oss-sec: by author
RSS Feed
About List
All Lists
Previous period
777 messages
starting Feb 11 13 and
ending Jan 21 13
Date index |
Thread index |
Author index
Aaron Patterson
Patch update for [CVE-2013-0269] Aaron Patterson (Feb 11)
[CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails Aaron Patterson (Mar 18)
Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] Aaron Patterson (Feb 11)
Circumvention of attr_protected [CVE-2013-0276] Aaron Patterson (Feb 11)
Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) Aaron Patterson (Jan 08)
[CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users Aaron Patterson (Mar 18)
[CVE-2013-1854] Symbol DoS vulnerability in Active Record Aaron Patterson (Mar 18)
[CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack Aaron Patterson (Mar 18)
Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) Aaron Patterson (Jan 08)
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Aaron Patterson (Jan 02)
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] Aaron Patterson (Feb 11)
adam swanda
Re: /dev/ptmx timing adam swanda (Jan 07)
Adam Zabrocki
Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Adam Zabrocki (Mar 10)
Agostino Sarubbo
CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 24)
Cve request: tomcat world-readable logdir Agostino Sarubbo (Feb 22)
nginx world-readable logdir Agostino Sarubbo (Feb 21)
CVE request: skunkweb world-readable logdir Agostino Sarubbo (Feb 24)
CVE request: varnish world-readable logdir Agostino Sarubbo (Feb 22)
Re: CVE request: ibutils improper use of files in /tmp Agostino Sarubbo (Mar 26)
Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)
CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Agostino Sarubbo (Mar 25)
CVE request: unauthorized SSL certificates by Türktrust discovered Agostino Sarubbo (Feb 15)
CVE request: sthttpd world-redable logdir Agostino Sarubbo (Feb 22)
Re: CVE request: monkeyd world-readable logdir Agostino Sarubbo (Feb 26)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
Re: CLONE_NEWUSER|CLONE_FS root exploit Agostino Sarubbo (Mar 18)
Re: CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)
CVE request: webfs world-readable log Agostino Sarubbo (Feb 22)
Alexander E. Patrakov
Re: CVE-2013-0913 Linux kernel i915 integer overflow Alexander E. Patrakov (Mar 13)
Alton Moore
Re: handling of Linux kernel vulnerabilities Alton Moore (Mar 05)
Anders Petersson
Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
Andreas Ericsson
Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 04)
Re: Security vulnerability tools Andreas Ericsson (Mar 28)
Andrew Cooper
[PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Andrew Cooper (Jan 16)
Andrew Nacin
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Andrew Nacin (Jan 26)
Bastian Blank
CVE request: libvirt kvm-group writable storage Bastian Blank (Feb 25)
Benji
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Benji (Feb 27)
Brian Martin
Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Brian Martin (Jan 30)
Carlos Alberto Lopez Perez
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez (Jan 03)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Carlos Alberto Lopez Perez (Jan 03)
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez (Jan 08)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Carlos Alberto Lopez Perez (Jan 11)
chevalier 3as
Potential HTTP Header Injection in Apache HTTPClient chevalier 3as (Jan 10)
Christey, Steven M.
RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Christey, Steven M. (Mar 14)
RE: RE: Handling CVEs for the XML entity expansion issues Christey, Steven M. (Feb 20)
RE: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
RE: Handling CVEs for the XML entity expansion issues Christey, Steven M. (Feb 20)
RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Christey, Steven M. (Mar 20)
RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M. (Mar 07)
RE: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Christey, Steven M. (Feb 13)
RE: Ruby CVEs Christey, Steven M. (Mar 21)
CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Christey, Steven M. (Mar 12)
RE: *.nist.gov websites gone forever? Christey, Steven M. (Mar 11)
RE: WordPress plugins vulnerable to CVE-2013-1808 Christey, Steven M. (Mar 28)
RE: Two more ZoneMinder that need CVE Christey, Steven M. (Feb 21)
RE: CVE request: python-pyrad insecurities Christey, Steven M. (Feb 15)
Corey Bryant
Security vulnerability tools Corey Bryant (Mar 27)
Re: Security vulnerability tools Corey Bryant (Mar 29)
Re: Security vulnerability tools Corey Bryant (Mar 27)
Re: [kernel-hardening] Re: Security vulnerability tools Corey Bryant (Mar 27)
Re: Re: [kernel-hardening] Security vulnerability tools Corey Bryant (Mar 27)
cve-assign
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) cve-assign (Jan 03)
Re: e1000e/82574L hardware erratum cve-assign (Feb 12)
Re: CVE request for Movable Type cve-assign (Jan 22)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) cve-assign (Jan 11)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs cve-assign (Mar 14)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
Wireshark before 1.8.5 (etc.) wnpa-sec-2013-01 through wnpa-sec-2013-09 cve-assign (Jan 30)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations cve-assign (Feb 07)
cve-id-change
CVE ID Syntax Change - Call for Public Feedback cve-id-change (Jan 22)
Damien Regad
CVE request: MantisBT text search query can crash site Damien Regad (Mar 21)
Re: CVE request: mantis before 1.2.12 Damien Regad (Jan 18)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Damien Regad (Mar 04)
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Damien Regad (Jan 21)
Daniel Kahn Gillmor
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
nginx http proxy module does not verify peer identity of https origin server Daniel Kahn Gillmor (Jan 03)
Dan Rosenberg
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
David Black
CVE Request: python-pip insecure temporary directory handling David Black (Mar 20)
Re: CVE Request: python-pip insecure temporary directory handling David Black (Mar 22)
David Hicks
CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability David Hicks (Jan 18)
CVE request: MantisBT before 1.2.13 match_type XSS vulnerability David Hicks (Jan 18)
CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes David Hicks (Jan 18)
David Jorm
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) David Jorm (Feb 12)
