<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>
Nmap Security Scanner
Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Advertising
About/Contact
Sponsors:
oss-sec
: by thread
RSS Feed
About List
All Lists
Previous period
Next period
777 messages
starting
Jan 01 13 and
ending
Mar 29 13
Date index
| Thread index |
Author index
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
Kurt Seifried (Jan 01)
Re: CVE request: Curl insecure usage
Moritz Muehlenhoff (Jan 02)
Re: CVE request: Curl insecure usage
Kurt Seifried (Jan 03)
<Possible follow-ups>
Re: CVE request: Curl insecure usage
Moritz Muehlenhoff (Jan 15)
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash
Henri Salo (Jan 02)
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
Aaron Patterson (Jan 02)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
Carlos Alberto Lopez Perez (Jan 03)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
Carlos Alberto Lopez Perez (Jan 03)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
Seth Arnold (Jan 03)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
cve-assign (Jan 03)
Re: Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
Seth Arnold (Jan 04)
CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths
Jan Lieskovsky (Jan 03)
Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths
Kurt Seifried (Jan 03)
nginx http proxy module does not verify peer identity of https origin server
Daniel Kahn Gillmor (Jan 03)
Re: nginx http proxy module does not verify peer identity of https origin server
Kurt Seifried (Jan 03)
CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages
Jan Lieskovsky (Jan 03)
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages
Kurt Seifried (Jan 03)
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages
Panu Matilainen (Jan 04)
Re: CVE request (maybe): magento before 1.7.0.2
Kurt Seifried (Jan 03)
CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation
Jan Lieskovsky (Jan 04)
Re: CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation
Kurt Seifried (Jan 04)
Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)
Xen . org security team (Jan 04)
CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails
Jan Lieskovsky (Jan 04)
Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails
Kurt Seifried (Jan 04)
CVE request: mount/umount leak information about existence of folders
Henri Salo (Jan 06)
Re: CVE request: mount/umount leak information about existence of folders
Kurt Seifried (Jan 06)
CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts
Henri Salo (Jan 06)
Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts
Kurt Seifried (Jan 08)
CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
Jan Lieskovsky (Jan 07)
Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
Kurt Seifried (Jan 07)
CVE Request: Jenkins possible remote code execution
Salvatore Bonaccorso (Jan 07)
Re: CVE Request: Jenkins possible remote code execution
Kurt Seifried (Jan 07)
/dev/ptmx timing
vladz (Jan 07)
Re: /dev/ptmx timing
adam swanda (Jan 08)
Re: /dev/ptmx timing
Dmitry V. Levin (Jan 08)
Re: /dev/ptmx timing
Vasily Kulikov (Jan 08)
Re: /dev/ptmx timing
Kurt Seifried (Jan 08)
CVE Request: cronie fd leak
Sebastian Krahmer (Jan 08)
Re: CVE Request: cronie fd leak
Kurt Seifried (Jan 08)
Re: CVE Request: cronie fd leak
Vincent Danen (Jan 09)
Re: CVE Request: cronie fd leak
Sebastian Krahmer (Jan 09)
Re: CVE Request: cronie fd leak
Vincent Danen (Jan 09)
CVE Request: nagios Stack based buffer overflow in web interface
Sebastian Krahmer (Jan 08)
Re: CVE Request: nagios Stack based buffer overflow in web interface
Kurt Seifried (Jan 08)
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
Carlos Alberto Lopez Perez (Jan 08)
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
WHK Yan (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
Kurt Seifried (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
WHK Yan (Jan 09)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
Kurt Seifried (Jan 09)
Message not available
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
Carlos Alberto Lopez Perez (Jan 11)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
Kurt Seifried (Jan 17)
Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)
Aaron Patterson (Jan 08)
Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156)
Aaron Patterson (Jan 08)
Quick note on mfsa2013-04 / CVE-2012-0759 / CVE-2013-0759
Kurt Seifried (Jan 08)
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw
Xen . org security team (Jan 09)
<Possible follow-ups>
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw
Xen . org security team (Jan 11)
Notification: Samba: NTML with session security handshake attack
Jan Lieskovsky (Jan 10)
Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?)
Vincent Danen (Jan 10)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?)
Steven M. Christey (Jan 10)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?)
cve-assign (Jan 11)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?)
Vincent Danen (Jan 11)
Re: CVE request: opus codec before 1.0.2
Hanno Böck (Jan 10)
CVE-2013-0422 assigned to today's Oracle Java 0-day
Steven M. Christey (Jan 11)
CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)
Reed Loden (Jan 11)
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)
Kurt Seifried (Jan 11)
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)
Reed Loden (Jan 11)
Potential HTTP Header Injection in Apache HTTPClient
chevalier 3as (Jan 11)
Re: Potential HTTP Header Injection in Apache HTTPClient
Kurt Seifried (Feb 13)
Re: Potential HTTP Header Injection in Apache HTTPClient
David Jorm (Feb 15)
CVE Request -- Axis2/c
Seth Arnold (Jan 11)
Re: CVE Request -- Axis2/c
Kurt Seifried (Jan 11)
gnome-keyring does not discard stored secrets in some cases
Florian Weimer (Jan 11)
Re: gnome-keyring does not discard stored secrets in some cases
Kurt Seifried (Jan 11)
Re: gnome-keyring does not discard stored secrets in some cases
Florian Weimer (Jan 11)
Re: gnome-keyring does not discard stored secrets in some cases
Kurt Seifried (Jan 17)
Re: gnome-keyring does not discard stored secrets in some cases
Florian Weimer (Jan 17)
Re: gnome-keyring does not discard stored secrets in some cases
Kurt Seifried (Jan 17)
CVE request for Drupal contributed modules
Forest Monsen (Jan 11)
Re: CVE request for Drupal contributed modules
Forest Monsen (Jan 15)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Jan 15)
<Possible follow-ups>
CVE request for Drupal contributed modules
