Home page logo
/

714 messages starting Jan 02 14 and ending Mar 31 14
Date index | Thread index | Author index

Thursday, 02 January

Re: CVE request: Fat Free CRM multiple vulnerabilities Steve Kenworthy
Duplicated CVE assignment for bip Moritz Muehlenhoff
kwallet crypto misuse Florian Weimer
Re: kwallet crypto misuse cve-assign
CVE for freerdp int overflow? Raphael Geissert
Re: Re: kwallet crypto misuse Daniel Kahn Gillmor
Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff
Re: kwallet crypto misuse cve-assign
Re: Duplicated CVE assignment for bip Steven M. Christey
radare2 endless loop Simon .
Re: Re: kwallet crypto misuse Michael Samuel

Friday, 03 January

Re: Re: kwallet crypto misuse Kurt Seifried
Re: radare2 endless loop Kurt Seifried
Neo4J CSRF: Potential CVE candidate Arun Babu Neelicattu
Re: CVE for freerdp int overflow? Huzaifa Sidhpurwala
AMD Security contact Kurt Seifried
Re: kwallet crypto misuse gremlin
Re: CVE for freerdp int overflow? cve-assign
Re: Neo4J CSRF: Potential CVE candidate cve-assign
Re: kwallet crypto misuse Daniel Kahn Gillmor
Re: kwallet crypto misuse Simon McVittie
Re: kwallet crypto misuse Daniel Kahn Gillmor

Saturday, 04 January

Re: kwallet crypto misuse cve-assign
Re: kwallet crypto misuse gremlin

Monday, 06 January

CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 Salvatore Bonaccorso
[notification] CVE-2013-6888: uscan: remote code execution Raphael Geissert

Tuesday, 07 January

[HITB-Announce] HITB Magazine Issue 10 Out Now Hafez Kamal
MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) Solar Designer
CVE Request: graphviz: stack-based buffer overflow in yyerror() Ratul Gupta
CVE split and a missed file P J P
CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Guido Berhoerster
Bug#732283: CVE Request: Proc::Daemon writes pidfile with mode 666 cve-assign
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Yves-Alexis Perez
Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont Alan Coopersmith
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Daniel Kahn Gillmor
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Yves-Alexis Perez
Re: CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 cve-assign
Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) cve-assign
Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference cve-assign
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference cve-assign

Wednesday, 08 January

Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) Solar Designer
paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials Larry W. Cashdollar
Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key Larry W. Cashdollar
Re: CVE split and a missed file P J P
https://updateframework.com/ down for a few days now Kurt Seifried
Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Sebastian Krahmer
Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Russ Allbery
Re: CVE split and a missed file cve-assign
Re: CVE split and a missed file cve-assign
Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) Chris Sandulow
Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Emden R. Gansner
Re: paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials cve-assign
Re: Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key cve-assign
Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign

Thursday, 09 January

CVE Request: drupal7-entity: multiple access bypass vulnerabilities Ratul Gupta
PlRPC Perl module: pre-auth remote code execution, weak crypto Florian Weimer
Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities cve-assign
Re: CVE split and a missed file P J P
temporary file issue in flite Murray McAllister
CVE request: tmux local denial of service (2009) Florian Weimer
Re: CVE request: tmux local denial of service (2009) Guido Berhoerster
Re: PlRPC Perl module: pre-auth remote code execution, weak crypto cve-assign
Re: CVE request: tmux local denial of service (2009) cve-assign
RE: CVE split and a missed file Christey, Steven M.
Re: CVE request: tmux local denial of service (2009) Florian Weimer
Re: Re: CVE request: tmux local denial of service (2009) Guido Berhoerster
CVE request: remote code execution via deserialization in XStream David Jorm
Re: CVE split and a missed file cve-assign

Friday, 10 January

Re: CVE request: remote code execution via deserialization in XStream cve-assign
Re: CVE request: remote code execution via deserialization in XStream David Jorm
CVE Request: python-jinja2: arbitrary code execution vulnerability Ratul Gupta
Re: CVE Request: python-jinja2: arbitrary code execution vulnerability cve-assign

Saturday, 11 January

CVE assignment for jinja2 Kurt Seifried
Re: CVE assignment for jinja2 Vincent Danen
Re: CVE assignment for jinja2 Vincent Danen
Re: CVE assignment for jinja2 Salvatore Bonaccorso
Re: CVE assignment for jinja2 Vincent Danen

Sunday, 12 January

Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation halfdog

Monday, 13 January

Re: kwallet crypto misuse George Staikos
[OSSA 2014-001] Nova live snapshots use an insecure local directory (CVE-2013-7048) Thierry Carrez