Re: Potential HTTP Header Injection in Apache HTTPClient David Jorm (Feb 14)
Dmitry V. Levin
Re: /dev/ptmx timing Dmitry V. Levin (Jan 07)
Donald Stufft
CVE Request: MD5 used for Download verification Donald Stufft (Mar 11)
Eduardo Tongson
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Eduardo Tongson (Mar 13)
Eitan Adler
Re: Re: e1000e/82574L hardware erratum Eitan Adler (Feb 12)
Re: Whats worth a CVE? Eitan Adler (Jan 21)
Eric Hodel
CVE-2013-0256 RDoc 2.3.0 through 3.12 XSS Exploit Eric Hodel (Feb 06)
Eric Lacombe
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 04)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 05)
Eugene Teo
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Eugene Teo (Feb 28)
Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo (Mar 13)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Eugene Teo (Mar 14)
Re: CLONE_NEWUSER|CLONE_FS root exploit Eugene Teo (Mar 13)
Fabio M. Di Nitto
Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Fabio M. Di Nitto (Feb 01)
Florian Weimer
pam-pgsql NULL password handling issue Florian Weimer (Jan 15)
DoS vulnerability in the BIND resolver (and potentially others) Florian Weimer (Jan 13)
CVE request: openconnect buffer overflow Florian Weimer (Feb 11)
Re: CVE ID Syntax Change - Call for Public Feedback Florian Weimer (Jan 24)
Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 16)
gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 10)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Florian Weimer (Feb 22)
Re: CVE request: hs-tls: Basic constraints vulnerability Florian Weimer (Jan 30)
Re: Re: e1000e/82574L hardware erratum Florian Weimer (Feb 12)
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Jan 14)
Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
e1000e/82574L hardware erratum Florian Weimer (Feb 06)
Re: CVE Request coreutils Florian Weimer (Jan 22)
Re: gnome-keyring does not discard stored secrets in some cases Florian Weimer (Jan 11)
Re: CVE Request coreutils Florian Weimer (Jan 22)
Forest Monsen
CVE request for Drupal contributed modules Forest Monsen (Jan 11)
CVE request for "Views" (Drupal contributed module) Forest Monsen (Mar 22)
CVE request for Drupal contributed modules Forest Monsen (Feb 04)
CVE request for Drupal contributed modules Forest Monsen (Jan 24)
Re: CVE request for Drupal contributed modules Forest Monsen (Jan 14)
CVE request for Drupal Core and contributed modules Forest Monsen (Feb 20)
CVE Request for Drupal contrib modules Forest Monsen (Mar 28)
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Forest Monsen (Jan 20)
Re: CVE request for "Views" (Drupal contributed module) Forest Monsen (Mar 23)
CVE request for Drupal contributed modules Forest Monsen (Jan 20)
CVE request for a Drupal contributed module Forest Monsen (Mar 14)
CVE Request for Drupal Contributed Modules Forest Monsen (Feb 27)
George Kargiotakis
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 20)
Re: Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Jan 17)
Giles Coochey
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey (Jan 21)
Greg KH
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH (Feb 19)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH (Feb 19)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 03)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 03)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 03)
Re: CLONE_NEWUSER|CLONE_FS root exploit Greg KH (Mar 13)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Greg KH (Mar 04)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
Greg Knaddison
Re: [security] CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Greg Knaddison (Jan 18)
gremlin
nginx CVE-2013-0337 world-readable logs gremlin (Feb 23)
Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
Re: nginx world-readable logdir gremlin (Feb 22)
Re: CVE id request: busybox gremlin (Mar 03)
Re: nginx world-readable logdir gremlin (Feb 22)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
Re: CVE Request: imview gremlin (Feb 07)
Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
Re: nginx world-readable logdir gremlin (Feb 21)
Gynvael Coldwind
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Gynvael Coldwind (Mar 19)
Hanno Böck
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Hanno Böck (Feb 07)
CVE request: piwik before 1.10 Hanno Böck (Jan 17)
Re: CVE request: opus codec before 1.0.2 Hanno Böck (Jan 10)
CVE request: XSS in roundcube before 0.8.5 Hanno Böck (Feb 07)
CVE request: XSS in piwik 1.11 Hanno Böck (Mar 10)
Helmut Grohne
fusionforge CVE-2013-1423 multiple privilege escalations Helmut Grohne (Feb 25)
predictable /tmp filename in git-extras Helmut Grohne (Jan 22)
Henrique
CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique (Jan 20)
Henrique Montenegro
CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Henrique Montenegro (Feb 14)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
Wordpress Pinboard theme XSS Henrique Montenegro (Feb 09)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
Henri Salo
CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Henri Salo (Jan 28)
ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Henri Salo (Jan 29)
CVE request: WordPress 3.5.1 Maintenance and Security Release Henri Salo (Jan 25)
US national vulnerability database hacked Henri Salo (Mar 14)
CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Henri Salo (Feb 11)
CVE request: mount/umount leak information about existence of folders Henri Salo (Jan 06)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo (Jan 21)
CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Henri Salo (Mar 26)
Re: A small backlog of vulnerabilities in Chicken Scheme Henri Salo (Feb 02)
Re: nginx world-readable logdir Henri Salo (Feb 21)
CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Henri Salo (Jan 06)
CVE request: nginx world-readable logdir Henri Salo (Feb 21)
Re: Ruby CVEs Henri Salo (Mar 19)
Re: CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo (Mar 14)
Re: XSS vulnerabilities in ZeroClipboard and multiple web applications Henri Salo (Mar 25)
Re: CVE request: piwigo XSS in password.php Henri Salo (Feb 10)
CVE request: WordPress plugin smart-flv jwplayer.swf XSS Henri Salo (Feb 24)
CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Henri Salo (Mar 23)
CVE-2009-4168: WordPress plugin vkontakte-api XSS vulnerability Henri Salo (Mar 11)
Re: nginx world-readable logdir Henri Salo (Feb 22)
CVE request: PHP-Fusion waraxe-2013-SA#097 Henri Salo (Mar 02)
