oss-sec: by author
RSS Feed
About List
All Lists
Previous period
689 messages
starting Jul 12 16 and
ending Sep 11 16
Date index |
Thread index |
Author index
0ang3el 0ang3el
Vulnerabilities in Apache Archiva 0ang3el 0ang3el (Jul 12)
0xr0ot
Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom 0xr0ot (Aug 04)
Fwd: [scr231911] SVE-2016-6248: SystemUI Security issue 0xr0ot (Sep 08)
CVE request - Samsumg Mobile Phone SVE-2016-6248: SystemUI Security issue 0xr0ot (Sep 08)
Aaron Patterson
[CVE-2016-6317] Unsafe Query Generation Risk in Active Record Aaron Patterson (Aug 11)
Re: [CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson (Aug 11)
[CVE-2016-6316] Possible XSS Vulnerability in Action View Aaron Patterson (Aug 11)
Adam Maris
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Adam Maris (Aug 18)
Agostino Sarubbo
Re: CVE request -libdwarf 20160613 heap-buffer-overflow Agostino Sarubbo (Sep 15)
Re: Re: paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 29)
mupdf: use-after-free in pdf_to_num (pdf-object.c) Agostino Sarubbo (Sep 22)
libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo (Sep 20)
Re: GraphicsMagick 1.3.25 fixes some security issues Agostino Sarubbo (Sep 09)
libav: divide-by-zero in sbr_make_f_master (aacsbr.c) Agostino Sarubbo (Sep 21)
Re: Libarchive/bsdtar: multiple crashes Agostino Sarubbo (Sep 19)
Libarchive/bsdtar: multiple crashes Agostino Sarubbo (Sep 15)
libav: out-of-bounds stack read Agostino Sarubbo (Sep 10)
potrace: multiple crashes Agostino Sarubbo (Aug 18)
autotrace: out-of-bounds write Agostino Sarubbo (Sep 10)
libav: heap-based buffer overflow in ff_audio_resample (resample.c) Agostino Sarubbo (Aug 13)
paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 28)
libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo (Sep 16)
Re: Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) Agostino Sarubbo (Sep 17)
Fuzzing jasper Agostino Sarubbo (Aug 23)
ettercap: etterlog: multiple crashes Agostino Sarubbo (Sep 09)
ajax secure
CVE Request: VLC: Potential divide-by-zero issue ajax secure (Sep 22)
akuster
Re: CVE-2016-5321: libtiff 4.0.6 DumpModeDecode(): Ddos akuster (Jul 18)
Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero akuster (Jul 18)
Albert Astals Cid
kdesu vulnerability: need CVE Albert Astals Cid (Sep 28)
Alexander Sulfrian
CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) Alexander Sulfrian (Jul 18)
Alex Crawford
Re: CVE Request: docker2aci: Path traversals present in image converting Alex Crawford (Sep 28)
A.N.
Irssi Security Advisory CVE-2016-7044+CVE-2016-7045 A.N. (Sep 21)
Andreas Lindh
CVE for Sentry / OpenCFP Andreas Lindh (Sep 08)
Andreas Stieger
SQLite Tempdir Selection Vulnerability Andreas Stieger (Jul 01)
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger (Sep 14)
Re: CVE request: Linux kernel mbcache lock contention denial of service. Andreas Stieger (Sep 06)
CVE request: multiple issues fixed in GNU libidn 1.33 Andreas Stieger (Jul 20)
CVE request: Wireshark 2.0.5 and 1.12.13 security releases Andreas Stieger (Jul 28)
Andrew Ayer
CVE Request: systemd v209+: local denial-of-service attack Andrew Ayer (Sep 28)
Andrew Gallagher
Re: Re: Libgcrypt and GnuPG 1.4 RNG output prediction Andrew Gallagher (Aug 18)
Anonymous
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Anonymous (Sep 14)
Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c Anonymous (Jul 14)
Antoine Beaupré
CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis Antoine Beaupré (Sep 04)
Bálint Réczey
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Bálint Réczey (Jul 25)
Ben Hutchings
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Ben Hutchings (Aug 18)
CVE request: Kernel Oops when issuing fcntl on an AUFS directory Ben Hutchings (Aug 30)
Ben Laurie
Re: CVE request: apparmor: oops in apparmor_setprocattr() Ben Laurie (Jul 11)
Bob Friesenhahn
Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 28)
ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
GraphicsMagick 1.3.25 fixes some security issues Bob Friesenhahn (Sep 06)
Re: libxml with CGI fix Bob Friesenhahn (Sep 13)
Re: GraphicsMagick 1.3.25 fixes some security issues Bob Friesenhahn (Sep 09)
Brad Knowles
Re: ezmlm warning Brad Knowles (Sep 19)
Brandon Perry
Re: [FD] [oss-security] libical 0.47 SEGV on unknown address Brandon Perry (Jul 04)
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Brandon Perry (Sep 19)
Brian Demers
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released Brian Demers (Sep 13)
Brian May
Re: autotrace: out-of-bounds write Brian May (Sep 12)
CAI Qian
Re: cve request: systemd-machined: information exposure for docker containers CAI Qian (Aug 10)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian (Jul 14)
cve request: systemd-machined: information exposure for docker containers CAI Qian (Jul 26)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian (Jul 15)
cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel CAI Qian (Jul 11)
cve request: overlayfs: Fix dentry reference leak CAI Qian (Aug 23)
cve request: local DoS by overflowing kernel mount table using shared bind mount CAI Qian (Jul 13)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2016-0005 Carlos Alberto Lopez Perez (Aug 24)
Carl Peng
CVE request:Exponent CMS 2.3.9 xss vulnerability in worldpay Carl Peng (Sep 20)