Tuesday, 14 January

Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation cve-assign
CVE Request -- libvirt: denial of service with keepalive Petr Matousek
CVE request: assorted kernel infoleak security fixes Salva Peiró
linux-distros membership rf
Re: CVE Request -- libvirt: denial of service with keepalive cve-assign
Re: CVE Request -- libvirt: denial of service with keepalive Eric Blake
CVE Request: Apache Archiva Remote Command Execution 0day Maksymilian A
Re: [Libvirt-Security] CVE Request -- libvirt: denial of service with keepalive Daniel P. Berrange
Re: CVE Request: Apache Archiva Remote Command Execution 0day security curmudgeon

Wednesday, 15 January

Re: CVE Request -- libvirt: denial of service with keepalive cve-assign
Re: CVE Request: Apache Archiva Remote Command Execution 0day Maksymilian A
Re: CVE request: assorted kernel infoleak security fixes cve-assign

Thursday, 16 January

Re: linux-distros membership Yves-Alexis Perez
CVE Request: drupal: multiple vulnerabilities corrected in 6.30 and 7.26 (SA-CORE-2014-001) Ratul Gupta
Re: CVE Request: drupal: multiple vulnerabilities corrected in 6.30 and 7.26 (SA-CORE-2014-001) cve-assign
Re: linux-distros membership rf
CVE Request - Poppler library: DoS fixed in 0.24.5 mancha
Re: Re: linux-distros membership Yves-Alexis Perez

Friday, 17 January

Re: CVE already assigned for 1026891? Murray McAllister
CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Murray McAllister
imapsync default version check with,http://imapsync.lamiral.info information leakage (CVE-2013-4279) Kurt Seifried
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Reed Loden
[OSSA 2014-002] Swift TempURL timing attack (CVE-2014-0006) Thierry Carrez
more info on "radiotap: bitmap-end-finding buffer overrun" Raphael Geissert
Re: CVE Request - Poppler library: DoS fixed in 0.24.5 cve-assign
Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp Daniel Kahn Gillmor
CVE-2014-0021: chrony traffic amplification in cmdmon protocol Vincent Danen

Saturday, 18 January

Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol cve-assign
Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol Vincent Danen
Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol cve-assign
Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp cve-assign
CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Matthew Daley
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Kurt Seifried
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Henri Salo
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Matthew Daley
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 cve-assign

Sunday, 19 January

Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol Florian Weimer
Re: more info on "radiotap: bitmap-end-finding buffer overrun" Henri Salo
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Murray McAllister

Monday, 20 January

Moodle security notifications public Michael de Raadt
CVE request: Cantata vulnerability Sergey Popov
CVE request for Drupal contributed modules Forest Monsen
CVE request: spip: cross-site scripting vulnerability Salvatore Bonaccorso
Re: CVE request: Cantata vulnerability cve-assign
Re: CVE request for Drupal contributed modules Henri Salo
Re: CVE request for Drupal contributed modules cve-assign
Re: linux-distros membership rf
Re: CVE request: spip: cross-site scripting vulnerability cve-assign
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Kurt Seifried

Tuesday, 21 January

Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Kurt Seifried
Re: CVE request for Drupal contributed modules Forest Monsen
Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp Daniel Kahn Gillmor
Re: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp cve-assign
CVE request: Perl module MARC::File::XML Galen Charlton
Re: CVE request: Perl module MARC::File::XML cve-assign

Wednesday, 22 January

Re: linux-distros membership Solar Designer
Re: linux-distros membership rf
Getting tempfile/mktemp wrong Helmut Grohne
Re: Getting tempfile/mktemp wrong cve-assign

Thursday, 23 January

Re: linux-distros membership rf
Xen Security Advisory 83 - Out-of-memory condition yielding memory corruption during IRQ setup Xen . org security team
Re: Xen Security Advisory 83 - Out-of-memory condition yielding memory corruption during IRQ setup cve-assign
Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory condition yielding memory corruption during IRQ setup Xen . org security team
[OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130) Grant Murphy
Re: linux-distros membership Moritz Muehlenhoff

Friday, 24 January

CVE-2014-0022 insecure install of rpm packages via yum cron Vincent Danen
Re: linux-distros membership rf
Re: linux-distros membership rf
Re: linux-distros membership John Haxby
Xen Security Advisory 87 - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests Xen . org security team
Re: Xen Security Advisory 87 - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests cve-assign
Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests Xen . org security team

Tuesday, 28 January

Remote code execution in horde < 5.1.1 Pedro Ribeiro
CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper P J P
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper cve-assign
Re: Remote code execution in horde < 5.1.1 cve-assign
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper Kurt Seifried
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper Kurt Seifried
Socat security advisory 5 - PROXY-CONNECT address overflow Gerhard Rieger
CVE request: temporary file issue in Passenger rubygem Vincent Danen

