Nmap Security Scanner
Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Advertising
About/Contact
Sponsors:
oss-sec
: by thread
RSS Feed
About List
All Lists
Previous period
Next period
549 messages
starting
Oct 02 12 and
ending
Jan 01 13
Date index
| Thread index |
Author index
Re: CVE request - mcrypt buffer overflow flaw
Raphael Geissert (Oct 02)
Re: CVE request - mcrypt buffer overflow flaw
Kurt Seifried (Oct 02)
Re: CVE request - mcrypt buffer overflow flaw
Raphael Geissert (Oct 02)
CVE-2012-3504: insecure temporary file usage in genkey perl script
Vincent Danen (Oct 02)
CVE Request: Ruby safe level bypasses
Tyler Hicks (Oct 02)
Re: CVE Request: Ruby safe level bypasses
Kurt Seifried (Oct 03)
Re: CVE Request: Ruby safe level bypasses
Tyler Hicks (Oct 03)
Re: CVE Request: Ruby safe level bypasses
Kurt Seifried (Oct 03)
CVE Request: QT CRIME vulnerability
Seth Arnold (Oct 03)
Re: CVE Request: QT CRIME vulnerability
Kurt Seifried (Oct 03)
Re: CVE Request: QT CRIME vulnerability
cve-assign (Oct 08)
CVE Rejection: CVE-2012-5239 - Wireshark DRDA dissector infinite loop
Huzaifa Sidhpurwala (Oct 03)
CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files
Jan Lieskovsky (Oct 03)
Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files
Kurt Seifried (Oct 03)
Re: cgit: heap buffer overflow
Kurt Seifried (Oct 03)
CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec]
Petr Matousek (Oct 03)
Re: CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec]
Kurt Seifried (Oct 04)
CVE Request for Drupal Contributed Modules
Joshua Brauer (Oct 04)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Oct 04)
Re: CVE Request for Drupal Contributed Modules
Joshua Brauer (Oct 04)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Oct 04)
<Possible follow-ups>
CVE Request for Drupal Contributed Modules
Joshua Brauer (Oct 04)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Oct 07)
Re: CVE Request for Drupal Contributed Modules
Steven M. Christey (Nov 01)
Re: CVE Request for Drupal Contributed Modules
Greg Knaddison (Nov 05)
CVE Request for Drupal Contributed Modules
Forest Monsen (Nov 18)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Nov 20)
Re: CVE Request for Drupal Contributed Modules
Forest Monsen (Nov 20)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Nov 26)
Re: CVE Request for Drupal Contributed Modules
Forest Monsen (Nov 26)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Nov 27)
CVE request for Drupal contributed modules
Forest Monsen (Nov 29)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Nov 29)
CVE Request: html2ps
Marc Deslauriers (Oct 05)
Re: CVE Request: html2ps
Kurt Seifried (Oct 05)
Re: CVE Request: html2ps
Moritz Muehlenhoff (Oct 07)
CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
Jan Lieskovsky (Oct 05)
Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
Kurt Seifried (Oct 05)
Security contact for scan-view component of clang
Tim Brown (Oct 05)
CVE Request: Python keyring
Marc Deslauriers (Oct 05)
Re: CVE Request: Python keyring
Raphael Geissert (Oct 30)
Re: CVE Request: Python keyring
Kurt Seifried (Oct 31)
<Possible follow-ups>
CVE Request: Python keyring
Marc Deslauriers (Nov 16)
Re: CVE Request: Python keyring
Marc Deslauriers (Nov 19)
Re: CVE Request: Python keyring
Matthias Weckbecker (Nov 22)
Re: CVE Request: Python keyring
Kurt Seifried (Nov 27)
Re: CVE Request: Python keyring
Kurt Seifried (Nov 27)
CVE request: LetoDMS, more issues
Raphael Geissert (Oct 06)
Re: CVE request: LetoDMS, more issues
Raphael Geissert (Oct 30)
Re: Re: CVE request: LetoDMS, more issues
Kurt Seifried (Oct 31)
Re: Re: CVE request: LetoDMS, more issues
Raphael Geissert (Oct 31)
CVE request: piwigo XSS in password.php
Raphael Geissert (Oct 06)
Re: CVE request: piwigo XSS in password.php
Kurt Seifried (Oct 18)
CVE-request for piwigo issues (second request)
Henri Salo (Oct 06)
Re: CVE-request for piwigo issues (second request)
Kurt Seifried (Oct 18)
password hashing
Solar Designer (Oct 06)
Re: password hashing
Josh Bressers (Oct 08)
Re: password hashing
Solar Designer (Oct 09)
Re: password hashing
Josh Bressers (Oct 10)
CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7
Henri Salo (Oct 07)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7
Kurt Seifried (Oct 10)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7
Henri Salo (Oct 10)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7
Kurt Seifried (Oct 19)
Re: CVE request for Ushahidi
Robbie MacKay (Oct 07)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005)
Henri Salo (Oct 08)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005)
Kurt Seifried (Nov 14)
[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation
Timo Warns (Oct 08)
Claws-mail security issue in message processing
Jérôme Benoit (Oct 09)
CVE Request -- claws-mail -- NULL pointer derefence while processing email content.