CVE request: ExponentCMS 2.x Object Injection and SQLi vulnerabilities Carl Peng (Sep 30)
CVE request: b2evolution 6.7.6 Object Injection vulnerability Carl Peng (Sep 30)
CVE request:Exponent CMS 2.3.9 Arbitrary File Upload vulnerability in expFile.php Carl Peng (Sep 20)
CVE Request - Exponent CMS 2.3.9 multi-vulnerabilities in install code Carl Peng (Sep 22)
Cedric Buissart
CVE request: pacemaker DoS when pacemaker remote is in use Cedric Buissart (Sep 30)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 11)
CVE-2016-4973 gcc: Targets using libssp for SSP are missing -D_FORTIFY_SOURCE functionality Cedric Buissart (Aug 17)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 12)
CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Cedric Buissart (Jul 11)
CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation Cedric Buissart (Aug 17)
Re: CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation Cedric Buissart (Aug 22)
Chaim Sanders
ModSecurity's OWASP CRS v3.0.0-rc1 Released. Chaim Sanders (Aug 17)
ChenQin
CVE request for webp:index overflow,used by memcpy later ChenQin (Sep 09)
Chet Ramey
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
Christian Rebischke
Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
Christian Wressnegger
Buffer overflow in libarchive-3.2.0 Christian Wressnegger (Jul 20)
Re: Buffer overflow in libarchive-3.2.0 Christian Wressnegger (Jul 20)
Christoph Biedl
CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay) Christoph Biedl (Jul 05)
Christos Zoulas
Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas (Sep 26)
Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas (Sep 29)
Colm O hEigeartaigh
New security advisory for Apache CXF Fediz - CVE-2016-4464 Colm O hEigeartaigh (Sep 08)
cookieopfer
Re: Re: ffmpeg afl bugs cookieopfer (Sep 25)
Re: Re: ffmpeg afl bugs cookieopfer (Sep 26)
ffmpeg afl bugs cookieopfer (Sep 25)
Cory Benfield
CVE-2016-6581, Python HPACK and old Python Hyper releases: HPACK Bomb Cory Benfield (Aug 04)
CVE-2016-6580, Python Priority: DoS via Unlimited Stream Insertion Cory Benfield (Aug 04)
cve-assign
Re: SQLite Tempdir Selection Vulnerability cve-assign (Jul 01)
Re: mupdf library use after free cve-assign (Jul 21)
Re: Fwd: CVE for PHP 5.5.38 issues cve-assign (Jul 24)
Re: CVE request -libdwarf 20160613 heap-buffer-overflow cve-assign (Sep 14)
Re: autotrace: out-of-bounds write cve-assign (Sep 10)
Re: CVE request for the Play Framework cve-assign (Jul 15)
Re: CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests cve-assign (Sep 16)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign (Aug 22)
Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings cve-assign (Sep 06)
Re: Ruining the Magic of Magento's Encryption Library cve-assign (Jul 27)
Re: CVE request: Information leak in LibTIFF cve-assign (Jul 14)
Re: multiple memory corruption issues in lepton cve-assign (Jul 17)
Re: CVE assignment for PHP 5.6.26 and 7.0.11 cve-assign (Sep 15)
Re: CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference cve-assign (Aug 17)
Re: CVE Request: docker2aci: Path traversals present in image converting cve-assign (Sep 28)
Re: CVE Request: Linux >= 4.5 double fetch leading to heap overflow cve-assign (Aug 01)
Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command cve-assign (Jul 26)
Re: MatrixSSL Bignum bugs cve-assign (Aug 19)
Re: libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c) cve-assign (Sep 21)
Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerabilities cve-assign (Sep 18)
Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages cve-assign (Sep 06)
Re: CVE Request: XSS vulns in b2evolution v6.7.5 cve-assign (Sep 14)
Re: CVE request: mongodb: world-readable .dbshell history file cve-assign (Jul 29)
Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis cve-assign (Sep 05)
Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign (Aug 19)
Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list cve-assign (Sep 06)
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd cve-assign (Jul 13)
Re: Use after free in my_login() function of DBD::mysql (Perl module) cve-assign (Jul 26)
Re: CVE Request: irssi: information disclosure vulnerabilit in buf.pl cve-assign (Sep 25)
Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue cve-assign (Sep 07)
Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures cve-assign (Jul 14)
Re: CVE request : Exponent CMS 2.3.9 SQL injection vulnerability cve-assign (Sep 18)
Re: CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation cve-assign (Aug 17)
Re: CVE Request for KNewStuff/KArchive issue cve-assign (Jul 16)
Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign (Jul 17)
Re: Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names cve-assign (Sep 08)
Re: subuid security patches for shadow package cve-assign (Jul 20)
Re: CVE Request: systemd v209+: local denial-of-service attack cve-assign (Sep 29)
Re: CVE request:Heap overflow vulns in MuPDF cve-assign (Aug 03)
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) cve-assign (Jul 09)
Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign (Sep 28)
Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) cve-assign (Jul 26)
Re: cve request: local DoS by overflowing kernel mount table using shared bind mount cve-assign (Jul 13)
Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 cve-assign (Jul 26)
Re: ADOdb PDO driver: incorrect quoting may allow SQL injection cve-assign (Sep 14)
Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object cve-assign (Sep 16)
Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer() cve-assign (Sep 16)
Re: CVE request for webp:index overflow,used by memcpy later cve-assign (Sep 09)
Re: CVE request for vulnerability in OpenStack Nova cve-assign (Sep 21)
Re: Does a documentation bug elevate to CVE status? - Crypto++ cve-assign (Sep 15)
Re: CVE-Request Buffer overflow ImageMagick cve-assign (Jul 28)
Re: CVE request for Dropbear SSH <2016.74 cve-assign (Sep 14)
Re: kdesu vulnerability: need CVE cve-assign (Sep 29)
Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign (Aug 19)
Re: CVE request - sudoers on Red Hat, Fedora, Mageia information disclosure cve-assign (Aug 25)
Re: CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 cve-assign (Aug 01)
Re: CVE request: XSS vulns in Dotclear v2.9.1 cve-assign (Aug 02)
Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl cve-assign (Sep 02)
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign (Aug 28)
Re: CVE Request: redis: World readable .rediscli_history cve-assign (Jul 28)
Re: CVE request: Linux kernel mbcache lock contention denial of service. cve-assign (Aug 25)
Re: CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select cve-assign (Jul 16)
Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend cve-assign (Aug 30)
Re: CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service cve-assign (Sep 07)
Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error cve-assign (Jul 27)
Re: CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD cve-assign (Jul 26)
Re: CVE Request: perl: XSLoader: could load shared library from incorrect location cve-assign (Jul 08)
Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis cve-assign (Sep 05)
Re: CVE Request: Denial-of-Service / Unexploitable Memory Corruption in mmap() on OpenBSD cve-assign (Aug 02)
Re: CVE request Qemu: an infinite loop during packet fragmentation cve-assign (Aug 17)
Re: libupnp write files via POST cve-assign (Jul 20)
Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks cve-assign (Jul 29)
Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node cve-assign (Aug 03)
Re: CVE Request Qemu: usb: xhci memory leakage during device unplug cve-assign (Sep 20)
Re: A CGI application vulnerability for PHP, Go, Python and others - CHICKEN eggs cve-assign (Jul 22)
Re: paps: heap overflow when processing crafted file cve-assign (Jul 28)
Re: CVE request - slock, all versions NULL pointer dereference cve-assign (Aug 18)
Re: CVE Request: OpenJPEG Integer Overflow Issue cve-assign (Sep 07)
Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Sep 28)
Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c cve-assign (Jul 05)
Re: Multiple Bugs in OpenBSD Kernel cve-assign (Jul 17)
Re: CVE request: Qemu net: vmxnet3: use after free while writing cve-assign (Aug 17)
Re: ffmpeg afl bugs cve-assign (Sep 25)
Re: CVE request: Wireshark 2.0.5 and 1.12.13 security releases cve-assign (Aug 01)
Re: CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers" cve-assign (Sep 23)
Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert cve-assign (Sep 05)
Re: CVE Request: GnuTLS: OCSP validation issue (GNUTLS-SA-2016-3) cve-assign (Sep 18)
Re: CVE Request: Default password in openstack / crowbar trove cve-assign (Aug 17)
Re: CVE Requests for Drupal Core - SA-CORE-2016-004 cve-assign (Sep 28)
Re: Path traversal vulnerability in WordPress Core Ajax handlers cve-assign (Aug 21)
Re: CVE Request ImageMagick buffer overflow cve-assign (Aug 02)
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master cve-assign (Aug 17)
Re: CVE Request - OpenSLP 2.0 Memory Corruption cve-assign (Sep 27)
Re: CVE Request: libgd: Integer overflow in function gdImageWebpCtx of gd_webp.c cve-assign (Sep 28)
Re: libav: out-of-bounds stack read cve-assign (Sep 10)
Re: cve request: overlayfs: Fix dentry reference leak cve-assign (Aug 25)
Re: Browsing and attaching images considered harmful in Linux cve-assign (Jul 05)
Re: GraphicsMagick 1.3.25 fixes some security issues cve-assign (Sep 18)
Re: CVE requests for Drupal Core - SA-CORE-2016-002 cve-assign (Jul 13)
Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution cve-assign (Jul 21)
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign (Aug 27)
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode cve-assign (Sep 30)
Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c cve-assign (Aug 22)
Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif cve-assign (Jul 05)
Re: Possible CVE for TLS protocol issue cve-assign (Sep 20)
Re: CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command cve-assign (Sep 09)
Re: CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands cve-assign (Aug 22)
Re: CVE request: multiple issues fixed in GNU libidn 1.33 cve-assign (Jul 21)
Re: CVE request: pacemaker DoS when pacemaker remote is in use cve-assign (Sep 30)
Re: CVE Request: File Roller path traversal cve-assign (Sep 07)
Re: MantisBT weakened CSP when using bundled Gravatar plugin cve-assign (Aug 29)