Re: Ruby CVEs Henri Salo (Mar 20)
CVE-2009-4168: WordPress plugin snazzy-archives XSS vulnerability Henri Salo (Mar 10)
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 14)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Henri Salo (Feb 26)
WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 10)
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Henri Salo (Jan 02)
Re: Ruby CVEs Henri Salo (Mar 21)
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (Mar 26)
Ignatios Souvatzis
Re: CVE id request: latd Ignatios Souvatzis (Feb 04)
Jakub Wilk
Re: CVEs for libxml2 and expat internal and external XML entity expansion Jakub Wilk (Feb 22)
James Tucker
CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal. James Tucker (Feb 07)
CVE-2013-0263: Rack all versions, Timing attack in cookie sessions James Tucker (Feb 07)
Jan Lieskovsky
[FYI / CVE assignment notification] CVE-2013-0281 pacemaker: Denial of service when remote CIB management enabled due to use of no-timeout blocking socket to wait for the arrival of the authentication credentials Jan Lieskovsky (Feb 14)
CVE Request -- redis: Two insecure temporary file use flaws Jan Lieskovsky (Jan 14)
CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Jan Lieskovsky (Jan 04)
CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Jan Lieskovsky (Jan 04)
CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Jan Lieskovsky (Jan 30)
CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Jan Lieskovsky (Jan 07)
CVE Request - SA-CORE-2013-001 (one JQuery X < 1.63 issue and two Drupal modules issues) Jan Lieskovsky (Jan 17)
Notification: Samba: NTML with session security handshake attack Jan Lieskovsky (Jan 10)
Re: CVE request: Transmission can be made to crash remotely Jan Lieskovsky (Feb 11)
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky (Mar 25)
CVE Request -- yum: Not removing bad metadata and using it in next run Jan Lieskovsky (Mar 27)
Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Jan Lieskovsky (Mar 15)
[Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Jan Lieskovsky (Jan 23)
CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Jan Lieskovsky (Jan 03)
[Ignore not a security flaw] Re: [oss-security] CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky (Feb 12)
CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Jan Lieskovsky (Jan 03)
CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Jan Lieskovsky (Mar 22)
CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow Jan Lieskovsky (Feb 18)
CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used Jan Lieskovsky (Feb 01)
CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Jan Lieskovsky (Mar 28)
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky (Jan 18)
[CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Jan Lieskovsky (Feb 05)
CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Jan Lieskovsky (Jan 18)
CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Jan Lieskovsky (Feb 12)
Jason A. Donenfeld
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
kernel: tmpfs use-after-free Jason A. Donenfeld (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
Jeremy Stanley
Re: CVE Request: MD5 used for Download verification Jeremy Stanley (Mar 11)
Re: (linux-)distros membership changes Jeremy Stanley (Feb 15)
Jim Mellander
Re: CVE# request: pigz creates temp file with insecure permissions Jim Mellander (Feb 27)
Jiri Kosina
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
John Lightsey
Re: CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)
CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)
jordi gemsstatus
Re: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] jordi gemsstatus (Mar 07)
Joshua J. Drake
CVE request - Linux kernel: VFAT slab-based buffer overflow Joshua J. Drake (Feb 26)
Julien Tinnes
Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 15)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 19)
Kees Cook
Re: CLONE_NEWUSER|CLONE_FS root exploit Kees Cook (Mar 13)
CVE-2013-0914 Linux kernel sa_restorer information leak Kees Cook (Mar 11)
CVE-2013-0913 Linux kernel i915 integer overflow Kees Cook (Mar 11)
Kurt Seifried
Re: CVE request for Drupal Core and contributed modules Kurt Seifried (Feb 20)
Re: CVE request: Curl insecure usage Kurt Seifried (Jan 02)
Re: CVE id request: busybox Kurt Seifried (Mar 03)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
Request for CVE Identifiers Kurt Seifried (Jan 17)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried (Mar 02)
Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options Kurt Seifried (Mar 28)
Re: CVE request: almanah does not encrypt its database Kurt Seifried (Mar 13)
Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Kurt Seifried (Jan 24)
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried (Feb 08)
Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference Kurt Seifried (Feb 27)
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw Kurt Seifried (Feb 20)
Re: CVE Request: cronie fd leak Kurt Seifried (Jan 08)
Re: Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization Kurt Seifried (Feb 01)
Re: Cve request: tomcat world-readable logdir Kurt Seifried (Feb 22)
Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried (Feb 07)
Re: CVE Request: imview Kurt Seifried (Feb 05)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 02)
Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 26)
Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Kurt Seifried (Jan 07)
Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 22)
Re: CVE request: python-pyrad insecurities Kurt Seifried (Feb 15)
Ruby CVEs Kurt Seifried (Mar 19)
Re: CVE request: ruby-openid XML denial of service attack Kurt Seifried (Mar 02)
Re: Ruby CVEs Kurt Seifried (Mar 19)
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried (Feb 15)
Re: CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Kurt Seifried (Feb 14)
Re: Two more ZoneMinder that need CVE Kurt Seifried (Feb 21)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 22)
Re: CVE request: Transmission can be made to crash remotely Kurt Seifried (Feb 12)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 20)
CVE-2013-1895 py-bcrypt 0.2 concurrency vulnerability (auth bypass) Kurt Seifried (Mar 25)
Re: CVE Request: imview Kurt Seifried (Feb 06)
Re: CVE request: potential bypass of sudo tty_tickets constraints Kurt Seifried (Feb 27)
Re: CVE Request: PHP openssl_encrypt memory disclosure Kurt Seifried (Jan 18)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried (Jan 08)