Jérôme Benoit (Oct 09)
Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content.
Kurt Seifried (Oct 10)
Linux kernel stack memory content leak via UNAME26
Kees Cook (Oct 09)
CVE Request: gitolite path traversal vulnerability
Eitan Adler (Oct 10)
Re: CVE Request: gitolite path traversal vulnerability
Kurt Seifried (Oct 10)
CVE request: sSMTP doesn't validate server certificates
Laurent Bigonville (Oct 10)
Re: CVE request: sSMTP doesn't validate server certificates
Vincent Danen (Oct 11)
Re: CVE request: sSMTP doesn't validate server certificates
Kurt Seifried (Oct 11)
Fwd: IPv6 DOS vulnerabilities
Marc Heuse (Oct 10)
Re: Fwd: IPv6 DOS vulnerabilities
Solar Designer (Oct 10)
Re: Fwd: IPv6 DOS vulnerabilities
cve-assign (Oct 10)
CVE request: libsocialweb untrusted connection to flickr
Vincent Danen (Oct 10)
Re: CVE request: libsocialweb untrusted connection to flickr
Kurt Seifried (Oct 11)
Pre-advisory for Konqueror 4.7.3 (other versions may be affected)
Tim Brown (Oct 10)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)
Kurt Seifried (Oct 11)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)
Kurt Seifried (Oct 11)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)
Kurt Seifried (Oct 11)
CVE-2012-5377 through CVE-2012-5383: Windows PATH issues affecting some open-source products
cve-assign (Oct 11)
CVE request: Zenphoto admin-news-articles.php date parameter XSS
Henri Salo (Oct 11)
Re: CVE request: Zenphoto admin-news-articles.php date parameter XSS
Kurt Seifried (Oct 11)
CVE Request -- librdmacm (one issue) / ibacm (two issues)
Jan Lieskovsky (Oct 11)
Re: CVE Request -- librdmacm (one issue) / ibacm (two issues)
Kurt Seifried (Oct 11)
libproxy PAC downloading buffer overflows
Tomas Hoger (Oct 12)
Re: libproxy PAC downloading buffer overflows
Kurt Seifried (Oct 12)
Re: libproxy PAC downloading buffer overflows
Matthias Weckbecker (Oct 12)
Re: libproxy PAC downloading buffer overflows
Kurt Seifried (Oct 12)
Re: libproxy PAC downloading buffer overflows
Tomas Hoger (Oct 16)
Security flaw in cups-pk-helper (CVE-2012-4510)
Vincent Untz (Oct 12)
CVE request: ruby file creation due in insertion of illegal NUL character
Vincent Danen (Oct 12)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Kurt Seifried (Oct 13)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
U.Nakamura (Oct 16)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Matthias Weckbecker (Oct 16)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Daniel Kahn Gillmor (Oct 16)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Fabian Keil (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Matthias Weckbecker (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Kurt Seifried (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Simon McVittie (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Kurt Seifried (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Matthias Weckbecker (Oct 18)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Simon McVittie (Oct 18)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Simon McVittie (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Eitan Adler (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character
Tim (Oct 17)
SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection
YGN Ethical Hacker Group (Oct 14)
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability
YGN Ethical Hacker Group (Oct 14)
CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Raphael Geissert (Oct 15)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Kurt Seifried (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Michael Gilbert (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Kurt Seifried (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Michael Gilbert (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Kurt Seifried (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Michael Gilbert (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Kurt Seifried (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Michael Gilbert (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Henri Salo (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Moritz Muehlenhoff (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
Tim Brown (Oct 21)
CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass
Matthias Weckbecker (Oct 17)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass
Kurt Seifried (Oct 18)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass
Jan Lieskovsky (Oct 18)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass
Breno Silva (Oct 18)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass
Kurt Seifried (Oct 18)
CVE request: radsecproxy incorrect x.509 certificate validation
Raphael Geissert (Oct 17)
Re: CVE request: radsecproxy incorrect x.509 certificate validation
Kurt Seifried (Oct 17)
Re: CVE request: radsecproxy incorrect x.509 certificate validation
Raphael Geissert (Oct 30)
Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation
Kurt Seifried (Oct 31)
CVE id request: xlockmore vulnerability: local access
Ignatios Souvatzis (Oct 17)
Re: CVE id request: xlockmore vulnerability: local access
Kurt Seifried (Oct 17)
CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Jan Lieskovsky (Oct 18)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Kurt Seifried (Oct 18)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Steven M. Christey (Nov 20)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Jan Lieskovsky (Nov 20)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Matthias Weckbecker (Nov 22)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Attila Bogár (Nov 22)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
Raphael Geissert (Oct 19)
Re: Re: CVE for Virtualbox 0x8 DoS?