Forest Monsen (Jan 21)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Jan 21)
CVE request for Drupal contributed modules
Forest Monsen (Jan 24)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Jan 25)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Jan 25)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Jan 25)
CVE request for Drupal contributed modules
Forest Monsen (Feb 04)
Re: CVE request for Drupal contributed modules
Kurt Seifried (Feb 05)
CVE Request for Drupal Contributed Modules
Forest Monsen (Feb 27)
Re: CVE Request for Drupal Contributed Modules
Kurt Seifried (Feb 28)
DoS vulnerability in the BIND resolver (and potentially others)
Florian Weimer (Jan 13)
Re: DoS vulnerability in the BIND resolver (and potentially others)
Kurt Seifried (Jan 13)
Re: DoS vulnerability in the BIND resolver (and potentially others)
Solar Designer (Jan 14)
Re: Plug-and-wipe and Secure Boot semantics
Florian Weimer (Jan 14)
CVE Request -- redis: Two insecure temporary file use flaws
Jan Lieskovsky (Jan 14)
Re: CVE Request -- redis: Two insecure temporary file use flaws
Kurt Seifried (Jan 14)
Re: CVE Request -- redis: Two insecure temporary file use flaws
Kurt Seifried (Jan 14)
CVE request: memcached DoS when printing out keys to be deleted in verbose mode
Vincent Danen (Jan 14)
Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode
Kurt Seifried (Jan 14)
CVE request: 3 DoS conditions in Rake
Vincent Danen (Jan 15)
Re: CVE request: 3 DoS conditions in Rake
Kurt Seifried (Jan 15)
CVE request: Digest::SHA double free when using load subroutine
Salvatore Bonaccorso (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine
Kurt Seifried (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine
Florian Weimer (Jan 15)
Re: CVE request: Digest::SHA double free when using load subroutine
Kurt Seifried (Jan 16)
Re: CVE request: Digest::SHA double free when using load subroutine
Salvatore Bonaccorso (Jan 16)
Re: CVE request: Digest::SHA double free when using load subroutine
Mark Shelor (Jan 17)
pam-pgsql NULL password handling issue
Florian Weimer (Jan 15)
Re: pam-pgsql NULL password handling issue
Kurt Seifried (Jan 16)
Re: pam-pgsql NULL password handling issue
Kurt Seifried (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses
P J P (Jan 16)
<Possible follow-ups>
Re: Linux kernel handling of IPv6 temporary addresses
George Kargiotakis (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses
P J P (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses
George Kargiotakis (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses
P J P (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses
P J P (Jan 17)
Re: Linux kernel handling of IPv6 temporary addresses
George Kargiotakis (Jan 17)
Re: Linux kernel handling of IPv6 temporary addresses
P J P (Jan 17)
Re: Linux kernel handling of IPv6 temporary addresses
George Kargiotakis (Jan 20)
Re: Linux kernel handling of IPv6 temporary addresses
P J P (Jan 21)
Re: Linux kernel handling of IPv6 temporary addresses
Kurt Seifried (Feb 22)
[PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
Andrew Cooper (Jan 16)
Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
Xen . org security team (Jan 16)
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets
Xen . org security team (Jan 16)
Re: Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets
Michael Tokarev (Jan 16)
<Possible follow-ups>
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets
Xen . org security team (Jan 17)
bcron: cron jobs get access to the temporary output files from all other jobs that are still running
Salvatore Bonaccorso (Jan 16)
Re: bcron: cron jobs get access to the temporary output files from all other jobs that are still running
Kurt Seifried (Jan 17)
Request for CVE Identifiers
Kurt Seifried (Jan 17)
CVE request: piwik before 1.10
Hanno Böck (Jan 17)
Re: CVE request: piwik before 1.10
Kurt Seifried (Jan 17)
Xen Security Advisory 27 (CVE-2012-5511,CVE-2012-6333) - several HVM operations do not validate the range of their inputs
Xen . org security team (Jan 17)
CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues)
Jan Lieskovsky (Jan 17)
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues)
Greg Knaddison (Jan 18)
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues)
Forest Monsen (Jan 21)
CVE request: MantisBT before 1.2.13 match_type XSS vulnerability
David Hicks (Jan 18)
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability
Kurt Seifried (Jan 18)
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability
Damien Regad (Jan 21)
CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue
Jan Lieskovsky (Jan 18)
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue
Jan Lieskovsky (Jan 18)
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue
Kurt Seifried (Jan 18)
Re: CVE request: mantis before 1.2.12
Damien Regad (Jan 18)
CVE Request: PHP openssl_encrypt memory disclosure
Marc Deslauriers (Jan 18)
Re: CVE Request: PHP openssl_encrypt memory disclosure
Kurt Seifried (Jan 18)
CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability
David Hicks (Jan 18)
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability
Salvatore Bonaccorso (Mar 01)
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability
Kurt Seifried (Mar 03)
CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes
David Hicks (Jan 19)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes
Salvatore Bonaccorso (Mar 01)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes
Kurt Seifried (Mar 03)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes
Kurt Seifried (Mar 03)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes
Damien Regad (Mar 04)
CVE request: hs-tls: Basic constraints vulnerability
Salvatore Bonaccorso (Jan 20)
Re: CVE request: hs-tls: Basic constraints vulnerability
Florian Weimer (Jan 30)
Re: CVE request: hs-tls: Basic constraints vulnerability
Kurt Seifried (Jan 30)
CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Henrique (Jan 20)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Kurt Seifried (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Agostino Sarubbo (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Henrique Montenegro (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Giles Coochey (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Henri Salo (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Henrique Montenegro (Jan 21)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Kurt Seifried (Jan 21)
Whats worth a CVE?
Scott Herbert (Jan 21)
Re: Whats worth a CVE?
Eitan Adler (Jan 21)
Re: Whats worth a CVE?
