Home page logo
/

777 messages starting Jan 02 13 and ending Mar 01 13
Date index | Thread index | Author index

Aaron Patterson

SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Aaron Patterson (Jan 02)
Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) Aaron Patterson (Jan 08)
Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) Aaron Patterson (Jan 08)
Circumvention of attr_protected [CVE-2013-0276] Aaron Patterson (Feb 11)
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] Aaron Patterson (Feb 11)
Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] Aaron Patterson (Feb 11)
Patch update for [CVE-2013-0269] Aaron Patterson (Feb 11)
[CVE-2013-1854] Symbol DoS vulnerability in Active Record Aaron Patterson (Mar 18)
[CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack Aaron Patterson (Mar 18)
[CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users Aaron Patterson (Mar 18)
[CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails Aaron Patterson (Mar 18)

adam swanda

Re: /dev/ptmx timing adam swanda (Jan 08)

Adam Zabrocki

Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Adam Zabrocki (Mar 10)

Agostino Sarubbo

Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
CVE request: unauthorized SSL certificates by Türktrust discovered Agostino Sarubbo (Feb 15)
nginx world-readable logdir Agostino Sarubbo (Feb 21)
CVE request: varnish world-readable logdir Agostino Sarubbo (Feb 22)
Cve request: tomcat world-readable logdir Agostino Sarubbo (Feb 22)
CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)
Re: CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)
CVE request: sthttpd world-redable logdir Agostino Sarubbo (Feb 22)
CVE request: skunkweb world-readable logdir Agostino Sarubbo (Feb 24)
CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 24)
Re: CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 26)
CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)
Re: CLONE_NEWUSER|CLONE_FS root exploit Agostino Sarubbo (Mar 18)
CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Agostino Sarubbo (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo (Mar 26)

Alexander E. Patrakov

Re: CVE-2013-0913 Linux kernel i915 integer overflow Alexander E. Patrakov (Mar 13)

Alton Moore

Re: handling of Linux kernel vulnerabilities Alton Moore (Mar 06)

Anders Petersson

Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)

Andreas Ericsson

Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 05)
Re: Security vulnerability tools Andreas Ericsson (Mar 28)

Andrew Cooper

[PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Andrew Cooper (Jan 16)

Andrew Nacin

Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Andrew Nacin (Jan 26)

Bastian Blank

CVE request: libvirt kvm-group writable storage Bastian Blank (Feb 25)

Benji

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji (Feb 27)

Brian Martin

Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Brian Martin (Jan 31)

Carlos Alberto Lopez Perez

Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez (Jan 03)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez (Jan 03)
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez (Jan 11)

chevalier 3as

Potential HTTP Header Injection in Apache HTTPClient chevalier 3as (Jan 11)

Christey, Steven M.

RE: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Christey, Steven M. (Feb 13)
RE: CVE request: python-pyrad insecurities Christey, Steven M. (Feb 15)
RE: Handling CVEs for the XML entity expansion issues Christey, Steven M. (Feb 20)
RE: RE: Handling CVEs for the XML entity expansion issues Christey, Steven M. (Feb 21)
RE: Two more ZoneMinder that need CVE Christey, Steven M. (Feb 21)
RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M. (Mar 07)
RE: *.nist.gov websites gone forever? Christey, Steven M. (Mar 11)
CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Christey, Steven M. (Mar 12)
RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Christey, Steven M. (Mar 14)
RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
RE: Ruby CVEs Christey, Steven M. (Mar 21)
RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M. (Mar 28)

Corey Bryant

Security vulnerability tools Corey Bryant (Mar 27)
Re: [kernel-hardening] Re: Security vulnerability tools Corey Bryant (Mar 27)
Re: Security vulnerability tools Corey Bryant (Mar 27)
Re: Re: [kernel-hardening] Security vulnerability tools Corey Bryant (Mar 27)
Re: Security vulnerability tools Corey Bryant (Mar 29)

cve-assign

Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) cve-assign (Jan 03)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) cve-assign (Jan 11)
Re: CVE request for Movable Type cve-assign (Jan 23)
Wireshark before 1.8.5 (etc.) wnpa-sec-2013-01 through wnpa-sec-2013-09 cve-assign (Jan 31)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 06)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 07)
Re: e1000e/82574L hardware erratum cve-assign (Feb 12)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs cve-assign (Mar 14)

cve-id-change

CVE ID Syntax Change - Call for Public Feedback cve-id-change (Jan 23)

Damien Regad

Re: CVE request: mantis before 1.2.12 Damien Regad (Jan 18)
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Damien Regad (Jan 21)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Damien Regad (Mar 04)
CVE request: MantisBT text search query can crash site Damien Regad (Mar 21)

Daniel Kahn Gillmor

nginx http proxy module does not verify peer identity of https origin server Daniel Kahn Gillmor (Jan 03)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)

Dan Rosenberg

Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)

David Black

CVE Request: python-pip insecure temporary directory handling David Black (Mar 20)
Re: CVE Request: python-pip insecure temporary directory handling David Black (Mar 22)

David Hicks

CVE request: MantisBT before 1.2.13 match_type XSS vulnerability David Hicks (Jan 18)
CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability David Hicks (Jan 18)
CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes David Hicks (Jan 19)

