oss-sec: by date
RSS Feed
About List
All Lists
Previous period
637 messages
starting Apr 01 16 and
ending Jun 30 16
Date index |
Thread index |
Author index
Friday, 01 April
Cross-site request forgery (CSRF) vulnerability in administrate gem Tute Costa
Re: ext4 data corruption due to punch hole races cve-assign
CVE Request: Squid HTTP Proxy Amos Jeffries
Re: CVE Request: Squid HTTP Proxy cve-assign
Saturday, 02 April
Re: ext4 data corruption due to punch hole races Yves-Alexis Perez
Re: ext4 data corruption due to punch hole races Theodore Ts'o
Re: ext4 data corruption due to punch hole races Ben Hutchings
Re: ext4 data corruption due to punch hole races Theodore Ts'o
Sunday, 03 April
OpenZFS (Linux, FreeBSD, illumos) fails to transmit holes Kash Pande
Monday, 04 April
Re: [security] CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) David Snopek
CVE-2016-2191: optipng: invalid write Hans Jerry Illikainen
Tuesday, 05 April
CVE request - Go - DLL loading, Big int Jason Buberel
Re: CVE request - Go - DLL loading, Big int cve-assign
root escalation from any user on clusters managed with OAR Vincent Danjean
CVE Request - xchat/hexchat doesn't properly verify SSL certificates Andrej Nemec
CVE request: Remote command execution/XSS vulnerability after login in IPFire's web user interface Michael Tremer
Wednesday, 06 April
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert
Re: CVE Request - xchat/hexchat doesn't properly verify SSL certificates cve-assign
Pulp 2.8.2 release for CVE-2016-3095 Randy Barlow
Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor Andrey Konovalov
Thursday, 07 April
CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅
CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅
CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅
CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool 王梅
CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool 张开翔
[CVE-2016-3972]DotCMS Directory traversal vulnerability xiong piaox
[CVE-2016-3971]DotCMS xss vulnerability xiong piaox
CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool 王梅
CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool 王梅
CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool 王梅
CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool 王梅
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith
Friday, 08 April
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅
CVE-2016-3632 - libtiff 4.0.6 illegel write 张开翔
Saturday, 09 April
CVE Request: systemd / journald created world readable journal files Marcus Meissner
CVE-2015-3268: Apache OFBiz information disclosure vulnerability jleroux () apache org
CVE-2016-2170: Apache OFBiz information disclosure vulnerability jleroux () apache org
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith
Re: CVE Request: systemd / journald created world readable journal files cve-assign
CVE request: imlib2 integer overflow Matthias Geerdsen
CVE request: cronic - predictable temporary files Matthias Geerdsen
CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate() Matthias Geerdsen
CVE request: imlib2 - GIF loader: OOB read Matthias Geerdsen
Sunday, 10 April
Re: CVE request: imlib2 integer overflow cve-assign
Re: CVE request: cronic - predictable temporary files cve-assign
Re: CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate() cve-assign
Re: CVE request: imlib2 - GIF loader: OOB read cve-assign
CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse(). Matthias Geerdsen
CVE request: libcrypto++ - Timing Attack Counter Measure Matthias Geerdsen
Re: CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse cve-assign
Re: CVE request: libcrypto++ - Timing Attack Counter Measure cve-assign
Monday, 11 April
Infinite loops parsing malicious DER certificates in libtasn1 4.7 Pascal Cuoq
CVE request: Qemu: net: buffer overflow in stellaris_enet emulator P J P
Large amount of uninitialized values in svg parsing and processing Gustavo Grieco
CVE Request: Qemu: net: buffer overflow in MIPSnet emulator P J P
CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Matthias Geerdsen
CVE request: Poppler < 0.40.0 Felipe
Tuesday, 12 April
CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool 张开翔
CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool 张开翔
CVE-Request for brltty auth bypass Sebastian Krahmer
Re: CVE-Request for brltty auth bypass Dave Mielke
Re: CVE request: Qemu: net: buffer overflow in stellaris_enet emulator cve-assign
Re: CVE Request: Qemu: net: buffer overflow in MIPSnet emulator cve-assign
39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar
Wednesday, 13 April
CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Wade Mealing
Re: 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar
Re: Infinite loops parsing malicious DER certificates in libtasn1 4.7 cve-assign
Re: CVE-Request for brltty auth bypass cve-assign
Re: CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. cve-assign
CVE request Qemu: i386: leakage of stack memory to guest in kvmvapic.c P J P
CVE for nodejs node-uuid Kurt Seifried
Re: CVE for nodejs node-uuid cve-assign
Thursday, 14 April
CVE request:SQL injection in TeamPass das das
Xen Security Advisory 174 (CVE-2016-3961) - hugetlbfs use may crash PV Linux guests Xen . org security team
Re: CVE request Qemu: i386: leakage of stack memory to guest in kvmvapic.c cve-assign
Re: 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar
CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Salvatore Bonaccorso
CVE request: OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution Naser Farhadi
Re: CVE request: OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution Naser Farhadi
Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation cve-assign
Friday, 15 April
CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow
Saturday, 16 April
CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL Régis Leroy
Unauthenticated XSS Vulnerability in kento-post-view-counter Wordpress Plugin 2.8 shravan kumar
CSRF and Stored XSS in Kento post viewer counter wordpress Plugin 2.8 shravan kumar
CSRF and Stored XSS in a WORDPRESS Plugin LeenkMe version 2.5.0. shravan kumar
Reflected XSS Vulnerability in Wordpress Custom-metas plugin 1.5.1 shravan kumar
Unauthenticated XSS Vulnerability in WORDPRESS FAQ WD plugin 1.0.14. shravan kumar
Sunday, 17 April
Re: CVE Request: cpio -- directory traversal none
CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value Berry
Monday, 18 April
Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL Sébastien Delafond
CVE request: GnuPG classic & GnuPG modern Stefan Kanthak
Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process P J P
Xen Security Advisory 173 (CVE-2016-3960) - x86 shadow pagetables: address width overflow Xen . org security team
Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users cve-assign
Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process cve-assign
Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL cve-assign
Re: CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value cve-assign
Re: CVE request: GnuPG classic & GnuPG modern Stefan Kanthak
Re: CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow
CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users Randy Barlow
CVE request: opam - missing certificate validation Matthias Geerdsen
Tuesday, 19 April
CVE Request: Linux kernel: remote buffer overflow in usbip Marcus Meissner
Re: CVE Request: Linux kernel: remote buffer overflow in usbip P J P
CVE Request: Insecure Direct Object Reference in OSTicket attachments Fábio Pires
Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Loganaden Velvindron
Re: CVE Request: Linux kernel: remote buffer overflow in usbip Greg KH
Re: CVE Request: Linux kernel: remote buffer overflow in usbip Ignat Korchagin
CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks Filipe Reis
CVE Request: Privilege escalation in webdav Nathan Van Gheem
CVE Request: Unauthorized disclosure of site content Nathan Van Gheem
CVE Request: Bypass Restricted Python Nathan Van Gheem
Re: CVE Request: Privilege escalation in webdav Nathan Van Gheem
Re: CVE Request: Privilege escalation in webdav - Plone cve-assign
Re: CVE Request: Unauthorized disclosure of site content - Plone cve-assign
Re: CVE Request: Bypass Restricted Python - Plone cve-assign
Re: CVE request: opam - missing certificate validation cve-assign
Wednesday, 20 April
CVE Request: perl: denial-of-service / Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU Salvatore Bonaccorso
CVE Request: Squid HTTP Caching Proxy multiple issues Amos Jeffries
Re: CVE Request: perl: denial-of-service / Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU cve-assign
CVE-2016-3693: Foreman application information leakage through templates Dominic Cleal
Re: CVE Request: Squid HTTP Caching Proxy multiple issues cve-assign
CVE-2016-3694 modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection Felix Maduakor
various vulnerabilities in Node.js packages cve-assign
Thursday, 21 April
Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks cve-assign
Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights) Sysdream Labs
Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename) Sysdream Labs
Re: CVE request: GnuPG classic & GnuPG modern cve-assign
list mail bounces; libtiff Solar Designer
CVE-2016-3074: libgd: signedness vulnerability Hans Jerry Illikainen
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Salvatore Bonaccorso
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Marc Deslauriers
Re: s/party/hack like it's 1999 Jakub Wilk
CVE Request - XXE in Pentaho Business Analytics 6.0.1.0.386 Brendan Scarvell
Re: s/party/hack like it's 1999 Solar Designer
Friday, 22 April
CVE Request: jq: heap buffer overflow in tokenadd() function Salvatore Bonaccorso
Saturday, 23 April
Re: CVE Request: jq: heap buffer overflow in tokenadd() function cve-assign
CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF Salvatore Bonaccorso
Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF cve-assign
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases cve-assign
Re: CVE request: Poppler < 0.40.0 cve-assign
Sunday, 24 April
CVE Request: jq: stack exhaustion using jv_dump_term() function Gustavo Grieco
Re: CVE Request: jq: stack exhaustion using jv_dump_term() function cve-assign
Monday, 25 April
CVE requests: Multiple Wireshark vulnerabilities Moritz Muehlenhoff
Re: CVE requests: Multiple Wireshark vulnerabilities cve-assign
CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP Salvatore Bonaccorso
Tuesday, 26 April
CVE Request: Insecure Direct Object Reference in OSTicket (last versions availablle) Fábio Pires
CVE-2016-0723: Linux kernel: Kernel memory disclosure. Wade Mealing
CVE Request: Out-of-bands write issue found in qemu 李强
3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO????