Wednesday, 29 January

Re: Remote code execution in horde < 5.1.1 Murray McAllister
OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) Kurt Seifried
CVE Request: Erlang OTP - ftp module - FTP Command Injection Seba
(possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution Salvatore Bonaccorso
Re: Remote code execution in horde < 5.1.1 Murray McAllister
Re: CVE request: temporary file issue in Passenger rubygem Raphael Geissert
CVE Request: otrs: CSRF issue in customer web interface Salvatore Bonaccorso
Re: [Ticket#2014012942020471] CVE Request: otrs: CSRF issue in customer web interface Jens Bothe via OTRS Security Team
Re: Remote code execution in horde < 5.1.1 Jan Schneider
Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) cve-assign
Re: CVE request: temporary file issue in Passenger rubygem Raphael Geissert
Re: CVE Request: Erlang OTP - ftp module - FTP Command Injection cve-assign
CVE: Request Puneeth Gowda
CVE REJECT request: CVE-2013-4588 P J P
Re: CVE Request: otrs: CSRF issue in customer web interface cve-assign
collectd security contact Michael Samuel
CVE Request: Juju phpmyadmin charm Seth Arnold

Thursday, 30 January

Re: collectd security contact Kurt Seifried
Re: CVE Request: Juju phpmyadmin charm dawg
Re: CVE Request: Juju phpmyadmin charm Seth Arnold
Re: CVE: Request cve-assign
Re: CVE request: temporary file issue in Passenger rubygem cve-assign
Re: collectd security contact Sebastian Harl
echor 0.1.6 Ruby Gem exposes login credentials Larry W. Cashdollar
CVE request: enlightenment sysactions Martin Carpenter

Friday, 31 January

CVE-2013-6393 / libyaml buffer overflow Garth Mollett
Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Linux kernel: fs: fix get_dumpable() incorrect tests (CVE-2013-2929) Solar Designer
responsible use of distros and linux-distros lists (was: Linux kernel: fs: fix get_dumpable() incorrect tests (CVE-2013-2929)) Solar Designer
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kees Cook
Re: Re: collectd security contact Michael Samuel
CVE request: uupdate (devscripts) directory traversal Murray McAllister
CVE needed for libotr's support for OTR v1? Murray McAllister
CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS Pedro Ribeiro
Re: echor 0.1.6 Ruby Gem exposes login credentials cve-assign
Re: CVE request: uupdate (devscripts) directory traversal cve-assign
Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS cve-assign
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf
Security Flaw CVE-2014-0037 Michael Kromer
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf
CVE request: temp file issues in python's logilab-common module Vincent Danen
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Re: linux-distros membership Solar Designer
Re: linux-distros membership rf
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Matthew Daley
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Re: linux-distros membership Solar Designer

Saturday, 01 February

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team
Re: linux-distros membership Alexander Cherepanov
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez
Re: linux-distros membership rf

Sunday, 02 February

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) Larry W. Cashdollar
Re: Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) Larry W. Cashdollar

Monday, 03 February

CVE-2014-0039: fwsnort loaded configuration file from cwd when run as a non-root user Murray McAllister
Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS Pedro Ribeiro
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha
Re: CVE request: temp file issues in python's logilab-common module cve-assign
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha
CVE request: multiple issues in Apache Cordova/PhoneGap David Jorm
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer
CVE request: a2ps insecure temporary file use Murray McAllister
Re: Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) Kurt Seifried
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha
CVE request: PHP object insertion in Contao CMS <= 3.2.5 Pedro Ribeiro
Re: Re: CVE request: temporary file issue in Passenger rubygem Tomas Hoger
Re: CVE request: PHP object insertion in Contao CMS <= 3.2.5 cve-assign
Re: Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) larry Cashdollar
Re: CVE request: a2ps insecure temporary file use Murray McAllister
Re: CVE needed for libotr's support for OTR v1? cve-assign
Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) mancha
Re: CVE request: enlightenment sysactions cve-assign
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha
CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) Vincent Danen

Tuesday, 04 February

CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck
Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo
Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer
Re: CVE request: python-gnupg before 0.3.5 shell injection Matthew Daley
Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo
Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo
Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer
Re: CVE request: a2ps insecure temporary file use cve-assign
Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) cve-assign
Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) Vincent Danen

Wednesday, 05 February

Re: Re: CVE request: a2ps insecure temporary file use Murray McAllister
Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip
Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer
Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip
Re: CVE request: a2ps insecure temporary file use cve-assign