Re: CVE Request: Jenkins possible remote code execution Kurt Seifried (Jan 07)
CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 21)
Re: e1000e/82574L hardware erratum Kurt Seifried (Feb 06)
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Kurt Seifried (Jan 10)
Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried (Feb 26)
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Kurt Seifried (Jan 03)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 14)
Re: CVE request: WordPress plugin smart-flv jwplayer.swf XSS Kurt Seifried (Feb 25)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Kurt Seifried (Mar 01)
Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 15)
Re: CVE request: piwigo XSS in password.php Kurt Seifried (Feb 10)
Re: CVE Request coreutils Kurt Seifried (Jan 23)
jQuery 1.6.2 XSS CVE assignment Kurt Seifried (Jan 30)
Re: CVE request: sthttpd world-redable logdir Kurt Seifried (Feb 22)
Re: Re: CVE request: webfs world-readable log Kurt Seifried (Feb 22)
Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 21)
Re: CLONE_NEWUSER|CLONE_FS root exploit Kurt Seifried (Mar 13)
Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 22)
Re: Untrusted startup file inclusion in Chicken Scheme Kurt Seifried (Mar 20)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried (Feb 12)
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 10)
Re: CVE request: 3 DoS conditions in Rake Kurt Seifried (Jan 14)
Re: CVE request: varnish world-readable logdir Kurt Seifried (Feb 22)
Re: Reverse lookup issue in Net::Server Kurt Seifried (Mar 11)
Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf Kurt Seifried (Mar 02)
Re: CVE id request: busybox Kurt Seifried (Mar 03)
Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Kurt Seifried (Feb 19)
Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 27)
Re: CVE Request: poppler 0.22.1 security fixes Kurt Seifried (Feb 27)
Re: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities Kurt Seifried (Mar 25)
Re: CVE request: MantisBT text search query can crash site Kurt Seifried (Mar 21)
Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc Kurt Seifried (Mar 11)
Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Kurt Seifried (Jan 07)
Re: Re: [OSVDB Mods] [New Vulnerability] File Disclosure in SimpleMachines Forum <= 2.0.3 (CVE-2013-0192) (fwd) Kurt Seifried (Feb 01)
Re: CVE Request -- yum: Not removing bad metadata and using it in next run Kurt Seifried (Mar 29)
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Jan 01)
REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 Kurt Seifried (Feb 19)
Re: CVE request: memcached DoS when printing out keys to be deleted in verbose mode Kurt Seifried (Jan 14)
Re: Reverse lookup issue in Net::Server Kurt Seifried (Mar 13)
Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability Kurt Seifried (Jan 18)
Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Kurt Seifried (Feb 14)
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Kurt Seifried (Mar 14)
Some rubygems related CVEs Kurt Seifried (Feb 13)
Re: kernel: tmpfs use-after-free Kurt Seifried (Feb 25)
Re: CVE request: mount/umount leak information about existence of folders Kurt Seifried (Jan 06)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried (Feb 20)
Re: CVE Request -- Axis2/c Kurt Seifried (Jan 11)
Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS) Kurt Seifried (Mar 22)
Re: CVE id request: openssh? Kurt Seifried (Feb 06)
Re: nginx http proxy module does not verify peer identity of https origin server Kurt Seifried (Jan 03)
Re: Potential HTTP Header Injection in Apache HTTPClient Kurt Seifried (Feb 13)
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 26)
Re: DoS vulnerability in the BIND resolver (and potentially others) Kurt Seifried (Jan 13)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)
Re: CVE request for Drupal contributed modules Kurt Seifried (Feb 04)
Re: ircd-hybrid: Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Kurt Seifried (Jan 29)
Re: CVE request: skunkweb world-readable logdir Kurt Seifried (Feb 25)
Re: CVE Kurt Seifried (Jan 30)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: CVE Request: Gambas Directory hijack vulnerability Kurt Seifried (Mar 02)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried (Jan 25)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried (Jan 08)
Re: Wordpress Pinboard theme XSS Kurt Seifried (Feb 13)
Re: CVE request: WordPress 3.5.1 Maintenance and Security Release Kurt Seifried (Jan 28)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried (Feb 13)
Re: CVE Request: zoneminder: arbitrary command execution vulnerability Kurt Seifried (Jan 28)
CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld Kurt Seifried (Mar 14)
Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
Re: CVE request: XSS in roundcube before 0.8.5 Kurt Seifried (Feb 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
Re: /dev/ptmx timing Kurt Seifried (Jan 07)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
Re: CVE request: openconnect buffer overflow Kurt Seifried (Feb 12)
Re: CVE request: ibutils improper use of files in /tmp Kurt Seifried (Mar 25)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 22)
Re: CVE request: piwigo XSS in password.php Kurt Seifried (Feb 12)
Quick note on mfsa2013-04 / CVE-2012-0759 / CVE-2013-0759 Kurt Seifried (Jan 08)
Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried (Feb 28)
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 21)
Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails Kurt Seifried (Jan 04)
CVE request: piwigo XSS in password.php Kurt Seifried (Feb 09)
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 16)
CVE-2013-0350 for pktstat: writes content from TCP streams to public readable file /tmp/smtp.log Kurt Seifried (Feb 22)
Re: CVE id request: busybox Kurt Seifried (Mar 02)
Re: CVE request: hs-tls: Basic constraints vulnerability Kurt Seifried (Jan 30)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: CVE Request: Mongo DB Kurt Seifried (Mar 25)
Re: Some rubygems related CVEs Kurt Seifried (Feb 13)
Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 25)
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried (Feb 15)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Feb 27)
Re: Wordpress Pinboard theme XSS Kurt Seifried (Feb 13)
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Kurt Seifried (Mar 02)
Re: CVE request: libvirt kvm-group writable storage Kurt Seifried (Feb 25)
