oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

618 messages starting Oct 01 15 and ending Dec 31 15
Date index | Thread index | Author index

Thursday, 01 October

Re: Apache James Server 2.3.2 security vulnerability fixed VU#988628 cve-assign
CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco
CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Kurt Seifried
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco
CVE Request: Unauthorized access to IPC objects with SysV shm Julien Tinnes
Re: CVE Request: Unauthorized access to IPC objects with SysV shm cve-assign
Re: CVE request for wget cve-assign
Re: Re: CVE request for wget Seth Arnold

Friday, 02 October

CVE request: OpenSMTPD 5.7.2 Kristian Fiskerstrand
CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld
Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi
Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld
Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade
Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade
[OSSA 2015-020] Glance storage overrun (CVE-2015-5286) Tristan Cacqueray
Qualys Security Advisory - OpenSMTPD Audit Report Qualys Security Advisory
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 cve-assign
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 cve-assign
Re: DoS attack through Email-Address perl module v1.907 (CVE id request) Pali Rohár
CVE-2015-5285: Kallithea: HTTP header injection Andrew Shadura
Re: DoS attack through Email-Address perl module v1.907 (CVE id request) cve-assign
Re: Qualys Security Advisory - OpenSMTPD Audit Report cve-assign

Sunday, 04 October

Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf
Remotely triggerable buffer overflow in OpenSMTPD Jason A. Donenfeld

Monday, 05 October

Re: Remotely triggerable buffer overflow in OpenSMTPD Gilles Chehade
Re: Remotely triggerable buffer overflow in OpenSMTPD Jason A. Donenfeld
Re: CVE request: BD-J implementation in libbluray Florian Weimer
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Andreas Stieger
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Andreas Stieger
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco
CVE request: issues fixed in PHP 5.6.14 and 5.5.30 Martin Prpic
CVE Request: OpenSMTPD <= 5.7.2 buffer overflow Jason A. Donenfeld
CVE request for vulnerability in OpenStack Nova Tristan Cacqueray
Re: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Yann Droneaud
CVE Request: git Seth Arnold
CVE Request: Audio File Library Seth Arnold
CVE Request: gvfsd-dav Seth Arnold
Fwd: [vs-plain] CVE-2015-5261 Huzaifa Sidhpurwala
Re: CVE request for vulnerability in OpenStack Nova cve-assign
Re: CVE-Request for stored WCI (a.k.a XSS) in Visual Form Builder 2.7.5 - 2.8.4 Anti Räis

Tuesday, 06 October

CVE request for sqlalchemy-utils robert
Re: CVE Request: Arm Mali gpu driver Dos vulnerability cve-assign
CVE Request: ImageMagick Seth Arnold

Wednesday, 07 October

[OSSA 2015-021] Nova network security group changes are not applied to running instances (CVE-2015-7713) Tristan Cacqueray
Re: CVE Request: Audio File Library cve-assign

Thursday, 08 October

CVE request - perl library UI::Dialog 1.09 - shell escaping vulnerability Matthijs Kooijman
Re: CVE Request: ImageMagick Stefan Cornelius
CVE request: Gummi Daniel Stender
Re: CVE request: Gummi cve-assign
Re: CVE request - perl library UI::Dialog 1.09 - shell escaping vulnerability cve-assign
CVE request - Android OS - Using the PPP character device driver caused the system to restart 郭永刚

Friday, 09 October

Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart Nick Kralevich

Saturday, 10 October

Re: CVE Request: Use-after-free in optipng 0.6.4 cve-assign
Re: CVE Request: Buffer overflow in global memory affecting optipng 0.7.5 cve-assign
Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart - Linux kernel cve-assign
Re: CVE request: issues fixed in PHP 5.6.14 and 5.5.30 cve-assign
ircd-ratbox and Derivatives OOM by MONITOR Command Christine Dodrill

Sunday, 11 October

Re: CVE Request: twig remote code execution cve-assign
Re: CVE Request: zendframework SQL injections cve-assign
Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication cve-assign
Re: Heap overflow and DoS in unzip 6.0 cve-assign
Re: ircd-ratbox and Derivatives OOM by MONITOR Command William Pitcock

Monday, 12 October

Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication Amos Jeffries
CVE Request: Plone CSRF Nathan Van Gheem
Re: CVE Request: git Blake Burkhart
Re: CVE Request: Plone CSRF cve-assign
Re: CVE Request: Plone CSRF Nathan Van Gheem
Re: CVE request: BD-J implementation in libbluray cve-assign
[CVE-2015-3186] Apache Ambari XSS vulnerability Yusaku Sako
[CVE-2015-1775] Apache Ambari Server Side Request Forgery vulnerability Yusaku Sako
[CVE-2015-3270] A non-administrative user can escalate themselves to have administrative privileges remotely Yusaku Sako
[CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits Yusaku Sako

Tuesday, 13 October

Re: CVE request: urlfetch range handling flaw in Cyrus IMAP Florian Weimer
Re: Re: CVE request: BD-J implementation in libbluray Salvatore Bonaccorso
CVE Request: Openpgp.js Critical vulnerability in S2K Gijs Hollestelle