Thursday, 06 February

Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities Gunther
Mumble-SA-2014-001 and Mumble-SA-2014-002 Mikkel Krautz
CVE request: f2py insecure temporary file use Murray McAllister
CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools) Arun Neelicattu
Re: CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck
Xen Security Advisory 85 - Off-by-one error in FLASK_AVC_CACHESTAT hypercall Xen . org security team
Xen Security Advisory 86 - libvchan failure handling malicious ring indexes Xen . org security team
Re: [notification] CVE-2013-6888: uscan: remote code execution Jakub Wilk
Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Xen . org security team
CVE Request: Capture::Tiny: insecure use of /tmp Salvatore Bonaccorso
Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign
CVE Request: Linux kernel: SELinux local DoS P J P
Re: CVE Request: Linux kernel: SELinux local DoS Florian Weimer
Re: CVE request: f2py insecure temporary file use Murray McAllister

Friday, 07 February

Re: CVE Request: Capture::Tiny: insecure use of /tmp cve-assign
Re: CVE Request: Linux kernel: SELinux local DoS cve-assign
CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Arun Neelicattu
Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Jan Beulich
Re: Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Źmicier Januszkiewicz
contao vulnerability - CVE assigned? Alexandre Dulaunoy
Re: contao vulnerability - CVE assigned? Hanno Böck
oath-toolkit PAM module OTP token invalidation issue Florian Weimer
Re: CVE request: multiple issues in Apache Cordova/PhoneGap cve-assign
CVE request: multiple issues in Koha Galen Charlton
IcedTea-Web insecure temporary directory use - CVE-2013-6493 Tomas Hoger
Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign
CVE request? buffer overflow in socket.recvfrom_into Raphael Geissert

Saturday, 08 February

Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) cve-assign
Re: Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities cve-assign
Re: CVE request: f2py insecure temporary file use cve-assign
Re: CVEs for Android addJavascriptInterface issues (was: multiple issues in Apache Cordova/PhoneGap) Joshua J. Drake
Fwd: Old CVE ids, public, but still "RESERVED" Raphael Geissert
[oCERT-2014-001] MantisBT input sanitization errors Andrea Barisani
Re: CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools) cve-assign
Re: CVEs for Android addJavascriptInterface issues (was: multiple issues in Apache Cordova/PhoneGap) cve-assign
Re: Fwd: Old CVE ids, public, but still "RESERVED" Alan Coopersmith

Sunday, 09 February

Re: CVE request: python-gnupg before 0.3.5 shell injection cve-assign

Monday, 10 February

Re: (possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution cve-assign
Re: oath-toolkit PAM module OTP token invalidation issue cve-assign
Re: CVE request: multiple issues in Koha cve-assign
CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer
Xen Security Advisory 85 (CVE-2014-1895) - Off-by-one error in FLASK_AVC_CACHESTAT hypercall Xen . org security team
Xen Security Advisory 86 (CVE-2014-1896) - libvchan failure handling malicious ring indexes Xen . org security team
Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls Xen . org security team
Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Simon McVittie
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches intrigeri
Re: CVE request: WebKit-GTK + Puseaudio: unexpectedly high sound volume Alexander E. Patrakov
Re: CVE request: WebKit-GTK + Puseaudio: unexpectedly high sound volume cve-assign
Re: CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches cve-assign
CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp Jakub Wilk

Tuesday, 11 February

Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp cve-assign
CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean cve-assign
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Joshua J. Drake
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
CVE-2013-6401 Jansson hash collision issue Murray McAllister
Re: CVE-2013-6401 Jansson hash collision issue Murray McAllister
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Vendor adoption of PIE INFO#934476 oss-security CERT(R) Coordination Center
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel

Wednesday, 12 February

Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel
information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister
CVE request for vulnerability in OpenStack Glance Jeremy Stanley
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
[Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014 Shay Chen
cinnamon-screensaver lock bypass (tested on Fedora 20) Clemens Fries
Re: Old CVE ids, public, but still "RESERVED" Raphael Geissert
Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure Xen . org security team
Re: Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure cve-assign
Re: cinnamon-screensaver lock bypass (tested on Fedora 20) cve-assign
Re: CVE request for vulnerability in OpenStack Glance cve-assign
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign
Re: [notification] CVE-2013-6888: uscan: remote code execution cve-assign
Re: CVE request: python-gnupg before 0.3.5 shell injection cve-assign
Re: CVE request? buffer overflow in socket.recvfrom_into cve-assign
Xen Security Advisory 88 (CVE-2014-1950) - use-after-free in xc_cpupool_getinfo() under memory pressure Xen . org security team
[OSSA 2014-004] Glance Swift store backend password leak (CVE-2014-1948) Jeremy Stanley