Re: paps: heap overflow when processing crafted file cve-assign (Jul 29)
Re: libav: divide-by-zero in sbr_make_f_master (aacsbr.c) cve-assign (Sep 21)
Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine cve-assign (Sep 08)
Re: CVE Request: CSRF in Grails console cve-assign (Aug 02)
Re: CVE Requests: HarfBuzz - Chromium CVE issues cve-assign (Jul 18)
Re: git-hub: missing sanitization of data received from GitHub cve-assign (Sep 29)
Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel cve-assign (Jul 11)
Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures cve-assign (Aug 17)
Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet cve-assign (Aug 17)
Re: ettercap: etterlog: multiple crashes cve-assign (Sep 09)
Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) cve-assign (Sep 21)
Re: CVE request - openjpeg null ptr dereference cve-assign (Sep 18)
Re: MantisBT: XSS in view_all_bug_page.php cve-assign (Aug 17)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign (Aug 22)
Re: cve request: systemd-machined: information exposure for docker containers cve-assign (Jul 26)
Re: libav: heap-based buffer overflow in ff_audio_resample (resample.c) cve-assign (Aug 17)
Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation cve-assign (Aug 19)
Re: CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc cve-assign (Sep 16)
Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory cve-assign (Aug 31)
Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop cve-assign (Jul 28)
Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit cve-assign (Aug 26)
Re: Malicious primary DNS servers can crash secondaries cve-assign (Jul 06)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices cve-assign (Aug 23)
Re: CVE request: apparmor: oops in apparmor_setprocattr() cve-assign (Jul 09)
Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal cve-assign (Jul 13)
Re: libav: NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c) cve-assign (Sep 16)
Re: CVE Requests Facebook HHVM cve-assign (Aug 18)
Re: CVE Request - Exponent CMS 2.3.9 multi-vulnerabilities in install code cve-assign (Sep 29)
Re: CVE request: Plone multiple vulnerabilities cve-assign (Sep 05)
Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite cve-assign (Sep 23)
Damien Miller
Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities Damien Miller (Sep 02)
Announce: OpenSSH 7.3 released Damien Miller (Aug 01)
Damien Regad
Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 15)
MantisBT weakened CSP when using bundled Gravatar plugin Damien Regad (Aug 27)
ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 07)
Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
Re: MantisBT weakened CSP when using bundled Gravatar plugin Damien Regad (Aug 30)
MantisBT: XSS in view_all_bug_page.php Damien Regad (Aug 17)
Daniel Beck
CVE request: Jenkins plugin 'Cucumber Reports' 1.3.0 to 2.5.1 disabled XSS protection mechanism Daniel Beck (Jul 27)
Daniel J Walsh
Re: Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 27)
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 03)
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 10)
Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
Daniel Stenberg
[SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
[SECURITY VULNERABILITY] curl: TLS session resumption client cert bypass Daniel Stenberg (Aug 03)
[SECURITY ADVISORY] curl: Incorrect reuse of client certificates Daniel Stenberg (Sep 07)
[SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Daniel Stenberg (Aug 03)
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Daniel Stenberg (Sep 29)
[SECURITY VULNERABILITY] curl: use of connection struct after free Daniel Stenberg (Aug 03)
[SECURITY VULNERABILITY] curl escape and unescape integer overflows Daniel Stenberg (Sep 13)
Dario Bertini
CVE Request: CSRF in Grails console Dario Bertini (Aug 01)
Grails Console is still vulnerable to CSRF CVE-2016-6521 Dario Bertini (Aug 03)
Re: CVE Request: CSRF in Grails console Dario Bertini (Aug 02)
das das
CVE request:SQL injections in TeamPass das das (Jul 10)
David Black
CVE request for the Play Framework David Black (Jul 12)
Re: CVE request for the Play Framework David Black (Jul 17)
David Faure
CVE Request for KNewStuff/KArchive issue David Faure (Jul 16)
Dawid Golunski
CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski (Sep 12)
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski (Sep 12)
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Sep 30)
Diogo Monica
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Monica (Sep 01)
Diogo Mónica
cve request: docker swarm node Dos occurs when join a cluster failed using local CA certificate Diogo Mónica (Sep 05)
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica (Sep 02)
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica (Sep 05)
Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Diogo Mónica (Sep 01)
Dirk-Willem van Gulik
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Dirk-Willem van Gulik (Jul 05)
DM_
CVE request:Exponent CMS 2.3.9 Unrestricted File Upload RCE and Local File include vulnerability DM_ (Sep 20)
Dominic Cleal
CVE-2016-6320: Foreman stored XSS in network interface device identifiers Dominic Cleal (Aug 24)
CVE-2016-6319: Foreman stored XSS in form label helpers Dominic Cleal (Aug 24)