Wednesday, 14 October

CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga
CVE-2015-0856: sddm does not prevent access to the KDE crash handler Florian Weimer
CVE Request - Linux kernel - securelevel/secureboot bypass. Wade Mealing

Thursday, 15 October

Re: CVE Request: Glibc Pointer guarding weakness Florian Weimer
CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró
Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Greg KH
Re: CVE Request - Linux kernel - securelevel/secureboot bypass. Wade Mealing
Re: CVE Request - Linux kernel - securelevel/secureboot bypass. cve-assign
Re: Re: CVE Request - Linux kernel - securelevel/secureboot bypass. Blibbet
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Qualys Security Advisory
CVE request: lldpd crash in lldp_decode due large management address Florian Weimer

Friday, 16 October

Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró
Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Florian Weimer
Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Agostino Sarubbo
Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Andreas Stieger
Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Stuart Henderson
Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró

Sunday, 18 October

Re: CVE request for sqlalchemy-utils robert
Re: CVE request: lldpd crash in lldp_decode due large management address Florian Weimer
Prime example of a can of worms Kurt Seifried
Re: Prime example of a can of worms Alex Gaynor
Re: Prime example of a can of worms Matt U

Monday, 19 October

Re: Prime example of a can of worms Seth Arnold
Re: CVE request for sqlalchemy-utils Larry Cashdollar
Re: Prime example of a can of worms Brad Knowles
Re: Prime example of a can of worms Kurt Seifried
CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11 Chris Steipp
Re: Prime example of a can of worms Daniel Kahn Gillmor
Re: Prime example of a can of worms Tim
Re: Prime example of a can of worms Kurt Seifried
Re: Prime example of a can of worms Daniel Kahn Gillmor

Tuesday, 20 October

Re: CVE request for sqlalchemy-utils cve-assign
Re: Prime example of a can of worms Brad Knowles
CVE request: crash when attempt to garbage collect an uninstantiated keyring Adam Maris
Re: CVE request: crash when attempt to garbage collect an uninstantiated keyring - Linux kernel cve-assign
Re: Prime example of a can of worms Kurt Seifried
Re: Prime example of a can of worms gremlin

Wednesday, 21 October

CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc Salva Peiró
Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L.
Re: Prime example of a can of worms Matthias Weckbecker
CVE Request: BusyBox tar directory traversal Tyler Hicks
Re: CVE Request: BusyBox tar directory traversal Tyler Hicks
CVE Requests for Drupal 7.41 and contributed modules Pere Orga
Re: CVE Request: BusyBox tar directory traversal cve-assign
Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc cve-assign
Re: Prime example of a can of worms Kurt Seifried
Re: Prime example of a can of worms Loganaden Velvindron
Re: Prime example of a can of worms Joshua Rogers
Re: Prime example of a can of worms Kurt Seifried
[oss-security]Crafted xml causes out of bound memory access - Libxml2 GAURAV GUPTA

Thursday, 22 October

Re: Prime example of a can of worms Florent Daigniere
CVE Request: invalid curve attack on bouncycastle Raphael Hertzog
Re: Crafted xml causes out of bound memory access - Libxml2 cve-assign
Re: CVE Request: invalid curve attack on bouncycastle cve-assign
Re: Prime example of a can of worms Daniel Kahn Gillmor
Re: Prime example of a can of worms Kurt Seifried
Re: CVE Request: BusyBox tar directory traversal Robert Watson
Re: Prime example of a can of worms Daniel Kahn Gillmor
Re: CVE Request: BusyBox tar directory traversal Tim Brown
Duplicate CVE: CVE-2015-7703 in NTP Martin Prpic

Friday, 23 October

Re: CVE Request: BusyBox tar directory traversal Robert Watson
Re: CVE Requests for Drupal 7.41 and contributed modules CVE ID Requests
Re: CVE Request: BusyBox tar directory traversal Yves-Alexis Perez
Re: CVE Request: BusyBox tar directory traversal Robert Watson
Re: CVE Request: BusyBox tar directory traversal Jeremy Stanley
[CVE-2015-5215] Ipsilon: XSS in multiple pages Patrick Uiterwijk
Re: CVE Request: BusyBox tar directory traversal Jeremy Stanley
Re: Prime example of a can of worms gremlin
Re: Duplicate CVE: CVE-2015-7703 in NTP cve-assign
Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Kurt Seifried
CVE request - Icinga 1.13.3 and older are vulnerable to XSS Ricardo
Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Florian Weimer
Re: CVE Request: BusyBox tar directory traversal Russ Allbery
Re: Duplicate CVE: CVE-2015-7703 in NTP Brad Knowles

Saturday, 24 October

Heap overflow and endless loop in exfatfsck / exfat-utils Hanno Böck
CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Mamoru TASAKA
Two out of bounds reads in Zstandard / zstd Hanno Böck
Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga

Sunday, 25 October

Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Mamoru TASAKA
CVE Request regarding Firefox FindMyDevice Service Critical ClickJacking Mohamed A. Baset
Pointer misuse unziping files with busybox Gustavo Grieco
CVE Requests for read out of bound in libpng xiaoqixue_1

Monday, 26 October

RE: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L.
Re: CVE Requests for read out of bound in libpng cve-assign
CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer
Re: CVE request - open-vm-tools using predictable filename in /tmp Florian Weimer
Re: Pointer misuse unziping files with busybox Gustavo Grieco
CVE Request: Wordpress: Cross-site scripting vulnerability in the user list table Salvatore Bonaccorso
Re: Re: CVE request for wget Austin English

Tuesday, 27 October

CVE Request: XSS in Blubrry PowerPress Podcasting wordpress plugin Version 6.0.4 Dis close
CVE Request: XSS in Fast Secure Contact Form version 4.0.37 Dis close
CVE Request: XSS Vulnerability in BulletProof Security Version .52.4 Dis close
CVE Request: Multiple XSS in NextGEN Gallery by Photocrati Version 2.1.7 Dis close
Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c Quentin Casasnovas
CVE Request: Malicious File Upload in NextGEN Gallery by Photocrati Version 2.1.10 Dis close
Re: CVE request - open-vm-tools using predictable filename in /tmp Michael Scherer
Multiple CVE info for Ipsilon Patrick Uiterwijk
CVE Request: Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) in Crony Cronjob Manager Version 0.4.4 Dis close
CVE request: libxslt xsltStylePreCompute() type confusion DoS Stefan Cornelius
CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace Sabrina Dubroca
Re: CVE Request: Wordpress: Cross-site scripting vulnerability in the user list table cve-assign
Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c cve-assign

Wednesday, 28 October

csd-datetime forgets to authorize users Sebastian Krahmer
Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS cve-assign
Re: CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace cve-assign
Re: Pointer misuse unziping files with busybox cve-assign

Thursday, 29 October

Xen Security Advisory 145 (CVE-2015-7812) - arm: Host crash when preempting a multicall Xen . org security team
Xen Security Advisory 147 (CVE-2015-7814) - arm: Race between domain destruction and memory allocation decrease Xen . org security team
Xen Security Advisory 146 (CVE-2015-7813) - arm: various unimplemented hypercalls log without rate limiting Xen . org security team
Xen Security Advisory 149 (CVE-2015-7969) - leak of main per-domain vcpu pointer array Xen . org security team
Xen Security Advisory 152 (CVE-2015-7971) - x86: some pmu and profiling hypercalls log without rate limiting Xen . org security team
Xen Security Advisory 150 (CVE-2015-7970) - x86: Long latency populate-on-demand operation is not preemptible Xen . org security team
Xen Security Advisory 151 (CVE-2015-7969) - x86: leak of per-domain profiling-related vcpu pointer array Xen . org security team
Xen Security Advisory 148 (CVE-2015-7835) - x86: Uncontrolled creation of large page mappings by PV guests Xen . org security team
Xen Security Advisory 153 (CVE-2015-7972) - x86: populate-on-demand balloon size inaccuracy can crash guests Xen . org security team
Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password cve-assign
Re: Heap overflow and endless loop in exfatfsck / exfat-utils cve-assign
Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11 cve-assign
Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS cve-assign
Re: Two out of bounds reads in Zstandard / zstd cve-assign
Re: CVE request: lldpd crash in lldp_decode due large management address cve-assign
Re: CVE Request: Glibc Pointer guarding weakness akuster

Friday, 30 October

Re: Pointer misuse unziping files with busybox Gustavo Grieco
Re: CVE Request: Openpgp.js Critical vulnerability in S2K cve-assign
Re: hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation Salvatore Bonaccorso
Re: Re: Pointer misuse unziping files with busybox Rich Felker

Saturday, 31 October

CVE request for Nullsoft Scriptable Install System Stefan Kanthak

Monday, 02 November

Re: Re: CVE request for wget Austin English
CVE request: DoS in libxml2 if xz is enabled Gustavo Grieco
tlsfuzzer - new tool Hubert Kario
Re: CVE request: DoS in libxml2 if xz is enabled cve-assign
Re: hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation cve-assign

Tuesday, 03 November

Re: CVE request: DoS in libxml2 if xz is enabled Gustavo Grieco
Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf
CVE request: libsndfile 1.0.25 heap overflow Martin Prpic
CVE Request: pycurl use after free fixed in version 7.19.5.2 Kristian Fiskerstrand
Re: CVE request: libsndfile 1.0.25 heap overflow Hanno Böck
Re: Pending CVE requests for glibc Raphael Hertzog
Re: CVE request: libsndfile 1.0.25 heap overflow cve-assign
Re: CVE request: libsndfile 1.0.25 heap overflow cve-assign
Re: libsndfile DoS/divide-by-zero cve-assign
Re: CVE Request: pycurl use after free fixed in version 7.19.5.2 cve-assign
Re: Pointer misuse unziping files with busybox cve-assign
Re: Re: CVE request for wget Austin English