Thursday, 13 February

CVE-2014-0079: Unauthenticated remote denial of service flaw in Zarafa Robert Scheck
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister
Re: cinnamon-screensaver lock bypass (tested on Fedora 20) Murray McAllister
Possible CVE Request for Weechat -- Mutex potentially not held for random number generation Jason A. Donenfeld
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign
CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) mancha
Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign

Friday, 14 February

Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister
CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color() Murray McAllister
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ cve-assign
[CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form Tom Dale
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne

Saturday, 15 February

Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Florian Weimer
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Petter Reinholdtsen
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Solar Designer
Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer

Sunday, 16 February

CVE request: freeradius denial of service in rlm_pap hash processing Florian Weimer
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne
Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson
Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) Salvatore Bonaccorso
Re: Vendor adoption of PIE INFO#934476 oss-security CERT(R) Coordination Center
Re: Vendor adoption of PIE INFO#934476 oss-security Christos Zoulas
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich
Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson

Monday, 17 February

CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext." Murray McAllister
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
CVE request New-djbdns: dnscache: possible DoS P J P
CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes Petr Matousek
Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Arun Neelicattu
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel
[OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396) Tristan Cacqueray

Tuesday, 18 February

CVE request for unfixed CVE-2013-6466 in openswan-2.6.40 Paul Wouters
Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color() cve-assign
Re: CVE request: freeradius denial of service in rlm_pap hash processing cve-assign
CVE Request: Percona Toolkit automatic version check - remote code execution / information leak Marcus Meissner
Re: CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext." cve-assign
CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings Martin Prpic
Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Nick Kralevich
XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081) Aaron Patterson
Data Injection Vulnerability in Active Record (CVE-2014-0080) Aaron Patterson
Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082) Aaron Patterson
Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean cve-assign

Wednesday, 19 February

Re: CVE request New-djbdns: dnscache: possible DoS P J P
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
CVE request: remote code execution in egroupware <= 1.8.005 Pedro Ribeiro
Re: CVE request: remote code execution in egroupware <= 1.8.005 cve-assign
Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team
Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Xen . org security team
Re: CVE request: remote code execution in egroupware <= 1.8.005 Ralf Becker
Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign
Re: CVE request New-djbdns: dnscache: possible DoS cve-assign
Re: CVE request: remote code execution in egroupware <= 1.8.005 Pedro Ribeiro
CVE request for CGI::Application information disclosure flaw Vincent Danen
Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) David Jorm

Thursday, 20 February

Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign
Re: CVE Request: Percona Toolkit automatic version check - remote code execution / information leak cve-assign
Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings cve-assign
Re: CVE request for CGI::Application information disclosure flaw cve-assign
Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40 cve-assign
Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Re: CVE request New-djbdns: dnscache: possible DoS P J P
CVE request: Linux kernel: nfs: information leakage P J P
Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign
Re: CVE request New-djbdns: dnscache: possible DoS cve-assign
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P
Re: Re: CVE request New-djbdns: dnscache: possible DoS P J P
CVE Request: Linux kernel: s390: crash due to linkage stack instruction P J P
Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign
Persistent XSS in Media File Renamer V1.7.0 Larry W. Cashdollar
Re: CVE request: Linux kernel: nfs: information leakage cve-assign
Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction cve-assign
Re: Persistent XSS in Media File Renamer V1.7.0 cve-assign
Re: Re: CVE request: Linux kernel: nfs: information leakage P J P
Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction P J P
Request regarding posts to the lists security curmudgeon
Re: Request regarding posts to the lists Solar Designer

Friday, 21 February

Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel
Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) Garth Mollett
Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) cve-assign
Re: Request regarding posts to the lists Raphael Geissert

Saturday, 22 February

Fwd: temporary file creation vulnerability in Redis Matthew Hall
Re: Fwd: temporary file creation vulnerability in Redis Michael Samuel

Sunday, 23 February

Re: Fwd: temporary file creation vulnerability in Redis cve-assign

Monday, 24 February

Re: Fwd: temporary file creation vulnerability in Redis Matthew Hall
xfe: directory masks ignored when creating new files on Samba and NFS Murray McAllister
CVE request: XSS in MODX Revolution before 2.2.11 Hanno Böck
Re: Fwd: temporary file creation vulnerability in Redis cve-assign
Re: xfe: directory masks ignored when creating new files on Samba and NFS cve-assign
Re: CVE request: XSS in MODX Revolution before 2.2.11 cve-assign
CVE request for catfish program Vincent Danen
CVE request: hexchat buffer overflow Henri Salo

