Home page logo
/

777 messages starting Jan 01 13 and ending Mar 29 13
Date index | Thread index | Author index

Tuesday, 01 January

Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried

Wednesday, 02 January

Re: CVE request: Curl insecure usage Moritz Muehlenhoff
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Henri Salo
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Aaron Patterson

Thursday, 03 January

Re: CVE request: Curl insecure usage Kurt Seifried
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez
CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Jan Lieskovsky
nginx http proxy module does not verify peer identity of https origin server Daniel Kahn Gillmor
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez
CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Jan Lieskovsky
Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Kurt Seifried
Re: nginx http proxy module does not verify peer identity of https origin server Kurt Seifried
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Kurt Seifried
Re: CVE request (maybe): magento before 1.7.0.2 Kurt Seifried
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) cve-assign

Friday, 04 January

CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Jan Lieskovsky
Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) Xen . org security team
CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Jan Lieskovsky
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Panu Matilainen
Re: CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Kurt Seifried
Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Kurt Seifried
Re: Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold

Sunday, 06 January

CVE request: mount/umount leak information about existence of folders Henri Salo
CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Henri Salo
Re: CVE request: mount/umount leak information about existence of folders Kurt Seifried

Monday, 07 January

CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Jan Lieskovsky
CVE Request: Jenkins possible remote code execution Salvatore Bonaccorso
Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Kurt Seifried
Re: CVE Request: Jenkins possible remote code execution Kurt Seifried
/dev/ptmx timing vladz

Tuesday, 08 January

Re: /dev/ptmx timing adam swanda
Re: /dev/ptmx timing Dmitry V. Levin
Re: /dev/ptmx timing Kurt Seifried
Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Kurt Seifried
Re: /dev/ptmx timing Vasily Kulikov
CVE Request: cronie fd leak Sebastian Krahmer
CVE Request: nagios Stack based buffer overflow in web interface Sebastian Krahmer
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan
Re: CVE Request: nagios Stack based buffer overflow in web interface Kurt Seifried
Re: CVE Request: cronie fd leak Kurt Seifried
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried
Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) Aaron Patterson
Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) Aaron Patterson
Quick note on mfsa2013-04 / CVE-2012-0759 / CVE-2013-0759 Kurt Seifried

Wednesday, 09 January

Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan
Re: CVE Request: cronie fd leak Vincent Danen
Re: CVE Request: cronie fd leak Sebastian Krahmer
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team
Re: CVE Request: cronie fd leak Vincent Danen

Thursday, 10 January

Notification: Samba: NTML with session security handshake attack Jan Lieskovsky
Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen
Re: CVE request: opus codec before 1.0.2 Hanno Böck
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Steven M. Christey

Friday, 11 January

CVE-2013-0422 assigned to today's Oracle Java 0-day Steven M. Christey
CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden
Potential HTTP Header Injection in Apache HTTPClient chevalier 3as
CVE Request -- Axis2/c Seth Arnold
gnome-keyring does not discard stored secrets in some cases Florian Weimer
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried
Re: CVE Request -- Axis2/c Kurt Seifried
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden
Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team
CVE request for Drupal contributed modules Forest Monsen
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) cve-assign
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen

Sunday, 13 January

DoS vulnerability in the BIND resolver (and potentially others) Florian Weimer
Re: DoS vulnerability in the BIND resolver (and potentially others) Kurt Seifried

Monday, 14 January

Re: DoS vulnerability in the BIND resolver (and potentially others) Solar Designer
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer
CVE Request -- redis: Two insecure temporary file use flaws Jan Lieskovsky
CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen
Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried
Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried
Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried

Tuesday, 15 January

CVE request: 3 DoS conditions in Rake Vincent Danen
Re: CVE request for Drupal contributed modules Forest Monsen
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE request: 3 DoS conditions in Rake Kurt Seifried
CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso
Re: CVE request: Curl insecure usage Moritz Muehlenhoff
pam-pgsql NULL password handling issue Florian Weimer
Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried
Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer

