777 messages starting Jan 01 13 and ending Mar 29 13 Date index | Thread index | Author index
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried
Re: CVE request: Curl insecure usage Moritz Muehlenhoff Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Henri Salo SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Aaron Patterson
Re: CVE request: Curl insecure usage Kurt Seifried Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Jan Lieskovsky nginx http proxy module does not verify peer identity of https origin server Daniel Kahn Gillmor Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Jan Lieskovsky Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Kurt Seifried Re: nginx http proxy module does not verify peer identity of https origin server Kurt Seifried Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Kurt Seifried Re: CVE request (maybe): magento before 1.7.0.2 Kurt Seifried Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) cve-assign
CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Jan Lieskovsky Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) Xen . org security team CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Jan Lieskovsky Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Panu Matilainen Re: CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Kurt Seifried Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Kurt Seifried Re: Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold
CVE request: mount/umount leak information about existence of folders Henri Salo CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Henri Salo Re: CVE request: mount/umount leak information about existence of folders Kurt Seifried
CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Jan Lieskovsky CVE Request: Jenkins possible remote code execution Salvatore Bonaccorso Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Kurt Seifried Re: CVE Request: Jenkins possible remote code execution Kurt Seifried /dev/ptmx timing vladz
Re: /dev/ptmx timing adam swanda Re: /dev/ptmx timing Dmitry V. Levin Re: /dev/ptmx timing Kurt Seifried Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Kurt Seifried Re: /dev/ptmx timing Vasily Kulikov CVE Request: cronie fd leak Sebastian Krahmer CVE Request: nagios Stack based buffer overflow in web interface Sebastian Krahmer Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan Re: CVE Request: nagios Stack based buffer overflow in web interface Kurt Seifried Re: CVE Request: cronie fd leak Kurt Seifried Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) Aaron Patterson Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) Aaron Patterson Quick note on mfsa2013-04 / CVE-2012-0759 / CVE-2013-0759 Kurt Seifried
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan Re: CVE Request: cronie fd leak Vincent Danen Re: CVE Request: cronie fd leak Sebastian Krahmer Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team Re: CVE Request: cronie fd leak Vincent Danen
Notification: Samba: NTML with session security handshake attack Jan Lieskovsky Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen Re: CVE request: opus codec before 1.0.2 Hanno Böck Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Steven M. Christey
CVE-2013-0422 assigned to today's Oracle Java 0-day Steven M. Christey CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden Potential HTTP Header Injection in Apache HTTPClient chevalier 3as CVE Request -- Axis2/c Seth Arnold gnome-keyring does not discard stored secrets in some cases Florian Weimer Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried Re: CVE Request -- Axis2/c Kurt Seifried Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team CVE request for Drupal contributed modules Forest Monsen Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) cve-assign Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen
DoS vulnerability in the BIND resolver (and potentially others) Florian Weimer Re: DoS vulnerability in the BIND resolver (and potentially others) Kurt Seifried
Re: DoS vulnerability in the BIND resolver (and potentially others) Solar Designer Re: Plug-and-wipe and Secure Boot semantics Florian Weimer CVE Request -- redis: Two insecure temporary file use flaws Jan Lieskovsky CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried
CVE request: 3 DoS conditions in Rake Vincent Danen Re: CVE request for Drupal contributed modules Forest Monsen Re: CVE request for Drupal contributed modules Kurt Seifried Re: CVE request: 3 DoS conditions in Rake Kurt Seifried CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso Re: CVE request: Curl insecure usage Moritz Muehlenhoff pam-pgsql NULL password handling issue Florian Weimer Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer
Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried Re: pam-pgsql NULL password handling issue Kurt Seifried Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso Re: Linux kernel handling of IPv6 temporary addresses P J P Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Andrew Cooper Re: Linux kernel handling of IPv6 temporary addresses P J P Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Xen . org security team Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis Re: pam-pgsql NULL password handling issue Kurt Seifried Re: Linux kernel handling of IPv6 temporary addresses P J P Re: Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Michael Tokarev bcron: cron jobs get access to the temporary output files from all other jobs that are still running Salvatore Bonaccorso