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham
Re: CVE Request: Out-of-bands write issue found in qemu P J P
Wednesday, 27 April
?????? [oss-security] 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO????
CVE-2016-4049: Denial of Service Vulnerability in Quagga BGP Routing Daemon (bgpd) Evgeny Uskov
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Tony Homer
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Bob Friesenhahn
Re: CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP cve-assign
Thursday, 28 April
CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* Hans Jerry Illikainen
[CVE Requests] PHP issues Luật Nguyễn
Re: CVE request:SQL injection in TeamPass das das
CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco
Re: CVE request:SQL injection in TeamPass Solar Designer
Re: [CVE Requests] PHP issues cve-assign
Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign
buffer overflow and information leak in OCaml < 4.03.0 Pascal Cuoq
CVE Request - Multiple vulnerabilities in Activiti Explorer Brendan Scarvell
Friday, 29 April
CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco
Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco
CVE request: three issues in libksba Martin Prpic
Re: buffer overflow and information leak in OCaml < 4.03.0 cve-assign
Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files cve-assign
Re: CVE request: three issues in libksba cve-assign
Saturday, 30 April
Re: CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP Salvatore Bonaccorso
CVE request - Quassel IRC denial of service Bas Pape
Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco
Re: CVE request - Quassel IRC denial of service cve-assign
Re: CVE requests: Multiple Wireshark vulnerabilities cve-assign
CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso
Sunday, 01 May
Re: CVE Request: libpam-sshauth: local root privilege escalation cve-assign
CVE request: DoS in multiple versions of GraphicsMagick Gustavo Grieco
CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco
Re: CVE request: DoS in multiple versions of GraphicsMagick Bob Friesenhahn
Monday, 02 May
Re: CVE Request: Jansson: stack exhaustion parsing a JSON file cve-assign
CVE request: atheme: security fixes Max Teufel
[SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114 Andrew Shadura
Re: CVE Request: Out-of-bands write issue found in qemu P J P
hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written Jouni Malinen
Re: CVE request: atheme: security fixes cve-assign
Re: hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written cve-assign
Tuesday, 03 May
Re: CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco
CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser) Simon Lees
Re: CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso
Re: CVE request: atheme: security fixes Max Teufel
OpenSSL Security Advisory [3rd May 2016] Solar Designer
CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode Gustavo Grieco
Re: OpenSSL Security Advisory [3rd May 2016] Gsunde Orangen
LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability LSE-Advisories
Re: OpenSSL Security Advisory [3rd May 2016] Solar Designer
Re: hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written Jouni Malinen
ImageMagick Is On Fire -- CVE-2016-3714 Ryan Huber
Re: ImageMagick Is On Fire -- CVE-2016-3714 Solar Designer
Re: OpenSSL Security Advisory [3rd May 2016] Gsunde Orangen
Re: CVE Request: libpam-sshauth: local root privilege escalation Vagrant Cascadian
Re: CVE Request: libpam-sshauth: local root privilege escalation Scott Balneaves
Re: ImageMagick Is On Fire -- CVE-2016-3714 Karim Valiev
Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold
Re: ImageMagick Is On Fire -- CVE-2016-3714 Tim
Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold
CVE Request: information leak in devio of Linux kernel Kangjie Lu
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn
Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold
Re: ImageMagick Is On Fire -- CVE-2016-3714 Brandon Dees
Re: CVE Request: information leak in devio of Linux kernel cve-assign
Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode cve-assign
Re: OpenSSL Security Advisory [3rd May 2016] Albert Veli
Dotclear 2.9.1 XSS vulnerability by SVG limingxing
Wednesday, 04 May
Re: OpenSSL Security Advisory [3rd May 2016] Alan J. Wylie
libonion 0.8 contains security fixes Solar Designer
Re: OpenSSL Security Advisory [3rd May 2016] Albert Veli
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection Timo Juhani Lindfors
A few Hesiod issues Florian Weimer
Re: libonion 0.8 contains security fixes Adrien Nader
Re: Dotclear 2.9.1 XSS vulnerability by SVG Aymeric
broken RSA keys Solar Designer
CVE Request: information leak in wilc1000 module of Linux kernel Kangjie Lu
Re: CVE Request: information leak in wilc1000 module of Linux kernel Greg KH
Re: libonion 0.8 contains security fixes Solar Designer
Older OpenSSL RSA key/64 bit bug (now with added CVE!) Kurt Seifried
Re: broken RSA keys Solar Designer
Re: broken RSA keys Solar Designer
Re: broken RSA keys Alexander Cherepanov
Re: broken RSA keys Alexander Cherepanov
CVE Request: kernel information leak vulnerability in llc module Kangjie Lu
CVE Request: kernel information leak vulnerability in rtnetlink Kangjie Lu
Re: broken RSA keys Alexander Cherepanov
Re: CVE Request: kernel information leak vulnerability in llc module cve-assign
