CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Jan Lieskovsky (Dec 18)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Jan Lieskovsky (Dec 19)

Jason A. Donenfeld

CVE Request: cgit command injection Jason A. Donenfeld (Oct 28)
Fwd: [ANNOUNCE] CGIT v0.9.1 Released Jason A. Donenfeld (Nov 15)
CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 28)
Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)

Jérôme Benoit

Claws-mail security issue in message processing Jérôme Benoit (Oct 09)
CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Jérôme Benoit (Oct 09)

John Haxby

Re: Request for linux-distros () vs openwall org membership John Haxby (Nov 06)

Josh Bressers

Re: password hashing Josh Bressers (Oct 08)
Re: password hashing Josh Bressers (Oct 10)
Strange CVE situation (at least one ID should come of this) Josh Bressers (Oct 26)
Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 06)

Joshua Brauer

CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)

Kees Cook

Linux kernel stack memory content leak via UNAME26 Kees Cook (Oct 09)

king cope

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 04)

Kurt Seifried

Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Oct 02)
Re: CVE Request: QT CRIME vulnerability Kurt Seifried (Oct 03)
Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Kurt Seifried (Oct 03)
Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
Re: cgit: heap buffer overflow Kurt Seifried (Oct 03)
Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
Re: CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Kurt Seifried (Oct 04)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 04)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 04)
Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Kurt Seifried (Oct 05)
Re: CVE Request: html2ps Kurt Seifried (Oct 05)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 07)
Re: CVE Request: gitolite path traversal vulnerability Kurt Seifried (Oct 10)
Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Kurt Seifried (Oct 10)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 10)
Re: CVE request: libsocialweb untrusted connection to flickr Kurt Seifried (Oct 11)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
Re: CVE request: sSMTP doesn't validate server certificates Kurt Seifried (Oct 11)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
Re: CVE Request -- librdmacm (one issue) / ibacm (two issues) Kurt Seifried (Oct 11)
Re: CVE request: Zenphoto admin-news-articles.php date parameter XSS Kurt Seifried (Oct 11)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 17)
Re: CVE id request: xlockmore vulnerability: local access Kurt Seifried (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
Re: CVE request: piwigo XSS in password.php Kurt Seifried (Oct 18)
Re: CVE-request for piwigo issues (second request) Kurt Seifried (Oct 18)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Kurt Seifried (Oct 18)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Kurt Seifried (Oct 18)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Kurt Seifried (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() Kurt Seifried (Oct 19)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 19)
CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried (Oct 21)
Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried (Oct 21)
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 23)
Re: Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 23)
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 24)
Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried (Oct 26)
Re: CVE Request: cgit command injection Kurt Seifried (Oct 28)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
Re: CVE request: use-after-free in libunity-webapps Kurt Seifried (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried (Oct 30)
Re: CVE Request: Django Kurt Seifried (Oct 30)
Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 30)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried (Oct 31)
Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Kurt Seifried (Oct 31)
Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 31)
Re: Re: CVE request: LetoDMS, more issues Kurt Seifried (Oct 31)
Re: CVE Request: Python keyring Kurt Seifried (Oct 31)
Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Kurt Seifried (Nov 02)
Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Kurt Seifried (Nov 02)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 05)
Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 05)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 05)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 06)
Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 06)
Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Kurt Seifried (Nov 09)
Re: CVE request --- acceptation of overlapping ipv6 fragments Kurt Seifried (Nov 09)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 10)
Re: CVE request: TYPO3-CORE-SA-2012-005 Kurt Seifried (Nov 11)
Re: Privilege escalation (lpadmin -> root) in cups Kurt Seifried (Nov 11)
Re: CVE request -- vdsm: certificate generation upon node creation Kurt Seifried (Nov 11)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Kurt Seifried (Nov 11)
Re: Gajim fails to handle invalid certificates Kurt Seifried (Nov 14)
Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Kurt Seifried (Nov 14)
Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried (Nov 14)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Nov 14)
Re: Vulnerabilities in Oki CUPS printer drivers Kurt Seifried (Nov 14)
Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Kurt Seifried (Nov 15)
Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Kurt Seifried (Nov 19)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Kurt Seifried (Nov 23)
Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Kurt Seifried (Nov 23)
Re: CVE Request -- android-tools (server): Insecure temporary file used for logging Kurt Seifried (Nov 23)
Re: CVE Request: slowloris for tomcat Kurt Seifried (Nov 26)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Kurt Seifried (Nov 26)
Re: tor DoS via SENDME cells Kurt Seifried (Nov 26)
Re: CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Kurt Seifried (Nov 26)
Re: CVE Request: Gimp memory corruption vulnerability Kurt Seifried (Nov 27)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 27)
Re: CVE Request: Python keyring Kurt Seifried (Nov 27)
Re: CVE Request: Python keyring Kurt Seifried (Nov 27)
Re: CVE request: libproxy issue Kurt Seifried (Nov 27)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Kurt Seifried (Nov 28)
Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 29)
Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Kurt Seifried (Nov 29)
Re: CVE Request: owncloud Kurt Seifried (Nov 30)
Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 03)
Re: CVE request for Ushahidi security vulnerability 2012-008 Kurt Seifried (Dec 04)
Re: CVE request: TSK misrepresents "." files on FAT filesystems Kurt Seifried (Dec 04)
Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Kurt Seifried (Dec 04)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 04)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Dec 04)
Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Kurt Seifried (Dec 04)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 05)
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Dec 05)
Re: CVE request: Mysql/Mariadb insecure salt-usage Kurt Seifried (Dec 06)
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Dec 10)
Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)
Re: CVE request: perl-modules Kurt Seifried (Dec 11)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Kurt Seifried (Dec 13)
Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 13)
Re: Remote file inclusion by office applications Kurt Seifried (Dec 14)
CVE for tog-pegasus Hash DoS issue from 2011 Kurt Seifried (Dec 14)
Re: CVE request: thttpd: Denial of Service (App. crash, local) Kurt Seifried (Dec 15)
Re: pacemaker strcmp Kurt Seifried (Dec 15)
Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Kurt Seifried (Dec 17)
Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Kurt Seifried (Dec 17)
Django 1.3.5, Django 1.4.3, and Django 1.5 beta 2 Security Update Kurt Seifried (Dec 17)
Re: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Kurt Seifried (Dec 18)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 19)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 19)
Re: Plug-and-wipe and Secure Boot semantics Kurt Seifried (Dec 19)
Re: CVE request for Drupal core, and contributed modules Kurt Seifried (Dec 20)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 20)
Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Kurt Seifried (Dec 20)
Re: Isearch insecure temporary files Kurt Seifried (Dec 21)
Re: CVE request: ownCloud Kurt Seifried (Dec 22)
Re: CVE Request: grep Kurt Seifried (Dec 22)
Re: CVE Request - Multiple security fixes in freetype - 2.4.11 Kurt Seifried (Dec 25)
Re: CVE request: Curl insecure usage Kurt Seifried (Dec 27)
Re: CVE request: Jenkins Kurt Seifried (Dec 28)
Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 29)
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Kurt Seifried (Dec 30)
Re: Inkscape reads .eps files from /tmp instead of the current directory Kurt Seifried (Dec 30)
Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 30)
Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Kurt Seifried (Dec 30)
Re: CVE request: MoinMoin Wiki (XSS in rss link) Kurt Seifried (Dec 30)
Re: CVE request: MoinMoin Wiki (path traversal vulnerability) Kurt Seifried (Dec 30)
Re: TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Dec 30)
Re: About CVE-2012-5645 Kurt Seifried (Dec 30)
Re: Isearch insecure temporary files Kurt Seifried (Dec 30)
2012 close out/cleanup Kurt Seifried (Dec 30)
Re: Isearch insecure temporary files Kurt Seifried (Dec 31)
Re: About CVE-2012-5645 Kurt Seifried (Dec 31)
Re: CVE Request: Charybdis and ircd-ratbox remote crash flaw Kurt Seifried (Jan 01)
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Kurt Seifried (Jan 01)
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Jan 01)