halfdog (Oct 18)
CVE Request -- kernel stack disclosure in binfmt_script load_script()
P J P (Oct 19)
Re: CVE Request -- kernel stack disclosure in binfmt_script load_script()
Kurt Seifried (Oct 19)
Re: CVE Request -- kernel stack disclosure in binfmt_script load_script()
P J P (Oct 20)
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
YGN Ethical Hacker Group (Oct 20)
Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
Gary Driggs (Oct 21)
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
Tim Brown (Oct 21)
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection
Solar Designer (Oct 21)
CVE Request: viewvc 1.1.5 lib/viewvc.py XSS
Kurt Seifried (Oct 21)
Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS
Kurt Seifried (Oct 21)
CVE request: XSS in piwik before 1.9
Hanno Böck (Oct 21)
Re: CVE request: XSS in piwik before 1.9
Kurt Seifried (Oct 22)
Re: CVE request: XSS in piwik before 1.9
Matthieu Aubry (Oct 23)
Re: CVE request: XSS in piwik before 1.9
Kurt Seifried (Oct 23)
Re: Re: CVE request: XSS in piwik before 1.9
Kurt Seifried (Oct 23)
Re: CVE request: XSS in piwik before 1.9
Solar Designer (Oct 23)
Re: CVE request: XSS in piwik before 1.9
Matthieu Aubry (Oct 23)
Re: CVE request: XSS in piwik before 1.9
Kurt Seifried (Oct 24)
Re: CVE request: XSS in piwik before 1.9
Stuart Henderson (Oct 24)
Wrong affected version in the CVE-2012-4511
Agostino Sarubbo (Oct 23)
VLC 2.0.3 libpng_plugin CVE-2012-5470
cve-assign (Oct 24)
CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure
Petr Matousek (Oct 25)
CVE request: awstats before 7.1 awredir.pl vulnerability
Hanno Böck (Oct 25)
Re: CVE request: awstats before 7.1 awredir.pl vulnerability
Kurt Seifried (Oct 26)
Re: CVE request: awstats before 7.1 awredir.pl vulnerability
Vincent Danen (Oct 29)
Medium severity flaw with Perl 5
Tim Brown (Oct 26)
Re: Medium severity flaw with Perl 5
Eitan Adler (Oct 27)
Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
Xen . org security team (Oct 26)
Strange CVE situation (at least one ID should come of this)
Josh Bressers (Oct 26)
Re: Strange CVE situation (at least one ID should come of this)
Kurt Seifried (Oct 29)
Re: Strange CVE situation (at least one ID should come of this)
Seth Arnold (Oct 29)
Re: Strange CVE situation (at least one ID should come of this)
Kurt Seifried (Oct 30)
Re: Strange CVE situation (at least one ID should come of this)
Steven M. Christey (Oct 30)
Re: Strange CVE situation (at least one ID should come of this)
Henri Salo (Oct 30)
Re: Strange CVE situation (at least one ID should come of this)
Kurt Seifried (Oct 30)
Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this)
Greg Knaddison (Oct 31)
Re: Strange CVE situation (at least one ID should come of this)
Kurt Seifried (Oct 30)
Re: Strange CVE situation (at least one ID should come of this)
Steven M. Christey (Oct 31)
Re: Strange CVE situation (at least one ID should come of this)
Josh Bressers (Nov 02)
Re: Strange CVE situation (at least one ID should come of this)
cve-assign (Nov 02)
Re: Strange CVE situation (at least one ID should come of this)
Raphael Geissert (Oct 30)
Re: Strange CVE situation (at least one ID should come of this)
Kurt Seifried (Dec 04)
Re: Strange CVE situation (at least one ID should come of this)
Vincent Danen (Dec 06)
Re: Strange CVE situation (at least one ID should come of this)
Josh Bressers (Dec 06)
Re: Strange CVE situation (at least one ID should come of this)
Vincent Danen (Dec 06)
CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow
Solar Designer (Oct 26)
CVE Request: cgit command injection
Jason A. Donenfeld (Oct 28)
Re: CVE Request: cgit command injection
Kurt Seifried (Oct 28)
CVE request: use-after-free in libunity-webapps
Chris Coulson (Oct 28)
Re: CVE request: use-after-free in libunity-webapps
Kurt Seifried (Oct 29)
CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Andres Gomez (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Kurt Seifried (Oct 29)
<Possible follow-ups>
CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Andrés Gómez Ramírez (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Kurt Seifried (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Vincent Danen (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Andrés Gómez Ramírez (Oct 29)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow
Vincent Danen (Oct 31)
CVE request: Drupal SA-CORE-2012-003
Moritz Muehlenhoff (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003
Kurt Seifried (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003
Angie Byron (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003
Angie Byron (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003
Greg Knaddison (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003
Kurt Seifried (Oct 30)
VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
Sean Amoss (Oct 29)
RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
Christey, Steven M. (Oct 30)
CVE Request: Django
Seth Arnold (Oct 29)
Re: CVE Request: Django
Moritz Mühlenhoff (Oct 29)
Re: CVE Request: Django
Kurt Seifried (Oct 30)
CVE request: XSS is Google Web Toolkit (GWT)
David Jorm (Oct 30)
Re: CVE request: XSS is Google Web Toolkit (GWT)
Kurt Seifried (Oct 30)
Re: CVE request: XSS is Google Web Toolkit (GWT)
Kurt Seifried (Oct 31)
Medium risk security flaws in Konqueror
Tim Brown (Oct 30)
libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)
Sean Amoss (Oct 30)
Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)
Steven M. Christey (Nov 02)
CVE Request -- kernel: net: divide by zero in tcp algorithm illinois
Petr Matousek (Oct 31)
Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois
Kurt Seifried (Oct 31)
CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org
Vincent Danen (Nov 01)
Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org
Marcus Meissner (Nov 02)
Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org
Caolán McNamara (Nov 02)
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
Huzaifa Sidhpurwala (Nov 02)
Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
Kurt Seifried (Nov 02)
CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name
Jan Lieskovsky (Nov 02)
Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name
Kurt Seifried (Nov 02)
Dokeos 2.1.1 XSS CVE-2012-5776
cve-assign (Nov 02)
YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Reed Loden (Nov 04)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Kurt Seifried (Nov 05)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Reed Loden (Nov 05)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Kurt Seifried (Nov 05)
RE: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Christey, Steven M. (Nov 05)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Jan Lieskovsky (Nov 06)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
Kurt Seifried (Nov 06)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure
cve-assign (Nov 16)
Request for linux-distros () vs openwall org membership
Premchand Koneru (Nov 05)
Re: Request for linux-distros () vs openwall org membership
Henri Salo (Nov 05)
Re: Request for linux-distros () vs openwall org membership
Kurt Seifried (Nov 05)
Re: Request for linux-distros () vs openwall org membership
Tomas Hoger (Nov 06)
Re: Request for linux-distros () vs openwall org membership
akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership
John Haxby (Nov 06)
Re: Request for linux-distros () vs openwall org membership
Tomas Hoger (Nov 06)
Re: Request for linux-distros () vs openwall org membership
akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership
Kurt Seifried (Nov 06)
Re: Request for linux-distros () vs openwall org membership
akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership
akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership
akuster (Nov 09)
Re: Request for linux-distros () vs openwall org membership
Solar Designer (Nov 10)
Re: Request for linux-distros () vs openwall org membership
Premchand Koneru (Nov 12)
Re: Request for linux-distros () vs openwall org membership
Solar Designer (Nov 15)
Re: operator new[] overflow checking in G++
Florian Weimer (Nov 05)
TTY handling when executing code in different lower-privileged context (su, virt containers)
halfdog (Nov 05)
Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
vladz (Nov 06)
Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
halfdog (Nov 06)
Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
halfdog (Nov 06)
<Possible follow-ups>
Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
David Black (Nov 06)
Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
Marcus Meissner (Nov 06)
Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
Todd C. Miller (Nov 06)
gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
Huzaifa Sidhpurwala (Nov 06)
CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set
Petr Matousek (Nov 06)
CVE Request -- axis2, axis2c
Seth Arnold (Nov 07)
Re: CVE Request -- axis2, axis2c
David Jorm (Nov 07)
CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
Jan Lieskovsky (Nov 07)
Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
Matthew Wilkes (Nov 07)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
Kurt Seifried (Nov 09)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
cve-assign (Nov 09)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
Matthew Wilkes (Nov 09)
RE: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
Christey, Steven M. (Nov 09)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
Kurt Seifried (Nov 10)
IcedTea-Web CVE-2012-4540
Tomas Hoger (Nov 07)
[OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)
Russell Bryant (Nov 07)
Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)
Russell Bryant (Nov 08)
Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)
Kurt Seifried (Nov 09)
CVE request --- acceptation of overlapping ipv6 fragments
Petr Matousek (Nov 08)
Re: CVE request --- acceptation of overlapping ipv6 fragments
Kurt Seifried (Nov 09)
[OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1
Russell Bryant (Nov 09)
CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version
Jan Lieskovsky (Nov 10)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version
Jan Lieskovsky (Nov 10)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version
Ralf Schlatterbeck (Nov 10)
Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version
Kurt Seifried (Nov 14)
Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version
Ralf Schlatterbeck (Nov 15)
CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings
Jan Lieskovsky (Nov 10)
Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings
cve-assign (Nov 12)
Privilege escalation (lpadmin -> root) in cups