David Jorm

Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) David Jorm (Feb 13)
Re: Potential HTTP Header Injection in Apache HTTPClient David Jorm (Feb 15)

Dmitry V. Levin

Re: /dev/ptmx timing Dmitry V. Levin (Jan 08)

Donald Stufft

CVE Request: MD5 used for Download verification Donald Stufft (Mar 11)

Eduardo Tongson

Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Eduardo Tongson (Mar 13)

Eitan Adler

Re: Whats worth a CVE? Eitan Adler (Jan 21)
Re: Re: e1000e/82574L hardware erratum Eitan Adler (Feb 12)

Eric Hodel

CVE-2013-0256 RDoc 2.3.0 through 3.12 XSS Exploit Eric Hodel (Feb 07)

Eric Lacombe

Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 05)

Eugene Teo

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Eugene Teo (Mar 01)
Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo (Mar 14)
Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo (Mar 14)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Eugene Teo (Mar 14)

Fabio M. Di Nitto

Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Fabio M. Di Nitto (Feb 01)

Florian Weimer

gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 11)
Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 11)
DoS vulnerability in the BIND resolver (and potentially others) Florian Weimer (Jan 13)
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Jan 14)
pam-pgsql NULL password handling issue Florian Weimer (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 17)
Re: CVE Request coreutils Florian Weimer (Jan 22)
Re: CVE Request coreutils Florian Weimer (Jan 23)
Re: CVE ID Syntax Change - Call for Public Feedback Florian Weimer (Jan 24)
Re: CVE request: hs-tls: Basic constraints vulnerability Florian Weimer (Jan 30)
e1000e/82574L hardware erratum Florian Weimer (Feb 06)
CVE request: openconnect buffer overflow Florian Weimer (Feb 11)
Re: Re: e1000e/82574L hardware erratum Florian Weimer (Feb 12)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Florian Weimer (Feb 22)

Forest Monsen

CVE request for Drupal contributed modules Forest Monsen (Jan 11)
Re: CVE request for Drupal contributed modules Forest Monsen (Jan 15)
CVE request for Drupal contributed modules Forest Monsen (Jan 21)
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Forest Monsen (Jan 21)
CVE request for Drupal contributed modules Forest Monsen (Jan 24)
CVE request for Drupal contributed modules Forest Monsen (Feb 04)
CVE request for Drupal Core and contributed modules Forest Monsen (Feb 21)
CVE Request for Drupal Contributed Modules Forest Monsen (Feb 27)
CVE request for a Drupal contributed module Forest Monsen (Mar 14)
CVE request for "Views" (Drupal contributed module) Forest Monsen (Mar 22)
Re: CVE request for "Views" (Drupal contributed module) Forest Monsen (Mar 23)
CVE Request for Drupal contrib modules Forest Monsen (Mar 28)

George Kargiotakis

Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 17)
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 20)

Giles Coochey

Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey (Jan 21)

Greg KH

Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH (Feb 20)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH (Feb 20)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 05)
Re: CLONE_NEWUSER|CLONE_FS root exploit Greg KH (Mar 14)

Greg Knaddison

Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Greg Knaddison (Jan 18)

gremlin

Re: CVE Request: imview gremlin (Feb 07)
Re: nginx world-readable logdir gremlin (Feb 22)
Re: nginx world-readable logdir gremlin (Feb 22)
Re: nginx world-readable logdir gremlin (Feb 22)
nginx CVE-2013-0337 world-readable logs gremlin (Feb 24)
Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 27)
Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 27)
Re: CVE id request: busybox gremlin (Mar 03)
Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 14)

Gynvael Coldwind

Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Gynvael Coldwind (Mar 19)

Hanno Böck

Re: CVE request: opus codec before 1.0.2 Hanno Böck (Jan 10)
CVE request: piwik before 1.10 Hanno Böck (Jan 17)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Hanno Böck (Feb 07)
CVE request: XSS in roundcube before 0.8.5 Hanno Böck (Feb 07)
CVE request: XSS in piwik 1.11 Hanno Böck (Mar 10)

Helmut Grohne

predictable /tmp filename in git-extras Helmut Grohne (Jan 22)
fusionforge CVE-2013-1423 multiple privilege escalations Helmut Grohne (Feb 25)

Henrique

CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique (Jan 20)

Henrique Montenegro

Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
Wordpress Pinboard theme XSS Henrique Montenegro (Feb 09)
CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Henrique Montenegro (Feb 14)