Re: CVE id request: latd Kurt Seifried (Feb 03)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried (Feb 12)
Re: CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Kurt Seifried (Feb 19)
Re: CVE Request: VLC Buffer overflows Kurt Seifried (Mar 19)
Re: CVE id request: busybox Kurt Seifried (Mar 05)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Kurt Seifried (Mar 02)
Re: CVE Request -- redis: Two insecure temporary file use flaws Kurt Seifried (Jan 14)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 24)
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Kurt Seifried (Mar 07)
Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Kurt Seifried (Jan 30)
Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Kurt Seifried (Mar 23)
Re: CVE request: PHP-Fusion waraxe-2013-SA#097 Kurt Seifried (Mar 02)
Re: CVE request: sudo authentication bypass when clock is reset Kurt Seifried (Feb 27)
Re: CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Kurt Seifried (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
Re: pam-pgsql NULL password handling issue Kurt Seifried (Jan 16)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried (Mar 14)
CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Kurt Seifried (Mar 06)
Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths Kurt Seifried (Jan 03)
Re: CVE request -- qxl: synchronous io guest DoS Kurt Seifried (Jan 30)
Re: CVE Request for Drupal contrib modules Kurt Seifried (Mar 28)
Re: CVE request: Insecure default log file path in xNBD Kurt Seifried (Feb 06)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Kurt Seifried (Mar 26)
Re: CVE request for 'devise' ruby gem Kurt Seifried (Jan 28)
Re: CVE request for Movable Type Kurt Seifried (Jan 21)
Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Kurt Seifried (Feb 07)
*.nist.gov websites gone forever? Kurt Seifried (Mar 11)
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried (Mar 19)
Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Kurt Seifried (Jan 28)
Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue Kurt Seifried (Jan 18)
Re: nginx world-readable logdir Kurt Seifried (Feb 22)
Re: CVE Request coreutils Kurt Seifried (Jan 21)
Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor Kurt Seifried (Feb 19)
Re: handling of Linux kernel vulnerabilities Kurt Seifried (Mar 04)
Re: CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Kurt Seifried (Feb 12)
Re: CVE request for a Drupal contributed module Kurt Seifried (Mar 14)
Re: CVE request: billion laughs flaw in ptlib Kurt Seifried (Mar 15)
Re: CVE id request: boost Kurt Seifried (Feb 03)
Re: Linux kernel: net - three info leaks in rtnl Kurt Seifried (Mar 20)
Re: Two more ZoneMinder that need CVE Kurt Seifried (Feb 21)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 24)
Re: RE: Handling CVEs for the XML entity expansion issues Kurt Seifried (Feb 20)
Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Kurt Seifried (Mar 20)
Re: CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Kurt Seifried (Jan 28)
Re: CVE request: XSS in piwik 1.11 Kurt Seifried (Mar 11)
Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 22)
Re: CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation Kurt Seifried (Jan 04)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 20)
Re: CVE# request: pigz creates temp file with insecure permissions Kurt Seifried (Feb 15)
Re: nginx CVE-2013-0337 world-readable logs Kurt Seifried (Feb 24)
Re: Whats worth a CVE? Kurt Seifried (Jan 21)
Re: gnome-keyring does not discard stored secrets in some cases Kurt Seifried (Jan 16)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried (Mar 14)
CVE's for MediaWiki 1.20.2 / 1.19.2 Kurt Seifried (Mar 04)
Re: CVE Request: rubygem passenger security issue Kurt Seifried (Mar 01)
Re: CVE Request: typo3 sql injection and open redirection Kurt Seifried (Mar 11)
Re: CVE request: zoneminder: local file inclusion vulnerability Kurt Seifried (Feb 20)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
Re: bcron: cron jobs get access to the temporary output files from all other jobs that are still running Kurt Seifried (Jan 16)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
Re: CVE request (maybe): magento before 1.7.0.2 Kurt Seifried (Jan 03)
Re: Ruby CVEs Kurt Seifried (Mar 20)
Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
Re: CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Kurt Seifried (Feb 26)
CVEs for libxml2 and expat internal and external XML entity expansion Kurt Seifried (Feb 21)
Re: CVE request: piwik before 1.10 Kurt Seifried (Jan 17)
Re: CVE request: python-pyrad insecurities Kurt Seifried (Feb 21)
Re: CVE Request -- jakarta-commons-httpclient: Wildcard matching in SSL hostname verifier incorrect (a different issue than CVE-2012-5783) Kurt Seifried (Feb 12)
Re: CVE request: python-pyrad insecurities Kurt Seifried (Feb 15)
Re: A small backlog of vulnerabilities in Chicken Scheme Kurt Seifried (Feb 06)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jan 24)
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement Kurt Seifried (Feb 21)
Jenkins CVE request for Jenkins Security Advisory 2013-02-16 Kurt Seifried (Feb 17)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Kurt Seifried (Mar 13)
Re: CVE Request: nagios Stack based buffer overflow in web interface Kurt Seifried (Jan 08)
Re: CVE request: Linux kernel: Bluetooth HIDP information disclosure Kurt Seifried (Feb 22)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Kurt Seifried (Feb 07)
Re: CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference Kurt Seifried (Mar 05)
Re: CVE Request coreutils Kurt Seifried (Jan 21)
Re: nginx world-readable logdir Kurt Seifried (Feb 21)
Re: CVE request: monkeyd world-readable logdir Kurt Seifried (Feb 26)
Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM) Kurt Seifried (Mar 11)
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 Kurt Seifried (Jan 16)
Re: CVE request for "Views" (Drupal contributed module) Kurt Seifried (Mar 22)
Re: Potential Query Manipulation with Common Rails Practises Kurt Seifried (Feb 06)
Re: predictable /tmp filename in git-extras Kurt Seifried (Jan 23)
larry Cashdollar
Fwd: CVE requests larry Cashdollar (Mar 19)
Fwd: CVE requests larry Cashdollar (Mar 19)
Ruby gem Thumbshooter 0.1.5 remote code execution larry Cashdollar (Mar 26)
Re: RE: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs larry Cashdollar (Mar 20)
Remote command execution in Ruby Gem Command Wrap larry Cashdollar (Mar 19)