Wednesday, 04 November

CVE request -- Linux kernel: selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm() Vladis Dronov
Re: CVE request: urlfetch range handling flaw in Cyrus IMAP cve-assign

Thursday, 05 November

CVE request: qt5-qtwebkit records visited URLS in private browsing mode Adam Maris
Re: CVE request -- Linux kernel: selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm() cve-assign
Re: Re: CVE request: libsndfile 1.0.25 heap overflow gauri
Re: CVE request: qt5-qtwebkit records visited URLS in private browsing cve-assign

Friday, 06 November

CVE request: stored XSS in PowerDNS < 3.4.7 Damien Cauquil
Review+CVE request: multiple issues in redis EVAL command (lua sandbox) Luca Bruno
Re: CVE request: stored XSS in PowerDNS < 3.4.7 Pieter Lexis
Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox) cve-assign
[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities Timothy Bish
Re: Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox) Luca Bruno

Saturday, 07 November

Joomla CMS - Bad Cryptography - Multiple Vulnerabilities Scott Arciszewski

Sunday, 08 November

CVE Request: TestLink 1.9.14 CSRF Vulnerability Aravind
CVE Request: TestLink 1.9.14 Persistent XSS Vulnerability Aravind
Assign CVE for common-collections remote code execution on deserialisation flaw Jason Shepherd
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Florian Weimer

Monday, 09 November

PowerDNS Security Announcement 2015-03 Pieter Lexis
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Pedro Vaz De Sousa Grilo
CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization Daniel Beck
CVE request: net-snmp OpenBSD package - insecure file permission vulnerability Pierre Kim
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Tim
Blind SQL injection in wp-championship wordpress plugin v5.8 Larry Cashdollar
Xen Security Advisory 156 (CVE-2015-5307,CVE-2015-8104) - x86: CPU lockup during exception delivery Xen . org security team
race condition checking digests/checksums in sudoers Alyssa Milburn
Re: CVE request: net-snmp OpenBSD package - insecure file permission vulnerability cve-assign
CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception P J P
CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception P J P
Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception P J P
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Moritz Bechler

Tuesday, 10 November

Several reads out-of-bound in mplayer 1.1 Gustavo Grieco
wpa_supplicant unauthorized WNM Sleep Mode GTK control Jouni Malinen
hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation Jouni Malinen
wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message Jouni Malinen
Re: race condition checking digests/checksums in sudoers cve-assign
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Tim

Wednesday, 11 November

Re: Assign CVE for common-collections remote code execution on deserialisation flaw Moritz Bechler
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Tim

Thursday, 12 November

CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen
CVE request: libpng buffer overflow in png_set_PLTE Glenn Randers-Pehrson
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Tim
Re: CVE request: libpng buffer overflow in png_set_PLTE cve-assign
Re: Assign CVE for common-collections remote code execution on deserialisation flaw Jason Shepherd
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen

Friday, 13 November

Re: Re: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen
CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Vladis Dronov
Re: CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Vladis Dronov
CVE request: Reflected XSS in OcPortal CMS 9.0.20 Dis close
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Lisa Bradley
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Tim
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Mark Felder
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen

Saturday, 14 November

New security advisory for Apache CXF Colm O hEigeartaigh
Re: New security advisory for Apache CXF Hanno Böck

Sunday, 15 November

Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Gsunde Orangen

Monday, 16 November

CVE request-HUAWEI P8 GRA-UL00 郭永刚
Re: CVE request-HUAWEI P8 GRA-UL00 Solar Designer
CVE-2015-8106 - latex2rtf v2.3.8 format string vulnerability 김종권
CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability 김종권
Re: CVE request-HUAWEI P8 GRA-UL00 Fabio Olive Leite
Re: CVE request-HUAWEI P8 GRA-UL00 Shawn
suckless sent and libxft-dev 2.3.2-1 crash Simon .
Re: suckless sent and libxft-dev 2.3.2-1 crash Tim

Tuesday, 17 November

Re: suckless sent and libxft-dev 2.3.2-1 crash Agostino Sarubbo
Re: Several reads out-of-bound in mplayer 1.1 cve-assign
Buffer overflow in libxml2 GAURAV GUPTA
x86 ROP mitigation Solar Designer
Re: suckless sent and libxft-dev 2.3.2-1 crash Alan Coopersmith
CVE request for Gnome gdm/screen lock crash Kurt Seifried
CVE request for path traversal / info leak bug in Spiffy web server Peter Bex
Re: CVE request for Gnome gdm/screen lock crash Kurt Seifried
Re: Fwd: x86 ROP mitigation Jeff Law
Re: Fwd: x86 ROP mitigation Bernd Schmidt
Re: Re: Fwd: x86 ROP mitigation Daniel Micay
Re: Re: Fwd: x86 ROP mitigation Josh Bressers
Re: Re: Fwd: x86 ROP mitigation Daniel Micay
Re: Re: Fwd: x86 ROP mitigation Josh Bressers
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
Re: Re: Fwd: x86 ROP mitigation Rich Felker
Re: Assign CVE for common-collections remote code execution on deserialisation flaw cve-assign
Re: CVE-Request: Assign CVE for common-collections remote code execution on deserialisation flaw Oracle Security Alerts (Thomas)
Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization cve-assign
Re: Fwd: x86 ROP mitigation Solar Designer
Re: Fwd: x86 ROP mitigation Solar Designer
Re: Re: Fwd: x86 ROP mitigation Daniel Micay
[CFP] No Big Thing Conference #2 San Francisco, December 5 2015 Jonathan Brossard
Re: Re: Fwd: x86 ROP mitigation Daniel Micay
Re: [CFP] No Big Thing Conference #2 San Francisco, December 5 2015 Solar Designer
CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Wade Mealing