Kurt Seifried (Jan 22)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
Milan Berger (Jan 21)
ffmpeg/libav CVE dupe
Moritz Muehlenhoff (Jan 20)
Moodle security notifications public
Michael de Raadt (Jan 21)
<Possible follow-ups>
Moodle security notifications public
Michael de Raadt (Mar 25)
CVE Request coreutils
Sebastian Krahmer (Jan 21)
Re: CVE Request coreutils
Michael Tokarev (Jan 21)
Re: CVE Request coreutils
Kurt Seifried (Jan 21)
Re: CVE Request coreutils
Matthias Weckbecker (Jan 22)
Re: CVE Request coreutils
Kurt Seifried (Jan 23)
Re: CVE Request coreutils
Moritz Muehlenhoff (Jan 21)
Re: CVE Request coreutils
Vincent Danen (Jan 21)
Re: CVE Request coreutils
Kurt Seifried (Jan 22)
Re: CVE Request coreutils
Sebastian Krahmer (Jan 22)
Re: CVE Request coreutils
Vincent Danen (Jan 22)
Re: CVE Request coreutils
Sebastian Krahmer (Jan 23)
Re: CVE Request coreutils
Vincent Danen (Jan 24)
Re: CVE Request coreutils
Florian Weimer (Jan 23)
Re: CVE Request coreutils
Florian Weimer (Jan 22)
Re: CVE Request coreutils
Sebastian Krahmer (Jan 22)
CVE request for Movable Type
Yves-Alexis Perez (Jan 21)
Re: CVE request for Movable Type
Kurt Seifried (Jan 22)
Re: CVE request for Movable Type
cve-assign (Jan 23)
predictable /tmp filename in git-extras
Helmut Grohne (Jan 22)
Re: predictable /tmp filename in git-extras
Kurt Seifried (Jan 23)
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest
Xen . org security team (Jan 22)
Re: [Xen-devel] Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest
M A Young (Jan 22)
<Possible follow-ups>
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest
Xen . org security team (Jan 23)
Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash
Xen . org security team (Jan 22)
ownCloud Security Advisories - 2013-001 & 2013-002
Lukas Reschke (Jan 22)
CVE ID Syntax Change - Call for Public Feedback
cve-id-change (Jan 23)
Re: CVE ID Syntax Change - Call for Public Feedback
Florian Weimer (Jan 24)
[Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly
Jan Lieskovsky (Jan 23)
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly
Kurt Seifried (Jan 25)
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly
Steve Grubb (Jan 25)
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly
Willy Tarreau (Jan 29)
CVE Request: zoneminder: arbitrary command execution vulnerability
Salvatore Bonaccorso (Jan 25)
Re: CVE Request: zoneminder: arbitrary command execution vulnerability
Kurt Seifried (Jan 28)
CVE request: WordPress 3.5.1 Maintenance and Security Release
Henri Salo (Jan 25)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release
Kurt Seifried (Jan 26)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release
Andrew Nacin (Jan 26)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release
Kurt Seifried (Jan 29)
CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3)
Henri Salo (Jan 28)
Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3)
Kurt Seifried (Jan 29)
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
Michael Koziarski (Jan 28)
CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
Moritz Naumann (Jan 29)
Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")
Kurt Seifried (Jan 29)
CVE request for 'devise' ruby gem
Reed Loden (Jan 29)
Re: CVE request for 'devise' ruby gem
Kurt Seifried (Jan 29)
ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()
Henri Salo (Jan 29)
Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask()
Kurt Seifried (Jan 29)
[OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)
Thierry Carrez (Jan 29)
[OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)
Thierry Carrez (Jan 29)
CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
Jan Lieskovsky (Jan 30)
Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
Kurt Seifried (Jan 30)
CVE request -- qxl: synchronous io guest DoS
Petr Matousek (Jan 30)
Re: CVE request -- qxl: synchronous io guest DoS
Kurt Seifried (Jan 30)
Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd)
Brian Martin (Jan 31)
Re: Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd)
Kurt Seifried (Feb 01)
Wireshark before 1.8.5 (etc.) wnpa-sec-2013-01 through wnpa-sec-2013-09
cve-assign (Jan 31)
jQuery 1.6.2 XSS CVE assignment
Kurt Seifried (Jan 31)
Re: CVE
Kurt Seifried (Jan 31)
CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used
Jan Lieskovsky (Feb 01)
Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization
Fabio M. Di Nitto (Feb 01)
Re: Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization
Kurt Seifried (Feb 01)
A small backlog of vulnerabilities in Chicken Scheme
Peter Bex (Feb 02)
Re: A small backlog of vulnerabilities in Chicken Scheme
Henri Salo (Feb 02)
Re: A small backlog of vulnerabilities in Chicken Scheme
Peter Bex (Feb 05)
Re: A small backlog of vulnerabilities in Chicken Scheme
Kurt Seifried (Feb 07)
Re: A small backlog of vulnerabilities in Chicken Scheme
Peter Bex (Feb 07)
Re: A small backlog of vulnerabilities in Chicken Scheme
Kurt Seifried (Feb 08)
CVE id request: latd
Nico Golde (Feb 03)
Re: CVE id request: latd
Kurt Seifried (Feb 04)
Re: CVE id request: latd
Ignatios Souvatzis (Feb 05)
CVE id request: boost
Michael Gilbert (Feb 04)
Re: CVE id request: boost
Kurt Seifried (Feb 04)
CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Matthias Weckbecker (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Matthias Weckbecker (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Matthias Weckbecker (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Marcus Meissner (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Vincent Danen (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
cve-assign (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Vincent Danen (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
cve-assign (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
cve-assign (Feb 06)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Hanno Böck (Feb 07)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Kurt Seifried (Feb 07)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
cve-assign (Feb 07)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
Shawn (Feb 05)
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs
Xen . org security team (Feb 05)
<Possible follow-ups>
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs
Xen . org security team (Feb 21)
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring.
Xen . org security team (Feb 05)
<Possible follow-ups>
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring.
Xen . org security team (Feb 05)
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
Xen . org security team (Feb 05)
<Possible follow-ups>
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
Xen . org security team (Feb 05)
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states
Xen . org security team (Feb 05)
<Possible follow-ups>
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states
Xen . org security team (Feb 15)
[CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts
Jan Lieskovsky (Feb 05)
Re: [CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts
Simon McVittie (Feb 05)
[OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247)
Thierry Carrez (Feb 05)
CVE Request: imview
Sang Kil Cha (Feb 05)
Re: CVE Request: imview
Kurt Seifried (Feb 05)
Re: CVE Request: imview
Sang Kil Cha (Feb 05)
Re: CVE Request: imview
Kurt Seifried (Feb 06)
Re: CVE Request: imview
Sang Kil Cha (Feb 06)
Re: CVE Request: imview
gremlin (Feb 07)
CVE request: Insecure default log file path in xNBD
Sebastian Pipping (Feb 06)
Re: CVE request: Insecure default log file path in xNBD
Kurt Seifried (Feb 07)
CVE id request: openssh?
Nico Golde (Feb 06)
Re: CVE id request: openssh?
Kurt Seifried (Feb 07)
e1000e/82574L hardware erratum
Florian Weimer (Feb 06)
Re: e1000e/82574L hardware erratum
Kurt Seifried (Feb 07)
Re: e1000e/82574L hardware erratum
cve-assign (Feb 12)
Re: Re: e1000e/82574L hardware erratum
Eitan Adler (Feb 12)
Re: Re: e1000e/82574L hardware erratum
Florian Weimer (Feb 12)
Potential Query Manipulation with Common Rails Practises
Michael Koziarski (Feb 06)
Re: Potential Query Manipulation with Common Rails Practises
Kurt Seifried (Feb 07)
CVE-2013-0256 RDoc 2.3.0 through 3.12 XSS Exploit
Eric Hodel (Feb 07)
CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
Petr Matousek (Feb 07)
Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
Kurt Seifried (Feb 07)
CVE request: XSS in roundcube before 0.8.5
Hanno Böck (Feb 07)
Re: CVE request: XSS in roundcube before 0.8.5
Kurt Seifried (Feb 08)
CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal.