Henri Salo

Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Henri Salo (Jan 02)
CVE request: mount/umount leak information about existence of folders Henri Salo (Jan 06)
CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Henri Salo (Jan 06)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo (Jan 21)
CVE request: WordPress 3.5.1 Maintenance and Security Release Henri Salo (Jan 25)
CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Henri Salo (Jan 28)
ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Henri Salo (Jan 29)
Re: A small backlog of vulnerabilities in Chicken Scheme Henri Salo (Feb 02)
Re: CVE request: piwigo XSS in password.php Henri Salo (Feb 11)
CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Henri Salo (Feb 11)
Re: nginx world-readable logdir Henri Salo (Feb 21)
CVE request: nginx world-readable logdir Henri Salo (Feb 21)
Re: nginx world-readable logdir Henri Salo (Feb 22)
CVE request: WordPress plugin smart-flv jwplayer.swf XSS Henri Salo (Feb 24)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Henri Salo (Feb 26)
CVE request: PHP-Fusion waraxe-2013-SA#097 Henri Salo (Mar 03)
WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 10)
CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability Henri Salo (Mar 10)
CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo (Mar 11)
Re: CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo (Mar 14)
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 14)
US national vulnerability database hacked Henri Salo (Mar 14)
Re: Ruby CVEs Henri Salo (Mar 19)
Re: Ruby CVEs Henri Salo (Mar 20)
Re: Ruby CVEs Henri Salo (Mar 21)
CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Henri Salo (Mar 23)
Re: XSS vulnerabilities in ZeroClipboard and multiple web applications Henri Salo (Mar 25)
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 26)
CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Henri Salo (Mar 26)

Ignatios Souvatzis

Re: CVE id request: latd Ignatios Souvatzis (Feb 05)

Jakub Wilk

Re: CVEs for libxml2 and expat internal and external XML entity expansion Jakub Wilk (Feb 22)

James Tucker

CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal. James Tucker (Feb 08)
CVE-2013-0263: Rack all versions, Timing attack in cookie sessions James Tucker (Feb 08)

Jan Lieskovsky

CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Jan Lieskovsky (Jan 03)
CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Jan Lieskovsky (Jan 03)
CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Jan Lieskovsky (Jan 04)
CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Jan Lieskovsky (Jan 04)
CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Jan Lieskovsky (Jan 07)
Notification: Samba: NTML with session security handshake attack Jan Lieskovsky (Jan 10)
CVE Request -- redis: Two insecure temporary file use flaws Jan Lieskovsky (Jan 14)
CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Jan Lieskovsky (Jan 17)
CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky (Jan 18)
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky (Jan 18)
[Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Jan Lieskovsky (Jan 23)
CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Jan Lieskovsky (Jan 30)
CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used Jan Lieskovsky (Feb 01)
[CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Jan Lieskovsky (Feb 05)
Re: CVE request: Transmission can be made to crash remotely Jan Lieskovsky (Feb 11)
CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky (Feb 12)
[Ignore not a security flaw] Re: [oss-security] CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky (Feb 12)
[FYI / CVE assignment notification] CVE-2013-0281 pacemaker: Denial of service when remote CIB management enabled due to use of no-timeout blocking socket to wait for the arrival of the authentication credentials Jan Lieskovsky (Feb 14)
CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow Jan Lieskovsky (Feb 18)
Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Jan Lieskovsky (Mar 15)
CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky (Mar 22)
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky (Mar 25)
CVE Request -- yum: Not removing bad metadata and using it in next run Jan Lieskovsky (Mar 27)
CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Jan Lieskovsky (Mar 28)

Jason A. Donenfeld

Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld (Feb 25)
kernel: tmpfs use-after-free Jason A. Donenfeld (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)

Jeremy Stanley

Re: (linux-)distros membership changes Jeremy Stanley (Feb 15)
Re: CVE Request: MD5 used for Download verification Jeremy Stanley (Mar 11)

Jim Mellander

Re: CVE# request: pigz creates temp file with insecure permissions Jim Mellander (Feb 27)

Jiri Kosina

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)

John Lightsey

CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)
Re: CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)

jordi gemsstatus

Re: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] jordi gemsstatus (Mar 07)

Joshua J. Drake

CVE request - Linux kernel: VFAT slab-based buffer overflow Joshua J. Drake (Feb 26)

Julien Tinnes

Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 15)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 19)

Kees Cook

CVE-2013-0913 Linux kernel i915 integer overflow Kees Cook (Mar 11)
CVE-2013-0914 Linux kernel sa_restorer information leak Kees Cook (Mar 11)
Re: CLONE_NEWUSER|CLONE_FS root exploit Kees Cook (Mar 13)