Wednesday, 18 November

Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Mathias Krause
Re: Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization Daniel Beck
Re: Fwd: x86 ROP mitigation Florian Weimer
Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization cve-assign
Re: Fwd: x86 ROP mitigation Bernd Schmidt
Re: Re: Fwd: x86 ROP mitigation Florian Weimer
Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed cve-assign
Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Josh Bressers
Re: CVE request for vulnerability in OpenStack Glance cve-assign
Re: Data on Linux attacks (was Re: [oss-security] Re: Fwd: x86 ROP mitigation) Kurt Seifried
Re: Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization Moritz Bechler
Re: Re: Fwd: x86 ROP mitigation Steve Grubb
Re: race condition checking digests/checksums in sudoers cve-assign
Re: Buffer overflow in libxml2 cve-assign
Re: Re: Fwd: x86 ROP mitigation Fabio Pagani
Re: CVE request for path traversal / info leak bug in Spiffy web server cve-assign
Re: CVE request for path traversal / info leak bug in Spiffy web server Peter Bex
Re: Fwd: x86 ROP mitigation Jeff Law
Re: Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
CVE-2015-7266 Zach W.
Re: CVE-2015-7266 Kurt Seifried
Re: CVE-2015-7266 Zach W.
Re: CVE-2015-7266 Kurt Seifried
Re: CVE-2015-7266 Solar Designer

Thursday, 19 November

Re: Fwd: x86 ROP mitigation Solar Designer
Re: Re: Fwd: x86 ROP mitigation Jonathan Salwan

Friday, 20 November

Instruction encoding which prevents execution of a suffix Florian Weimer
LXDM X authentication issues Tomas Hoger
CVE Request: Various Curesec Research Team (CRT)
seccomp filters without PR_SET_NO_NEW_PRIVS Florian Weimer
Re: seccomp filters without PR_SET_NO_NEW_PRIVS Daniel Micay
Re: LXDM X authentication issues cve-assign
CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Joe Bowser
CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions Joe Bowser
Re: Re: LXDM X authentication issues Tomas Hoger

Saturday, 21 November

Libxml2: Several out of bounds reads Hanno Böck
CVE request for LightDM - XDMCP denial of service Yves-Alexis Perez

Sunday, 22 November

Re: CVE request for LightDM - XDMCP denial of service cve-assign
Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Salvatore Bonaccorso
Re: Libxml2: Several out of bounds reads cve-assign
Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android Fried Wil

Monday, 23 November

Re: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android cve-assign
CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem Vladis Dronov
Re: CVE Request: git Jan Rusnacko
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Christofer Dutz
Re: CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem cve-assign
Re: Instruction encoding which prevents execution of a suffix Josh Bressers

Tuesday, 24 November

Re: Instruction encoding which prevents execution of a suffix Florian Weimer
Heap Overflow in PCRE Hanno Böck
Re: Heap Overflow in PCRE Moritz Muehlenhoff
Re: Heap Overflow in PCRE Hanno Böck
CVE Request: IPTables-Parse: Use of predictable names for temporary files Salvatore Bonaccorso
Re: Heap Overflow in PCRE Fabian Keil
Re: Heap Overflow in PCRE Hanno Böck
Xen Security Advisory 163 - virtual PMU is unsupported Xen . org security team
Re: CVE Request: IPTables-Parse: Use of predictable names for temporary files cve-assign
CVE request: DoS in ONOS when handling jumbo ethernet frames David Jorm
[ANNOUNCE] Django security releases issued (1.7.11, 1.8.7, and 1.9rc2) Tim Graham
CVE request: Redmine - information disclosure on the time logging form Matthias Geerdsen
Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried

Wednesday, 25 November

CVE request Qemu: net: eepro100: infinite loop in processing command block list P J P
Re: Heap Overflow in PCRE Fabian Keil
CVE request: RCE in gitlab-shell 2.6.6-2.6.7 Jacob Vosmaer
Xen Security Advisory 161 - WITHDRAWN: missing XSETBV intercept privilege check on AMD SVM Xen . org security team
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Reed Loden
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Hanno Böck
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried
Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list cve-assign
Re: CVE request: Redmine - information disclosure on the time logging form cve-assign
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried
Re: CVE request: DoS in ONOS when handling jumbo ethernet frames Kurt Seifried