Re: CVE Request: kernel information leak vulnerability in rtnetlink cve-assign
CVE Request: No Demangling During Analysis of Untrusted Binaries Marcel Böhme
Re: broken RSA keys Stanislav Datskovskiy
Re: CVE Request: No Demangling During Analysis of Untrusted Binaries cve-assign
Thursday, 05 May
Re: broken RSA keys Solar Designer
Re: broken RSA keys Hanno Böck
Re: broken RSA keys Solar Designer
Re: broken RSA keys Hanno Böck
Re: broken RSA keys Solar Designer
Re: broken RSA keys Simon McVittie
Re: broken RSA keys Alexander Cherepanov
Re: broken RSA keys Stanislav Datskovskiy
Re: broken RSA keys Stanislav Datskovskiy
Re: broken RSA keys Hanno Böck
Re: broken RSA keys Stanislav Datskovskiy
CVE Request: OpenAFS: OPENAFS-SA-2016-002 - various client functionality leak stack data onto the wire in the clear Salvatore Bonaccorso
CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS Vinc3nt4H
CVE request - samsumg android phone TvoutService_C binder service DoS Vinc3nt4H
Re: broken RSA keys Alexander Cherepanov
CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 Salvatore Bonaccorso
CVE-2016-1236 - XSS Vulnerability in websvn 2.3.3-1.2+deb8u1 Nitin Venkatesh
Re: CVE Request: OpenAFS: OPENAFS-SA-2016-002 - various client functionality leak stack data onto the wire in the clear cve-assign
Re: CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 cve-assign
Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS cve-assign
Re: CVE request - samsumg android phone TvoutService_C binder service DoS cve-assign
Friday, 06 May
CVE Request: Squid HTTP caching proxy Amos Jeffries
CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Salvatore Bonaccorso
Re: CVE Request: Squid HTTP caching proxy cve-assign
CVE request: an invalid pointer read in mini-xml 2.7 Gustavo Grieco
Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) cve-assign
CVE Request: ikiwiki: HTML-escape error messages to prevent cross-site scripting attack Salvatore Bonaccorso
Re: CVE Request: ikiwiki: HTML-escape error messages to prevent cross-site scripting attack cve-assign
CVE Request: Linux: IB/security: Restrict use of the write() interface' Salvatore Bonaccorso
Saturday, 07 May
CVE Request: wordpress and mediaelement Craig Small
Re: broken RSA keys Daniel Kahn Gillmor
CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing Salvatore Bonaccorso
Re: CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing cve-assign
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' cve-assign
Re: CVE Request: wordpress and mediaelement cve-assign
CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco
Sunday, 08 May
Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco
dosfstools / fsck.vfat: Several invalid memory accesses Hanno Böck
CVE Request: kernel information leak vulnerability in Linux sound module Kangjie Lu
GraphicsMagick Response To "ImageTragick" Bob Friesenhahn
Monday, 09 May
Xen Security Advisory 179 (CVE-2016-3710,CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks Xen . org security team
CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue P J P
CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues P J P
GraphicsMagick Response To "ImageTragick" Bob Friesenhahn
Re: GraphicsMagick Response To "ImageTragick" Simon McVittie
CVE-2016-2099: use-after-free in Xerces 3.1.3 Gustavo Grieco
Re: Re: CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Jann Horn
Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn
Re: GraphicsMagick Response To "ImageTragick" John Lightsey
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Yann Droneaud
Re: GraphicsMagick Response To "ImageTragick" Simon McVittie
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Jann Horn
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Yann Droneaud
Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn
Re: CVE requested: two stack exhaustation parsing xml files using mxml cve-assign
Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign
WordPress plugin nelio-ab-testing path traversal vulnerability Henri Salo
Tuesday, 10 May
Xen Security Advisory 179 (CVE-2016-3710,CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks Xen . org security team
Re: Re: CVE request: three issues in libksba Andreas Stieger
Re: CVE request: three issues in libksba cve-assign
BitKeeper /tmp vulns Kurt Seifried
Re: BitKeeper /tmp vulns Michael Scherer
Re: BitKeeper /tmp vulns Kurt Seifried
CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 Andreas Stieger
CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu
Re: BitKeeper /tmp vulns Michael Scherer
CVE Request: ALSA: Another information leak vulnerability in sound/core/timer Kangjie Lu
CVE Request: x25: a kernel infoleak in x25_negotiate_facilities() Kangjie Lu
Re: BitKeeper /tmp vulns Larry McVoy
Re: Re: CVE Request: kernel information leak vulnerability in Linux sound module Steve Beattie
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Brian May
Re: BitKeeper /tmp vulns Michael Scherer
Wednesday, 11 May
CVE request: Mishandling the first propagated copy being a slave Adam Maris
ImageMagick heap overflow and out of bounds read Hanno Böck
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer cve-assign
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai
Re: CVE request: Mishandling the first propagated copy being a slave - Linux kernel cve-assign
CVE Requests: Linux: use-after-free issue for ppp channel Baozeng Ding
Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu
Re: CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 cve-assign
Re: broken RSA keys Ben Laurie
Reflected XSS in three Wordpress plugins. Larry W. Cashdollar
Request CVE ID for Simple Photo Gallery 1.8.0 - Stored XSS Oliveira Lima
Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco
Jenkins - multiple fixes Daniel Beck
CVE Request - OpenJPEG: Security Fixes 刘科
Thursday, 12 May
Re: CVE Request - OpenJPEG: Security Fixes Moritz Muehlenhoff
Possible CVE request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) Salvatore Bonaccorso
Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' ira.weiny
Re: GraphicsMagick Response To "ImageTragick" David Chan
Linux Kernel bpf related UAF Marco Grassi
Re: Re: CVE Request - OpenJPEG: Security Fixes WinsonLiu
Re: Reflected XSS in three Wordpress plugins. Henri Salo
CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files. Wade Mealing
Re: Linux Kernel bpf related UAF cve-assign
Re: Linux Kernel bpf related UAF Marco Grassi
Re: broken RSA keys Solar Designer
Re: CVE Request : Use-after-free in openjpeg Moritz Muehlenhoff
CVE Request for VirIT Explorer v.8.1.68 Local Privilege Escalation VoidSec
Re: CVE Request : Use-after-free in openjpeg cve-assign
Re: CVE Request - OpenJPEG: Security Fixes cve-assign
Saturday, 14 May
Re: dosfstools / fsck.vfat: Several invalid memory accesses cve-assign
Sunday, 15 May
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco
Re: CVE Requests: Linux: use-after-free issue for ppp channel Baozeng Ding
Re: CVE Requests: Linux: use-after-free issue for ppp channel cve-assign
Monday, 16 May
Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) Salvatore Bonaccorso
CVE-2016-3713 Linux kernel: kvm: OOB r/w access issue with MSR 0x2F8 P J P
CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request Wade Mealing
[CVE-2016-0731] Apache Ambari: Ambari File Browser View security vulnerability Yusaku Sako
Tuesday, 17 May
Re: ImageMagick heap overflow and out of bounds read Andrej Nemec
Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14 Marina Glancy
Please REJECT CVE-2016-2189 Petr Matousek
Xen Security Advisory 176 (CVE-2016-4480) - x86 software guest page walk PS bit handling flaw Xen . org security team
Re: CVE Request: gdk-pixbuf: Additional fixes to protect against overlows in pixops_* functions (similar to CVE-2015-7674) cve-assign
CVE-2016-3091 Diego log encoding vulnerability Molly Crowther
RHSA-2016:1086 libndp: denial of service due to insufficient validation of source of NDP messages Cedric Buissart
CVE request for vulnerability in OpenStack Keystone morgan fainberg
Re: CVE request for vulnerability in OpenStack Keystone cve-assign
CVE-2016-0718: Expat XML Parser Crashes on Malformed Input Gustavo Grieco
CVE Request: null pointer deref in openslp, can be triggered remotely Huzaifa Sidhpurwala
[SECURITY ADVISORY] curl: TLS certificate check bypass with mbedTLS/PolarSSL Daniel Stenberg
Wednesday, 18 May
CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c Salvatore Bonaccorso
Re: CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages Cedric Buissart
Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c cve-assign
Re: CVE Request: null pointer deref in openslp, can be triggered remotely cve-assign
Re: Re: CVE Request: null pointer deref in openslp, can be triggered remotely Huzaifa Sidhpurwala
Thursday, 19 May
CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API Dominic Cleal
CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write P J P
CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd P J P
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn
Re: ImageMagick Is On Fire -- CVE-2016-3714 Jeremy Stanley
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn
Re: ImageMagick Is On Fire -- CVE-2016-3714 Kurt Seifried
Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon McVittie
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn
Re: ImageMagick Is On Fire -- CVE-2016-3714 Thomas Klausner
Re: ImageMagick Is On Fire -- CVE-2016-3714 John Lightsey
Pulp 2.8.3 Released to address multiple CVEs Randy Barlow
CVE-2016-4440 Kernel: kvm: vmx: incorrect state update leading to MSR access P J P
Friday, 20 May
Re: ImageMagick Is On Fire -- CVE-2016-3714 Sven Kieske
Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn
CVE Request -Vulnerabilitie XSS in brafton WordPress Plugin Mehrdad Linux
Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon Lees
Saturday, 21 May
CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump Baozeng Ding
Re: CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump cve-assign
Sunday, 22 May
CVE Request -XSS Vulnerabilitie in Collectd-web Mehrdad Linux
Monday, 23 May
CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines P J P
CVE request: OpenNTPD not verifying CN during HTTPS constraints request Luis M. Merino
Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging Xen . org security team
Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines cve-assign
CVE request: /tmp usage race condition in onionshare Michael Scherer
Tuesday, 24 May
CVE request: Multiple vunerabilities in libdwarf & dwarfdump Yue Liu
[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Dejan Bosanac
Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump Solar Designer
CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests P J P
CVE-2014-3672 libvirt: DoS via excessive logging P J P
Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Dejan Bosanac
Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests cve-assign
Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Tim Bain
Re: CVE request: /tmp usage race condition in onionshare cve-assign
Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump cve-assign
Wednesday, 25 May
3 libxml2 issues Huzaifa Sidhpurwala
Fwd: CVE for PHP 5.5.36 issues Lior Kaplan
CVE-Request: TYPO3 Extbase Missing Access Check Stefan Horlacher
CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration P J P
CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties P J P
CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function P J P
CVE Request: roundcube: XSS vulnerability in mail content page Salvatore Bonaccorso
CVE Requests: libimobiledevice and libusbmuxd Seth Arnold
Re: CVE-Request: TYPO3 Extbase Missing Access Check cve-assign
Thursday, 26 May
Re: Fwd: CVE for PHP 5.5.36 issues cve-assign
[CVE-2016-4434] Apache Tika XML External Entity vulnerability Tim Allison
Re: CVE Request: roundcube: XSS vulnerability in mail content page cve-assign
Re: CVE Requests: libimobiledevice and libusbmuxd cve-assign
Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration cve-assign
Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties cve-assign
Re: CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function cve-assign
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability Andreas Lehmkuehler
Friday, 27 May
CVE-2016-4451: Privileges escalation through Organization and Locations Foreman API Marek Hulán
CVE request: VLC - crash and potential code execution when processing QuickTime IMA files Patrick Coleman
Security issues addressed in GraphicsMagick SVG reader Bob Friesenhahn
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability Lorenz Quack
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass Keith W
Re: CVE request: VLC - crash and potential code execution when processing QuickTime IMA files cve-assign
Saturday, 28 May
Re: Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow cve-assign
Sunday, 29 May
CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file Gustavo Grieco
CVE Request: libgd - gdCtxPrintf memory leak Fernando Muñoz
Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file cve-assign
Re: CVE Request: libgd - gdCtxPrintf memory leak cve-assign
Re: CVE request: OpenNTPD not verifying CN during HTTPS constraints request cve-assign
CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename Bob Friesenhahn
Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename cve-assign
Monday, 30 May
CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine P J P
CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine P J P
[oCERT 2016-001] Jetty path sanitization issues Daniele Bianco
WebKitGTK+ Security Advisory WSA-2016-0004 Carlos Alberto Lopez Perez
CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl P J P
Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl cve-assign
Tuesday, 31 May
Re: Security issues addressed in GraphicsMagick SVG reader Stefan Cornelius
ImageMagick CVEs Stefan Cornelius
Re: Security issues addressed in GraphicsMagick SVG reader Bob Friesenhahn
CVE Request: Reflected Cross-Site Scripting in TYPO3 Formhandler Lubomir Stroetmann
Wednesday, 01 June
"The Blind SQL Injection Issue" explanation Mihamina RAKOTOMANDIMBY
Re: "The Blind SQL Injection Issue" explanation Solar Designer
CVE update (CVE-2016-2174) - Fixed in Ranger 0.5.3 Velmurugan Periasamy
[OSSA-2016-008] Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass (CVE-2016-4911) morgan fainberg
CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd P J P
Thursday, 02 June
CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Marcus Meissner
CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco
CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen
Re: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Adam Maris
Re: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Marcus Meissner
Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling Xen . org security team
Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd cve-assign
Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites cve-assign
Re: CVE request: mat doesn't remove metadata in embedded images in PDFs cve-assign
Re: CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen
Re: ImageMagick CVEs cve-assign
Re: CVE request: DoS in multiple versions of GraphicsMagick cve-assign
Friday, 03 June
Xen Security Advisory 181 - arm: Host crash caused by VMID exhaustion Xen . org security team
CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump Kangjie Lu
CVE Request: rds: fix an infoleak in rds_inc_info_copy Kangjie Lu
Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump cve-assign
Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy cve-assign
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability Brian Demers
CVE Request: Dnsmasq denial of service Marc Deslauriers
Re: expat hash collision fix too predictable? Sebastian Pipping
Re: expat hash collision fix too predictable? cve-assign
Re: CVE Request: Dnsmasq denial of service cve-assign
Saturday, 04 June
Re: Re: expat hash collision fix too predictable? Daniel Micay
Re: expat hash collision fix too predictable? Sebastian Pipping
Re: expat hash collision fix too predictable? cve-assign
Re: expat hash collision fix too predictable? Sebastian Pipping
Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco
three vulnerabilities in ImageMagick before 7.0.1-2 cve-assign
Libtorrent http_parser.cpp denial of service Brandon Perry
Re: Libtorrent http_parser.cpp denial of service cve-assign
Sunday, 05 June
Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols Solar Designer
Re: Requesting CVE for ImageMagick DoS Jodie Cunningham
Re: Requesting CVE for ImageMagick DoS cve-assign
Monday, 06 June
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Adam Maris
Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign
Xen Security Advisory 181 (CVE-2016-5242) - arm: Host crash caused by VMID exhaustion Xen . org security team
Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling Xen . org security team
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 cve-assign
CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs Salvatore Bonaccorso
Tuesday, 07 June
CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO P J P
Please reject duplicate CVE for libxml2 Martin Prpic
Re: Please reject duplicate CVE for libxml2 Salvatore Bonaccorso
Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs Adam Maris
Wednesday, 08 June
CVE Request: wireshark releases Marcus Meissner
CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Solar Designer
CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info P J P
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Gsunde Orangen
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Alex Gaynor
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Gsunde Orangen
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Marcus Meissner
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley
CVE-2016-2177: OpenSSL undefined pointer arithmetic Solar Designer
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley
Re: CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info cve-assign
Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO cve-assign
Excessive resource consumption (DOS) in JPEG Daniel Veditz
Thursday, 09 June
CVE Request: ruby openssl hostname verification issue Marcus Meissner
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller
Re: CVE Request: wireshark releases Andreas Stieger
Re: CVE Request: wireshark releases cve-assign
CVE Request: haproxy remote denial of service via reqdeny Marcus Meissner
Re: CVE Request: haproxy remote denial of service via reqdeny cve-assign
Re: CVE Request: ruby openssl hostname verification issue cve-assign
Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley
CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Huzaifa Sidhpurwala
Friday, 10 June
Ruby gem rack-mini-profiler CVE-2016-4442 Sam Saffron
Re: Ruby gem rack-mini-profiler CVE-2016-4442 Reed Loden
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign
CVE request for vulnerability in OpenStack Neutron Tristan Cacqueray
Re: CVE request for vulnerability in OpenStack Neutron cve-assign
Simple Machines Forums - PHP Object Injection Scott Arciszewski
[vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ John Johansen
MantisBT: XSS in custom fields management Damien Regad
CVE-Request: heap overflow in Python Insu Yun
Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Willy Tarreau
Saturday, 11 June
CVE Request for Denial of Service in pacman 5.0.1 Tobias Stoeckmann
Re: MantisBT: XSS in custom fields management cve-assign
Re: MantisBT: XSS in custom fields management Damien Regad
Sunday, 12 June
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Huzaifa Sidhpurwala
Monday, 13 June
CVE request: several SOGo issues (DOS, XSS, information leakage) Jens Erat
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters
Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way Robert Święcki
[OSSA-2016-009] Neutron IPTables firewall anti-spoof protection bypass (CVE-2016-5362, CVE-2016-5363, CVE-2015-8914) Tristan Cacqueray
Tuesday, 14 June
Re: CVE request: reads out-of-bounds with cpio 2.11 Petter Reinholdtsen
Re: Re: Linux Kernel bpf related UAF Daniel Borkmann
Various invalid memory reads in ImageMagick (WPG, DDS, DCM) Hanno Böck
Re: CVE Request for Denial of Service in pacman 5.0.1 cve-assign
CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters
Python CVE-2016-0772: smtplib StartTLS stripping attack Cedric Buissart
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim
CVE-2016-5314:libtiff 4.0.6 PixarLogDecode() out-of-bound writes 张开翔
CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation 张开翔
CVE-2016-5316: libtiff 4.0.6 tif_pixarlog.c: PixarLogCleanup() Segmentation fault 张开翔
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) cve-assign
CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image 张开翔
CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero 张开翔
CVE-2016-5321: libtiff 4.0.6 DumpModeDecode(): Ddos 张开翔
CVE-2016-5322:libtiff 4.0.6 extractContigSamplesBytes: out-of-bounds read 张开翔
CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution 张开翔
Re: CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image Simon McVittie
CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree(). Wade Mealing
Wednesday, 15 June
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart
Re: CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution Marcus Meissner
Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero Marcus Meissner
CVE Request: heap overflow in Python zipimport module Insu Yun