Wednesday, 16 January

Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried
Re: pam-pgsql NULL password handling issue Kurt Seifried
Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso
Re: Linux kernel handling of IPv6 temporary addresses P J P
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis
[PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Andrew Cooper
Re: Linux kernel handling of IPv6 temporary addresses P J P
Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Xen . org security team
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis
Re: pam-pgsql NULL password handling issue Kurt Seifried
Re: Linux kernel handling of IPv6 temporary addresses P J P
Re: Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Michael Tokarev
bcron: cron jobs get access to the temporary output files from all other jobs that are still running Salvatore Bonaccorso

Thursday, 17 January

Re: bcron: cron jobs get access to the temporary output files from all other jobs that are still running Kurt Seifried
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried
Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried
Request for CVE Identifiers Kurt Seifried
CVE request: piwik before 1.10 Hanno Böck
Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor
Re: Linux kernel handling of IPv6 temporary addresses P J P
Xen Security Advisory 27 (CVE-2012-5511,CVE-2012-6333) - several HVM operations do not validate the range of their inputs Xen . org security team
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team
Re: Linux kernel handling of IPv6 temporary addresses P J P
CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Jan Lieskovsky
Re: CVE request: piwik before 1.10 Kurt Seifried

Friday, 18 January

CVE request: MantisBT before 1.2.13 match_type XSS vulnerability David Hicks
CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky
Re: CVE request: mantis before 1.2.12 Damien Regad
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky
CVE Request: PHP openssl_encrypt memory disclosure Marc Deslauriers
Re: CVE Request: PHP openssl_encrypt memory disclosure Kurt Seifried
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Kurt Seifried
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Kurt Seifried
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Greg Knaddison
CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability David Hicks

Saturday, 19 January

CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes David Hicks

Sunday, 20 January

CVE request: hs-tls: Basic constraints vulnerability Salvatore Bonaccorso
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis
CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique
ffmpeg/libav CVE dupe Moritz Muehlenhoff

Monday, 21 January

Moodle security notifications public Michael de Raadt
CVE request for Drupal contributed modules Forest Monsen
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Forest Monsen
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Damien Regad
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger
Re: Linux kernel handling of IPv6 temporary addresses P J P
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro
CVE Request coreutils Sebastian Krahmer
Re: CVE Request coreutils Michael Tokarev
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried
Re: CVE Request coreutils Kurt Seifried
Re: CVE Request coreutils Moritz Muehlenhoff
Re: CVE Request coreutils Vincent Danen
CVE request for Movable Type Yves-Alexis Perez
Whats worth a CVE? Scott Herbert
Re: Whats worth a CVE? Eitan Adler

Tuesday, 22 January

Re: Whats worth a CVE? Kurt Seifried
Re: CVE Request coreutils Kurt Seifried
Re: CVE request for Movable Type Kurt Seifried
Re: CVE Request coreutils Sebastian Krahmer
Re: CVE Request coreutils Matthias Weckbecker
Re: CVE Request coreutils Florian Weimer
Re: CVE Request coreutils Sebastian Krahmer
predictable /tmp filename in git-extras Helmut Grohne
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team
Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash Xen . org security team
Re: CVE Request coreutils Vincent Danen
ownCloud Security Advisories - 2013-001 & 2013-002 Lukas Reschke
Re: [Xen-devel] Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest M A Young

Wednesday, 23 January

CVE ID Syntax Change - Call for Public Feedback cve-id-change
Re: CVE request for Movable Type cve-assign
Re: CVE Request coreutils Sebastian Krahmer
Re: CVE Request coreutils Florian Weimer
Re: predictable /tmp filename in git-extras Kurt Seifried
Re: CVE Request coreutils Kurt Seifried
[Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Jan Lieskovsky
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team

Thursday, 24 January

Re: CVE Request coreutils Vincent Danen
Re: CVE ID Syntax Change - Call for Public Feedback Florian Weimer
CVE request for Drupal contributed modules Forest Monsen

Friday, 25 January

Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Steve Grubb
CVE Request: zoneminder: arbitrary command execution vulnerability Salvatore Bonaccorso
CVE request: WordPress 3.5.1 Maintenance and Security Release Henri Salo

Saturday, 26 January

Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Andrew Nacin

Monday, 28 January

CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Henri Salo
Re: CVE Request: zoneminder: arbitrary command execution vulnerability Kurt Seifried
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 Michael Koziarski