Kurt Seiifried

Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Kurt Seiifried (Nov 13)
Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 14)
Re: Gajim fails to handle invalid certificates Kurt Seiifried (Nov 14)

Laurent Bigonville

CVE request: sSMTP doesn't validate server certificates Laurent Bigonville (Oct 10)

Ludwig Nussel

Re: Linux kernel handling of IPv6 temporary addresses Ludwig Nussel (Dec 05)

Lukas Reschke

Re: [security] [oss-security] CVE Request: owncloud Lukas Reschke (Dec 01)
CVE request: ownCloud Lukas Reschke (Dec 22)

Marc Deslauriers

CVE Request: html2ps Marc Deslauriers (Oct 05)
CVE Request: Python keyring Marc Deslauriers (Oct 05)
CVE Request: Python keyring Marc Deslauriers (Nov 16)
Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)

Marc Heuse

Fwd: IPv6 DOS vulnerabilities Marc Heuse (Oct 10)

Marcus Meissner

Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Marcus Meissner (Nov 02)
Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Marcus Meissner (Nov 06)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Marcus Meissner (Nov 13)

Marko Lindqvist

About CVE-2012-5645 Marko Lindqvist (Dec 22)
Re: About CVE-2012-5645 Marko Lindqvist (Dec 30)

Matthew Brush

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Matthew Brush (Dec 13)

Matthew Wilkes

Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 07)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 09)

Matthias Andree

CVE-2012-5468: bogofilter-SA-2012-01 Matthias Andree (Dec 03)