James Tucker (Feb 08)
CVE-2013-0263: Rack all versions, Timing attack in cookie sessions
James Tucker (Feb 08)
CVE request: XSS flaws fixed in ganglia
Vincent Danen (Feb 08)
Re: CVE request: XSS flaws fixed in ganglia
Kurt Seifried (Feb 08)
Re: CVE request: XSS flaws fixed in ganglia
Raphael Geissert (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia
Salvatore Bonaccorso (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia
Raphael Geissert (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia
Kurt Seifried (Feb 26)
Re: CVE request: XSS flaws fixed in ganglia
Raphael Geissert (Mar 20)
Wordpress Pinboard theme XSS
Henrique Montenegro (Feb 09)
Re: Wordpress Pinboard theme XSS
Kurt Seifried (Feb 13)
Re: Wordpress Pinboard theme XSS
Kurt Seifried (Feb 14)
CVE request: piwigo XSS in password.php
Kurt Seifried (Feb 10)
Re: CVE request: piwigo XSS in password.php
Kurt Seifried (Feb 11)
Re: CVE request: piwigo XSS in password.php
Henri Salo (Feb 11)
Re: CVE request: piwigo XSS in password.php
Kurt Seifried (Feb 13)
CVE request: Transmission can be made to crash remotely
Yves-Alexis Perez (Feb 10)
Re: CVE request: Transmission can be made to crash remotely
Jan Lieskovsky (Feb 11)
Re: CVE request: Transmission can be made to crash remotely
Kurt Seifried (Feb 13)
CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass
Henri Salo (Feb 11)
Re: CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass
Kurt Seifried (Feb 13)
Circumvention of attr_protected [CVE-2013-0276]
Aaron Patterson (Feb 11)
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277]
Aaron Patterson (Feb 11)
Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]
Aaron Patterson (Feb 11)
Re: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]
jordi gemsstatus (Mar 07)
Patch update for [CVE-2013-0269]
Aaron Patterson (Feb 11)
CVE request: openconnect buffer overflow
Florian Weimer (Feb 11)
Re: CVE request: openconnect buffer overflow
Kurt Seifried (Feb 12)
CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
Jan Lieskovsky (Feb 12)
[Ignore not a security flaw] Re: [oss-security] CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
Jan Lieskovsky (Feb 12)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
Kurt Seifried (Feb 12)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
Kurt Seifried (Feb 13)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
David Jorm (Feb 13)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
Kurt Seifried (Feb 13)
RE: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783)
Christey, Steven M. (Feb 13)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version
Kurt Seifried (Feb 13)
Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
Xen . org security team (Feb 13)
Some rubygems related CVEs
Kurt Seifried (Feb 14)
Re: Some rubygems related CVEs
Reed Loden (Feb 14)
Re: Some rubygems related CVEs
Kurt Seifried (Feb 14)
CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery
Henrique Montenegro (Feb 14)
Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery
Kurt Seifried (Feb 15)
[FYI / CVE assignment notification] CVE-2013-0281 pacemaker: Denial of service when remote CIB management enabled due to use of no-timeout blocking socket to wait for the arrival of the authentication credentials
Jan Lieskovsky (Feb 14)
CVE Request: kernel -- local DOS (endless loop with interrupts disabled)
Mathias Krause (Feb 14)
Re: CVE Request: kernel -- local DOS (endless loop with interrupts disabled)
Kurt Seifried (Feb 15)
CVE# request: pigz creates temp file with insecure permissions
Michael Tokarev (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions
Matthias Weckbecker (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions
Kurt Seifried (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions
Steven M. Christey (Feb 15)
Re: CVE# request: pigz creates temp file with insecure permissions
Kurt Seifried (Feb 16)
Re: CVE# request: pigz creates temp file with insecure permissions
Michael Tokarev (Feb 16)
Re: CVE# request: pigz creates temp file with insecure permissions
Kurt Seifried (Feb 16)
Re: CVE# request: pigz creates temp file with insecure permissions
Jim Mellander (Feb 27)
CVE request: unauthorized SSL certificates by Türktrust discovered
Agostino Sarubbo (Feb 15)
Re: CVE request: unauthorized SSL certificates by Türktrust discovered
Tomas Hoger (Feb 15)
CVE request: python-pyrad insecurities
Vincent Danen (Feb 15)
Re: CVE request: python-pyrad insecurities
Kurt Seifried (Feb 15)
RE: CVE request: python-pyrad insecurities
Christey, Steven M. (Feb 15)
Re: CVE request: python-pyrad insecurities
Vincent Danen (Feb 15)
Re: CVE request: python-pyrad insecurities
Kurt Seifried (Feb 16)
Re: CVE request: python-pyrad insecurities
Vincent Danen (Feb 21)
Re: CVE request: python-pyrad insecurities
Kurt Seifried (Feb 22)
CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1
Simon McVittie (Feb 15)
Re: (linux-)distros membership changes
Miklos Vajna (Feb 15)
Re: (linux-)distros membership changes
Solar Designer (Feb 15)
Re: (linux-)distros membership changes
Jeremy Stanley (Feb 15)
Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Julien Tinnes (Feb 15)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Solar Designer (Feb 16)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Julien Tinnes (Feb 19)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Solar Designer (Feb 19)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Solar Designer (Mar 16)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Greg KH (Feb 20)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
Greg KH (Feb 20)
Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Kurt Seifried (Feb 18)
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Kurt Seifried (Feb 21)
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16
Kurt Seifried (Mar 01)
CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow
Jan Lieskovsky (Feb 18)
CVE request: zoneminder: local file inclusion vulnerability
Salvatore Bonaccorso (Feb 19)
Re: CVE request: zoneminder: local file inclusion vulnerability
Kurt Seifried (Feb 21)
Re: CVE request: zoneminder: local file inclusion vulnerability
Salvatore Bonaccorso (Feb 21)
[OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)
Thierry Carrez (Feb 19)
[OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282)
Thierry Carrez (Feb 19)
REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280
Kurt Seifried (Feb 19)
CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS
Petr Matousek (Feb 20)
Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS
Kurt Seifried (Feb 20)
CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference
Petr Matousek (Feb 20)
Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference
Kurt Seifried (Feb 20)
CVE request -- Linux kernel: vhost: fix length for cross region descriptor
Petr Matousek (Feb 20)
Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor
Kurt Seifried (Feb 20)
isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)
Oswald Buddenhagen (Feb 20)
Re: isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)
Vincent Danen (Feb 20)
Handling CVEs for the XML entity expansion issues
Kurt Seifried (Feb 20)
RE: Handling CVEs for the XML entity expansion issues
Christey, Steven M. (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues
Tim (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues
Kurt Seifried (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues
Tim (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues
Kurt Seifried (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues
Tim (Feb 20)
Re: RE: Handling CVEs for the XML entity expansion issues
Kurt Seifried (Feb 21)
RE: RE: Handling CVEs for the XML entity expansion issues
Christey, Steven M. (Feb 21)
Re: RE: Handling CVEs for the XML entity expansion issues
Kurt Seifried (Feb 21)
Re: RE: Handling CVEs for the XML entity expansion issues
Tim Brown (Feb 21)
CVE request - Linux kernel: evm: NULL pointer de-reference flaw
P J P (Feb 20)
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw
Kurt Seifried (Feb 20)
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw
P J P (Feb 21)
CVE request for Drupal Core and contributed modules
Forest Monsen (Feb 21)
Re: CVE request for Drupal Core and contributed modules
Kurt Seifried (Feb 21)
nginx world-readable logdir
Agostino Sarubbo (Feb 21)
Re: nginx world-readable logdir
Henri Salo (Feb 21)
CVE request: nginx world-readable logdir
Henri Salo (Feb 21)
Re: CVE request: nginx world-readable logdir
Kurt Seifried (Feb 21)
Re: CVE request: nginx world-readable logdir
Anders Petersson (Feb 21)
Re: CVE request: nginx world-readable logdir
Anders Petersson (Feb 21)
Re: CVE request: nginx world-readable logdir
Kurt Seifried (Feb 22)
Re: nginx world-readable logdir
gremlin (Feb 22)
Re: nginx world-readable logdir
Kurt Seifried (Feb 22)
Re: nginx world-readable logdir
gremlin (Feb 22)
Re: nginx world-readable logdir
Kurt Seifried (Feb 22)
Re: nginx world-readable logdir
Henri Salo (Feb 22)
Re: nginx world-readable logdir
gremlin (Feb 22)
nginx CVE-2013-0337 world-readable logs
gremlin (Feb 24)
Re: nginx CVE-2013-0337 world-readable logs
Kurt Seifried (Feb 24)
ownCloud Security Advisories (2013-003, 2013-004, 2013-005, 2013-006, 2013-007)
Lukas Reschke (Feb 21)
Two more ZoneMinder that need CVE
security curmudgeon (Feb 21)
Re: Two more ZoneMinder that need CVE
Kurt Seifried (Feb 21)
RE: Two more ZoneMinder that need CVE
Christey, Steven M. (Feb 21)
Re: Two more ZoneMinder that need CVE
Kurt Seifried (Feb 21)
CVE Guidance for Libraries and Resource-Consumption DoS
Steven M. Christey (Feb 21)
CVEs for libxml2 and expat internal and external XML entity expansion
Kurt Seifried (Feb 22)
<Possible follow-ups>
CVEs for libxml2 and expat internal and external XML entity expansion
Kurt Seifried (Feb 22)
Re: CVEs for libxml2 and expat internal and external XML entity expansion
Florian Weimer (Feb 22)
Re: CVEs for libxml2 and expat internal and external XML entity expansion
Jakub Wilk (Feb 22)
Re: CVEs for libxml2 and expat internal and external XML entity expansion
Kurt Seifried (Feb 23)
Re: CVEs for libxml2 and expat internal and external XML entity expansion
Tim (Feb 22)
Re: CVEs for libxml2 and expat internal and external XML entity expansion
Kurt Seifried (Feb 23)
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement
Kurt Seifried (Feb 22)
CVE request: Linux kernel: Bluetooth HIDP information disclosure
P J P (Feb 22)
Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure
Kurt Seifried (Feb 23)
CVE request: varnish world-readable logdir
Agostino Sarubbo (Feb 22)
Re: CVE request: varnish world-readable logdir
Kurt Seifried (Feb 23)
Cve request: tomcat world-readable logdir
Agostino Sarubbo (Feb 22)
Re: Cve request: tomcat world-readable logdir
Kurt Seifried (Feb 23)
CVE request: webfs world-readable log
Agostino Sarubbo (Feb 22)
Re: CVE request: webfs world-readable log
Agostino Sarubbo (Feb 22)
Re: Re: CVE request: webfs world-readable log
Kurt Seifried (Feb 23)
CVE request: sthttpd world-redable logdir
Agostino Sarubbo (Feb 22)
Re: CVE request: sthttpd world-redable logdir
Kurt Seifried (Feb 23)
CVE-2013-0350 for pktstat: writes content from TCP streams to public readable file /tmp/smtp.log
Kurt Seifried (Feb 23)
CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend
Marcus Meissner (Feb 23)
Re: CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend
Kurt Seifried (Feb 25)
CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Mathias Krause (Feb 24)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Petr Matousek (Feb 24)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Solar Designer (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Solar Designer (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Jason A. Donenfeld (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Solar Designer (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Marcus Meissner (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Solar Designer (Feb 25)
CVE request: skunkweb world-readable logdir
Agostino Sarubbo (Feb 24)
Re: CVE request: skunkweb world-readable logdir
Kurt Seifried (Feb 25)
CVE request: monkeyd world-readable logdir
Agostino Sarubbo (Feb 24)
Re: CVE request: monkeyd world-readable logdir
Kurt Seifried (Feb 25)
Re: CVE request: monkeyd world-readable logdir
Agostino Sarubbo (Feb 26)
Re: CVE request: monkeyd world-readable logdir
Moritz Muehlenhoff (Feb 26)
Re: CVE request: monkeyd world-readable logdir
Kurt Seifried (Feb 26)
CVE request: WordPress plugin smart-flv jwplayer.swf XSS
Henri Salo (Feb 24)
Re: CVE request: WordPress plugin smart-flv jwplayer.swf XSS
Kurt Seifried (Feb 25)
fusionforge CVE-2013-1423 multiple privilege escalations
Helmut Grohne (Feb 25)
kernel: tmpfs use-after-free
Jason A. Donenfeld (Feb 25)
Re: kernel: tmpfs use-after-free
Kurt Seifried (Feb 25)
Re: kernel: tmpfs use-after-free
Solar Designer (Feb 25)
CVE request: libvirt kvm-group writable storage
Bastian Blank (Feb 25)
Re: CVE request: libvirt kvm-group writable storage
Kurt Seifried (Feb 25)
CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow
Petr Matousek (Feb 26)
Re: CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow
Kurt Seifried (Feb 26)
Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez
sd (Feb 26)
CVE request - Linux kernel: VFAT slab-based buffer overflow