Re: bcron: cron jobs get access to the temporary output files from all other jobs that are still running Kurt Seifried Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried Request for CVE Identifiers Kurt Seifried CVE request: piwik before 1.10 Hanno Böck Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor Re: Linux kernel handling of IPv6 temporary addresses P J P Xen Security Advisory 27 (CVE-2012-5511,CVE-2012-6333) - several HVM operations do not validate the range of their inputs Xen . org security team Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team Re: Linux kernel handling of IPv6 temporary addresses P J P CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Jan Lieskovsky Re: CVE request: piwik before 1.10 Kurt Seifried
CVE request: MantisBT before 1.2.13 match_type XSS vulnerability David Hicks CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky Re: CVE request: mantis before 1.2.12 Damien Regad Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky CVE Request: PHP openssl_encrypt memory disclosure Marc Deslauriers Re: CVE Request: PHP openssl_encrypt memory disclosure Kurt Seifried Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Kurt Seifried Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Kurt Seifried Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Greg Knaddison CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability David Hicks
CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes David Hicks
CVE request: hs-tls: Basic constraints vulnerability Salvatore Bonaccorso Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique ffmpeg/libav CVE dupe Moritz Muehlenhoff
Moodle security notifications public Michael de Raadt CVE request for Drupal contributed modules Forest Monsen Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Forest Monsen Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried Re: CVE request for Drupal contributed modules Kurt Seifried Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Damien Regad Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger Re: Linux kernel handling of IPv6 temporary addresses P J P Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro CVE Request coreutils Sebastian Krahmer Re: CVE Request coreutils Michael Tokarev Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried Re: CVE Request coreutils Kurt Seifried Re: CVE Request coreutils Moritz Muehlenhoff Re: CVE Request coreutils Vincent Danen CVE request for Movable Type Yves-Alexis Perez Whats worth a CVE? Scott Herbert Re: Whats worth a CVE? Eitan Adler
Re: Whats worth a CVE? Kurt Seifried Re: CVE Request coreutils Kurt Seifried Re: CVE request for Movable Type Kurt Seifried Re: CVE Request coreutils Sebastian Krahmer Re: CVE Request coreutils Matthias Weckbecker Re: CVE Request coreutils Florian Weimer Re: CVE Request coreutils Sebastian Krahmer predictable /tmp filename in git-extras Helmut Grohne Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash Xen . org security team Re: CVE Request coreutils Vincent Danen ownCloud Security Advisories - 2013-001 & 2013-002 Lukas Reschke Re: [Xen-devel] Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest M A Young
CVE ID Syntax Change - Call for Public Feedback cve-id-change Re: CVE request for Movable Type cve-assign Re: CVE Request coreutils Sebastian Krahmer Re: CVE Request coreutils Florian Weimer Re: predictable /tmp filename in git-extras Kurt Seifried Re: CVE Request coreutils Kurt Seifried [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Jan Lieskovsky Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team
Re: CVE Request coreutils Vincent Danen Re: CVE ID Syntax Change - Call for Public Feedback Florian Weimer CVE request for Drupal contributed modules Forest Monsen
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Kurt Seifried Re: CVE request for Drupal contributed modules Kurt Seifried Re: CVE request for Drupal contributed modules Kurt Seifried Re: CVE request for Drupal contributed modules Kurt Seifried Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Steve Grubb CVE Request: zoneminder: arbitrary command execution vulnerability Salvatore Bonaccorso CVE request: WordPress 3.5.1 Maintenance and Security Release Henri Salo
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Andrew Nacin
CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Henri Salo Re: CVE Request: zoneminder: arbitrary command execution vulnerability Kurt Seifried Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 Michael Koziarski
CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Moritz Naumann CVE request for 'devise' ruby gem Reed Loden Re: CVE request for 'devise' ruby gem Kurt Seifried Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Kurt Seifried Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Willy Tarreau Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Kurt Seifried Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Henri Salo [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208) Thierry Carrez [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) Thierry Carrez Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Kurt Seifried
CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Jan Lieskovsky Re: CVE request: hs-tls: Basic constraints vulnerability Florian Weimer CVE request -- qxl: synchronous io guest DoS Petr Matousek Re: CVE request -- qxl: synchronous io guest DoS Kurt Seifried Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Kurt Seifried Re: CVE request: hs-tls: Basic constraints vulnerability Kurt Seifried
Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Brian Martin Wireshark before 1.8.5 (etc.) wnpa-sec-2013-01 through wnpa-sec-2013-09 cve-assign jQuery 1.6.2 XSS CVE assignment Kurt Seifried Re: CVE Kurt Seifried
CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used Jan Lieskovsky Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Fabio M. Di Nitto Re: Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Kurt Seifried Re: Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Kurt Seifried
A small backlog of vulnerabilities in Chicken Scheme Peter Bex Re: A small backlog of vulnerabilities in Chicken Scheme Henri Salo
CVE id request: latd Nico Golde
CVE id request: boost Michael Gilbert Re: CVE id request: boost Kurt Seifried Re: CVE id request: latd Kurt Seifried CVE request for Drupal contributed modules Forest Monsen
Re: CVE request for Drupal contributed modules Kurt Seifried Re: CVE id request: latd Ignatios Souvatzis Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Marcus Meissner [CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Jan Lieskovsky [OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247) Thierry Carrez Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen Re: [CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Simon McVittie Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Shawn CVE Request: imview Sang Kil Cha Re: CVE Request: imview Kurt Seifried Re: CVE Request: imview Sang Kil Cha Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign CVE request: Insecure default log file path in xNBD Sebastian Pipping Re: CVE Request: imview Kurt Seifried Re: CVE Request: imview Sang Kil Cha CVE id request: openssh? Nico Golde e1000e/82574L hardware erratum Florian Weimer Potential Query Manipulation with Common Rails Practises Michael Koziarski
Re: e1000e/82574L hardware erratum Kurt Seifried Re: Potential Query Manipulation with Common Rails Practises Kurt Seifried Re: CVE id request: openssh? Kurt Seifried Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried Re: CVE request: Insecure default log file path in xNBD Kurt Seifried CVE-2013-0256 RDoc 2.3.0 through 3.12 XSS Exploit Eric Hodel Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex Re: CVE Request: imview gremlin CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Petr Matousek Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Hanno Böck CVE request: XSS in roundcube before 0.8.5 Hanno Böck Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Kurt Seifried Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Kurt Seifried Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign
Re: CVE request: XSS in roundcube before 0.8.5 Kurt Seifried Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal. James Tucker CVE-2013-0263: Rack all versions, Timing attack in cookie sessions James Tucker CVE request: XSS flaws fixed in ganglia Vincent Danen Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried
Wordpress Pinboard theme XSS Henrique Montenegro
CVE request: piwigo XSS in password.php Kurt Seifried CVE request: Transmission can be made to crash remotely Yves-Alexis Perez
Re: CVE request: piwigo XSS in password.php Kurt Seifried Re: CVE request: piwigo XSS in password.php Henri Salo CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Henri Salo Re: CVE request: Transmission can be made to crash remotely Jan Lieskovsky Circumvention of attr_protected [CVE-2013-0276] Aaron Patterson Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] Aaron Patterson Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] Aaron Patterson Patch update for [CVE-2013-0269] Aaron Patterson CVE request: openconnect buffer overflow Florian Weimer
CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky [Ignore not a security flaw] Re: [oss-security] CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky Re: e1000e/82574L hardware erratum cve-assign Re: Re: e1000e/82574L hardware erratum Eitan Adler Re: Re: e1000e/82574L hardware erratum Florian Weimer Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried Re: CVE request: openconnect buffer overflow Kurt Seifried
Re: CVE request: Transmission can be made to crash remotely Kurt Seifried Re: CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Kurt Seifried Re: CVE request: piwigo XSS in password.php Kurt Seifried Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) David Jorm Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried Re: Potential HTTP Header Injection in Apache HTTPClient Kurt Seifried Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried Re: Wordpress Pinboard theme XSS Kurt Seifried Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. Xen . org security team RE: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Christey, Steven M.