Larry W. Cashdollar
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar (Mar 26)
Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 25)
Re: CVE request: ibutils improper use of files in /tmp Larry W. Cashdollar (Mar 26)
Re: Ruby gem Thumbshooter 0.1.5 remote code execution Larry W. Cashdollar (Mar 26)
Lukas Reschke
ownCloud Security Advisories (2013-008, 2013-009, 2013-010) Lukas Reschke (Mar 13)
ownCloud Security Advisories (2013-003, 2013-004, 2013-005, 2013-006, 2013-007) Lukas Reschke (Feb 21)
ownCloud Security Advisories - 2013-001 & 2013-002 Lukas Reschke (Jan 22)
Marc Deslauriers
CVE Request: PHP openssl_encrypt memory disclosure Marc Deslauriers (Jan 18)
Marcus Meissner
CVE request: ruby-openid XML denial of service attack Marcus Meissner (Mar 01)
CVE Request: various gems in aftermath of rubygem actionpack issue Marcus Meissner (Mar 01)
CVE Request: typo3 sql injection and open redirection Marcus Meissner (Mar 09)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Marcus Meissner (Feb 25)
CVE Request: rubygem passenger security issue Marcus Meissner (Mar 01)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Marcus Meissner (Feb 05)
CVE Request: poppler 0.22.1 security fixes Marcus Meissner (Feb 27)
CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend Marcus Meissner (Feb 22)
CVE Request: Mongo DB Marcus Meissner (Mar 25)
CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Marcus Meissner (Mar 14)
Mark Shelor
Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor (Jan 17)
Mathias Krause
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 06)
CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 24)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
CVE Request: kernel -- local DOS (endless loop with interrupts disabled) Mathias Krause (Feb 14)
CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 05)
Linux kernel: net - three info leaks in rtnl Mathias Krause (Mar 19)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
Matthias Weckbecker
Re: CVE# request: pigz creates temp file with insecure permissions Matthias Weckbecker (Feb 15)
Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Matthias Weckbecker (Feb 05)
M A Young
Re: [Xen-devel] Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest M A Young (Jan 22)
Michael de Raadt
Moodle security notifications public Michael de Raadt (Jan 20)
Moodle security notifications public Michael de Raadt (Mar 24)
Michael Gilbert
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Michael Gilbert (Feb 26)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Michael Gilbert (Mar 03)
Re: CVE id request: busybox Michael Gilbert (Mar 03)
Re: CVE abstraction choices and the Linux kernel Michael Gilbert (Mar 14)
CVE id request: boost Michael Gilbert (Feb 03)
Michael Koziarski
Potential Query Manipulation with Common Rails Practises Michael Koziarski (Feb 06)
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 Michael Koziarski (Jan 28)
Michael Tokarev
Re: CVE# request: pigz creates temp file with insecure permissions Michael Tokarev (Feb 15)
Re: Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Michael Tokarev (Jan 16)
Re: CVE id request: busybox Michael Tokarev (Mar 03)
CVE# request: pigz creates temp file with insecure permissions Michael Tokarev (Feb 15)
Re: CVE id request: busybox Michael Tokarev (Mar 03)
Re: CVE Request coreutils Michael Tokarev (Jan 21)
Mike O'Connor
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Mike O'Connor (Mar 13)
Miklos Vajna
Re: (linux-)distros membership changes Miklos Vajna (Feb 15)
Milan Berger
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger (Jan 21)
Moritz Muehlenhoff
Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)
Re: CVE request: monkeyd world-readable logdir Moritz Muehlenhoff (Feb 26)
ffmpeg/libav CVE dupe Moritz Muehlenhoff (Jan 20)
Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Jan 02)
Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Jan 15)
Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)
Moritz Naumann
CVE Request: XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") Moritz Naumann (Jan 28)
Murray McAllister
Re: Security vulnerability tools Murray McAllister (Mar 27)
MustLive
XSS vulnerabilities in ZeroClipboard and multiple web applications MustLive (Mar 24)
Nico Golde
CVE id request: openssh? Nico Golde (Feb 06)
CVE id request: busybox Nico Golde (Mar 01)
CVE id request: latd Nico Golde (Feb 03)
Noel Butler
Re: handling of Linux kernel vulnerabilities Noel Butler (Mar 05)
Olivier Gonzalez
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Olivier Gonzalez (Mar 01)
Oswald Buddenhagen
isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Oswald Buddenhagen (Feb 20)
Panu Matilainen
Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages Panu Matilainen (Jan 04)
Pavel Labushev
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Pavel Labushev (Mar 13)
Peter Bex
Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex (Feb 05)
A small backlog of vulnerabilities in Chicken Scheme Peter Bex (Feb 02)
Untrusted startup file inclusion in Chicken Scheme Peter Bex (Mar 19)
Re: A small backlog of vulnerabilities in Chicken Scheme Peter Bex (Feb 07)
Petr Matousek
CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek (Mar 07)
linux kernel: kvm: CVE-2013-179[6..8] Petr Matousek (Mar 20)
CVE request -- qxl: synchronous io guest DoS Petr Matousek (Jan 30)
Re: CVE abstraction choices and the Linux kernel Petr Matousek (Mar 14)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference Petr Matousek (Feb 19)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Petr Matousek (Mar 07)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Petr Matousek (Feb 24)
CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS Petr Matousek (Feb 19)
CVE request -- Linux kernel: call_console_drivers() Function Log Prefix Stripping buffer overflow Petr Matousek (Feb 26)
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Petr Matousek (Mar 14)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 26)
CVE request -- Linux kernel: vhost: fix length for cross region descriptor Petr Matousek (Feb 19)
CVE-2013-1848 -- Linux kernel: ext3: format string issues Petr Matousek (Mar 20)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 27)
CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Petr Matousek (Feb 07)
CVE-2013-0293 -- ovirt-node: Lock screen accepts F2 to drop to shell Petr Matousek (Feb 28)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek (Mar 07)