Kurt Seifried

Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Jan 01)
Re: CVE request: Curl insecure usage Kurt Seifried (Jan 03)
Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Kurt Seifried (Jan 03)
Re: nginx http proxy module does not verify peer identity of https origin server Kurt Seifried (Jan 03)
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Kurt Seifried (Jan 03)
Re: CVE request (maybe): magento before 1.7.0.2 Kurt Seifried (Jan 03)
Re: CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Kurt Seifried (Jan 04)
Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Kurt Seifried (Jan 04)
Re: CVE request: mount/umount leak information about existence of folders Kurt Seifried (Jan 06)
Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Kurt Seifried (Jan 07)
Re: CVE Request: Jenkins possible remote code execution Kurt Seifried (Jan 07)
Re: /dev/ptmx timing Kurt Seifried (Jan 08)
Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Kurt Seifried (Jan 08)
Re: CVE Request: nagios Stack based buffer overflow in web interface Kurt Seifried (Jan 08)
Re: CVE Request: cronie fd leak Kurt Seifried (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried (Jan 08)
Quick note on mfsa2013-04 / CVE-2012-0759 / CVE-2013-0759 Kurt Seifried (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried (Jan 09)
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 11)
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried (Jan 11)
Re: CVE Request -- Axis2/c Kurt Seifried (Jan 11)
Re: DoS vulnerability in the BIND resolver (and potentially others) Kurt Seifried (Jan 13)
Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried (Jan 14)
Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 15)
Re: CVE request: 3 DoS conditions in Rake Kurt Seifried (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 16)
Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 16)
Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 16)
Re: bcron: cron jobs get access to the temporary output files from all other jobs that are still running Kurt Seifried (Jan 17)
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 17)
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 17)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried (Jan 17)
Request for CVE Identifiers Kurt Seifried (Jan 17)
Re: CVE request: piwik before 1.10 Kurt Seifried (Jan 17)
Re: CVE Request: PHP openssl_encrypt memory disclosure Kurt Seifried (Jan 18)
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Kurt Seifried (Jan 18)
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Kurt Seifried (Jan 18)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 21)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 21)
Re: CVE Request coreutils Kurt Seifried (Jan 21)
Re: Whats worth a CVE? Kurt Seifried (Jan 22)
Re: CVE Request coreutils Kurt Seifried (Jan 22)
Re: CVE request for Movable Type Kurt Seifried (Jan 22)
Re: predictable /tmp filename in git-extras Kurt Seifried (Jan 23)
Re: CVE Request coreutils Kurt Seifried (Jan 23)
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Kurt Seifried (Jan 25)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 25)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 25)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 25)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried (Jan 26)
Re: CVE Request: zoneminder: arbitrary command execution vulnerability Kurt Seifried (Jan 28)
Re: CVE request for 'devise' ruby gem Kurt Seifried (Jan 29)
Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Kurt Seifried (Jan 29)
Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Kurt Seifried (Jan 29)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried (Jan 29)
Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Kurt Seifried (Jan 29)
Re: CVE request -- qxl: synchronous io guest DoS Kurt Seifried (Jan 30)
Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Kurt Seifried (Jan 30)
Re: CVE request: hs-tls: Basic constraints vulnerability Kurt Seifried (Jan 30)
jQuery 1.6.2 XSS CVE assignment Kurt Seifried (Jan 31)
Re: CVE Kurt Seifried (Jan 31)
Re: Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Kurt Seifried (Feb 01)
Re: Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Kurt Seifried (Feb 01)
Re: CVE id request: boost Kurt Seifried (Feb 04)
Re: CVE id request: latd Kurt Seifried (Feb 04)
Re: CVE request for Drupal contributed modules Kurt Seifried (Feb 05)
Re: CVE Request: imview Kurt Seifried (Feb 05)
Re: CVE Request: imview Kurt Seifried (Feb 06)
Re: e1000e/82574L hardware erratum Kurt Seifried (Feb 07)
Re: Potential Query Manipulation with Common Rails Practises Kurt Seifried (Feb 07)
Re: CVE id request: openssh? Kurt Seifried (Feb 07)
Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried (Feb 07)
Re: CVE request: Insecure default log file path in xNBD Kurt Seifried (Feb 07)
Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Kurt Seifried (Feb 07)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Kurt Seifried (Feb 07)
Re: CVE request: XSS in roundcube before 0.8.5 Kurt Seifried (Feb 08)
Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried (Feb 08)
Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried (Feb 08)
CVE request: piwigo XSS in password.php Kurt Seifried (Feb 10)
Re: CVE request: piwigo XSS in password.php Kurt Seifried (Feb 11)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried (Feb 12)
Re: CVE request: openconnect buffer overflow Kurt Seifried (Feb 12)
Re: CVE request: Transmission can be made to crash remotely Kurt Seifried (Feb 13)
Re: CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Kurt Seifried (Feb 13)
Re: CVE request: piwigo XSS in password.php Kurt Seifried (Feb 13)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried (Feb 13)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried (Feb 13)
Re: Potential HTTP Header Injection in Apache HTTPClient Kurt Seifried (Feb 13)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried (Feb 13)
Re: Wordpress Pinboard theme XSS Kurt Seifried (Feb 13)
Some rubygems related CVEs Kurt Seifried (Feb 14)
Re: Some rubygems related CVEs Kurt Seifried (Feb 14)
Re: Wordpress Pinboard theme XSS Kurt Seifried (Feb 14)
Re: CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Kurt Seifried (Feb 15)
Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Kurt Seifried (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried (Feb 15)
Re: CVE request: python-pyrad insecurities Kurt Seifried (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried (Feb 16)
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried (Feb 16)
Re: CVE request: python-pyrad insecurities Kurt Seifried (Feb 16)
Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried (Feb 18)
REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 Kurt Seifried (Feb 19)
Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Kurt Seifried (Feb 20)
Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Kurt Seifried (Feb 20)
Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor Kurt Seifried (Feb 20)
Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw Kurt Seifried (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 21)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 21)
Re: CVE request for Drupal Core and contributed modules Kurt Seifried (Feb 21)
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried (Feb 21)
Re: CVE request: zoneminder: local file inclusion vulnerability Kurt Seifried (Feb 21)
Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
Re: Two more ZoneMinder that need CVE Kurt Seifried (Feb 21)
Re: Two more ZoneMinder that need CVE Kurt Seifried (Feb 21)
Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 22)
Re: CVE request: python-pyrad insecurities Kurt Seifried (Feb 22)
CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 22)
CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 22)
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement Kurt Seifried (Feb 22)
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Feb 22)
Re: nginx world-readable logdir Kurt Seifried (Feb 22)
Re: nginx world-readable logdir Kurt Seifried (Feb 22)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 23)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 23)
Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure Kurt Seifried (Feb 23)
Re: CVE request: varnish world-readable logdir Kurt Seifried (Feb 23)
Re: Cve request: tomcat world-readable logdir Kurt Seifried (Feb 23)
Re: Re: CVE request: webfs world-readable log Kurt Seifried (Feb 23)
Re: CVE request: sthttpd world-redable logdir Kurt Seifried (Feb 23)
CVE-2013-0350 for pktstat: writes content from TCP streams to public readable file /tmp/smtp.log Kurt Seifried (Feb 23)
Re: nginx CVE-2013-0337 world-readable logs Kurt Seifried (Feb 24)
Re: CVE request: skunkweb world-readable logdir Kurt Seifried (Feb 25)
Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 25)
Re: CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Kurt Seifried (Feb 25)
Re: CVE request: WordPress plugin smart-flv jwplayer.swf XSS Kurt Seifried (Feb 25)
Re: CVE request: libvirt kvm-group writable storage Kurt Seifried (Feb 25)
Re: kernel: tmpfs use-after-free Kurt Seifried (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
Re: CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Kurt Seifried (Feb 26)
Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 26)
Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference Kurt Seifried (Feb 27)
Re: CVE request: sudo authentication bypass when clock is reset Kurt Seifried (Feb 27)
Re: CVE request: potential bypass of sudo tty_tickets constraints Kurt Seifried (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 28)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Feb 28)
Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 28)
Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 28)
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried (Mar 01)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 01)
Re: CVE Request: rubygem passenger security issue Kurt Seifried (Mar 02)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 02)
Re: CVE request: PHP-Fusion waraxe-2013-SA#097 Kurt Seifried (Mar 03)
Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf Kurt Seifried (Mar 03)
Re: CVE Request: Gambas Directory hijack vulnerability Kurt Seifried (Mar 03)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried (Mar 03)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried (Mar 03)
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Kurt Seifried (Mar 03)
Re: CVE request: ruby-openid XML denial of service attack Kurt Seifried (Mar 03)
Re: CVE id request: busybox Kurt Seifried (Mar 03)
Re: CVE id request: busybox Kurt Seifried (Mar 03)
Re: CVE id request: busybox Kurt Seifried (Mar 04)
Re: handling of Linux kernel vulnerabilities Kurt Seifried (Mar 05)
CVE's for MediaWiki 1.20.2 / 1.19.2 Kurt Seifried (Mar 05)
Re: CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference Kurt Seifried (Mar 05)
Re: CVE id request: busybox Kurt Seifried (Mar 05)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)
CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Kurt Seifried (Mar 06)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Kurt Seifried (Mar 08)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 08)
*.nist.gov websites gone forever? Kurt Seifried (Mar 11)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried (Mar 11)
Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Kurt Seifried (Mar 12)
Re: Reverse lookup issue in Net::Server Kurt Seifried (Mar 12)
Re: CVE Request: typo3 sql injection and open redirection Kurt Seifried (Mar 12)
Re: CVE request: XSS in piwik 1.11 Kurt Seifried (Mar 12)
Re: CVE request: almanah does not encrypt its database Kurt Seifried (Mar 13)
Re: Reverse lookup issue in Net::Server Kurt Seifried (Mar 14)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Kurt Seifried (Mar 14)
Re: CLONE_NEWUSER|CLONE_FS root exploit Kurt Seifried (Mar 14)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Kurt Seifried (Mar 14)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried (Mar 14)
Re: CVE request for a Drupal contributed module Kurt Seifried (Mar 15)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried (Mar 15)
CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld Kurt Seifried (Mar 15)
Re: CVE request: billion laughs flaw in ptlib Kurt Seifried (Mar 15)
Ruby CVEs Kurt Seifried (Mar 19)
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried (Mar 19)
Re: CVE Request: VLC Buffer overflows Kurt Seifried (Mar 19)
Re: Ruby CVEs Kurt Seifried (Mar 19)
Re: Linux kernel: net - three info leaks in rtnl Kurt Seifried (Mar 20)
Re: Untrusted startup file inclusion in Chicken Scheme Kurt Seifried (Mar 20)
Re: Ruby CVEs Kurt Seifried (Mar 20)
Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 22)
Re: CVE request: MantisBT text search query can crash site Kurt Seifried (Mar 22)
Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 22)
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Kurt Seifried (Mar 22)
Re: CVE request for "Views" (Drupal contributed module) Kurt Seifried (Mar 22)
Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 22)
Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 23)
Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Kurt Seifried (Mar 24)
Re: CVE Request: Mongo DB Kurt Seifried (Mar 25)
Re: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Kurt Seifried (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
CVE-2013-1895 py-bcrypt 0.2 concurrency vulnerability (auth bypass) Kurt Seifried (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Kurt Seifried (Mar 27)
Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Kurt Seifried (Mar 28)
Re: CVE Request for Drupal contrib modules Kurt Seifried (Mar 29)
Re: CVE Request -- yum: Not removing bad metadata and using it in next run Kurt Seifried (Mar 29)