Joshua J. Drake (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Kurt Seifried (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Henri Salo (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Kurt Seifried (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Yves-Alexis Perez (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Kurt Seifried (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Yves-Alexis Perez (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Michael Gilbert (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Solar Designer (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Eugene Teo (Mar 01)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Solar Designer (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Greg KH (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Solar Designer (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Greg KH (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Michael Gilbert (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Greg KH (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Eric Lacombe (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Greg KH (Mar 05)
Re: handling of Linux kernel vulnerabilities
Kurt Seifried (Mar 05)
Re: handling of Linux kernel vulnerabilities
Solar Designer (Mar 05)
Re: handling of Linux kernel vulnerabilities
Noel Butler (Mar 05)
Re: handling of Linux kernel vulnerabilities
Solar Designer (Mar 05)
Re: handling of Linux kernel vulnerabilities
Alton Moore (Mar 06)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow)
Eric Lacombe (Mar 05)
Re: handling of Linux kernel vulnerabilities
Andreas Ericsson (Mar 05)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Yves-Alexis Perez (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Kurt Seifried (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jiri Kosina (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Daniel Kahn Gillmor (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Yves-Alexis Perez (Mar 01)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Tim (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jiri Kosina (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jiri Kosina (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Yves-Alexis Perez (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jiri Kosina (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Daniel Kahn Gillmor (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
Kurt Seifried (Feb 27)
[OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)
Russell Bryant (Feb 26)
CVE request: psi+ stores the cache file as world-readable
Agostino Sarubbo (Feb 26)
Re: CVE request: psi+ stores the cache file as world-readable
Seth Arnold (Feb 26)
Re: CVE request: psi+ stores the cache file as world-readable
Agostino Sarubbo (Feb 26)
Re: CVE request: psi+ stores the cache file as world-readable
Kurt Seifried (Feb 27)
Re: CVE request: psi+ stores the cache file as world-readable
gremlin (Feb 27)
Re: CVE request: psi+ stores the cache file as world-readable
Russ Allbery (Feb 27)
Re: CVE request: psi+ stores the cache file as world-readable
gremlin (Feb 27)
Re: CVE request: psi+ stores the cache file as world-readable
Agostino Sarubbo (Feb 27)
CVE Request: poppler 0.22.1 security fixes
Marcus Meissner (Feb 27)
Re: CVE Request: poppler 0.22.1 security fixes
Kurt Seifried (Feb 28)
Re: CVE Request: poppler 0.22.1 security fixes
Salvatore Bonaccorso (Feb 28)
Re: CVE Request: poppler 0.22.1 security fixes
Kurt Seifried (Feb 28)
Re: CVE Request: poppler 0.22.1 security fixes
Yves-Alexis Perez (Feb 28)
CVE request: Linux kernel: USB: io_ti: NULL pointer dereference
P J P (Feb 27)
Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference
Kurt Seifried (Feb 27)
CVE request: sudo authentication bypass when clock is reset
Todd C. Miller (Feb 27)
Re: CVE request: sudo authentication bypass when clock is reset
Kurt Seifried (Feb 27)
<Possible follow-ups>
Re: CVE request: sudo authentication bypass when clock is reset
Todd C. Miller (Feb 28)
CVE request: potential bypass of sudo tty_tickets constraints
Todd C. Miller (Feb 27)
Re: CVE request: potential bypass of sudo tty_tickets constraints
Kurt Seifried (Feb 27)
<Possible follow-ups>
Re: CVE request: potential bypass of sudo tty_tickets constraints
Todd C. Miller (Feb 28)
Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC
Sergei Golubchik (Feb 28)
CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell
Petr Matousek (Feb 28)
CVE id request: busybox
Nico Golde (Mar 01)
Re: CVE id request: busybox
Kurt Seifried (Mar 03)
Re: CVE id request: busybox
gremlin (Mar 03)
Re: CVE id request: busybox
Michael Tokarev (Mar 03)
Re: CVE id request: busybox
Piotr Karbowski (Mar 03)
Re: CVE id request: busybox
Michael Tokarev (Mar 03)
Re: CVE id request: busybox
Kurt Seifried (Mar 03)
Re: CVE id request: busybox
Michael Gilbert (Mar 03)
Re: CVE id request: busybox
Kurt Seifried (Mar 04)
Re: CVE id request: busybox
Thomas Biege (Mar 05)
Re: CVE id request: busybox
Thomas Biege (Mar 05)
Re: CVE id request: busybox
Raphael Geissert (Mar 05)
Re: CVE id request: busybox
Kurt Seifried (Mar 05)
Re: CVE id request: busybox
Raphael Geissert (Mar 06)
CVE request: ruby-openid XML denial of service attack
Marcus Meissner (Mar 01)
Re: CVE request: ruby-openid XML denial of service attack
Kurt Seifried (Mar 03)
CVE Request: various gems in aftermath of rubygem actionpack issue
Marcus Meissner (Mar 01)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue
Reed Loden (Mar 01)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue
Kurt Seifried (Mar 01)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue
Olivier Gonzalez (Mar 02)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue
Kurt Seifried (Mar 02)
CVE Request: rubygem passenger security issue
Marcus Meissner (Mar 01)
Re: CVE Request: rubygem passenger security issue
Kurt Seifried (Mar 02)
CVE Request: Gambas Directory hijack vulnerability
Salvatore Bonaccorso (Mar 01)
Re: CVE Request: Gambas Directory hijack vulnerability
Kurt Seifried (Mar 03)
CVE request: PHP-Fusion waraxe-2013-SA#097
Henri Salo (Mar 03)
Re: CVE request: PHP-Fusion waraxe-2013-SA#097
Kurt Seifried (Mar 03)
Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf
Kurt Seifried (Mar 03)
CVE-2013-1769: remotely-triggered NULL pointer dereference in telepathy-gabble
Will Thompson (Mar 04)
Reverse lookup issue in Net::Server
Remi Gacogne (Mar 04)
Re: Reverse lookup issue in Net::Server
Russ Allbery (Mar 04)
Re: Reverse lookup issue in Net::Server
Kurt Seifried (Mar 12)
Re: Reverse lookup issue in Net::Server
Steven M. Christey (Mar 13)