Thursday, 26 November

Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen
Stack overflows and out of bounds read in dpkg (Debian) Hanno Böck

Friday, 27 November

CVE-2015-5327 kernel: User triggerable out-of-bounds read Adam Maris
CVE request: Linux kernel, information disclosure after file truncate on BTRFS Johannes Segitz
Re: CVE request: Linux kernel, information disclosure after file truncate on BTRFS cve-assign
Major outstanding CVE requests Kurt Seifried
CVE request: XSS to RCE in PHP-Fusion 9 Brendan Scarvell
[RFC] Keychain for GPG, SSH, X.509 etc. (inspired by Split GPG) Andrey Utkin

Saturday, 28 November

SQL injection in wordpress plugin double-opt-in-for-download v2.0.8 Larry W. Cashdollar
Re: Heap Overflow in PCRE cve-assign
Re: Re: Heap Overflow in PCRE Michal Zalewski

Sunday, 29 November

Re: Heap Overflow in PCRE cve-assign
Re: CVE request: XSS to RCE in PHP-Fusion 9 cve-assign

Monday, 30 November

Re: Re: Heap Overflow in PCRE Tomas Hoger
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode P J P
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode P J P
CVE request for keepassx password database export Yves-Alexis Perez
Xen Security Advisory 162 (CVE-2015-7504) - heap buffer overflow vulnerability in pcnet emulator Xen . org security team
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Josh Matthews
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried
Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Daniel Micay
Re: CVE request for keepassx password database export cve-assign
CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL Philip Pettersson

Tuesday, 01 December

Re: race condition checking digests/checksums in sudoers Tomas Hoger
CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold
Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign
Re: Heap Overflow in PCRE cve-assign
Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Seth Arnold

Wednesday, 02 December

Re: Re: CVE Request: dhcpcd 3.x, potentially other versions too Sebastian Krahmer
shellinabox - DNS rebinding attack due to HTTP fallback Andrea Barisani
Re: shellinabox - DNS rebinding attack due to HTTP fallback cve-assign
Re: Re: Heap Overflow in PCRE Salvatore Bonaccorso
Command Injection in cool-video-gallery v1.9 Wordpress plugin Larry Cashdollar
User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog
Re: Heap Overflow in PCRE cve-assign
Re: CVE Request: dhcpcd 3.x, potentially other versions too cve-assign

Thursday, 03 December

Re: Re: Heap Overflow in PCRE Jakub Wilk
CVE request -- Ethernet flow control vulnerability in SRIOV devices Igor Smolyar
OpenStack Ironic does not honor clean steps (CVE-2015-7514) Devananda van der Veen
OpenStack Ironic does not honor clean steps (CVE-2015-7514) Devananda van der Veen
Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE Glenn Randers-Pehrson
CVE request - redmine: Issues API may disclose changeset messages that are not visible Matthias Geerdsen
CVE request - Redmine: open redirect vulnerability (fixed earlier this year) Matthias Geerdsen
Re: Re: CVE request for keepassx password database export Reinhard Tartler

Friday, 04 December

CVE Request: Magento SWF XSS Ryan Dewhurst
CVE Request: Shotwell does not verify TLS certificates mcatanzaro
CVE Request: PHPMailer Message Injection Vulnerability Gsunde Orangen
Re: CVE Request: PHPMailer Message Injection Vulnerability cve-assign
Re: CVE request - redmine: Issues API may disclose changeset messages that are not visible cve-assign
Re: CVE request - Redmine: open redirect vulnerability (fixed earlier this year) cve-assign
Re: CVE Request: Magento SWF XSS cve-assign
Re: Status of CVE-2015-8126: libpng buffer overflow in png_set_PLTE cve-assign
CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2 Henri Salo

Saturday, 05 December

Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2 cve-assign
Re: Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2 Henri Salo

Monday, 07 December

CVE-2015-7519: Phusion Passenger Header overwriting issue Andreas Stieger
injecting environment variables into Phusion Passenger (CVE-2015-7519) Marcus Meissner

Tuesday, 08 December

Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM Xen . org security team
Xen Security Advisory 159 (CVE-2015-8339,CVE-2015-8340) - XENMEM_exchange error handling issues Xen . org security team
Xen Security Advisory 160 (CVE-2015-8341) - libxl leak of pv kernel and initrd on error Xen . org security team
CVE request: Qemu: ui: vnc: avoid floating point exception P J P
CVE for git issue - please use CVE-2015-7545 Kurt Seifried
[ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ Dejan Bosanac
Re: CVE request: Qemu: ui: vnc: avoid floating point exception cve-assign
CVE request: Redmine - Data disclosure in atom feed Matthias Geerdsen
Re: Re: CVE request for keepassx password database export Felix Geyer
CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key Wade Mealing