CVE-2016-4995: Foreman information disclosure through unauthorized template previews Dominic Cleal (Jul 25)
CVE-2016-4451, CVE-2016-4475: Foreman organizations/locations API/UI privilege escalations Dominic Cleal (Jul 25)
CVE-2016-5390: Foreman information disclosure in host interfaces/parameters API Dominic Cleal (Jul 25)
Doran Moppert
CVE request: libarchive (pre 3.2.0) denial of service with gzip quine Doran Moppert (Sep 08)
CVE request - sudoers on Red Hat, Fedora, Mageia information disclosure Doran Moppert (Aug 24)
openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 Doran Moppert (Sep 26)
east wu
Exponent CMS 2.3.9 SQL injection vulnerabilities east wu (Sep 19)
Eric Pruitt
CVE request - slock, all versions NULL pointer dereference Eric Pruitt (Aug 18)
Eric W. Biederman
Re: subuid security patches for shadow package Eric W. Biederman (Jul 19)
F. Alonso
CVE Requests Facebook HHVM F. Alonso (Aug 11)
felix k3y
CVE request:Exponent CMS 2.3.9 SQL injection vulnerability felix k3y (Sep 17)
CVE request:Exponent CMS 2.3.9 SQL injection vulnerabilities felix k3y (Sep 17)
Flavio Junqueira
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Flavio Junqueira (Sep 16)
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Flavio Junqueira (Sep 17)
Florian Weimer
CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang Florian Weimer (Aug 18)
Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 30)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Florian Weimer (Jul 11)
glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) Florian Weimer (Aug 02)
Malicious primary DNS servers can crash secondaries Florian Weimer (Jul 06)
Franco Costantini
CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Franco Costantini (Jul 13)
Fried Wil
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Fried Wil (Sep 12)
fyth
CVE Request: File Upload & File Delete lead to Unauthorized RCE in Exponent CMS 2.3.9 fyth (Sep 30)
Glenn Randers-Pehrson
Re: On anonymous CVE assignments Glenn Randers-Pehrson (Jul 09)
Re: On anonymous CVE assignments Glenn Randers-Pehrson (Jul 08)
Grant Ridder
Re: Re: CVE request: mongodb: world-readable .dbshell history file Grant Ridder (Aug 01)
Greg KH
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 18)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 14)
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH (Sep 29)
Re: panic at big_key_preparse #4.7-r6/rc7 & master Greg KH (Jul 22)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Greg KH (Jul 13)
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 15)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 16)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Greg KH (Jul 24)
Re: badUSB exploit - affects all Linux distros Greg KH (Jul 31)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 23)
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
Re: badUSB exploit - affects all Linux distros Greg KH (Jul 31)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 18)
Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Greg KH (Aug 19)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 17)
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Greg KH (Aug 22)
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH (Sep 29)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Greg KH (Jul 27)
Re: CVE request: Linux kernel mbcache lock contention denial of service. Greg KH (Sep 05)
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 16)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Greg KH (Aug 17)
Gsunde Orangen
Re: CVE-2016-5696: linux kernel - challange ack information leak. Gsunde Orangen (Aug 17)
Gulshan Singh
Re: Libarchive/bsdtar: multiple crashes Gulshan Singh (Sep 15)
Gustavo Grieco
Re: Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Gustavo Grieco (Jul 27)
Re: Read out-of-bounds parsing bash code in GNU Bash 4.3 Gustavo Grieco (Aug 08)
Browsing and attaching images considered harmful in Linux Gustavo Grieco (Jul 04)
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco (Jul 13)
Read out-of-bounds parsing bash code in GNU Bash 4.3 Gustavo Grieco (Aug 05)
Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 Gustavo Grieco (Jul 26)
Re: Browsing and attaching images considered harmful in Linux Gustavo Grieco (Jul 06)
Hanno Böck
FreeBSD update components vulns (libarchive, bsdiff, portsnap) Hanno Böck (Aug 09)
Multiple vulnerabilities in RPM – and a rant Hanno Böck (Aug 26)
Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Hanno Böck (Jul 30)
Out of bounds heap bugs in glib, heap buffer overflow in gnome-session Hanno Böck (Sep 16)
Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 25)
MatrixSSL Bignum bugs Hanno Böck (Aug 08)
libupnp write files via POST Hanno Böck (Jul 18)
Re: CVE request: multiple issues fixed in GNU libidn 1.33 Hanno Böck (Jul 29)
Re: Re: ffmpeg afl bugs Hanno Böck (Sep 26)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 30)
Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Hanno Böck (Sep 29)
Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS Hanno Böck (Jul 11)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Hanno Böck (Jul 29)
Hans Jerry Illikainen
CVE-2016-5399: php: out-of-bounds write in bzread() Hans Jerry Illikainen (Jul 20)
Henri Salo