Piotr Karbowski
Re: CVE id request: busybox Piotr Karbowski (Mar 03)
P J P
CVE request: Linux kernel: USB: io_ti: NULL pointer dereference P J P (Feb 27)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 17)
CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P (Feb 20)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 21)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
CVE request: Linux kernel: Bluetooth HIDP information disclosure P J P (Feb 22)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 16)
CVE request: Linux kernel: xfs: _xfs_buf_find NULL pointer dereference P J P (Mar 05)
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P (Feb 20)
CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings() P J P (Mar 06)
Re: Linux kernel handling of IPv6 temporary addresses P J P (Jan 17)
Raphael Geissert
Re: Re: Security vulnerability tools Raphael Geissert (Mar 29)
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Feb 21)
Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Mar 20)
Re: CVE id request: busybox Raphael Geissert (Mar 06)
Re: CVE id request: busybox Raphael Geissert (Mar 05)
Reed Loden
Re: Re: [Red Hat - Possible Forgery] Re: [oss-security] Ruby CVEs Reed Loden (Mar 20)
Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 11)
Re: CVE Request: various gems in aftermath of rubygem actionpack issue Reed Loden (Mar 01)
Re: Some rubygems related CVEs Reed Loden (Feb 13)
CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156) Reed Loden (Jan 10)
CVE request for 'devise' ruby gem Reed Loden (Jan 28)
Remi Gacogne
Reverse lookup issue in Net::Server Remi Gacogne (Mar 04)
Russ Allbery
Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
Re: Reverse lookup issue in Net::Server Russ Allbery (Mar 04)
Re: Security vulnerability tools Russ Allbery (Mar 27)
Russell Bryant
[OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) Russell Bryant (Feb 26)
Salvatore Bonaccorso
bcron: cron jobs get access to the temporary output files from all other jobs that are still running Salvatore Bonaccorso (Jan 16)
CVE Request: Jenkins possible remote code execution Salvatore Bonaccorso (Jan 07)
CVE request: hs-tls: Basic constraints vulnerability Salvatore Bonaccorso (Jan 20)
Re: CVE request: MantisBT before 1.2.13 "Change Status To" feature allows unauthorised workflow changes Salvatore Bonaccorso (Mar 01)
CVE Request: zoneminder: arbitrary command execution vulnerability Salvatore Bonaccorso (Jan 24)
Re: CVE request: XSS flaws fixed in ganglia Salvatore Bonaccorso (Feb 21)
CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso (Feb 19)
Re: CVE Request: poppler 0.22.1 security fixes Salvatore Bonaccorso (Feb 27)
CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability Salvatore Bonaccorso (Mar 01)
Re: Reverse lookup issue in Net::Server Salvatore Bonaccorso (Mar 13)
Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
Re: CVE request: zoneminder: local file inclusion vulnerability Salvatore Bonaccorso (Feb 21)
CVE Request: Gambas Directory hijack vulnerability Salvatore Bonaccorso (Mar 01)
Sang Kil Cha
Re: CVE Request: imview Sang Kil Cha (Feb 05)
CVE Request: imview Sang Kil Cha (Feb 05)
Re: CVE Request: imview Sang Kil Cha (Feb 06)
Scott Herbert
Whats worth a CVE? Scott Herbert (Jan 21)
sd
Archlinux/x86-64 3.1.x-3.7.x x86-64 CVE-2013-1763 sock_diag_handlers[] warez sd (Feb 26)
Sean Amoss
CVE Request: VLC Buffer overflows Sean Amoss (Mar 17)
Sebastian Krahmer
Re: CVE Request: cronie fd leak Sebastian Krahmer (Jan 09)
Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
CLONE_NEWUSER|CLONE_FS root exploit Sebastian Krahmer (Mar 13)
CVE Request coreutils Sebastian Krahmer (Jan 21)
CVE Request: nagios Stack based buffer overflow in web interface Sebastian Krahmer (Jan 08)
CVE Request: cronie fd leak Sebastian Krahmer (Jan 08)
Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
Sebastian Pipping
CVE request: Insecure default log file path in xNBD Sebastian Pipping (Feb 06)
security curmudgeon
Two more ZoneMinder that need CVE security curmudgeon (Feb 21)
Sergei Golubchik
Re: [Full-disclosure] MySQL Denial of Service Zeroday PoC Sergei Golubchik (Feb 28)
Seth Arnold
Re: Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold (Jan 04)
Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)
Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) Seth Arnold (Jan 03)
CVE Request -- Axis2/c Seth Arnold (Jan 10)
Shawn
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Shawn (Feb 05)
Simon McVittie
CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1 Simon McVittie (Feb 15)
Re: [CVE Assignment Notification] CVE-2013-0240 - Gnome Online Accounts (GOA) (previously) failed to verify SSL certificates when creating e.g. Windows Live or Facebook accounts Simon McVittie (Feb 05)
Solar Designer
Re: Security vulnerability tools Solar Designer (Mar 28)
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Solar Designer (Mar 18)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 19)
Re: Ruby CVEs Solar Designer (Mar 20)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Solar Designer (Feb 27)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 16)
Re: (linux-)distros membership changes Solar Designer (Feb 15)
Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 04)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: DoS vulnerability in the BIND resolver (and potentially others) Solar Designer (Jan 13)
Re: Security vulnerability tools Solar Designer (Mar 27)
Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)
Re: kernel: tmpfs use-after-free Solar Designer (Feb 25)
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Mar 15)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer (Mar 03)
Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Solar Designer (Mar 03)
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
Stefan Cornelius
CVE-2012-5662 x3270 improper validation of SSL certificates Stefan Cornelius (Mar 21)
Steve Grubb
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Steve Grubb (Jan 24)
Re: Re: [kernel-hardening] Security vulnerability tools Steve Grubb (Mar 28)
Steven M. Christey
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Steven M. Christey (Jan 10)
Re: Reverse lookup issue in Net::Server Steven M. Christey (Mar 13)
CVE abstraction choices and the Linux kernel Steven M. Christey (Mar 08)
CVE-2013-0422 assigned to today's Oracle Java 0-day Steven M. Christey (Jan 10)
CVE Guidance for Libraries and Resource-Consumption DoS Steven M. Christey (Feb 21)