Yves-Alexis Perez (Nov 10)
Re: Privilege escalation (lpadmin -> root) in cups
Yves-Alexis Perez (Nov 10)
Re: Privilege escalation (lpadmin -> root) in cups
Yves-Alexis Perez (Nov 11)
Re: Privilege escalation (lpadmin -> root) in cups
Kurt Seifried (Nov 11)
Re: Privilege escalation (lpadmin -> root) in cups
Yves-Alexis Perez (Nov 11)
Re: Privilege escalation (lpadmin -> root) in cups
Sean Amoss (Nov 13)
CVE request: TYPO3-CORE-SA-2012-005
Florian Weimer (Nov 10)
Re: CVE request: TYPO3-CORE-SA-2012-005
Kurt Seifried (Nov 11)
CVE request -- vdsm: certificate generation upon node creation
Petr Matousek (Nov 10)
Re: CVE request -- vdsm: certificate generation upon node creation
Kurt Seifried (Nov 11)
CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
Petr Matousek (Nov 10)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
Kurt Seifried (Nov 11)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
Marcus Meissner (Nov 13)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
Petr Matousek (Nov 13)
Gajim fails to handle invalid certificates
y33t (Nov 11)
Re: Gajim fails to handle invalid certificates
Kurt Seiifried (Nov 14)
Re: Gajim fails to handle invalid certificates
Florian Weimer (Nov 14)
Re: Gajim fails to handle invalid certificates
Kurt Seifried (Nov 14)
Re: Gajim fails to handle invalid certificates
Florian Weimer (Nov 23)
VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855
cve-assign (Nov 12)
Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability
Xen . org security team (Nov 13)
Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability
Xen . org security team (Nov 13)
Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability
Xen . org security team (Nov 13)
Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability
Xen . org security team (Nov 13)
Xen Security Advisory 25 (CVE-2012-4544,CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
Xen . org security team (Nov 13)
Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability
Xen . org security team (Nov 13)
CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
Jan Lieskovsky (Nov 13)
Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
Kurt Seiifried (Nov 13)
CVE request: mantis before 1.2.12
Hanno Böck (Nov 13)
Re: CVE request: mantis before 1.2.12
Kurt Seiifried (Nov 13)
Re: CVE request: mantis before 1.2.12
Hanno Böck (Nov 13)
Re: CVE request: mantis before 1.2.12
cve-assign (Nov 16)
Re: CVE request: mantis before 1.2.12
Kurt Seiifried (Nov 14)
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
Tim Brown (Nov 13)
Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
Tim Brown (Nov 13)
Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
Jan Lieskovsky (Nov 14)
Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
Michal Ambroz (Nov 14)
CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
Jan Lieskovsky (Nov 14)
Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
Kurt Seifried (Nov 14)
Linux kernel handling of IPv6 temporary addresses
George Kargiotakis (Nov 14)
Re: Linux kernel handling of IPv6 temporary addresses
Greg KH (Nov 14)
Re: Linux kernel handling of IPv6 temporary addresses
Kurt Seifried (Dec 05)
Re: Linux kernel handling of IPv6 temporary addresses
Ludwig Nussel (Dec 05)
Re: Vulnerabilities in Oki CUPS printer drivers
Kurt Seifried (Nov 14)
Re: Vulnerabilities in Oki CUPS printer drivers
Guido Berhoerster (Nov 14)
HT Editor 2.0.20 buffer overflows CVE-2012-5867
cve-assign (Nov 14)
Fwd: [ANNOUNCE] CGIT v0.9.1 Released
Jason A. Donenfeld (Nov 15)
CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers
Jan Lieskovsky (Nov 15)
Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers
Kurt Seifried (Nov 15)
CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
Ricardo Mones (Nov 15)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
Vincent Danen (Nov 28)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
Kurt Seifried (Nov 28)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
Ricardo Mones (Nov 28)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface
Vincent Danen (Nov 28)
Moodle security notifications public
Michael de Raadt (Nov 19)
Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1]
Guido Berhoerster (Nov 19)
Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1]
Kurt Seifried (Nov 19)
libssh 0.5.3 release fixes multiple security issues
Vincent Danen (Nov 20)
lighttpd 1.4.32 released, fixing CVE-2012-5533
Stefan Bühler (Nov 21)
CVE Request: Gimp memory corruption vulnerability
Andrés Gómez Ramírez (Nov 21)
Re: CVE Request: Gimp memory corruption vulnerability
Kurt Seifried (Nov 27)
CVE Request -- android-tools (server): Insecure temporary file used for logging
Jan Lieskovsky (Nov 23)
Re: CVE Request -- android-tools (server): Insecure temporary file used for logging
Kurt Seifried (Nov 23)
CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws
Jan Lieskovsky (Nov 23)
Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws
Kurt Seifried (Nov 23)
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
Andrea Barisani (Nov 23)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
Jan Lieskovsky (Nov 27)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
Andrea Barisani (Nov 27)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
Steven M. Christey (Nov 27)
CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.