larry Cashdollar

Remote command execution in Ruby Gem Command Wrap larry Cashdollar (Mar 19)
Fwd: CVE requests larry Cashdollar (Mar 19)
Fwd: CVE requests larry Cashdollar (Mar 19)
Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 21)
Ruby gem Thumbshooter 0.1.5 remote code execution larry Cashdollar (Mar 26)

Larry W. Cashdollar

Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar (Mar 26)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar (Mar 27)

Lukas Reschke

ownCloud Security Advisories - 2013-001 & 2013-002 Lukas Reschke (Jan 22)
ownCloud Security Advisories (2013-003, 2013-004, 2013-005, 2013-006, 2013-007) Lukas Reschke (Feb 21)
ownCloud Security Advisories (2013-008, 2013-009, 2013-010) Lukas Reschke (Mar 14)

Marc Deslauriers

CVE Request: PHP openssl_encrypt memory disclosure Marc Deslauriers (Jan 18)

Marcus Meissner

Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Marcus Meissner (Feb 05)
CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Marcus Meissner (Feb 23)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Marcus Meissner (Feb 25)
CVE Request: poppler 0.22.1 security fixes Marcus Meissner (Feb 27)
CVE request: ruby-openid XML denial of service attack Marcus Meissner (Mar 01)
CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner (Mar 01)
CVE Request: rubygem passenger security issue Marcus Meissner (Mar 01)
CVE Request: typo3 sql injection and open redirection Marcus Meissner (Mar 09)
CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Marcus Meissner (Mar 14)
CVE Request: Mongo DB Marcus Meissner (Mar 25)

Mark Shelor

Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor (Jan 17)

Mathias Krause

CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Mathias Krause (Feb 14)
CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 24)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 05)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 06)
Linux kernel: net - three info leaks in rtnl Mathias Krause (Mar 19)

Matthias Weckbecker

Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
Re: CVE# request: pigz creates temp file with insecure permissions Matthias Weckbecker (Feb 15)

M A Young

Re: [Xen-devel] Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest M A Young (Jan 22)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Jan 21)
Moodle security notifications public Michael de Raadt (Mar 25)

Michael Gilbert

CVE id request: boost Michael Gilbert (Feb 04)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Michael Gilbert (Feb 27)
Re: CVE id request: busybox Michael Gilbert (Mar 03)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Michael Gilbert (Mar 04)
Re: CVE abstraction choices and the Linux kernel Michael Gilbert (Mar 15)

Michael Koziarski

Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 Michael Koziarski (Jan 28)
Potential Query Manipulation with Common Rails Practises Michael Koziarski (Feb 06)

Michael Tokarev

Re: Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Michael Tokarev (Jan 16)
Re: CVE Request coreutils Michael Tokarev (Jan 21)
CVE# request: pigz creates temp file with insecure permissions Michael Tokarev (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions Michael Tokarev (Feb 16)
Re: CVE id request: busybox Michael Tokarev (Mar 03)
Re: CVE id request: busybox Michael Tokarev (Mar 03)

Mike O'Connor

Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Mike O'Connor (Mar 13)

Miklos Vajna

Re: (linux-)distros membership changes Miklos Vajna (Feb 15)

Milan Berger

Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger (Jan 21)

Moritz Muehlenhoff

Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Jan 02)
Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Jan 15)
ffmpeg/libav CVE dupe Moritz Muehlenhoff (Jan 20)
Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
Re: CVE request: monkeyd world-readable logdir Moritz Muehlenhoff (Feb 26)
Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)
Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)

Moritz Naumann

CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Moritz Naumann (Jan 29)

Murray McAllister

Re: Security vulnerability tools Murray McAllister (Mar 28)

MustLive

XSS vulnerabilities in ZeroClipboard and multiple web applications MustLive (Mar 25)

Nico Golde

CVE id request: latd Nico Golde (Feb 03)
CVE id request: openssh? Nico Golde (Feb 06)
CVE id request: busybox Nico Golde (Mar 01)

Noel Butler

Re: handling of Linux kernel vulnerabilities Noel Butler (Mar 05)

Olivier Gonzalez

Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 02)

Oswald Buddenhagen

isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Oswald Buddenhagen (Feb 20)

Panu Matilainen

Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Panu Matilainen (Jan 04)

Pavel Labushev

Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Pavel Labushev (Mar 13)

Peter Bex

A small backlog of vulnerabilities in Chicken Scheme Peter Bex (Feb 02)
Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex (Feb 05)
Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex (Feb 07)
Untrusted startup file inclusion in Chicken Scheme Peter Bex (Mar 19)