Temporary Notifications of New CVE Entries During NVD Outage Steven M. Christey (Mar 13)
Re: CVE# request: pigz creates temp file with insecure permissions Steven M. Christey (Feb 15)
Thierry Carrez
[OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) Thierry Carrez (Feb 19)
[OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247) Thierry Carrez (Feb 05)
[OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) Thierry Carrez (Jan 29)
[OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865) Thierry Carrez (Mar 20)
[OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208) Thierry Carrez (Jan 29)
[OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840) Thierry Carrez (Mar 14)
[OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282) Thierry Carrez (Feb 19)
[OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) Thierry Carrez (Mar 14)
Thomas Biege
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege (Mar 08)
Re: CVE id request: busybox Thomas Biege (Mar 05)
Re: CVE id request: busybox Thomas Biege (Mar 05)
Tim
Re: RE: Handling CVEs for the XML entity expansion issues Tim (Feb 20)
Re: CVEs for libxml2 and expat internal and external XML entity expansion Tim (Feb 22)
Re: RE: Handling CVEs for the XML entity expansion issues Tim (Feb 20)
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Tim (Mar 12)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
Re: RE: Handling CVEs for the XML entity expansion issues Tim (Feb 20)
Tim Brown
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Tim Brown (Mar 13)
Re: Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 28)
Re: [kernel-hardening] Security vulnerability tools Tim Brown (Mar 27)
Re: RE: Handling CVEs for the XML entity expansion issues Tim Brown (Feb 21)
Todd C. Miller
Re: CVE request: sudo authentication bypass when clock is reset Todd C. Miller (Feb 28)
Re: CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller (Feb 28)
CVE request: sudo authentication bypass when clock is reset Todd C. Miller (Feb 27)
CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller (Feb 27)
Tomas Hoger
Re: CVE request: unauthorized SSL certificates by Türktrust discovered Tomas Hoger (Feb 15)
U.Nakamura
Re: CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb) U.Nakamura (Mar 11)
Vasily Kulikov
Re: /dev/ptmx timing Vasily Kulikov (Jan 07)
Vincent Danen
CVE request: python-pyrad insecurities Vincent Danen (Feb 15)
Re: CVE Request coreutils Vincent Danen (Jan 22)
Re: CVE Request: cronie fd leak Vincent Danen (Jan 09)
Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
Re: CVE Request: cronie fd leak Vincent Danen (Jan 08)
Re: Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen (Jan 11)
Re: isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289) Vincent Danen (Feb 20)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
Re: CVE Request coreutils Vincent Danen (Jan 23)
Confirming CVE for ettercap buffer overflow flaw (CVE-2012-0722?) Vincent Danen (Jan 10)
Re: CVE request: python-pyrad insecurities Vincent Danen (Feb 15)
Denial of service in 389-ds and FreeIPA (CVE-2013-0336) Vincent Danen (Mar 27)
CVE request: XSS flaws fixed in ganglia Vincent Danen (Feb 08)
CVE request: almanah does not encrypt its database Vincent Danen (Mar 12)
CVE request: memcached DoS when printing out keys to be deleted in verbose mode Vincent Danen (Jan 14)
Re: CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 26)
CVE-2013-0287: sssd simple access provider flaw prevents intended ACL use when client to an AD provider Vincent Danen (Mar 20)
CVE request: ibutils improper use of files in /tmp Vincent Danen (Mar 25)
Re: CVE Request coreutils Vincent Danen (Jan 21)
CVE request: 3 DoS conditions in Rake Vincent Danen (Jan 14)
Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations Vincent Danen (Feb 05)
CVE request: billion laughs flaw in ptlib Vincent Danen (Mar 15)
Re: CVE request: python-pyrad insecurities Vincent Danen (Feb 21)
vladz
/dev/ptmx timing vladz (Jan 07)
WHK Yan
Re: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan (Jan 08)
Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3 WHK Yan (Jan 08)
Will Thompson
CVE-2013-1769: remotely-triggered NULL pointer dereference in telepathy-gabble Will Thompson (Mar 04)
Willy Tarreau
Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly Willy Tarreau (Jan 28)
Xen . org security team
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team (Feb 05)
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team (Feb 05)
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team (Jan 09)
Xen Security Advisory 27 (CVE-2012-5511,CVE-2012-6333) - several HVM operations do not validate the range of their inputs Xen . org security team (Jan 17)
Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. Xen . org security team (Jan 16)
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team (Feb 15)
Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw Xen . org security team (Jan 11)
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team (Jan 23)
Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. Xen . org security team (Feb 05)
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team (Feb 21)
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team (Jan 16)
Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. Xen . org security team (Feb 13)
Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states Xen . org security team (Feb 05)
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. Xen . org security team (Feb 05)
Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs Xen . org security team (Feb 05)
Xen Security Advisory 34 (CVE-2013-0151) - nested virtualization on 32-bit exposes host crash Xen . org security team (Jan 22)
Xen Security Advisory 41 (CVE-2012-6075) - qemu (e1000 device driver): Buffer overflow when processing large packets Xen . org security team (Jan 17)
Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) Xen . org security team (Jan 04)
Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest Xen . org security team (Jan 22)
Xin Li
Re: CVE-2013-0913 Linux kernel i915 integer overflow Xin Li (Mar 14)
Yves-Alexis Perez
Re: CVE Request: poppler 0.22.1 security fixes Yves-Alexis Perez (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
CVE request: Transmission can be made to crash remotely Yves-Alexis Perez (Feb 10)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
CVE request for Movable Type Yves-Alexis Perez (Jan 21)