Tuesday, 25 February

Re: CVE request: hexchat buffer overflow cve-assign
Re: CVE request for catfish program cve-assign
Re: CVE request for catfish program Vincent Danen
Re: CVE request for catfish program cve-assign
Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger
Re: CVE request for catfish program Vincent Danen

Wednesday, 26 February

CVE request: POSH multiple vulnerabilities Damien Cauquil

Thursday, 27 February

REJECT CVE-2014-0070 Kurt Seifried
Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign
CVE request: PLOGGER 1.0RC1 multiple vulnerabilities Damien Cauquil
[CVE assignment notification] Multiple vulnerabilities in POSH Damien Cauquil
Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities cve-assign
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities Damien Cauquil
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities cve-assign
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities Damien Cauquil
Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp Tomas Hoger
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer
CVE Request?: konqueror - https uses all ciphers, even weak ones Marcus Meissner
CVE request: askbot xss Tomas Hoger

Friday, 28 February

CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Murray McAllister
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray
CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release cve-assign
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Vincent Danen
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Chris Steipp
Re: Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Simon McVittie
Re: CVE request: askbot xss cve-assign
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability cve-assign
Re: CVE request for vulnerability in OpenStack Keystone cve-assign
Re: Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Chris Steipp

Saturday, 01 March

CVE request: CMS Made Simple SQL injection fixed in 1.11.10 Henri Salo
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release cve-assign
Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10 cve-assign

Monday, 03 March

CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access Petr Matousek
GnuTLS GNUTLS-SA-2014-2 Tomas Hoger
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Tim Brown
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried
CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso

Tuesday, 04 March

possible CVE requests: perltidy insecure temporary file usage Murray McAllister
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign
CVE request: konqueror not providing any protection against clickjacking Hanno Böck
CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free Petr Matousek
Re: Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor
CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk Petr Matousek
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor
XML entity processing hardening Florian Weimer
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Hanno Böck
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign
CVE-2013-6800 is a dup of CVE-2013-1418 Marcus Meissner
[OSSA 2014-006] Trustee token revocation does not work with memcache backend (CVE-2014-2237) Tristan Cacqueray
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Felix Eckhofer
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Jann Horn
Re: CVE-2013-6800 is a dup of CVE-2013-1418 cve-assign
CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS Petr Matousek
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Moritz Naumann
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried
Linux-PAM pam_unix/unix_chkpwd is fail-open Solar Designer

Wednesday, 05 March

libssh and stunnel PRNG flaws Huzaifa Sidhpurwala
CVE request for two net-snmp remote DoS flaws Huzaifa Sidhpurwala
CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Salva Peiró
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open Daniel Cegiełka
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Moritz Muehlenhoff
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables mancha
Re: CVE request for two net-snmp remote DoS flaws cve-assign
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign

Thursday, 06 March

CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client Garth Mollett
sudo: security policy bypass when env_reset is disabled Todd C. Miller
CVE Request/Clarification - PHP mancha
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Remi Collet
CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Raphael Geissert
CVE request: cloud-init DNS resolution fix Florian Weimer
Re: CVE request: cloud-init DNS resolution fix cve-assign
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() cve-assign
Re: CVE request: konqueror not providing any protection against clickjacking cve-assign
Re: Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH

Friday, 07 March

Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Huzaifa Sidhpurwala
IMAP STARTTLS sniff tool Bob Ezrin
Re: IMAP STARTTLS sniff tool Solar Designer
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Raphael Geissert
Re: CVE Request/Clarification - PHP cve-assign
CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding Sabrina Dubroca
Re: CVE Request/Clarification - PHP mancha

Saturday, 08 March

Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding cve-assign
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS cve-assign
Re: Bug#740670: possible CVE requests: perltidy insecure temporary file usage Don Armstrong
CVE Request: thermald Seth Arnold
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open cve-assign
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open Solar Designer
CVE request: SQL injection in MODX Revolution before 2.2.13 Hanno Böck

Sunday, 09 March

Re: possible CVE requests: perltidy insecure temporary file usage cve-assign
Re: CVE Request: thermald cve-assign
Re: CVE request: SQL injection in MODX Revolution before 2.2.13 cve-assign

Monday, 10 March

udisks and udisks2: stack-based buffer overflow when handling long path names Huzaifa Sidhpurwala
Two stack-based issues in freetype [NOT a request] Raphael Geissert
CVE Request for Quick Blind TCP Connection Spoofing with SYN Cookies Marcus Meissner
CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy Petr Matousek
When is broken crypto a vulnerability? Hanno Böck
Re: When is broken crypto a vulnerability? Alex Gaynor
CVE request: claws-mail vcalendar plugin stores user/password in cleartext Vincent Danen
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Larry W. Cashdollar
Re: When is broken crypto a vulnerability? Chris Palmer
Re: When is broken crypto a vulnerability? cve-assign
Re: When is broken crypto a vulnerability? Hanno Böck