Jan Lieskovsky (Nov 23)
Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.
Kurt Seifried (Nov 23)
CVE Request: slowloris for tomcat
David Jorm (Nov 26)
Re: CVE Request: slowloris for tomcat
Kurt Seifried (Nov 26)
Re: Security issue in icecast
Moritz Naumann (Nov 26)
CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges
Jan Lieskovsky (Nov 26)
Re: CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges
Kurt Seifried (Nov 26)
CVE request: Curl insecure usage
Moritz Muehlenhoff (Nov 26)
Re: CVE request: Curl insecure usage
Kurt Seifried (Nov 26)
Re: CVE request: Curl insecure usage
Steven M. Christey (Nov 27)
Re: CVE request: Curl insecure usage
Kurt Seifried (Nov 28)
Re: CVE request: Curl insecure usage
Kurt Seifried (Nov 28)
Re: CVE request: Curl insecure usage
Fabian Keil (Nov 29)
Re: CVE request: Curl insecure usage
Moritz Mühlenhoff (Nov 29)
Re: CVE request: Curl insecure usage
Moritz Muehlenhoff (Dec 26)
Re: CVE request: Curl insecure usage
Kurt Seifried (Dec 27)
tor DoS via SENDME cells
Vincent Danen (Nov 26)
Re: tor DoS via SENDME cells
Kurt Seifried (Nov 26)
CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526)
Jan Lieskovsky (Nov 26)
Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526)
Kurt Seifried (Nov 26)
CVE request: libproxy issue
Matthias Weckbecker (Nov 27)
Re: CVE request: libproxy issue
Tomas Hoger (Nov 27)
Re: CVE request: libproxy issue
Kurt Seifried (Nov 27)
CVE-2012-5532 hypervkvpd DoS
Vincent Danen (Nov 27)
Re: CVE-2012-5532 hypervkvpd DoS
Vincent Danen (Nov 27)
Re: CVE-2012-5532 hypervkvpd DoS
Vincent Danen (Nov 27)
Re: CVE-2012-5532 hypervkvpd DoS
Sebastian Krahmer (Nov 28)
rssh: incorrect filtering of command line options
Yves-Alexis Perez (Nov 27)
Re: rssh: incorrect filtering of command line options
Yves-Alexis Perez (Nov 27)
Re: rssh: incorrect filtering of command line options
Derek Martin (Nov 28)
Re: rssh: incorrect filtering of command line options
Yves-Alexis Perez (Nov 28)
libtiff: Stack based buffer overflow when handling DOTRANGE tags
Huzaifa Sidhpurwala (Nov 28)
[OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)
Thierry Carrez (Nov 28)
[OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)
Thierry Carrez (Nov 28)
CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes
Jan Lieskovsky (Nov 29)
Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes
Kurt Seifried (Nov 29)
CVE request for Ushahidi security vulnerability 2012-008
Robbie Mackay (Nov 30)
Re: CVE request for Ushahidi security vulnerability 2012-008
Kurt Seifried (Dec 04)
CVE Request: owncloud
Jamie Strandboge (Nov 30)
Re: CVE Request: owncloud
Kurt Seifried (Nov 30)
Re: [security] [oss-security] CVE Request: owncloud
Lukas Reschke (Dec 01)
<Possible follow-ups>
CVE request: ownCloud
Lukas Reschke (Dec 22)
Re: CVE request: ownCloud
Kurt Seifried (Dec 22)
CVE request: TSK misrepresents "." files on FAT filesystems
Timo Warns (Dec 01)
Re: CVE request: TSK misrepresents "." files on FAT filesystems
Kurt Seifried (Dec 04)
Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Kurt Seifried (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Sergei Golubchik (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Huzaifa Sidhpurwala (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Sergei Golubchik (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
king cope (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Yves-Alexis Perez (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
king cope (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Sergei Golubchik (Dec 03)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
king cope (Dec 04)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Steven M. Christey (Dec 03)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Kurt Seifried (Dec 03)
CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
Vincent Danen (Dec 03)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
Kurt Seifried (Dec 04)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
Matthias Weckbecker (Dec 04)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
Moritz Muehlenhoff (Dec 04)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
Vincent Danen (Dec 04)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11)
Kurt Seifried (Dec 05)
CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name
Jan Lieskovsky (Dec 03)
Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name
Kurt Seifried (Dec 04)
Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability
Xen . org security team (Dec 03)
Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
Xen . org security team (Dec 03)
Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs
Xen . org security team (Dec 03)
Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values
Xen . org security team (Dec 03)
Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs
Xen . org security team (Dec 03)
Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs
Steven M. Christey (Dec 13)
Xen Security Advisory 29 (CVE-2012-5513) - XENMEM_exchange may overwrite hypervisor memory
Xen . org security team (Dec 03)
Xen Security Advisory 30 (CVE-2012-5514) - Broken error handling in guest_physmap_mark_populate_on_demand()
Xen . org security team (Dec 03)
CVE-2012-5468: bogofilter-SA-2012-01
Matthias Andree (Dec 03)
CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection
Jan Lieskovsky (Dec 04)
Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection
Kurt Seifried (Dec 04)
CVE request: Mysql/Mariadb insecure salt-usage
Huzaifa Sidhpurwala (Dec 05)
Re: CVE request: Mysql/Mariadb insecure salt-usage
Sergei Golubchik (Dec 05)
Re: CVE request: Mysql/Mariadb insecure salt-usage
Kurt Seifried (Dec 06)
CVE-2012-6302 Soapbox 0.3.1 sandbox bypass
cve-assign (Dec 10)
CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows
cve-assign (Dec 10)
CVE-2012-6306 HCView Write Access Violation with GIF file
cve-assign (Dec 10)
CVE-2012-6307 JPEGsnoop Write Access Violation with JPEG file
cve-assign (Dec 10)
CVE-2012-6309 Arctic Torrent crash with .torrent file
cve-assign (Dec 10)
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
Kurt Seifried (Dec 10)
Re: TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
Kurt Seifried (Dec 30)
CVE request: opus codec before 1.0.2
Hanno Böck (Dec 11)
Re: CVE request: opus codec before 1.0.2
Kurt Seifried (Dec 11)
Re: CVE request: opus codec before 1.0.2
Hanno Böck (Dec 13)
Re: CVE request: opus codec before 1.0.2
Kurt Seifried (Dec 13)
CVE request: perl-modules
Jamie Strandboge (Dec 11)
Re: CVE request: perl-modules
Kurt Seifried (Dec 11)
<Possible follow-ups>
Re: CVE request: perl-modules
cve-assign (Dec 12)
[OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625)
Thierry Carrez (Dec 11)
CVE request: thttpd: Denial of Service (App. crash, local)
Matthias Weckbecker (Dec 12)
Re: CVE request: thttpd: Denial of Service (App. crash, local)
Henri Salo (Dec 12)
Re: CVE request: thttpd: Denial of Service (App. crash, local)
Kurt Seifried (Dec 15)
Due to Nagios (core) 3.4.3 history.cgi crash (fulldisclosure/2012/Dec/107 post)
Jan Lieskovsky (Dec 12)
Geany IDE not escaping filenames during compilation / build - a security issue or not?
Jan Lieskovsky (Dec 12)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Frank Lanitz (Dec 12)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Eitan Adler (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Jan Lieskovsky (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Simon McVittie (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Colomban Wendling (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Matthew Brush (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Simon McVittie (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Kurt Seifried (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
Peter Bex (Dec 13)
Robust XML validation
Florian Weimer (Dec 12)
Re: Robust XML validation
Timo Warns (Dec 13)
Re: Robust XML validation
Tim (Dec 13)
Re: Robust XML validation
Timo Warns (Dec 13)
Re: Robust XML validation
Florian Weimer (Dec 14)
CVE-2012-5617: gksu-polkit privileged code execution with unprivileged credentials
Vincent Danen (Dec 12)
Remote file inclusion by office applications
Timo Warns (Dec 13)
Re: Remote file inclusion by office applications
Kurt Seifried (Dec 13)
Re: Remote file inclusion by office applications
Timo Warns (Dec 13)
Re: Remote file inclusion by office applications
Daniel Kahn Gillmor (Dec 13)
Re: Remote file inclusion by office applications
Kurt Seifried (Dec 14)
Re: Remote file inclusion by office applications
Tim Brown (Dec 14)
Re: Remote file inclusion by office applications
Florian Weimer (Dec 14)
pacemaker strcmp
Simon . (Dec 13)
Re: pacemaker strcmp
Kurt Seifried (Dec 15)
CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues
cve-assign (Dec 13)
CVE for tog-pegasus Hash DoS issue from 2011
Kurt Seifried (Dec 14)
CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content
Vincent Danen (Dec 17)
Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content
Kurt Seifried (Dec 17)
CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks
Jan Lieskovsky (Dec 17)
Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks
Kurt Seifried (Dec 17)
Django 1.3.5, Django 1.4.3, and Django 1.5 beta 2 Security Update
Kurt Seifried (Dec 17)
CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
Nicolas Grégoire (Dec 17)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