Re: CVE ID Request: FOG Project Multiple Vulnerabilities Henri Salo (Sep 04)
Hu Chaojian
CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite Hu Chaojian (Sep 23)
Huzaifa Sidhpurwala
Re: Re: CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala (Jul 17)
cracklib: Stack-based buffer overflow when parsing large GECOS field Huzaifa Sidhpurwala (Aug 16)
firewalld: Firewall configuration can be modified by any logged in user Huzaifa Sidhpurwala (Aug 16)
CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Huzaifa Sidhpurwala (Jul 29)
Re: Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks Huzaifa Sidhpurwala (Jul 31)
CVE Requests: HarfBuzz - Chromium CVE issues Huzaifa Sidhpurwala (Jul 13)
HW42
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) HW42 (Sep 13)
Ibrahim el-sayed
Fwd: Security vulnerability - read out-of-bounds leads to memory leak Ibrahim el-sayed (Aug 15)
CVE-Request Buffer overflow ImageMagick Ibrahim el-sayed (Jul 28)
CVE Request ImageMagick buffer overflow Ibrahim el-sayed (Aug 02)
Idler
CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference Idler (Aug 05)
ISC Security Officer
BIND9 CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request ISC Security Officer (Sep 27)
Jakub Wilk
Re: ImageMagick identify "d:" hangs Jakub Wilk (Sep 27)
Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 29)
Re: TLS testing results - OS distro vulnerabilities Jakub Wilk (Aug 22)
Re: Pylint checks not as static as one would think Jakub Wilk (Jul 12)
Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 26)
git-hub: missing sanitization of data received from GitHub Jakub Wilk (Sep 29)
Jamie Whitacre
Re: CVE Request: ipywidgets executes untrusted JavaScript Jamie Whitacre (Sep 21)
Jani Kenttala
Re: TLS testing results - OS distro vulnerabilities Jani Kenttala (Aug 22)
Jan Schaumann
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
Re: A CGI application vulnerability for PHP, Go, Python and others Jan Schaumann (Jul 18)
Jeffrey Walton
Fwd: CVE-2016-7420 (Info Disclosure due to assert), Crypto++ and down level remediation Jeffrey Walton (Sep 19)
Re: Does a documentation bug elevate to CVE status? - Crypto++ Jeffrey Walton (Sep 15)
CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers" Jeffrey Walton (Sep 23)
Fwd: CVE-2016-7420 and dev-brach 'trap' ready for testing Jeffrey Walton (Sep 16)
Does a documentation bug elevate to CVE status? Jeffrey Walton (Sep 15)
Jens Erat
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) Jens Erat (Jul 08)
Jeremy Stanley
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Jeremy Stanley (Sep 14)
jericho
Re: CVE Request - OpenSLP 2.0 Memory Corruption jericho (Sep 28)
Jesse Hertz
Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
CVE Request: Denial-of-Service / Unexploitable Memory Corruption in mmap() on OpenBSD Jesse Hertz (Aug 02)
Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 16)
Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
Re: Multiple Bugs in OpenBSD Kernel Jesse Hertz (Jul 14)
CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD Jesse Hertz (Jul 26)
Re: cve request: systemd-machined: information exposure for docker containers Jesse Hertz (Jul 27)
Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Jesse Hertz (Jul 15)
Jessica Frazelle
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount Jessica Frazelle (Jul 14)
Re: cve request: systemd-machined: information exposure for docker containers Jessica Frazelle (Jul 27)
John Haxby
Re: CVE-2016-7545 -- SELinux sandbox escape John Haxby (Sep 26)
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 16)
John Johansen
CVE request: apparmor: oops in apparmor_setprocattr() John Johansen (Jul 08)
Jordan Bettis
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Jordan Bettis (Aug 25)
Joshua J. Drake
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) Joshua J. Drake (Jul 31)
Julian Reschke
CVE-2016-6801: CSRF in Jackrabbit-Webdav using empty content-type Julian Reschke (Sep 14)
jun3 June
CVE request for webkit js engine javascriptcore jun3 June (Jul 17)
Justin Bull
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 18)
Justin Ross
[SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows Justin Ross (Jul 15)
Kamil Dudka
Re: [SECURITY VULNERABILITY] curl: Re-using connections with wrong client cert Kamil Dudka (Sep 05)
Kirill Zaitsev
RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972) Kirill Zaitsev (Aug 08)
Kurt Seifried
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 01)
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 02)
Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried (Jul 18)
Possible CVE for TLS protocol issue Kurt Seifried (Sep 19)
Re: CVEs for public Kibana / logstash issues Kurt Seifried (Sep 09)
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
Re: A CGI application vulnerability for PHP, Go, Python and others Kurt Seifried (Jul 18)
Re: TLS testing results - OS distro vulnerabilities Kurt Seifried (Aug 21)
Possible CVE request for Redis docker container Kurt Seifried (Sep 10)
Re: On anonymous CVE assignments Kurt Seifried (Jul 08)
Re: Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node Kurt Seifried (Sep 01)
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Kurt Seifried (Aug 11)
CVEs for public Kibana / logstash issues Kurt Seifried (Sep 08)