Re: Reverse lookup issue in Net::Server
Salvatore Bonaccorso (Mar 13)
Re: Reverse lookup issue in Net::Server
Kurt Seifried (Mar 14)
CVE's for MediaWiki 1.20.2 / 1.19.2
Kurt Seifried (Mar 05)
CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference
P J P (Mar 05)
Re: CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference
Kurt Seifried (Mar 05)
CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Mathias Krause (Mar 05)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Kurt Seifried (Mar 06)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Mathias Krause (Mar 06)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Kurt Seifried (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Solar Designer (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Kurt Seifried (Mar 07)
RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Christey, Steven M. (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Solar Designer (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Petr Matousek (Mar 08)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Kurt Seifried (Mar 08)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Thomas Biege (Mar 08)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
cve-assign (Mar 14)
CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)
Kurt Seifried (Mar 06)
Re: CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)
U.Nakamura (Mar 11)
CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()
P J P (Mar 07)
CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow
Petr Matousek (Mar 08)
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow
Kurt Seifried (Mar 08)
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow
Petr Matousek (Mar 08)
CVE abstraction choices and the Linux kernel
Steven M. Christey (Mar 08)
Re: CVE abstraction choices and the Linux kernel
Petr Matousek (Mar 14)
Re: CVE abstraction choices and the Linux kernel
Michael Gilbert (Mar 15)
CVE Request: typo3 sql injection and open redirection
Marcus Meissner (Mar 09)
Re: CVE Request: typo3 sql injection and open redirection
Kurt Seifried (Mar 12)
Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)
Adam Zabrocki (Mar 10)
Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)
Kurt Seifried (Mar 12)
WordPress plugins vulnerable to CVE-2013-1808
Henri Salo (Mar 10)
Re: WordPress plugins vulnerable to CVE-2013-1808
Henri Salo (Mar 14)
Re: WordPress plugins vulnerable to CVE-2013-1808
Henri Salo (Mar 26)
RE: WordPress plugins vulnerable to CVE-2013-1808
Christey, Steven M. (Mar 28)
CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability
Henri Salo (Mar 10)
CVE request: XSS in piwik 1.11
Hanno Böck (Mar 10)
Re: CVE request: XSS in piwik 1.11
Kurt Seifried (Mar 12)
CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability
Henri Salo (Mar 11)
Re: CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability
Henri Salo (Mar 14)
*.nist.gov websites gone forever?
Kurt Seifried (Mar 11)
RE: *.nist.gov websites gone forever?
Christey, Steven M. (Mar 11)
CVE Request: MD5 used for Download verification
Donald Stufft (Mar 11)
Re: CVE Request: MD5 used for Download verification
Jeremy Stanley (Mar 11)
CVE-2013-0913 Linux kernel i915 integer overflow
Kees Cook (Mar 11)
Re: CVE-2013-0913 Linux kernel i915 integer overflow
Alexander E. Patrakov (Mar 13)
Re: CVE-2013-0913 Linux kernel i915 integer overflow
Xin Li (Mar 14)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
Kurt Seifried (Mar 11)
CVE-2013-0914 Linux kernel sa_restorer information leak
Kees Cook (Mar 11)
CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification)
Christey, Steven M. (Mar 12)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification)
Tim (Mar 12)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification)
Mike O'Connor (Mar 13)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification)
Kurt Seifried (Mar 14)
CVE request: almanah does not encrypt its database
Vincent Danen (Mar 12)
Re: CVE request: almanah does not encrypt its database
Kurt Seifried (Mar 13)
Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
gremlin (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
Tim Brown (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
Eduardo Tongson (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
Pavel Labushev (Mar 13)
<Possible follow-ups>
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
gremlin (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
gremlin (Mar 14)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
Kurt Seifried (Mar 14)
CLONE_NEWUSER|CLONE_FS root exploit
Sebastian Krahmer (Mar 13)
Re: CLONE_NEWUSER|CLONE_FS root exploit
Kees Cook (Mar 13)
Re: CLONE_NEWUSER|CLONE_FS root exploit
Eugene Teo (Mar 14)
Re: CLONE_NEWUSER|CLONE_FS root exploit
Eugene Teo (Mar 14)
Re: CLONE_NEWUSER|CLONE_FS root exploit
Greg KH (Mar 14)
Re: CLONE_NEWUSER|CLONE_FS root exploit
Agostino Sarubbo (Mar 18)
Re: CLONE_NEWUSER|CLONE_FS root exploit
Kurt Seifried (Mar 14)
Temporary Notifications of New CVE Entries During NVD Outage
Steven M. Christey (Mar 13)
ownCloud Security Advisories (2013-008, 2013-009, 2013-010)
Lukas Reschke (Mar 14)
CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Marcus Meissner (Mar 14)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Eugene Teo (Mar 14)
RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Christey, Steven M. (Mar 14)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Kurt Seifried (Mar 14)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Petr Matousek (Mar 14)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Kurt Seifried (Mar 15)
US national vulnerability database hacked
Henri Salo (Mar 14)
[OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)
Thierry Carrez (Mar 14)
[OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
Thierry Carrez (Mar 14)
CVE request for a Drupal contributed module
Forest Monsen (Mar 14)
Re: CVE request for a Drupal contributed module
Kurt Seifried (Mar 15)
CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld
Kurt Seifried (Mar 15)
Further issue details about flaws corrected in upstream ClamAV 0.97.7 version
Jan Lieskovsky (Mar 15)
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version
Kurt Seifried (Mar 19)
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version
Gynvael Coldwind (Mar 19)
CVE request: billion laughs flaw in ptlib
Vincent Danen (Mar 15)
Re: CVE request: billion laughs flaw in ptlib
Kurt Seifried (Mar 15)
CVE Request: VLC Buffer overflows
Sean Amoss (Mar 17)
Re: CVE Request: VLC Buffer overflows
Kurt Seifried (Mar 19)
[CVE-2013-1854] Symbol DoS vulnerability in Active Record
Aaron Patterson (Mar 18)
[CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack
Aaron Patterson (Mar 18)
[CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users
Aaron Patterson (Mar 18)
[CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails
Aaron Patterson (Mar 18)
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt
Solar Designer (Mar 19)
Ruby CVEs
Kurt Seifried (Mar 19)
Re: Ruby CVEs
Henri Salo (Mar 19)
Re: Ruby CVEs
Kurt Seifried (Mar 19)
Re: Ruby CVEs
Kurt Seifried (Mar 20)
Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
Kurt Seifried (Mar 20)
Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
Reed Loden (Mar 20)
RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
Christey, Steven M. (Mar 20)
RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
Christey, Steven M. (Mar 20)
Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs
larry Cashdollar (Mar 21)
Re: Ruby CVEs
Solar Designer (Mar 21)
RE: Ruby CVEs
Christey, Steven M. (Mar 21)
Re: Ruby CVEs
Henri Salo (Mar 21)
Re: Ruby CVEs
Henri Salo (Mar 20)
Remote command execution in Ruby Gem Command Wrap
larry Cashdollar (Mar 19)
Fwd: CVE requests
larry Cashdollar (Mar 19)
<Possible follow-ups>
Fwd: CVE requests
larry Cashdollar (Mar 19)
Untrusted startup file inclusion in Chicken Scheme
Peter Bex (Mar 19)
Re: Untrusted startup file inclusion in Chicken Scheme
Kurt Seifried (Mar 20)
Linux kernel: net - three info leaks in rtnl
Mathias Krause (Mar 19)
Re: Linux kernel: net - three info leaks in rtnl
Kurt Seifried (Mar 20)
Re: Linux kernel: net - three info leaks in rtnl
Moritz Muehlenhoff (Mar 25)
Re: Linux kernel: net - three info leaks in rtnl
Moritz Muehlenhoff (Mar 25)
CVE-2013-1848 -- Linux kernel: ext3: format string issues
Petr Matousek (Mar 20)
linux kernel: kvm: CVE-2013-179[6..8]
Petr Matousek (Mar 20)
CVE Request: python-pip insecure temporary directory handling
David Black (Mar 20)
Re: CVE Request: python-pip insecure temporary directory handling
Kurt Seifried (Mar 22)
Re: CVE Request: python-pip insecure temporary directory handling
David Black (Mar 22)
Re: CVE Request: python-pip insecure temporary directory handling
Kurt Seifried (Mar 22)
CVE-2013-0287: sssd simple access provider flaw prevents intended ACL use when client to an AD provider
Vincent Danen (Mar 20)
[OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865)
Thierry Carrez (Mar 20)
CVE request: MantisBT text search query can crash site
Damien Regad (Mar 21)
Re: CVE request: MantisBT text search query can crash site
Kurt Seifried (Mar 22)
CVE-2012-5662 x3270 improper validation of SSL certificates
Stefan Cornelius (Mar 21)
CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)
Jan Lieskovsky (Mar 22)
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)
Kurt Seifried (Mar 22)
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)
Jan Lieskovsky (Mar 25)
CVE request: mod_ruid2 before 0.9.8
John Lightsey (Mar 22)
Re: CVE request: mod_ruid2 before 0.9.8
Kurt Seifried (Mar 22)
Re: CVE request: mod_ruid2 before 0.9.8
John Lightsey (Mar 22)
Re: CVE request: mod_ruid2 before 0.9.8
Kurt Seifried (Mar 23)
CVE request for "Views" (Drupal contributed module)
Forest Monsen (Mar 22)
Re: CVE request for "Views" (Drupal contributed module)
Kurt Seifried (Mar 22)
Re: CVE request for "Views" (Drupal contributed module)
Forest Monsen (Mar 23)
CVE request: OpenCart filemanager.php parameter traversal arbitrary file access
Henri Salo (Mar 23)
Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access
Kurt Seifried (Mar 24)
XSS vulnerabilities in ZeroClipboard and multiple web applications
MustLive (Mar 25)
Re: XSS vulnerabilities in ZeroClipboard and multiple web applications
Henri Salo (Mar 25)
CVE Request: Mongo DB
Marcus Meissner (Mar 25)
Re: CVE Request: Mongo DB
Kurt Seifried (Mar 25)
CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities
Agostino Sarubbo (Mar 25)
Re: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities
Kurt Seifried (Mar 25)
CVE request: ibutils improper use of files in /tmp
Vincent Danen (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp
Larry W. Cashdollar (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp
Kurt Seifried (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp
Larry W. Cashdollar (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp
Vincent Danen (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp
Vincent Danen (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp
Kurt Seifried (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp
Kurt Seifried (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp
Agostino Sarubbo (Mar 26)
CVE-2013-1895 py-bcrypt 0.2 concurrency vulnerability (auth bypass)
Kurt Seifried (Mar 26)
Ruby gem Thumbshooter 0.1.5 remote code execution
larry Cashdollar (Mar 26)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution
Larry W. Cashdollar (Mar 26)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution
Kurt Seifried (Mar 27)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution
Larry W. Cashdollar (Mar 27)
CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution
Henri Salo (Mar 26)
Denial of service in 389-ds and FreeIPA (CVE-2013-0336)
Vincent Danen (Mar 27)
CVE Request -- yum: Not removing bad metadata and using it in next run
Jan Lieskovsky (Mar 27)
Re: CVE Request -- yum: Not removing bad metadata and using it in next run
Kurt Seifried (Mar 29)
Security vulnerability tools
Corey Bryant (Mar 27)
Re: [kernel-hardening] Security vulnerability tools
Tim Brown (Mar 27)
Re: Re: [kernel-hardening] Security vulnerability tools
Corey Bryant (Mar 27)
Re: Re: [kernel-hardening] Security vulnerability tools
Steve Grubb (Mar 28)
Re: Re: [kernel-hardening] Security vulnerability tools
Tim Brown (Mar 28)
Re: Security vulnerability tools
Solar Designer (Mar 27)
Re: [kernel-hardening] Re: Security vulnerability tools
Corey Bryant (Mar 27)
Re: Security vulnerability tools
Solar Designer (Mar 28)
Re: Security vulnerability tools
Russ Allbery (Mar 27)
Re: Security vulnerability tools
Corey Bryant (Mar 27)
Re: Security vulnerability tools
Murray McAllister (Mar 28)
Re: Security vulnerability tools
Andreas Ericsson (Mar 28)
Re: Security vulnerability tools
Corey Bryant (Mar 29)
Re: Re: Security vulnerability tools
Raphael Geissert (Mar 29)
CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options
Jan Lieskovsky (Mar 28)
Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options
Kurt Seifried (Mar 28)
CVE Request for Drupal contrib modules
Forest Monsen (Mar 28)
Re: CVE Request for Drupal contrib modules
Kurt Seifried (Mar 29)
Previous period
Next period
[
Nmap
|
Sec Tools
|
Mailing Lists
|
Site News
|
About/Contact
|
Advertising
|
Privacy
]
RSS Feed
About List
All Lists
Previous period