Tuesday, 29 January

CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Moritz Naumann
CVE request for 'devise' ruby gem Reed Loden
Re: CVE request for 'devise' ruby gem Kurt Seifried
Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Kurt Seifried
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Willy Tarreau
Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Kurt Seifried
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried
ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Henri Salo
[OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208) Thierry Carrez
[OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) Thierry Carrez
Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Kurt Seifried

Wednesday, 30 January

CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Jan Lieskovsky
Re: CVE request: hs-tls: Basic constraints vulnerability Florian Weimer
CVE request -- qxl: synchronous io guest DoS Petr Matousek
Re: CVE request -- qxl: synchronous io guest DoS Kurt Seifried
Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Kurt Seifried
Re: CVE request: hs-tls: Basic constraints vulnerability Kurt Seifried

Thursday, 31 January

Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Brian Martin
Wireshark before 1.8.5 (etc.) wnpa-sec-2013-01 through wnpa-sec-2013-09 cve-assign
jQuery 1.6.2 XSS CVE assignment Kurt Seifried
Re: CVE Kurt Seifried

Friday, 01 February

CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used Jan Lieskovsky
Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Fabio M. Di Nitto
Re: Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Kurt Seifried
Re: Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Kurt Seifried

Saturday, 02 February

A small backlog of vulnerabilities in Chicken Scheme Peter Bex
Re: A small backlog of vulnerabilities in Chicken Scheme Henri Salo

Sunday, 03 February

CVE id request: latd Nico Golde

Monday, 04 February

CVE id request: boost Michael Gilbert
Re: CVE id request: boost Kurt Seifried
Re: CVE id request: latd Kurt Seifried
CVE request for Drupal contributed modules Forest Monsen

Tuesday, 05 February

Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE id request: latd Ignatios Souvatzis
Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex
CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Marcus Meissner
[CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Jan Lieskovsky
[OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247) Thierry Carrez
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen
Re: [CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Simon McVittie
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Shawn
CVE Request: imview Sang Kil Cha
Re: CVE Request: imview Kurt Seifried
Re: CVE Request: imview Sang Kil Cha
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign

Wednesday, 06 February

Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign
CVE request: Insecure default log file path in xNBD Sebastian Pipping
Re: CVE Request: imview Kurt Seifried
Re: CVE Request: imview Sang Kil Cha
CVE id request: openssh? Nico Golde
e1000e/82574L hardware erratum Florian Weimer
Potential Query Manipulation with Common Rails Practises Michael Koziarski

Thursday, 07 February

Re: e1000e/82574L hardware erratum Kurt Seifried
Re: Potential Query Manipulation with Common Rails Practises Kurt Seifried
Re: CVE id request: openssh? Kurt Seifried
Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried
Re: CVE request: Insecure default log file path in xNBD Kurt Seifried
CVE-2013-0256 RDoc 2.3.0 through 3.12 XSS Exploit Eric Hodel
Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex
Re: CVE Request: imview gremlin
CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Petr Matousek
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Hanno Böck
CVE request: XSS in roundcube before 0.8.5 Hanno Böck
Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Kurt Seifried
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Kurt Seifried
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign

Friday, 08 February

Re: CVE request: XSS in roundcube before 0.8.5 Kurt Seifried
Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried
CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal. James Tucker
CVE-2013-0263: Rack all versions, Timing attack in cookie sessions James Tucker
CVE request: XSS flaws fixed in ganglia Vincent Danen
Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried

Saturday, 09 February

Wordpress Pinboard theme XSS Henrique Montenegro

Sunday, 10 February

CVE request: piwigo XSS in password.php Kurt Seifried
CVE request: Transmission can be made to crash remotely Yves-Alexis Perez

Monday, 11 February

Re: CVE request: piwigo XSS in password.php Kurt Seifried
Re: CVE request: piwigo XSS in password.php Henri Salo
CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Henri Salo
Re: CVE request: Transmission can be made to crash remotely Jan Lieskovsky
Circumvention of attr_protected [CVE-2013-0276] Aaron Patterson
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] Aaron Patterson
Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] Aaron Patterson
Patch update for [CVE-2013-0269] Aaron Patterson
CVE request: openconnect buffer overflow Florian Weimer