Some rubygems related CVEs Kurt Seifried Re: Some rubygems related CVEs Reed Loden Re: Some rubygems related CVEs Kurt Seifried Re: Wordpress Pinboard theme XSS Kurt Seifried CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Henrique Montenegro [FYI / CVE assignment notification] CVE-2013-0281 pacemaker: Denial of service when remote CIB management enabled due to use of no-timeout blocking socket to wait for the arrival of the authentication credentials Jan Lieskovsky CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Mathias Krause
Re: Potential HTTP Header Injection in Apache HTTPClient David Jorm Re: CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Kurt Seifried Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Kurt Seifried CVE# request: pigz creates temp file with insecure permissions Michael Tokarev Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team CVE request: unauthorized SSL certificates by Türktrust discovered Agostino Sarubbo Re: CVE# request: pigz creates temp file with insecure permissions Matthias Weckbecker Re: CVE request: unauthorized SSL certificates by Türktrust discovered Tomas Hoger CVE request: python-pyrad insecurities Vincent Danen CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1 Simon McVittie Re: (linux-)distros membership changes Miklos Vajna Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried Re: CVE request: python-pyrad insecurities Kurt Seifried Re: (linux-)distros membership changes Solar Designer RE: CVE request: python-pyrad insecurities Christey, Steven M. Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes Re: (linux-)distros membership changes Jeremy Stanley Re: CVE# request: pigz creates temp file with insecure permissions Steven M. Christey Re: CVE request: python-pyrad insecurities Vincent Danen
Re: CVE# request: pigz creates temp file with insecure permissions Michael Tokarev Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried Re: CVE request: python-pyrad insecurities Kurt Seifried Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer
Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow Jan Lieskovsky
CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) Thierry Carrez [OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282) Thierry Carrez REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 Kurt Seifried Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer
CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Petr Matousek CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Petr Matousek CVE request -- Linux kernel: vhost: fix length for cross region descriptor Petr Matousek Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Kurt Seifried Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Kurt Seifried Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor Kurt Seifried Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Oswald Buddenhagen Handling CVEs for the XML entity expansion issues Kurt Seifried RE: Handling CVEs for the XML entity expansion issues Christey, Steven M. Re: isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Vincent Danen Re: RE: Handling CVEs for the XML entity expansion issues Tim Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw Kurt Seifried Re: RE: Handling CVEs for the XML entity expansion issues Tim Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried Re: RE: Handling CVEs for the XML entity expansion issues Tim
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried RE: RE: Handling CVEs for the XML entity expansion issues Christey, Steven M. Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried CVE request for Drupal Core and contributed modules Forest Monsen Re: CVE request for Drupal Core and contributed modules Kurt Seifried Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried Re: CVE request: zoneminder: local file inclusion vulnerability Kurt Seifried Re: CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert Re: CVE request: XSS flaws fixed in ganglia Salvatore Bonaccorso Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert Re: RE: Handling CVEs for the XML entity expansion issues Tim Brown Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team nginx world-readable logdir Agostino Sarubbo Re: nginx world-readable logdir Henri Salo ownCloud Security Advisories (2013-003, 2013-004, 2013-005, 2013-006, 2013-007) Lukas Reschke CVE request: nginx world-readable logdir Henri Salo Two more ZoneMinder that need CVE security curmudgeon Re: CVE request: nginx world-readable logdir Kurt Seifried Re: Two more ZoneMinder that need CVE Kurt Seifried RE: Two more ZoneMinder that need CVE Christey, Steven M. Re: Two more ZoneMinder that need CVE Kurt Seifried CVE Guidance for Libraries and Resource-Consumption DoS Steven M. Christey Re: CVE request: nginx world-readable logdir Anders Petersson Re: CVE request: nginx world-readable logdir Anders Petersson Re: CVE request: python-pyrad insecurities Vincent Danen
Re: CVE request: nginx world-readable logdir Kurt Seifried Re: CVE request: python-pyrad insecurities Kurt Seifried CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement Kurt Seifried Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried Re: nginx world-readable logdir gremlin Re: nginx world-readable logdir Kurt Seifried Re: nginx world-readable logdir gremlin Re: nginx world-readable logdir Kurt Seifried Re: nginx world-readable logdir Henri Salo CVE request: Linux kernel: Bluetooth HIDP information disclosure P J P Re: nginx world-readable logdir gremlin CVE request: varnish world-readable logdir Agostino Sarubbo Cve request: tomcat world-readable logdir Agostino Sarubbo CVE request: webfs world-readable log Agostino Sarubbo Re: CVE request: webfs world-readable log Agostino Sarubbo CVE request: sthttpd world-redable logdir Agostino Sarubbo Re: CVEs for libxml2 and expat internal and external XML entity expansion Florian Weimer Re: CVEs for libxml2 and expat internal and external XML entity expansion Jakub Wilk Re: CVEs for libxml2 and expat internal and external XML entity expansion Tim
Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure Kurt Seifried Re: CVE request: varnish world-readable logdir Kurt Seifried Re: Cve request: tomcat world-readable logdir Kurt Seifried Re: Re: CVE request: webfs world-readable log Kurt Seifried Re: CVE request: sthttpd world-redable logdir Kurt Seifried CVE-2013-0350 for pktstat: writes content from TCP streams to public readable file /tmp/smtp.log Kurt Seifried CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Marcus Meissner