Re: CVE Request: ruby openssl hostname verification issue Marcus Meissner
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim
Thursday, 16 June
Re: CVE Request: heap overflow in Python zipimport module cve-assign
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign
Friday, 17 June
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart
Many invalid memory access issues in libarchive Hanno Böck
Re: Various invalid memory reads in ImageMagick (WPG, DDS, DCM) cve-assign
[OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428) Tristan Cacqueray
Re: Many invalid memory access issues in libarchive cve-assign
Saturday, 18 June
Re: Simple Machines Forums - PHP Object Injection cve-assign
Monday, 20 June
CVE-2016-3189: bzip2 use-after-free on bzip2recover Cedric Buissart
CVE Request: 2015 squidguard reflected XSS Marcus Meissner
CVE request for PHP bug #68978: "XSS in header() with Internet Explorer" (2015) Lukas Reschke
Jenkins plugins -- multiple fixes Daniel Beck
Re: Jenkins plugins -- multiple fixes Daniel Beck
RE: CVE Request: 2015 squidguard reflected XSS CVE ID Requests
Tuesday, 21 June
SELinux troubles Sebastian Krahmer
Re: SELinux troubles Tomas Hoger
Re: CVE request for PHP bug #68978: "XSS in header() with Internet Explorer" (2015) cve-assign
CVE Request Openstack-infra puppet-gerrit module xss vulnerability Gregory Haynes
Re: CVE Request: 2015 squidguard reflected XSS cve-assign
Ironic node information including credentials exposed to unathenticated users Jim Rollenhagen
Wednesday, 22 June
Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Solar Designer
Re: CVE Request Openstack-infra puppet-gerrit module xss vulnerability cve-assign
CVE request: SQL injection in MovableType xml-rpc interface John Lightsey
Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ henrix
Re: CVE request: SQL injection in MovableType xml-rpc interface cve-assign
Re: CVE request: SQL injection in MovableType xml-rpc interface John Lightsey
Fwd: out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE Ibrahim el-sayed
Thursday, 23 June
CVE for PHP 5.5.37 issues Lior Kaplan
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Marcus Meissner
Re: CVE for PHP 5.5.37 issues cve-assign
Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign
Out of bounds read and signed integer overflow in libarchive Hanno Böck
CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues Salvatore Bonaccorso
RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972) Kirill Zaitsev
Re: CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues cve-assign
Friday, 24 June
CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls Michael Ellerman
libical 0.47 SEGV on unknown address Brandon Perry
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos
Re: Out of bounds read and signed integer overflow in libarchive cve-assign
Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access) Jesse Hertz
Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 Alvaro Hoyos
Ruby:HTTP Header injection in 'net/http' redrain root
Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it Salvatore Bonaccorso
Saturday, 25 June
Re: Fwd: out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE - ImageMagick cve-assign
Re: libical 0.47 SEGV on unknown address cve-assign
Re: libical 0.47 SEGV on unknown address Alan Coopersmith
Re: libical 0.47 SEGV on unknown address Brandon Perry
Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel cve-assign
CVE Request: Linux kernel HID: hiddev buffer overflows Scotty
Sunday, 26 June
Re: CVE Request: Linux kernel HID: hiddev buffer overflows cve-assign
CVE request: MatrixSSL lack of RSA-CRT hardening Florian Weimer
Monday, 27 June
Apache Xerces getLastExtEntityInfo Use-After-Free Marco Grassi
Re: Apache Xerces getLastExtEntityInfo Use-After-Free Gustavo Grieco
Tuesday, 28 June
Re: Apache Xerces getLastExtEntityInfo Use-After-Free Marco Grassi
Re: Apache Xerces getLastExtEntityInfo Use-After-Free Gustavo Grieco
CVE Request: integer overflow in ALSA snd_compress_check_input Marcus Meissner
Re: CVE Request: integer overflow in ALSA snd_compress_check_input cve-assign
CVE request - python-docx 0.8.5 - XXE Pierre Ernst
Re: CVE request - python-docx 0.8.5 - XXE cve-assign
CVE Request - PECL-HTTP 3.0.0 Buffer overflow _rc0r
Wednesday, 29 June
Re: CVE request: MatrixSSL lack of RSA-CRT hardening Hanno Böck
CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Lucian Cojocar
Re: CVE Request - PECL-HTTP 3.0.0 Buffer overflow cve-assign
CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format Mathias Svensson
Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format cve-assign
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD Cantor, Scott
CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash) Salvatore Bonaccorso
Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash) cve-assign
Debian Exim Spool Local Root halfdog
Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format ncl () cock li
Thursday, 30 June
CVE Request: No demangling of untrusted binaries (2) Marcel Böhme
Re: Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash) Salvatore Bonaccorso
CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco
Re: CVE Request: No demangling of untrusted binaries (2) cve-assign
Re: CVE Request: No demangling of untrusted binaries (2) Marcel Böhme
Re: Debian Exim Spool Local Root Yves-Alexis Perez
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd cve-assign