Tuesday, 12 February

CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky
[Ignore not a security flaw] Re: [oss-security] CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky
Re: e1000e/82574L hardware erratum cve-assign
Re: Re: e1000e/82574L hardware erratum Eitan Adler
Re: Re: e1000e/82574L hardware erratum Florian Weimer
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried
Re: CVE request: openconnect buffer overflow Kurt Seifried

Wednesday, 13 February

Re: CVE request: Transmission can be made to crash remotely Kurt Seifried
Re: CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Kurt Seifried
Re: CVE request: piwigo XSS in password.php Kurt Seifried
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) David Jorm
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried
Re: Potential HTTP Header Injection in Apache HTTPClient Kurt Seifried
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried
Re: Wordpress Pinboard theme XSS Kurt Seifried
Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. Xen . org security team
RE: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Christey, Steven M.

Thursday, 14 February

Some rubygems related CVEs Kurt Seifried
Re: Some rubygems related CVEs Reed Loden
Re: Some rubygems related CVEs Kurt Seifried
Re: Wordpress Pinboard theme XSS Kurt Seifried
CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Henrique Montenegro
[FYI / CVE assignment notification] CVE-2013-0281 pacemaker: Denial of service when remote CIB management enabled due to use of no-timeout blocking socket to wait for the arrival of the authentication credentials Jan Lieskovsky
CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Mathias Krause

Friday, 15 February

Re: Potential HTTP Header Injection in Apache HTTPClient David Jorm
Re: CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Kurt Seifried
Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Kurt Seifried
CVE# request: pigz creates temp file with insecure permissions Michael Tokarev
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team
CVE request: unauthorized SSL certificates by Türktrust discovered Agostino Sarubbo
Re: CVE# request: pigz creates temp file with insecure permissions Matthias Weckbecker
Re: CVE request: unauthorized SSL certificates by Türktrust discovered Tomas Hoger
CVE request: python-pyrad insecurities Vincent Danen
CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1 Simon McVittie
Re: (linux-)distros membership changes Miklos Vajna
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried
Re: CVE request: python-pyrad insecurities Kurt Seifried
Re: (linux-)distros membership changes Solar Designer
RE: CVE request: python-pyrad insecurities Christey, Steven M.
Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes
Re: (linux-)distros membership changes Jeremy Stanley
Re: CVE# request: pigz creates temp file with insecure permissions Steven M. Christey
Re: CVE request: python-pyrad insecurities Vincent Danen

Saturday, 16 February

Re: CVE# request: pigz creates temp file with insecure permissions Michael Tokarev
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried
Re: CVE request: python-pyrad insecurities Kurt Seifried
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer

Monday, 18 February

Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried
CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow Jan Lieskovsky

Tuesday, 19 February

CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso
[OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) Thierry Carrez
[OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282) Thierry Carrez
REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 Kurt Seifried
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer

Wednesday, 20 February

CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Petr Matousek
CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Petr Matousek
CVE request -- Linux kernel: vhost: fix length for cross region descriptor Petr Matousek
Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Kurt Seifried
Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Kurt Seifried
Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor Kurt Seifried
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH
isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Oswald Buddenhagen
Handling CVEs for the XML entity expansion issues Kurt Seifried
RE: Handling CVEs for the XML entity expansion issues Christey, Steven M.
Re: isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Vincent Danen
Re: RE: Handling CVEs for the XML entity expansion issues Tim
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried
CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw Kurt Seifried
Re: RE: Handling CVEs for the XML entity expansion issues Tim
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried
Re: RE: Handling CVEs for the XML entity expansion issues Tim