Wednesday, 09 December

CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key xiaoqixue_1
CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚
Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa
Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki
CVE-2015-7518: Foreman stored XSS in parameter information popup Dominic Cleal
RE: CVE for git issue - please use CVE-2015-7545 Evans, Jonathan L.
Re: CVE for git issue - please use CVE-2015-7545 Kurt Seifried
CVE request - a out of bound read bug is found in libdwarf xiaoqixue_1
Re: CVE request: Redmine - Data disclosure in atom feed cve-assign
Re: CVE request - a out of bound read bug is found in libdwarf cve-assign
Re: CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key cve-assign

Thursday, 10 December

Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM Xen . org security team
CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) xiaoqixue_1
Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson

Friday, 11 December

Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) cve-assign
Re: Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson
CVE request: mail ruby gem <2.6.0 vulnerable to SMTP injection via recipient email addresses Reed Loden
CVE request: handlebars node.js module <4.0.0 - "Quoteless attributes in templates can lead to XSS" Reed Loden
Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa
Re: CVE for git issue - please use CVE-2015-7545 cve-assign

Saturday, 12 December

CVE request: Remote DoS in Quassel Pierre Schweitzer
CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Pray3r
Re: CVE request: Remote DoS in Quassel cve-assign

Sunday, 13 December

CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character Salvatore Bonaccorso
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog
CVE-2015-7549 Qemu: pci: msi-x: null pointer dereference issue P J P

Monday, 14 December

Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav
CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper Jason A. Donenfeld
CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper Jason A. Donenfeld
CVE request: Shell Injection in Pygments FontManager._get_nix_font_path Stefan Cornelius
CVE Request: two issues in bee2 crypto library Lucid Lynx
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Florian Weimer
CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS P J P
Chef: knife bootstrap leaks validator privkey into system logs Jan Schaumann
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness cve-assign
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog
Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character cve-assign
Re: Chef: knife bootstrap leaks validator privkey into system logs cve-assign
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa
Re: CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS cve-assign
Re: CVE request: Shell Injection in Pygments FontManager._get_nix_font_path cve-assign
Re: CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper cve-assign
Re: Re: Chef: knife bootstrap leaks validator privkey into system logs Jan Schaumann
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Solar Designer
Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character Till Kamppeter
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki
Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa

Tuesday, 15 December

CVE request Qemu: net: vmxnet3: host memory leakage P J P
Re: Re: CVE request: Shell Injection in Pygments FontManager._get_nix_font_path Stefan Cornelius
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] Hector Marco-Gisbert
CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav
CVE-2015-8562: Joomla remote code execution vulnerability Henri Salo
Re: CVE request Qemu: net: vmxnet3: host memory leakage cve-assign
Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness cve-assign
CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c Michael McNally
CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c Michael McNally
Re: Re: CVE request Qemu: net: vmxnet3: host memory leakage P J P

Wednesday, 16 December

Re: Re: CVE Request: Linux Kernel: information leak from getsockname Marcus Meissner
Re: CVE Request: Linux Kernel: information leak from getsockname cve-assign
libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507) Hans Jerry Illikainen
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) Hans Jerry Illikainen
Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0 CSW Research Lab

Thursday, 17 December

CVE-2015-5348 - Apache Camel medium disclosure vulnerability Claus Ibsen
Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents Xen . org security team
Xen Security Advisory 157 (CVE-2015-8551,CVE-2015-8552) - Linux pciback missing sanity checks leading to crash Xen . org security team
Xen Security Advisory 164 (CVE-2015-8554) - qemu-dm buffer overrun in MSI-X handling Xen . org security team
Xen Security Advisory 165 (CVE-2015-8555) - information leak in legacy x86 FPU/XMM initialization Xen . org security team
Xen Security Advisory 166 - ioreq handling possibly susceptible to multiple read issue Xen . org security team
Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents Xen . org security team
[oCERT 2015-011] PyAMF input sanitization errors (XXE) Daniele Bianco
Re: CVE request - read underflow in libpng 1.2.55, 1.0.65, 1.4.18, and 1.5.25 (pngwutil.c) Glenn Randers-Pehrson
Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0 cve-assign
CVE Request: Linux kernel: privilege escalation in user namespaces John Johansen
Re: CVE-2015-8088: Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone Dan Rosenberg
Re: CVE Request: Linux kernel: privilege escalation in user namespaces Jann Horn
Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn
Out of bounds read in OpenVPN before 2.3.9 Hanno Böck
Re: CVE Request: Linux kernel: privilege escalation in user namespaces Solar Designer

Friday, 18 December

AW: CVE Request: Linux kernel: privilege escalation in user namespaces Fiedler Roman
Re: AW: CVE Request: Linux kernel: privilege escalation in user namespaces Marc Deslauriers
[FD] [CVE-2015-8606] SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability CSW Research Lab
CVE request: Blueman: Privilege escalation in blueman dbus API Salvatore Bonaccorso
Re: CVE request: Blueman: Privilege escalation in blueman dbus API cve-assign

Saturday, 19 December

Cross site vulnerability (XSS) in OcPortal CMS 9.0.20 CSW Research Lab
CVE-2009-0689 discovered in Mono prior to 4.2 Jo Shields