Petr Matousek

CVE request -- qxl: synchronous io guest DoS Petr Matousek (Jan 30)
CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Petr Matousek (Feb 07)
CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Petr Matousek (Feb 20)
CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Petr Matousek (Feb 20)
CVE request -- Linux kernel: vhost: fix length for cross region descriptor Petr Matousek (Feb 20)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Petr Matousek (Feb 24)
CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Petr Matousek (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell Petr Matousek (Feb 28)
CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek (Mar 08)
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek (Mar 08)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek (Mar 08)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Petr Matousek (Mar 14)
Re: CVE abstraction choices and the Linux kernel Petr Matousek (Mar 14)
CVE-2013-1848 -- Linux kernel: ext3: format string issues Petr Matousek (Mar 20)
linux kernel: kvm: CVE-2013-179[6..8] Petr Matousek (Mar 20)

Piotr Karbowski

Re: CVE id request: busybox Piotr Karbowski (Mar 03)

P J P

Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 17)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 17)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 21)
CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P (Feb 20)
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P (Feb 21)
CVE request: Linux kernel: Bluetooth HIDP information disclosure P J P (Feb 22)
CVE request: Linux kernel: USB: io_ti: NULL pointer dereference P J P (Feb 27)
CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference P J P (Mar 05)
CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() P J P (Mar 07)

Raphael Geissert

Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Feb 21)
Re: CVE id request: busybox Raphael Geissert (Mar 05)
Re: CVE id request: busybox Raphael Geissert (Mar 06)
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Mar 20)
Re: Re: Security vulnerability tools Raphael Geissert (Mar 29)

Reed Loden

CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 11)
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 11)
CVE request for 'devise' ruby gem Reed Loden (Jan 29)
Re: Some rubygems related CVEs Reed Loden (Feb 14)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden (Mar 01)
Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)

Remi Gacogne

Reverse lookup issue in Net::Server Remi Gacogne (Mar 04)

Russ Allbery

Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 27)
Re: Reverse lookup issue in Net::Server Russ Allbery (Mar 04)
Re: Security vulnerability tools Russ Allbery (Mar 27)

Russell Bryant

[OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) Russell Bryant (Feb 26)

Salvatore Bonaccorso

CVE Request: Jenkins possible remote code execution Salvatore Bonaccorso (Jan 07)
CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 16)
bcron: cron jobs get access to the temporary output files from all other jobs that are still running Salvatore Bonaccorso (Jan 16)
CVE request: hs-tls: Basic constraints vulnerability Salvatore Bonaccorso (Jan 20)
CVE Request: zoneminder: arbitrary command execution vulnerability Salvatore Bonaccorso (Jan 25)
CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso (Feb 19)
Re: CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia Salvatore Bonaccorso (Feb 21)
Re: CVE Request: poppler 0.22.1 security fixes Salvatore Bonaccorso (Feb 28)
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Salvatore Bonaccorso (Mar 01)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Salvatore Bonaccorso (Mar 01)
CVE Request: Gambas Directory hijack vulnerability Salvatore Bonaccorso (Mar 01)
Re: Reverse lookup issue in Net::Server Salvatore Bonaccorso (Mar 13)

Sang Kil Cha

CVE Request: imview Sang Kil Cha (Feb 05)
Re: CVE Request: imview Sang Kil Cha (Feb 05)
Re: CVE Request: imview Sang Kil Cha (Feb 06)

Scott Herbert

Whats worth a CVE? Scott Herbert (Jan 21)

sd

Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez sd (Feb 26)

Sean Amoss

CVE Request: VLC Buffer overflows Sean Amoss (Mar 17)

Sebastian Krahmer

CVE Request: cronie fd leak Sebastian Krahmer (Jan 08)
CVE Request: nagios Stack based buffer overflow in web interface Sebastian Krahmer (Jan 08)
Re: CVE Request: cronie fd leak Sebastian Krahmer (Jan 09)
CVE Request coreutils Sebastian Krahmer (Jan 21)
Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
Re: CVE Request coreutils Sebastian Krahmer (Jan 23)
CLONE_NEWUSER|CLONE_FS root exploit Sebastian Krahmer (Mar 13)

Sebastian Pipping

CVE request: Insecure default log file path in xNBD Sebastian Pipping (Feb 06)

security curmudgeon

Two more ZoneMinder that need CVE security curmudgeon (Feb 21)

Sergei Golubchik

Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC Sergei Golubchik (Feb 28)

Seth Arnold

Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold (Jan 03)
Re: Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold (Jan 04)
CVE Request -- Axis2/c Seth Arnold (Jan 11)
Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)

Shawn

Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Shawn (Feb 05)

Simon McVittie

Re: [CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Simon McVittie (Feb 05)
CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1 Simon McVittie (Feb 15)

Solar Designer

Re: DoS vulnerability in the BIND resolver (and potentially others) Solar Designer (Jan 14)
Re: (linux-)distros membership changes Solar Designer (Feb 15)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 16)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 19)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: kernel: tmpfs use-after-free Solar Designer (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Solar Designer (Feb 27)
handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer (Mar 04)
Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)
Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Mar 16)
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Solar Designer (Mar 19)
Re: Ruby CVEs Solar Designer (Mar 21)
Re: Security vulnerability tools Solar Designer (Mar 27)
Re: Security vulnerability tools Solar Designer (Mar 28)

Stefan Cornelius

CVE-2012-5662 x3270 improper validation of SSL certificates Stefan Cornelius (Mar 21)