Thursday, 21 February

Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried
RE: RE: Handling CVEs for the XML entity expansion issues Christey, Steven M.
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried
CVE request for Drupal Core and contributed modules Forest Monsen
Re: CVE request for Drupal Core and contributed modules Kurt Seifried
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried
Re: CVE request: zoneminder: local file inclusion vulnerability Kurt Seifried
Re: CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert
Re: CVE request: XSS flaws fixed in ganglia Salvatore Bonaccorso
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert
Re: RE: Handling CVEs for the XML entity expansion issues Tim Brown
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team
nginx world-readable logdir Agostino Sarubbo
Re: nginx world-readable logdir Henri Salo
ownCloud Security Advisories (2013-003, 2013-004, 2013-005, 2013-006, 2013-007) Lukas Reschke
CVE request: nginx world-readable logdir Henri Salo
Two more ZoneMinder that need CVE security curmudgeon
Re: CVE request: nginx world-readable logdir Kurt Seifried
Re: Two more ZoneMinder that need CVE Kurt Seifried
RE: Two more ZoneMinder that need CVE Christey, Steven M.
Re: Two more ZoneMinder that need CVE Kurt Seifried
CVE Guidance for Libraries and Resource-Consumption DoS Steven M. Christey
Re: CVE request: nginx world-readable logdir Anders Petersson
Re: CVE request: nginx world-readable logdir Anders Petersson
Re: CVE request: python-pyrad insecurities Vincent Danen

Friday, 22 February

Re: CVE request: nginx world-readable logdir Kurt Seifried
Re: CVE request: python-pyrad insecurities Kurt Seifried
CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried
CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement Kurt Seifried
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried
Re: nginx world-readable logdir gremlin
Re: nginx world-readable logdir Kurt Seifried
Re: nginx world-readable logdir gremlin
Re: nginx world-readable logdir Kurt Seifried
Re: nginx world-readable logdir Henri Salo
CVE request: Linux kernel: Bluetooth HIDP information disclosure P J P
Re: nginx world-readable logdir gremlin
CVE request: varnish world-readable logdir Agostino Sarubbo
Cve request: tomcat world-readable logdir Agostino Sarubbo
CVE request: webfs world-readable log Agostino Sarubbo
Re: CVE request: webfs world-readable log Agostino Sarubbo
CVE request: sthttpd world-redable logdir Agostino Sarubbo
Re: CVEs for libxml2 and expat internal and external XML entity expansion Florian Weimer
Re: CVEs for libxml2 and expat internal and external XML entity expansion Jakub Wilk
Re: CVEs for libxml2 and expat internal and external XML entity expansion Tim

Saturday, 23 February

Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried
Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried
Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure Kurt Seifried
Re: CVE request: varnish world-readable logdir Kurt Seifried
Re: Cve request: tomcat world-readable logdir Kurt Seifried
Re: Re: CVE request: webfs world-readable log Kurt Seifried
Re: CVE request: sthttpd world-redable logdir Kurt Seifried
CVE-2013-0350 for pktstat: writes content from TCP streams to public readable file /tmp/smtp.log Kurt Seifried
CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Marcus Meissner

Sunday, 24 February

nginx CVE-2013-0337 world-readable logs gremlin
CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Petr Matousek
CVE request: skunkweb world-readable logdir Agostino Sarubbo
CVE request: monkeyd world-readable logdir Agostino Sarubbo
Re: nginx CVE-2013-0337 world-readable logs Kurt Seifried
CVE request: WordPress plugin smart-flv jwplayer.swf XSS Henri Salo

Monday, 25 February

Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Marcus Meissner
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause
fusionforge CVE-2013-1423 multiple privilege escalations Helmut Grohne
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg
kernel: tmpfs use-after-free Jason A. Donenfeld
CVE request: libvirt kvm-group writable storage Bastian Blank
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer
Re: CVE request: skunkweb world-readable logdir Kurt Seifried
Re: CVE request: monkeyd world-readable logdir Kurt Seifried
Re: CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Kurt Seifried
Re: CVE request: WordPress plugin smart-flv jwplayer.swf XSS Kurt Seifried
Re: CVE request: libvirt kvm-group writable storage Kurt Seifried
Re: kernel: tmpfs use-after-free Kurt Seifried
Re: kernel: tmpfs use-after-free Solar Designer

Tuesday, 26 February

Re: CVE request: monkeyd world-readable logdir Agostino Sarubbo
Re: CVE request: monkeyd world-readable logdir Moritz Muehlenhoff
CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Petr Matousek
Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez sd
CVE request - Linux kernel: VFAT slab-based buffer overflow Joshua J. Drake
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
[OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) Russell Bryant
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried
Re: CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Kurt Seifried
Re: CVE request: monkeyd world-readable logdir Kurt Seifried
Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Henri Salo
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez
CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo
Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo

Wednesday, 27 February

Re: CVE request: psi+ stores the cache file as world-readable gremlin
Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Michael Gilbert
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried
Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez
Re: CVE request: psi+ stores the cache file as world-readable gremlin
Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo
CVE Request: poppler 0.22.1 security fixes Marcus Meissner
CVE request: Linux kernel: USB: io_ti: NULL pointer dereference P J P
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Solar Designer
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji
CVE request: sudo authentication bypass when clock is reset Todd C. Miller
CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference Kurt Seifried
Re: CVE request: sudo authentication bypass when clock is reset Kurt Seifried
Re: CVE request: potential bypass of sudo tty_tickets constraints Kurt Seifried
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE# request: pigz creates temp file with insecure permissions Jim Mellander
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
CVE Request for Drupal Contributed Modules Forest Monsen
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH

Thursday, 28 February

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Kurt Seifried
Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried
Re: CVE Request: poppler 0.22.1 security fixes Salvatore Bonaccorso
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez
Re: CVE Request: poppler 0.22.1 security fixes Yves-Alexis Perez
Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina
Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC Sergei Golubchik
Re: CVE request: sudo authentication bypass when clock is reset Todd C. Miller
Re: CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller
CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell Petr Matousek

Friday, 01 March

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Eugene Teo
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried
CVE id request: busybox Nico Golde
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez
CVE request: ruby-openid XML denial of service attack Marcus Meissner
CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner
CVE Request: rubygem passenger security issue Marcus Meissner
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Salvatore Bonaccorso
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Salvatore Bonaccorso
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried
CVE Request: Gambas Directory hijack vulnerability Salvatore Bonaccorso

Saturday, 02 March

Re: CVE Request: rubygem passenger security issue Kurt Seifried
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried

Sunday, 03 March

CVE request: PHP-Fusion waraxe-2013-SA#097 Henri Salo
Re: CVE request: PHP-Fusion waraxe-2013-SA#097 Kurt Seifried
Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf Kurt Seifried
Re: CVE Request: Gambas Directory hijack vulnerability Kurt Seifried
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Kurt Seifried
Re: CVE request: ruby-openid XML denial of service attack Kurt Seifried
Re: CVE id request: busybox Kurt Seifried
Re: CVE id request: busybox gremlin
Re: CVE id request: busybox Michael Tokarev
Re: CVE id request: busybox Piotr Karbowski
Re: CVE id request: busybox Michael Tokarev
Re: CVE id request: busybox Kurt Seifried
Re: CVE id request: busybox Michael Gilbert

Monday, 04 March

handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH
Re: CVE id request: busybox Kurt Seifried
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Michael Gilbert
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH
CVE-2013-1769: remotely-triggered NULL pointer dereference in telepathy-gabble Will Thompson
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Damien Regad
Reverse lookup issue in Net::Server Remi Gacogne
Re: Reverse lookup issue in Net::Server Russ Allbery
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe

Tuesday, 05 March

Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH
Re: handling of Linux kernel vulnerabilities Kurt Seifried
Re: handling of Linux kernel vulnerabilities Solar Designer
CVE's for MediaWiki 1.20.2 / 1.19.2 Kurt Seifried
Re: handling of Linux kernel vulnerabilities Andreas Ericsson
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe
Re: CVE id request: busybox Thomas Biege
Re: CVE id request: busybox Thomas Biege
CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference P J P
Re: CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference Kurt Seifried
Re: CVE id request: busybox Raphael Geissert
Re: CVE id request: busybox Kurt Seifried
CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause
Re: handling of Linux kernel vulnerabilities Noel Butler
Re: handling of Linux kernel vulnerabilities Solar Designer

Wednesday, 06 March

Re: handling of Linux kernel vulnerabilities Alton Moore
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause
Re: CVE id request: busybox Raphael Geissert
CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Kurt Seifried

Thursday, 07 March

CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() P J P
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried
Re: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] jordi gemsstatus
RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M.
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer

Friday, 08 March

CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Kurt Seifried
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried
CVE abstraction choices and the Linux kernel Steven M. Christey
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege

Saturday, 09 March

CVE Request: typo3 sql injection and open redirection Marcus Meissner

Sunday, 10 March

Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Adam Zabrocki
WordPress plugins vulnerable to CVE-2013-1808 Henri Salo
CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability Henri Salo
CVE request: XSS in piwik 1.11 Hanno Böck

Monday, 11 March

CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo
Re: CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) U.Nakamura
*.nist.gov websites gone forever? Kurt Seifried
CVE Request: MD5 used for Download verification Donald Stufft
Re: CVE Request: MD5 used for Download verification Jeremy Stanley
CVE-2013-0913 Linux kernel i915 integer overflow Kees Cook
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried
CVE-2013-0914 Linux kernel sa_restorer information leak Kees Cook
RE: *.nist.gov websites gone forever? Christey, Steven M.

Tuesday, 12 March

Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Kurt Seifried
Re: Reverse lookup issue in Net::Server Kurt Seifried
Re: CVE Request: typo3 sql injection and open redirection Kurt Seifried
Re: CVE request: XSS in piwik 1.11 Kurt Seifried
CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Christey, Steven M.
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Tim
CVE request: almanah does not encrypt its database Vincent Danen

Wednesday, 13 March

Re: CVE request: almanah does not encrypt its database Kurt Seifried
Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Tim Brown
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Eduardo Tongson
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Pavel Labushev
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Mike O'Connor
CLONE_NEWUSER|CLONE_FS root exploit Sebastian Krahmer
Re: CVE-2013-0913 Linux kernel i915 integer overflow Alexander E. Patrakov
Re: CLONE_NEWUSER|CLONE_FS root exploit Kees Cook
Re: Reverse lookup issue in Net::Server Steven M. Christey
Re: Reverse lookup issue in Net::Server Salvatore Bonaccorso
Temporary Notifications of New CVE Entries During NVD Outage Steven M. Christey

Thursday, 14 March

Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo
Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo
Re: Reverse lookup issue in Net::Server Kurt Seifried
Re: CLONE_NEWUSER|CLONE_FS root exploit Greg KH
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Kurt Seifried
Re: CLONE_NEWUSER|CLONE_FS root exploit Kurt Seifried
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin
ownCloud Security Advisories (2013-008, 2013-009, 2013-010) Lukas Reschke
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Kurt Seifried
Re: CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo
CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Marcus Meissner
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Eugene Teo
US national vulnerability database hacked Henri Salo
[OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840) Thierry Carrez
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Petr Matousek
RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Christey, Steven M.
[OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) Thierry Carrez
Re: CVE abstraction choices and the Linux kernel Petr Matousek
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs cve-assign
Re: CVE-2013-0913 Linux kernel i915 integer overflow Xin Li
CVE request for a Drupal contributed module Forest Monsen

Friday, 15 March

Re: CVE abstraction choices and the Linux kernel Michael Gilbert
Re: CVE request for a Drupal contributed module Kurt Seifried
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried
CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld Kurt Seifried
Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Jan Lieskovsky
CVE request: billion laughs flaw in ptlib Vincent Danen
Re: CVE request: billion laughs flaw in ptlib Kurt Seifried

Saturday, 16 March

Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer

Sunday, 17 March

CVE Request: VLC Buffer overflows Sean Amoss

Monday, 18 March

Re: CLONE_NEWUSER|CLONE_FS root exploit Agostino Sarubbo
[CVE-2013-1854] Symbol DoS vulnerability in Active Record Aaron Patterson
[CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack Aaron Patterson
[CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users Aaron Patterson
[CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails Aaron Patterson

Tuesday, 19 March

Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Solar Designer
Ruby CVEs Kurt Seifried
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried
Re: CVE Request: VLC Buffer overflows Kurt Seifried
Re: Ruby CVEs Henri Salo
Re: Ruby CVEs Kurt Seifried
Remote command execution in Ruby Gem Command Wrap larry Cashdollar
Fwd: CVE requests larry Cashdollar
Fwd: CVE requests larry Cashdollar
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Gynvael Coldwind
Untrusted startup file inclusion in Chicken Scheme Peter Bex
Linux kernel: net - three info leaks in rtnl Mathias Krause