nginx CVE-2013-0337 world-readable logs gremlin CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Petr Matousek CVE request: skunkweb world-readable logdir Agostino Sarubbo CVE request: monkeyd world-readable logdir Agostino Sarubbo Re: nginx CVE-2013-0337 world-readable logs Kurt Seifried CVE request: WordPress plugin smart-flv jwplayer.swf XSS Henri Salo
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Marcus Meissner Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause fusionforge CVE-2013-1423 multiple privilege escalations Helmut Grohne Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg kernel: tmpfs use-after-free Jason A. Donenfeld CVE request: libvirt kvm-group writable storage Bastian Blank Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer Re: CVE request: skunkweb world-readable logdir Kurt Seifried Re: CVE request: monkeyd world-readable logdir Kurt Seifried Re: CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Kurt Seifried Re: CVE request: WordPress plugin smart-flv jwplayer.swf XSS Kurt Seifried Re: CVE request: libvirt kvm-group writable storage Kurt Seifried Re: kernel: tmpfs use-after-free Kurt Seifried Re: kernel: tmpfs use-after-free Solar Designer
Re: CVE request: monkeyd world-readable logdir Agostino Sarubbo Re: CVE request: monkeyd world-readable logdir Moritz Muehlenhoff CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Petr Matousek Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez sd CVE request - Linux kernel: VFAT slab-based buffer overflow Joshua J. Drake Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) Russell Bryant Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried Re: CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Kurt Seifried Re: CVE request: monkeyd world-readable logdir Kurt Seifried Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Henri Salo Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo
Re: CVE request: psi+ stores the cache file as world-readable gremlin Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Michael Gilbert Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez Re: CVE request: psi+ stores the cache file as world-readable gremlin Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo CVE Request: poppler 0.22.1 security fixes Marcus Meissner CVE request: Linux kernel: USB: io_ti: NULL pointer dereference P J P Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Solar Designer Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji CVE request: sudo authentication bypass when clock is reset Todd C. Miller CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference Kurt Seifried Re: CVE request: sudo authentication bypass when clock is reset Kurt Seifried Re: CVE request: potential bypass of sudo tty_tickets constraints Kurt Seifried Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE# request: pigz creates temp file with insecure permissions Jim Mellander Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH CVE Request for Drupal Contributed Modules Forest Monsen Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried Re: CVE Request for Drupal Contributed Modules Kurt Seifried Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried Re: CVE Request: poppler 0.22.1 security fixes Salvatore Bonaccorso Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez Re: CVE Request: poppler 0.22.1 security fixes Yves-Alexis Perez Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC Sergei Golubchik Re: CVE request: sudo authentication bypass when clock is reset Todd C. Miller Re: CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell Petr Matousek
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Eugene Teo Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried CVE id request: busybox Nico Golde Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez CVE request: ruby-openid XML denial of service attack Marcus Meissner CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner CVE Request: rubygem passenger security issue Marcus Meissner Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Salvatore Bonaccorso Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Salvatore Bonaccorso Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried CVE Request: Gambas Directory hijack vulnerability Salvatore Bonaccorso
Re: CVE Request: rubygem passenger security issue Kurt Seifried Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried
CVE request: PHP-Fusion waraxe-2013-SA#097 Henri Salo Re: CVE request: PHP-Fusion waraxe-2013-SA#097 Kurt Seifried Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf Kurt Seifried Re: CVE Request: Gambas Directory hijack vulnerability Kurt Seifried Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Kurt Seifried Re: CVE request: ruby-openid XML denial of service attack Kurt Seifried Re: CVE id request: busybox Kurt Seifried Re: CVE id request: busybox gremlin Re: CVE id request: busybox Michael Tokarev Re: CVE id request: busybox Piotr Karbowski Re: CVE id request: busybox Michael Tokarev Re: CVE id request: busybox Kurt Seifried Re: CVE id request: busybox Michael Gilbert
handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH Re: CVE id request: busybox Kurt Seifried Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Michael Gilbert Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH CVE-2013-1769: remotely-triggered NULL pointer dereference in telepathy-gabble Will Thompson Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Damien Regad Reverse lookup issue in Net::Server Remi Gacogne Re: Reverse lookup issue in Net::Server Russ Allbery Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH Re: handling of Linux kernel vulnerabilities Kurt Seifried Re: handling of Linux kernel vulnerabilities Solar Designer CVE's for MediaWiki 1.20.2 / 1.19.2 Kurt Seifried Re: handling of Linux kernel vulnerabilities Andreas Ericsson Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe Re: CVE id request: busybox Thomas Biege Re: CVE id request: busybox Thomas Biege CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference P J P Re: CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference Kurt Seifried Re: CVE id request: busybox Raphael Geissert Re: CVE id request: busybox Kurt Seifried CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause Re: handling of Linux kernel vulnerabilities Noel Butler Re: handling of Linux kernel vulnerabilities Solar Designer