Steve Grubb

Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Steve Grubb (Jan 25)
Re: Re: [kernel-hardening] Security vulnerability tools Steve Grubb (Mar 28)

Steven M. Christey

Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Steven M. Christey (Jan 10)
CVE-2013-0422 assigned to today's Oracle Java 0-day Steven M. Christey (Jan 11)
Re: CVE# request: pigz creates temp file with insecure permissions Steven M. Christey (Feb 15)
CVE Guidance for Libraries and Resource-Consumption DoS Steven M. Christey (Feb 21)
CVE abstraction choices and the Linux kernel Steven M. Christey (Mar 08)
Re: Reverse lookup issue in Net::Server Steven M. Christey (Mar 13)
Temporary Notifications of New CVE Entries During NVD Outage Steven M. Christey (Mar 13)

Thierry Carrez

[OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208) Thierry Carrez (Jan 29)
[OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) Thierry Carrez (Jan 29)
[OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247) Thierry Carrez (Feb 05)
[OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) Thierry Carrez (Feb 19)
[OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282) Thierry Carrez (Feb 19)
[OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840) Thierry Carrez (Mar 14)
[OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) Thierry Carrez (Mar 14)
[OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865) Thierry Carrez (Mar 20)

Thomas Biege

Re: CVE id request: busybox Thomas Biege (Mar 05)
Re: CVE id request: busybox Thomas Biege (Mar 05)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege (Mar 08)

Tim

Re: RE: Handling CVEs for the XML entity expansion issues Tim (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues Tim (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues Tim (Feb 20)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Tim (Feb 22)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Tim (Mar 12)

Tim Brown

Re: RE: Handling CVEs for the XML entity expansion issues Tim Brown (Feb 21)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Tim Brown (Mar 13)
Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 27)
Re: Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 28)

Todd C. Miller

CVE request: sudo authentication bypass when clock is reset Todd C. Miller (Feb 27)
CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller (Feb 27)
Re: CVE request: sudo authentication bypass when clock is reset Todd C. Miller (Feb 28)
Re: CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller (Feb 28)

Tomas Hoger

Re: CVE request: unauthorized SSL certificates by Türktrust discovered Tomas Hoger (Feb 15)

U.Nakamura

Re: CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) U.Nakamura (Mar 11)

Vasily Kulikov

Re: /dev/ptmx timing Vasily Kulikov (Jan 08)

Vincent Danen

Re: CVE Request: cronie fd leak Vincent Danen (Jan 09)
Re: CVE Request: cronie fd leak Vincent Danen (Jan 09)
Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen (Jan 10)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen (Jan 11)
CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen (Jan 14)
CVE request: 3 DoS conditions in Rake Vincent Danen (Jan 15)
Re: CVE Request coreutils Vincent Danen (Jan 21)
Re: CVE Request coreutils Vincent Danen (Jan 22)
Re: CVE Request coreutils Vincent Danen (Jan 24)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
CVE request: XSS flaws fixed in ganglia Vincent Danen (Feb 08)
CVE request: python-pyrad insecurities Vincent Danen (Feb 15)
Re: CVE request: python-pyrad insecurities Vincent Danen (Feb 15)
Re: isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Vincent Danen (Feb 20)
Re: CVE request: python-pyrad insecurities Vincent Danen (Feb 21)
CVE request: almanah does not encrypt its database Vincent Danen (Mar 12)
CVE request: billion laughs flaw in ptlib Vincent Danen (Mar 15)
CVE-2013-0287: sssd simple access provider flaw prevents intended ACL use when client to an AD provider Vincent Danen (Mar 20)
CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
Denial of service in 389-ds and FreeIPA (CVE-2013-0336) Vincent Danen (Mar 27)

vladz

/dev/ptmx timing vladz (Jan 07)

WHK Yan

Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan (Jan 09)

Will Thompson

CVE-2013-1769: remotely-triggered NULL pointer dereference in telepathy-gabble Will Thompson (Mar 04)

Willy Tarreau

Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Willy Tarreau (Jan 29)

Xen . org security team

Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) Xen . org security team (Jan 04)
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team (Jan 09)
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team (Jan 11)
Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Xen . org security team (Jan 16)
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team (Jan 16)
Xen Security Advisory 27 (CVE-2012-5511,CVE-2012-6333) - several HVM operations do not validate the range of their inputs Xen . org security team (Jan 17)
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team (Jan 17)
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team (Jan 22)
Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash Xen . org security team (Jan 22)
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team (Jan 23)
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team (Feb 05)
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team (Feb 05)
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team (Feb 05)
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team (Feb 05)
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team (Feb 05)
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team (Feb 05)
Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. Xen . org security team (Feb 13)
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team (Feb 15)
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team (Feb 21)

Xin Li

Re: CVE-2013-0913 Linux kernel i915 integer overflow Xin Li (Mar 14)

Yves-Alexis Perez

CVE request for Movable Type Yves-Alexis Perez (Jan 21)
CVE request: Transmission can be made to crash remotely Yves-Alexis Perez (Feb 10)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 28)
Re: CVE Request: poppler 0.22.1 security fixes Yves-Alexis Perez (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]