Matthias Weckbecker

Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 16)
CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Matthias Weckbecker (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 18)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Matthias Weckbecker (Nov 22)
Re: CVE Request: Python keyring Matthias Weckbecker (Nov 22)
CVE request: libproxy issue Matthias Weckbecker (Nov 27)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker (Dec 04)
CVE request: thttpd: Denial of Service (App. crash, local) Matthias Weckbecker (Dec 12)

Matthieu Aubry

Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 23)
Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 23)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Nov 19)

Michael Gilbert

Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)

Michael Tokarev

CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 19)
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 29)

Michal Ambroz

Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Michal Ambroz (Nov 14)

Moritz Muehlenhoff

Re: CVE Request: html2ps Moritz Muehlenhoff (Oct 07)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Moritz Muehlenhoff (Oct 18)
CVE request: Drupal SA-CORE-2012-003 Moritz Muehlenhoff (Oct 29)
CVE request: Curl insecure usage Moritz Muehlenhoff (Nov 26)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Moritz Muehlenhoff (Dec 04)
Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Dec 26)
CVE request: Jenkins Moritz Muehlenhoff (Dec 27)

Moritz Mühlenhoff

Re: CVE Request: Django Moritz Mühlenhoff (Oct 29)
Re: CVE request: Curl insecure usage Moritz Mühlenhoff (Nov 29)

Moritz Naumann

Re: Security issue in icecast Moritz Naumann (Nov 26)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Moritz Naumann (Dec 31)

Mustapha Rabiu

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Mustapha Rabiu (Jan 01)

Nicolas Grégoire

CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Nicolas Grégoire (Dec 17)

Paul Eggert

Re: CVE Request: grep Paul Eggert (Dec 22)

Peter Bex

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Peter Bex (Dec 13)

Petr Matousek

CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Petr Matousek (Oct 03)
CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure Petr Matousek (Oct 25)
CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Petr Matousek (Oct 31)
CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set Petr Matousek (Nov 06)
CVE request --- acceptation of overlapping ipv6 fragments Petr Matousek (Nov 08)
CVE request -- vdsm: certificate generation upon node creation Petr Matousek (Nov 10)
CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 10)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 13)

P J P

CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 19)
Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 20)

Premchand Koneru

Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 05)
Re: Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 12)

Ralf Schlatterbeck

Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Ralf Schlatterbeck (Nov 10)
Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Ralf Schlatterbeck (Nov 15)

Raphael Geissert

Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Oct 02)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Oct 02)
CVE request: LetoDMS, more issues Raphael Geissert (Oct 06)
CVE request: piwigo XSS in password.php Raphael Geissert (Oct 06)
CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Raphael Geissert (Oct 15)
CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 17)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Raphael Geissert (Oct 19)
Re: Strange CVE situation (at least one ID should come of this) Raphael Geissert (Oct 30)
Re: CVE Request: Python keyring Raphael Geissert (Oct 30)
Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 30)
Re: CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 30)
Re: Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 31)

Reed Loden

YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 05)

Ricardo Mones

CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 15)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 28)

Robbie MacKay

Re: CVE request for Ushahidi Robbie MacKay (Oct 07)
CVE request for Ushahidi security vulnerability 2012-008 Robbie Mackay (Nov 30)

Russell Bryant

[OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 07)
Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 08)
[OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 Russell Bryant (Nov 09)

Salvatore Bonaccorso

Inkscape reads .eps files from /tmp instead of the current directory Salvatore Bonaccorso (Dec 29)

Sean Amoss

VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Sean Amoss (Oct 29)
libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss (Oct 30)
Re: Privilege escalation (lpadmin -> root) in cups Sean Amoss (Nov 13)

Sebastian Krahmer

Re: CVE-2012-5532 hypervkvpd DoS Sebastian Krahmer (Nov 28)

Sergei Golubchik

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 03)
Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik (Dec 05)

Seth Arnold

CVE Request: QT CRIME vulnerability Seth Arnold (Oct 03)
Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
CVE Request: Django Seth Arnold (Oct 29)
CVE Request -- axis2, axis2c Seth Arnold (Nov 07)
CVE Request: grep Seth Arnold (Dec 22)

Simon .

pacemaker strcmp Simon . (Dec 13)

Simon McVittie

Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 18)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)

Solar Designer

password hashing Solar Designer (Oct 06)
Re: password hashing Solar Designer (Oct 09)
Re: Fwd: IPv6 DOS vulnerabilities Solar Designer (Oct 10)
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Solar Designer (Oct 21)
Re: CVE request: XSS in piwik before 1.9 Solar Designer (Oct 23)
CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow Solar Designer (Oct 26)
Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 10)
Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 15)