Re: handling of Linux kernel vulnerabilities Alton Moore Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause Re: CVE id request: busybox Raphael Geissert CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Kurt Seifried
CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() P J P Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried Re: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] jordi gemsstatus RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M. Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer
CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Kurt Seifried Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried CVE abstraction choices and the Linux kernel Steven M. Christey Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege
CVE Request: typo3 sql injection and open redirection Marcus Meissner
Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Adam Zabrocki WordPress plugins vulnerable to CVE-2013-1808 Henri Salo CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability Henri Salo CVE request: XSS in piwik 1.11 Hanno Böck
CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo Re: CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) U.Nakamura *.nist.gov websites gone forever? Kurt Seifried CVE Request: MD5 used for Download verification Donald Stufft Re: CVE Request: MD5 used for Download verification Jeremy Stanley CVE-2013-0913 Linux kernel i915 integer overflow Kees Cook Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried CVE-2013-0914 Linux kernel sa_restorer information leak Kees Cook RE: *.nist.gov websites gone forever? Christey, Steven M.
Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Kurt Seifried Re: Reverse lookup issue in Net::Server Kurt Seifried Re: CVE Request: typo3 sql injection and open redirection Kurt Seifried Re: CVE request: XSS in piwik 1.11 Kurt Seifried CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Christey, Steven M. Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Tim CVE request: almanah does not encrypt its database Vincent Danen
Re: CVE request: almanah does not encrypt its database Kurt Seifried Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Tim Brown Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Eduardo Tongson Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Pavel Labushev Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Mike O'Connor CLONE_NEWUSER|CLONE_FS root exploit Sebastian Krahmer Re: CVE-2013-0913 Linux kernel i915 integer overflow Alexander E. Patrakov Re: CLONE_NEWUSER|CLONE_FS root exploit Kees Cook Re: Reverse lookup issue in Net::Server Steven M. Christey Re: Reverse lookup issue in Net::Server Salvatore Bonaccorso Temporary Notifications of New CVE Entries During NVD Outage Steven M. Christey
Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo Re: Reverse lookup issue in Net::Server Kurt Seifried Re: CLONE_NEWUSER|CLONE_FS root exploit Greg KH Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Kurt Seifried Re: CLONE_NEWUSER|CLONE_FS root exploit Kurt Seifried Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin ownCloud Security Advisories (2013-008, 2013-009, 2013-010) Lukas Reschke Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Kurt Seifried Re: CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Marcus Meissner Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Eugene Teo US national vulnerability database hacked Henri Salo [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840) Thierry Carrez Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Petr Matousek RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Christey, Steven M. [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) Thierry Carrez Re: CVE abstraction choices and the Linux kernel Petr Matousek Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs cve-assign Re: CVE-2013-0913 Linux kernel i915 integer overflow Xin Li CVE request for a Drupal contributed module Forest Monsen
Re: CVE abstraction choices and the Linux kernel Michael Gilbert Re: CVE request for a Drupal contributed module Kurt Seifried Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld Kurt Seifried Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Jan Lieskovsky CVE request: billion laughs flaw in ptlib Vincent Danen Re: CVE request: billion laughs flaw in ptlib Kurt Seifried
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer
CVE Request: VLC Buffer overflows Sean Amoss
Re: CLONE_NEWUSER|CLONE_FS root exploit Agostino Sarubbo [CVE-2013-1854] Symbol DoS vulnerability in Active Record Aaron Patterson [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack Aaron Patterson [CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users Aaron Patterson [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails Aaron Patterson
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Solar Designer Ruby CVEs Kurt Seifried Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried Re: CVE Request: VLC Buffer overflows Kurt Seifried Re: Ruby CVEs Henri Salo Re: Ruby CVEs Kurt Seifried Remote command execution in Ruby Gem Command Wrap larry Cashdollar Fwd: CVE requests larry Cashdollar Fwd: CVE requests larry Cashdollar Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Gynvael Coldwind Untrusted startup file inclusion in Chicken Scheme Peter Bex Linux kernel: net - three info leaks in rtnl Mathias Krause
Re: Linux kernel: net - three info leaks in rtnl Kurt Seifried Re: Untrusted startup file inclusion in Chicken Scheme Kurt Seifried Re: Ruby CVEs Kurt Seifried Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried Re: Ruby CVEs Henri Salo Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert CVE-2013-1848 -- Linux kernel: ext3: format string issues Petr Matousek linux kernel: kvm: CVE-2013-179[6..8] Petr Matousek RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. CVE Request: python-pip insecure temporary directory handling David Black CVE-2013-0287: sssd simple access provider flaw prevents intended ACL use when client to an AD provider Vincent Danen [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865) Thierry Carrez RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M.
Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar Re: Ruby CVEs Solar Designer CVE request: MantisBT text search query can crash site Damien Regad CVE-2012-5662 x3270 improper validation of SSL certificates Stefan Cornelius RE: Ruby CVEs Christey, Steven M. Re: Ruby CVEs Henri Salo
Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried Re: CVE request: MantisBT text search query can crash site Kurt Seifried Re: CVE Request: python-pip insecure temporary directory handling David Black CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky CVE request: mod_ruid2 before 0.9.8 John Lightsey CVE request for "Views" (Drupal contributed module) Forest Monsen Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Kurt Seifried Re: CVE request for "Views" (Drupal contributed module) Kurt Seifried Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried Re: CVE request: mod_ruid2 before 0.9.8 John Lightsey
Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Henri Salo Re: CVE request for "Views" (Drupal contributed module) Forest Monsen
Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Kurt Seifried
XSS vulnerabilities in ZeroClipboard and multiple web applications MustLive Moodle security notifications public Michael de Raadt Re: XSS vulnerabilities in ZeroClipboard and multiple web applications Henri Salo Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff CVE Request: Mongo DB Marcus Meissner CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Agostino Sarubbo Re: CVE Request: Mongo DB Kurt Seifried Re: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Kurt Seifried CVE request: ibutils improper use of files in /tmp Vincent Danen Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried CVE-2013-1895 py-bcrypt 0.2 concurrency vulnerability (auth bypass) Kurt Seifried Ruby gem Thumbshooter 0.1.5 remote code execution larry Cashdollar Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar Re: CVE request: ibutils improper use of files in /tmp Vincent Danen Re: CVE request: ibutils improper use of files in /tmp Vincent Danen Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Henri Salo Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Kurt Seifried Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar Denial of service in 389-ds and FreeIPA (CVE-2013-0336) Vincent Danen CVE Request -- yum: Not removing bad metadata and using it in next run Jan Lieskovsky Security vulnerability tools Corey Bryant Re: [kernel-hardening] Security vulnerability tools Tim Brown Re: Security vulnerability tools Solar Designer Re: Security vulnerability tools Russ Allbery Re: [kernel-hardening] Re: Security vulnerability tools Corey Bryant Re: Security vulnerability tools Corey Bryant Re: Re: [kernel-hardening] Security vulnerability tools Corey Bryant
Re: Security vulnerability tools Murray McAllister Re: Security vulnerability tools Solar Designer Re: Security vulnerability tools Andreas Ericsson CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Jan Lieskovsky RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M. Re: Re: [kernel-hardening] Security vulnerability tools Tim Brown Re: Re: [kernel-hardening] Security vulnerability tools Steve Grubb Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Kurt Seifried CVE Request for Drupal contrib modules Forest Monsen
Re: CVE Request for Drupal contrib modules Kurt Seifried Re: Security vulnerability tools Corey Bryant Re: Re: Security vulnerability tools Raphael Geissert Re: CVE Request -- yum: Not removing bad metadata and using it in next run Kurt Seifried
RSS Feed
About List
All Lists
Previous period