Wednesday, 20 March

Re: Linux kernel: net - three info leaks in rtnl Kurt Seifried
Re: Untrusted startup file inclusion in Chicken Scheme Kurt Seifried
Re: Ruby CVEs Kurt Seifried
Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried
Re: Ruby CVEs Henri Salo
Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert
CVE-2013-1848 -- Linux kernel: ext3: format string issues Petr Matousek
linux kernel: kvm: CVE-2013-179[6..8] Petr Matousek
RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M.
CVE Request: python-pip insecure temporary directory handling David Black
CVE-2013-0287: sssd simple access provider flaw prevents intended ACL use when client to an AD provider Vincent Danen
[OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865) Thierry Carrez
RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M.

Thursday, 21 March

Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar
Re: Ruby CVEs Solar Designer
CVE request: MantisBT text search query can crash site Damien Regad
CVE-2012-5662 x3270 improper validation of SSL certificates Stefan Cornelius
RE: Ruby CVEs Christey, Steven M.
Re: Ruby CVEs Henri Salo

Friday, 22 March

Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried
Re: CVE request: MantisBT text search query can crash site Kurt Seifried
Re: CVE Request: python-pip insecure temporary directory handling David Black
CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky
CVE request: mod_ruid2 before 0.9.8 John Lightsey
CVE request for "Views" (Drupal contributed module) Forest Monsen
Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Kurt Seifried
Re: CVE request for "Views" (Drupal contributed module) Kurt Seifried
Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried
Re: CVE request: mod_ruid2 before 0.9.8 John Lightsey

Saturday, 23 March

Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried
CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Henri Salo
Re: CVE request for "Views" (Drupal contributed module) Forest Monsen

Sunday, 24 March

Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Kurt Seifried

Monday, 25 March

XSS vulnerabilities in ZeroClipboard and multiple web applications MustLive
Moodle security notifications public Michael de Raadt
Re: XSS vulnerabilities in ZeroClipboard and multiple web applications Henri Salo
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky
Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff
Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff
CVE Request: Mongo DB Marcus Meissner
CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Agostino Sarubbo
Re: CVE Request: Mongo DB Kurt Seifried
Re: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Kurt Seifried
CVE request: ibutils improper use of files in /tmp Vincent Danen
Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar

Tuesday, 26 March

Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried
CVE-2013-1895 py-bcrypt 0.2 concurrency vulnerability (auth bypass) Kurt Seifried
Ruby gem Thumbshooter 0.1.5 remote code execution larry Cashdollar
Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar
Re: CVE request: ibutils improper use of files in /tmp Vincent Danen
Re: CVE request: ibutils improper use of files in /tmp Vincent Danen
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried
CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Henri Salo
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried
Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo

Wednesday, 27 March

Re: Ruby gem Thumbshooter 0.1.5 remote code execution Kurt Seifried
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar
Denial of service in 389-ds and FreeIPA (CVE-2013-0336) Vincent Danen
CVE Request -- yum: Not removing bad metadata and using it in next run Jan Lieskovsky
Security vulnerability tools Corey Bryant
Re: [kernel-hardening] Security vulnerability tools Tim Brown
Re: Security vulnerability tools Solar Designer
Re: Security vulnerability tools Russ Allbery
Re: [kernel-hardening] Re: Security vulnerability tools Corey Bryant
Re: Security vulnerability tools Corey Bryant
Re: Re: [kernel-hardening] Security vulnerability tools Corey Bryant

Thursday, 28 March

Re: Security vulnerability tools Murray McAllister
Re: Security vulnerability tools Solar Designer
Re: Security vulnerability tools Andreas Ericsson
CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Jan Lieskovsky
RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M.
Re: Re: [kernel-hardening] Security vulnerability tools Tim Brown
Re: Re: [kernel-hardening] Security vulnerability tools Steve Grubb
Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Kurt Seifried
CVE Request for Drupal contrib modules Forest Monsen

Friday, 29 March

Re: CVE Request for Drupal contrib modules Kurt Seifried
Re: Security vulnerability tools Corey Bryant
Re: Re: Security vulnerability tools Raphael Geissert
Re: CVE Request -- yum: Not removing bad metadata and using it in next run Kurt Seifried
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]