Stefan Bühler

lighttpd 1.4.32 released, fixing CVE-2012-5533 Stefan Bühler (Nov 21)

Steven M. Christey

Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Nov 01)
Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey (Nov 02)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Steven M. Christey (Nov 20)
Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Steven M. Christey (Nov 27)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Steven M. Christey (Dec 03)
Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Steven M. Christey (Dec 13)

Stuart Henderson

Re: CVE request: XSS in piwik before 1.9 Stuart Henderson (Oct 24)

Thierry Carrez

[OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571) Thierry Carrez (Nov 28)
[OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563) Thierry Carrez (Nov 28)
[OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625) Thierry Carrez (Dec 11)

Tilmann Haak

CVE request: MoinMoin Wiki (remote code execution vulnerability) Tilmann Haak (Dec 29)
CVE request: MoinMoin Wiki (XSS in rss link) Tilmann Haak (Dec 29)
CVE request: MoinMoin Wiki (path traversal vulnerability) Tilmann Haak (Dec 29)

Tim

Re: CVE request: ruby file creation due in insertion of illegal NUL character Tim (Oct 17)
Re: Robust XML validation Tim (Dec 13)

Tim Brown

Security contact for scan-view component of clang Tim Brown (Oct 05)
Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Tim Brown (Oct 10)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Tim Brown (Oct 21)
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Tim Brown (Oct 21)
Medium severity flaw with Perl 5 Tim Brown (Oct 26)
Medium risk security flaws in Konqueror Tim Brown (Oct 30)
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
Re: Remote file inclusion by office applications Tim Brown (Dec 14)

Timo Warns

[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation Timo Warns (Oct 08)
CVE request: TSK misrepresents "." files on FAT filesystems Timo Warns (Dec 01)
Re: Robust XML validation Timo Warns (Dec 13)
Remote file inclusion by office applications Timo Warns (Dec 13)
Re: Remote file inclusion by office applications Timo Warns (Dec 13)
Re: Robust XML validation Timo Warns (Dec 13)

Todd C. Miller

Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Todd C. Miller (Nov 06)

Tomas Hoger

libproxy PAC downloading buffer overflows Tomas Hoger (Oct 12)
Re: libproxy PAC downloading buffer overflows Tomas Hoger (Oct 16)
Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
IcedTea-Web CVE-2012-4540 Tomas Hoger (Nov 07)
Re: CVE request: libproxy issue Tomas Hoger (Nov 27)

Tyler Hicks

CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 02)
Re: CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 03)

U.Nakamura

Re: CVE request: ruby file creation due in insertion of illegal NUL character U.Nakamura (Oct 16)

Vincent Danen

CVE-2012-3504: insecure temporary file usage in genkey perl script Vincent Danen (Oct 02)
CVE request: libsocialweb untrusted connection to flickr Vincent Danen (Oct 10)
Re: CVE request: sSMTP doesn't validate server certificates Vincent Danen (Oct 11)
CVE request: ruby file creation due in insertion of illegal NUL character Vincent Danen (Oct 12)
Re: CVE request: awstats before 7.1 awredir.pl vulnerability Vincent Danen (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 31)
CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Vincent Danen (Nov 01)
libssh 0.5.3 release fixes multiple security issues Vincent Danen (Nov 20)
tor DoS via SENDME cells Vincent Danen (Nov 26)
CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 03)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 04)
Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 06)
Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 06)
CVE-2012-5617: gksu-polkit privileged code execution with unprivileged credentials Vincent Danen (Dec 12)
CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Vincent Danen (Dec 17)
CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Vincent Danen (Dec 20)

Vincent Untz

Security flaw in cups-pk-helper (CVE-2012-4510) Vincent Untz (Oct 12)

vladz

Re: TTY handling when executing code in different lower-privileged context (su, virt containers) vladz (Nov 06)

Xen . org security team

Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team (Oct 26)
Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 25 (CVE-2012-4544,CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team (Nov 13)
Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability Xen . org security team (Dec 03)
Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak Xen . org security team (Dec 03)
Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs Xen . org security team (Dec 03)
Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values Xen . org security team (Dec 03)
Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Xen . org security team (Dec 03)
Xen Security Advisory 29 (CVE-2012-5513) - XENMEM_exchange may overwrite hypervisor memory Xen . org security team (Dec 03)
Xen Security Advisory 30 (CVE-2012-5514) - Broken error handling in guest_physmap_mark_populate_on_demand() Xen . org security team (Dec 03)

y33t

Gajim fails to handle invalid certificates y33t (Nov 11)

YGN Ethical Hacker Group

SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection YGN Ethical Hacker Group (Oct 14)
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Oct 14)
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection YGN Ethical Hacker Group (Oct 20)

Yves-Alexis Perez

Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 11)
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 11)
rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 28)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Yves-Alexis Perez (Dec 02)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]