Re: Multiple vulnerabilities in RPM – and a rant Kurt Seifried (Aug 26)
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Kurt Seifried (Aug 23)
Larry W. Cashdollar
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Larry W. Cashdollar (Sep 23)
SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla Larry W. Cashdollar (Jul 28)
SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla Larry W. Cashdollar (Jul 26)
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Larry W. Cashdollar (Sep 23)
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Jul 23)
Reflected XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Larry W. Cashdollar (Jul 28)
Updated: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Larry W. Cashdollar (Sep 01)
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS Larry W. Cashdollar (Jul 25)
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Larry W. Cashdollar (Sep 21)
Reflected XSS & SQLi in HugeIT slideshow v1.0.4 Larry W. Cashdollar (Jul 26)
lazytyped
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 28)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) lazytyped (Jul 29)
Leo Famulari
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
limingxing
CVE request : a stored XSS in Xcloner for wordpress limingxing (Jul 27)
Lior Kaplan
CVE assignment for PHP 5.6.25 and 7.0.10 Lior Kaplan (Sep 02)
Fwd: CVE for PHP 5.5.38 issues Lior Kaplan (Jul 24)
On anonymous CVE assignments Lior Kaplan (Jul 08)
CVE assignment for PHP 5.6.26 and 7.0.11 Lior Kaplan (Sep 15)
Lucian Cojocar
Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution Lucian Cojocar (Jul 20)
Luis Henriques
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Luis Henriques (Jul 27)
Marco Grassi
BUG_ON crash in linux 4.7-rc6/master skbuff.c Marco Grassi (Jul 05)
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
mupdf library use after free Marco Grassi (Jul 21)
Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer() Marco Grassi (Sep 16)
Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 14)
imagemagick mogrify global buffer overflow Marco Grassi (Sep 30)
multiple memory corruption issues in lepton Marco Grassi (Jul 16)
Marcus Meissner
CVE Request: Default password in openstack / crowbar trove Marcus Meissner (Aug 16)
CVE-2016-6519: openstack-manila: Persistent XSS in Metadata field Marcus Meissner (Sep 15)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
Re: Ruby:HTTP Header injection in 'net/http' Marcus Meissner (Aug 02)
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 22)
Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Marcus Meissner (Aug 18)
Mario Pirker
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Mario Pirker (Sep 29)
Mark Hatle
Systemd local denial of service Mark Hatle (Sep 29)
Martin Prpic
CVE-2016-6301: busybox: NTP server denial of service flaw Martin Prpic (Aug 03)
CVE-2016-6299 mock: privilige escalation via mock-scm Martin Prpic (Sep 13)
Martyn Taylor
[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability Martyn Taylor (Sep 23)
Mathias Svensson
CVE request: Information leak in LibTIFF Mathias Svensson (Jul 13)
Matthew Daley
CVE requests / Advisory: ATutor <= 2.2.1 Matthew Daley (Jul 01)
Matt Johnston
CVE request for Dropbear SSH <2016.74 Matt Johnston (Sep 14)
Mauri Miettinen
TLS testing results - OS distro vulnerabilities Mauri Miettinen (Aug 20)
Maxim Solodovnik
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel Maxim Solodovnik (Aug 12)
Michael McNally
ISC security issue CVE-2016-2775 (potential denial-of-service attack against lwres functionality in BIND) Michael McNally (Jul 18)
Michael Scherer
CVE Request: openshift-node is logging private RSA keys to the systemd journal Michael Scherer (Jul 13)
Michal Zalewski
Re: ffmpeg afl bugs Michal Zalewski (Sep 25)
Mike Kienenberger
[ANNOUNCE][CVE-2016-5019] Apache MyFaces Trinidad 2.0.2 released Mike Kienenberger (Sep 29)
Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger (Sep 29)
[ANNOUNCE][CVE-2016-5019] Apache MyFaces Trinidad 2.1.2 released Mike Kienenberger (Sep 29)
CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability Mike Kienenberger (Sep 29)
[ANNOUNCE][CVE-2016-5019] Apache MyFaces Trinidad 1.2.15 released Mike Kienenberger (Sep 29)
Mike Santillana
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 30)
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Mike Santillana (Sep 19)
Misra, Deapesh
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 28)
CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 11)
Moritz Muehlenhoff
Re: CVE Request: VLC: Potential divide-by-zero issue Moritz Muehlenhoff (Sep 22)
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Moritz Muehlenhoff (Sep 14)
Nathan Van Gheem
Re: CVE request: Plone multiple vulnerabilities Nathan Van Gheem (Sep 05)
CVE request: Plone multiple vulnerabilities Nathan Van Gheem (Sep 05)
Nicolas François
Re: [Pkg-shadow-devel] subuid security patches for shadow package Nicolas François (Jul 20)
Pascal Cuoq
memory issues in libksba 1.3.4 and git Pascal Cuoq (Aug 20)
Patrick Uiterwijk
[CVE-2016-1000007] Pagure: XSS in raw file endpoint Patrick Uiterwijk (Jul 04)
Paul Wouters
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jul 08)
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jul 12)
Pere Orga