Tuesday, 11 March

Re: Re: possible CVE requests: perltidy insecure temporary file usage Murray McAllister
Re: Re: When is broken crypto a vulnerability? Chris Palmer
Re: When is broken crypto a vulnerability? cve-assign
Re: When is broken crypto a vulnerability? cve-assign
Re: CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy Chris Palmer
Re: CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy Petr Matousek

Wednesday, 12 March

Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Paul
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Marcus Meissner
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Michael Samuel
Re: Two stack-based issues in freetype [NOT a request] cve-assign
Re: Two stack-based issues in freetype [NOT a request] Raphael Geissert
Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem cve-assign
Fw: Re: IMAP STARTTLS sniff tool Bob Ezrin
Re: Fw: Re: IMAP STARTTLS sniff tool Solar Designer
lighttpd 1.4.34 SQL injection and path traversal CVE request Stefan Bühler
Re: IMAP STARTTLS sniff tool Henri Salo
Re: CVE Request for Quick Blind TCP Connection Spoofing with SYN Cookies cve-assign
Re: lighttpd 1.4.34 SQL injection and path traversal CVE request cve-assign
Cookie Reuse Thomas Williams
CVE-Request - pen issues Steve Kemp
Re: Cookie Reuse Russ Allbery

Thursday, 13 March

Re: IMAP STARTTLS sniff tool Yves-Alexis Perez
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Stuart Henderson
CVE request for icinga 1 byte \0 overflows Marcus Meissner
Re: CVE request for icinga 1 byte \0 overflows cve-assign
Re: CVE-Request - pen issues cve-assign
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor
Re: Re: CVE request for icinga 1 byte \0 overflows Agostino Sarubbo

Friday, 14 March

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign
Re: Re: CVE-Request - pen issues Steve Kemp
CVE request, libgd and php's gd Pierre Joye
CVE request for a bug in gnu coreutils 8.22 Qixue Xiao
Insecure usage of temporary files in GNU Readline Steve Kemp
Re: CVE request, libgd and php's gd cve-assign
Re: CVE request for a bug in gnu coreutils 8.22 Marcus Meissner

Monday, 17 March

Moodle security notifications public Michael de Raadt
CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution Murray McAllister
CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c Marcus Meissner
CVE request: flaw in curl's Windows SSL backend Daniel Stenberg
Re: CVE request: flaw in curl's Windows SSL backend cve-assign
Re: Insecure usage of temporary files in GNU Readline cve-assign
Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c cve-assign

Tuesday, 18 March

CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration Petr Matousek
Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution cve-assign
Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration cve-assign
CVE request for python/zipfile jmm

Wednesday, 19 March

[OT] FD mailing list died. Time for new one Georgi Guninski
CVE Request: rack-ssl rubygem: XSS in error page Marcus Meissner
Re: CVE request for python/zipfile cve-assign
Re: [OT] FD mailing list died. Time for new one Solar Designer
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
CVE request for a bug in gnu coreutils 8.22 Qixue Xiao
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: CVE request for a bug in gnu coreutils 8.22 Solar Designer
Re: [OT] FD mailing list died. Time for new one Solar Designer
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Dean Pierce
Re: [OT] FD mailing list died. Time for new one Dean Pierce
TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue Tomas Hoger
Re: [OT] FD mailing list died. Time for new one Solar Designer
Re: [OT] FD mailing list died. Time for new one Chris Steipp
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one gremlin
Re: CVE Request: rack-ssl rubygem: XSS in error page cve-assign
Requesting a CVE id for Trojitá, an e-mail client: SSL stripping Jan Kundrát
Re: [OT] FD mailing list died. Time for new one Jann Horn

Thursday, 20 March

Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: FD mailing list died. Time for new one (or something better!) coderman
Re: Re: FD mailing list died. Time for new one (or something better!) Georgi Guninski
Re: Re: FD mailing list died. Time for new one (or something better!) Simon Ward
Re: FD mailing list died. Time for new one (or something better!) coderman
Re: FD mailing list died. Time for new one (or something better!) coderman
Re: Re: FD mailing list died. Time for new one (or something better!) Georgi Guninski
Re: Re: FD mailing list died. Time for new one (or something better!) Solar Designer
CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied Petr Matousek
CVE-2013-7339 Linux kernel - rds: prevent dereference of a NULL device cve-assign
Re: Requesting a CVE id for Trojita, an e-mail client: SSL stripping cve-assign
Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied cve-assign
Re: Requesting a CVE id for Trojita, an e-mail client: SSL stripping Jan Kundrát