Sunday, 20 December

Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog
OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability CSW Research Lab

Monday, 21 December

Re: CVE Request: Linux kernel: privilege escalation in user namespaces Fiedler Roman
Xen Security Advisory 169 - x86: unintentional logging upon guest changing callback method Xen . org security team
giflib: heap overflow in giffix (CVE-2015-7555) Hans Jerry Illikainen
CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion Adam Maris
CVE request for math/big.Exp Jason Buberel
CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info P J P
CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 Chris Steipp
php preg_replace() flaw - is this even CVE worthy? Kurt Seifried
mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Kurt Seifried
Re: CVE request for math/big.Exp Florian Weimer
Re: CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info cve-assign
Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign
CVE Request: Reflected XSS in OpenMRS Login Page David Dworken

Tuesday, 22 December

CVE Request: Use after free in PHP Collator::sortWithSortKeys function Emmanuel Law
Symphony CMS 2.6.3 - Multiple Reflected Cross-site Scripting Vulnerability CSW Research Lab
Re: CVE Request: Use after free in PHP Collator::sortWithSortKeys function cve-assign
Xen Security Advisory 169 (CVE-2015-8615) - x86: unintentional logging upon guest changing callback method Xen . org security team
CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine P J P
Re: CVE request for math/big.Exp cve-assign
Re: CVE request for math/big.Exp Jason Buberel
New vulnerability in Kea DHCP servers (CVE-2015-8373) is now public ISC Security Officer
Re: CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine cve-assign
Re: Re: CVE request for math/big.Exp Jessie Frazelle

Wednesday, 23 December

CVE-request: ~/.t_coffee/ is world-writable Henri Salo
Re: CVE-request: ~/.t_coffee/ is world-writable cve-assign
CVE request -- linux kernel: overlay: fix permission checking for setattr Vladis Dronov
Use after free in nghttp2 Hanno Böck
Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 cve-assign
pitivi: CVE-2015-0855: Insecure use of os.system() Salvatore Bonaccorso
Re: CVE request -- linux kernel: overlay: fix permission checking for setattr cve-assign
Re: Use after free in nghttp2 cve-assign
CVE request Qemu: acpi: heap based buffer overrun during VM migration P J P
CVE request -- Out-of-bounds Read in libtiff limingxing

Thursday, 24 December

Re: CVE request Qemu: acpi: heap based buffer overrun during VM migration cve-assign
Re: CVE request -- Out-of-bounds Read in libtiff cve-assign
Re: Re: CVE request for wget Austin English

Friday, 25 December

CVE request libtiff: out-of-bounds read in CIE Lab image format 范祚至(库特)
Re: CVE request libtiff: out-of-bounds read in CIE Lab image format Solar Designer
Re: CVE request libtiff: out-of-bounds read in CIE Lab image format cve-assign

Saturday, 26 December

Being vulnerable to POODLE Sevan Janiyan
Re: Being vulnerable to POODLE gremlin
Re: Being vulnerable to POODLE Gsunde Orangen
Re: Being vulnerable to POODLE Sevan Janiyan
Local root vulnerability in DeleGate v9.9.13 Larry W. Cashdollar
libtiff: invalid write (CVE-2015-7554) Hans Jerry Illikainen

Sunday, 27 December

CVE Request: Stalin: Insecure use of temporary files Salvatore Bonaccorso
Re: CVE Request: Stalin: Insecure use of temporary files cve-assign
Re: CVE Request: Linux kernel: privilege escalation in user namespaces Salvatore Bonaccorso

Monday, 28 December

Bedita CMS 3.6.0 Cross site Vulnerability CSW Research Lab
CVE request: flexlay: Insecure use of temporary files Max Teufel
Re: Being vulnerable to POODLE Florian Weimer
Re: Being vulnerable to POODLE Sevan Janiyan
CVE request Qemu net: rocker: fix an incorrect array bounds check P J P
Re: Being vulnerable to POODLE Florian Weimer
WebKitGTK+ Security Advisory WSA-2015-0002 Carlos Alberto Lopez Perez
Re: CVE request Qemu net: rocker: fix an incorrect array bounds check cve-assign

Tuesday, 29 December

Re: Being vulnerable to POODLE Sevan Janiyan
Inspircd <2.0.19 DoS Mark Felder
Re: Inspircd <2.0.19 DoS cve-assign
CVE request rtmpdump: the 6 vulnerabilities have been fixed limingxing

Wednesday, 30 December

[oCERT 2015-012] Ganeti multiple issues Daniele Bianco
CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo
Re: CVE Request: Squashfs 4.2 Race Condition cve-assign
Re: CVE Request: Squashfs 4.2 Race Condition Jihyeok Seo
Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings

Thursday, 31 December

Re: Re: CVE Request: Squashfs 4.2 Race Condition Jeremy Stanley
Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign
CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson
Re: CVE Request: Linux kernel: privilege escalation in user namespaces cve-assign
Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option cve-assign
Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment cve-assign
Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson

Previous period

Next period