Kurt Seifried (Dec 19)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
Kurt Seifried (Dec 19)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
Jan Lieskovsky (Dec 19)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
Kurt Seifried (Dec 20)
Plug-and-wipe and Secure Boot semantics
Florian Weimer (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics
Greg KH (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics
Florian Weimer (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics
Greg KH (Dec 19)
Re: Plug-and-wipe and Secure Boot semantics
Florian Weimer (Dec 19)
Re: Plug-and-wipe and Secure Boot semantics
Greg KH (Dec 19)
Re: Plug-and-wipe and Secure Boot semantics
Kurt Seifried (Dec 19)
CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets
Jan Lieskovsky (Dec 18)
Re: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets
Kurt Seifried (Dec 18)
[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping
Frédéric Basse (Dec 19)
Re: [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping
Frédéric Basse (Dec 20)
CVE request: qemu e1000 emulated device gues-side buffer overflow
Michael Tokarev (Dec 19)
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow
Michael Tokarev (Dec 29)
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow
Kurt Seifried (Dec 30)
CVE request for Drupal core, and contributed modules
Forest Monsen (Dec 19)
Re: CVE request for Drupal core, and contributed modules
Kurt Seifried (Dec 20)
CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)
Vincent Danen (Dec 20)
Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)
Kurt Seifried (Dec 20)
Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1
Amos Benari (Dec 20)
Isearch insecure temporary files
David Holland (Dec 21)
Re: Isearch insecure temporary files
Kurt Seifried (Dec 21)
Re: Isearch insecure temporary files
David Holland (Dec 21)
Re: Isearch insecure temporary files
Kurt Seifried (Dec 30)
Re: Isearch insecure temporary files
Henri Salo (Dec 30)
Re: Isearch insecure temporary files
Kurt Seifried (Dec 31)
CVE Request: grep
Seth Arnold (Dec 22)
Re: CVE Request: grep
Paul Eggert (Dec 22)
Re: CVE Request: grep
Kurt Seifried (Dec 22)
About CVE-2012-5645
Marko Lindqvist (Dec 22)
Re: About CVE-2012-5645
Kurt Seifried (Dec 30)
Re: About CVE-2012-5645
Marko Lindqvist (Dec 30)
Re: About CVE-2012-5645
Kurt Seifried (Dec 31)
CVE Request - Multiple security fixes in freetype - 2.4.11
Huzaifa Sidhpurwala (Dec 25)
Re: CVE Request - Multiple security fixes in freetype - 2.4.11
Kurt Seifried (Dec 25)
CVE request: Jenkins
Moritz Muehlenhoff (Dec 27)
Re: CVE request: Jenkins
Kurt Seifried (Dec 28)
CVE Request: W3 Total Cache - public cache exposure
Jason A. Donenfeld (Dec 28)
Re: CVE Request: W3 Total Cache - public cache exposure
Kurt Seifried (Dec 29)
Re: CVE Request: W3 Total Cache - public cache exposure
Jason A. Donenfeld (Dec 29)
Re: CVE Request: W3 Total Cache - public cache exposure
Jason A. Donenfeld (Dec 29)
Re: CVE Request: W3 Total Cache - public cache exposure
Kurt Seifried (Dec 30)
Inkscape reads .eps files from /tmp instead of the current directory
Salvatore Bonaccorso (Dec 29)
Re: Inkscape reads .eps files from /tmp instead of the current directory
Kurt Seifried (Dec 30)
CVE request: MoinMoin Wiki (remote code execution vulnerability)
Tilmann Haak (Dec 29)
Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)
Kurt Seifried (Dec 30)
CVE request: MoinMoin Wiki (XSS in rss link)
Tilmann Haak (Dec 29)
Re: CVE request: MoinMoin Wiki (XSS in rss link)
Kurt Seifried (Dec 30)
CVE request: MoinMoin Wiki (path traversal vulnerability)
Tilmann Haak (Dec 29)
Re: CVE request: MoinMoin Wiki (path traversal vulnerability)
Kurt Seifried (Dec 30)
2012 close out/cleanup
Kurt Seifried (Dec 30)
CVE request (maybe): magento before 1.7.0.2
Hanno Böck (Dec 31)
Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS
Henri Salo (Dec 31)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS
Moritz Naumann (Dec 31)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS
Hanno Böck (Dec 31)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS
Emanuele (Dec 31)
Charybdis: Improper assumptions in the server handshake code may lead to a remote crash
Mustapha Rabiu (Jan 01)
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash
Kurt Seifried (Jan 01)
CVE Request: Charybdis and ircd-ratbox remote crash flaw
Huzaifa Sidhpurwala (Jan 01)
Re: CVE Request: Charybdis and ircd-ratbox remote crash flaw
Kurt Seifried (Jan 01)
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
Kurt Seifried (Jan 01)
Previous period
Next period
[
Nmap
|
Sec Tools
|
Mailing Lists
|
Site News
|
About/Contact
|
Advertising
|
Privacy
]
RSS Feed
About List
All Lists
Previous period