Friday, 21 March

CVE request for vulnerability in OpenStack Nova Grant Murphy
Re: CVE request for vulnerability in OpenStack Nova cve-assign
Re: [OT] FD mailing list died. Time for new one Georgi Guninski

Saturday, 22 March

Re: Moodle security notifications public cve-assign
Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext cve-assign
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Michael Samuel
CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites dawgystyle
Re: CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites cve-assign

Monday, 24 March

possible CVE request: smb4k credentials cache leak Murray McAllister
KAuth security issues Sebastian Krahmer
Over-embargoing Florian Weimer
Re: Over-embargoing Georgi Guninski
pam_timestamp internals Sebastian Krahmer
Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet Xen . org security team
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet cve-assign
[oCERT-2014-002] Xalan-Java insufficient secure processing Andrea Barisani

Tuesday, 25 March

Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible Xen . org security team
Re: Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible cve-assign
Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet Ian Campbell
T201403525 - Hypercube security Advisory Just1n T1mberlake
Re: possible CVE request: smb4k credentials cache leak cve-assign

Wednesday, 26 March

Re: [OT] FD mailing list died. Time for new one Fyodor
Re: [OT] FD mailing list died. Time for new one coderman
Re: KAuth security issues Sebastian Krahmer
Re: KAuth security issues Florian Weimer
Re: KAuth security issues Sebastian Krahmer
CVE request: postfixadmin SQL injection vulnerability Thijs Kinkhorst
CVE request: openssh client does not check SSHFP if server offers certificate Thijs Kinkhorst
QEMU image format input validation fixes (multiple CVEs) Stefan Hajnoczi
Re: CVE request: openssh client does not check SSHFP if server offers certificate cve-assign
Re: pam_timestamp internals cve-assign
Re: CVE request: postfixadmin SQL injection vulnerability cve-assign
[oCERT-2014-003] LibYAML input sanitization errors Andrea Barisani

Thursday, 27 March

CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 Murray McAllister
Adventure with Stack Smashing Protector (SSP) Adam Zabrocki
Re: T201403525 - Hypercube security Advisory cve-assign
[OSSA 2014-007] Potential context confusion in Keystone middleware (CVE-2014-0105) Tristan Cacqueray
[OSSA 2014-008] Routers can be cross plugged by other tenants (CVE-2014-0056) Grant Murphy
[OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134) Tristan Cacqueray

Friday, 28 March

CVE request: MediaWiki 1.22.5 login csrf Chris Steipp
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere
JBoss EJBInvokerServlet/JMXInvokerServlet confusion Steven M. Christey
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere
OT What are the delays in delivery of Fyodor's Full Disclosure list? Georgi Guninski
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere
Re: OT What are the delays in delivery of Fyodor's Full Disclosure list? Fyodor
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp
Re: Adventure with Stack Smashing Protector (SSP) Solar Designer
Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS cve-assign
CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python Vincent Danen
Re: CVE request: MediaWiki 1.22.5 login csrf Jann Horn

Saturday, 29 March

Re: OT What are the delays in delivery of Fyodor's Full Disclosure list? Georgi Guninski
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere
Re: CVE request: MediaWiki 1.22.5 login csrf Jann Horn
Re: Adventure with Stack Smashing Protector (SSP) Georgi Guninski
Re: [PSRT] CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python Victor Stinner
Re: Adventure with Stack Smashing Protector (SSP) Julien Cristau
Re: Adventure with Stack Smashing Protector (SSP) Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Solar Designer

Sunday, 30 March

CVE request: Linux Kernel, two security issues Agostino Sarubbo
Re: [OT] FD mailing list died. Time for new one Georgi Guninski
Re: [OT] FD mailing list died. Time for new one Solar Designer
Re: CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python cve-assign
Re: CVE request: Linux Kernel, two security issues cve-assign

Monday, 31 March

Re: JBoss EJBInvokerServlet/JMXInvokerServlet confusion David Jorm
CVEs, Crypto and "vulnerabilities" Kurt Seifried
Re: CVEs, Crypto and "vulnerabilities" Donald Stufft
Re: CVEs, Crypto and "vulnerabilities" Michael Samuel
Re: CVEs, Crypto and "vulnerabilities" Marcus Meissner
Re: pam_timestamp internals Dmitry V. Levin
Re: pam_timestamp internals Sebastian Krahmer
Re: pam_timestamp internals Dmitry V. Levin
Re: pam_timestamp internals Sebastian Krahmer
CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues cve-assign
Re: CVEs, Crypto and "vulnerabilities" Tim
GOST 28147-89 gets 512 bit and 1 kbit keys gremlin
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]