CVE requests for Drupal Core - SA-CORE-2016-002 Pere Orga (Jul 13)
CVE Requests for Drupal Core - SA-CORE-2016-004 Pere Orga (Sep 28)
CVE requests for Drupal contributed modules Pere Orga (Jul 17)
Peter Bex
CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex (Aug 14)
Re: A CGI application vulnerability for PHP, Go, Python and others Peter Bex (Jul 21)
petrella.pietro
CVE:Request - Path Traversal Barebone.jsp - Liferay 5.1.0 petrella.pietro (Aug 01)
P J P
CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend P J P (Aug 30)
Re: Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages P J P (Sep 07)
Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend P J P (Aug 30)
CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation P J P (Aug 19)
CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS P J P (Jul 27)
CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object P J P (Sep 16)
CVE request: Qemu net: vmxnet3: use after free while writing P J P (Aug 11)
CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command P J P (Sep 09)
CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list P J P (Sep 06)
CVE Request Qemu: virtio: infinite loop in virtqueue_pop P J P (Jul 28)
CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode P J P (Jul 28)
CVE request Qemu: an infinite loop during packet fragmentation P J P (Aug 11)
CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages P J P (Sep 06)
CVE Request Qemu: Information leak in vmxnet3_complete_packet P J P (Aug 11)
CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation P J P (Aug 11)
CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc P J P (Sep 16)
CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests P J P (Sep 16)
CVE Request Qemu: usb: xhci memory leakage during device unplug P J P (Sep 19)
CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings P J P (Sep 06)
CVE request Qemu: scsi: esp: oob write access while reading ESP command P J P (Jul 25)
Puzzor
CVE request - mujs Heap-Buffer-Overflow write and OOB Read Puzzor (Sep 21)
Quentin Casasnovas
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Quentin Casasnovas (Sep 29)
Radzykewycz, T (Radzy)
RE: [security-vendor] Re: [oss-security] Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Radzykewycz, T (Radzy) (Aug 23)
redrain root
CVE request - Airmail URLScheme render and file:// xss vulnerability redrain root (Sep 08)
CVE request:Heap overflow vulns in MuPDF redrain root (Aug 02)
Reed Loden
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Reed Loden (Sep 19)
Re: Re: MantisBT weakened CSP when using bundled Gravatar plugin Reed Loden (Aug 29)
Re: Re: ezmlm warning Reed Loden (Sep 19)
Re: Possible CVE for TLS protocol issue Reed Loden (Sep 19)
Remi Gacogne
Re: Libgcrypt and GnuPG 1.4 RNG output prediction Remi Gacogne (Aug 17)
PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load Remi Gacogne (Sep 09)
Re: Malicious primary DNS servers can crash secondaries Remi Gacogne (Jul 07)
Reno Robert
CVE Request - OpenSLP 2.0 Memory Corruption Reno Robert (Sep 27)
Richard Rowe
A CGI application vulnerability for PHP, Go, Python and others Richard Rowe (Jul 18)
Robbie Gemmell
[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Robbie Gemmell (Jul 02)
Robert Święcki
Re: CVE request - openjpeg null ptr dereference Robert Święcki (Sep 18)
Salvatore Bonaccorso
CVE Request: irssi: information disclosure vulnerabilit in buf.pl Salvatore Bonaccorso (Sep 24)
CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c Salvatore Bonaccorso (Jul 12)
CVE Request: DBD-mysql: use-after-free in mysql_dr_error Salvatore Bonaccorso (Jul 27)
CVE Request: GnuTLS: OCSP validation issue (GNUTLS-SA-2016-3) Salvatore Bonaccorso (Sep 18)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Salvatore Bonaccorso (Jul 22)
Re: Browsing and attaching images considered harmful in Linux Salvatore Bonaccorso (Jul 06)
CVE Request: redis: World readable .rediscli_history Salvatore Bonaccorso (Jul 28)
CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands Salvatore Bonaccorso (Aug 22)
CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select Salvatore Bonaccorso (Jul 15)
CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) Salvatore Bonaccorso (Aug 07)
CVE Request: perl: XSLoader: could load shared library from incorrect location Salvatore Bonaccorso (Jul 07)
CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Salvatore Bonaccorso (Jul 05)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Salvatore Bonaccorso (Aug 17)
Re: cracklib: Stack-based buffer overflow when parsing large GECOS field Salvatore Bonaccorso (Aug 23)
Scott Arciszewski
Ruining the Magic of Magento's Encryption Library Scott Arciszewski (Jul 18)
Re: Ruining the Magic of Magento's Encryption Library Scott Arciszewski (Jul 18)
Scott Bauer
CVE Request: Linux >= 4.5 double fetch leading to heap overflow Scott Bauer (Jul 31)
Scott Tenaglia
CVE Request: Heap Overflow Portable UPnP SDK 1.6.19 through 1.8.x Scott Tenaglia (Sep 08)
CVE Request - Portable UPnP SDK 1.6.19 through 1.8.x Scott Tenaglia (Sep 07)
Seaman, Chad
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad (Jul 07)
Sebastian Krahmer
nfsd-ganesha allows anyone to call into DBUS? Sebastian Krahmer (Sep 12)
subuid security patches for shadow package Sebastian Krahmer (Jul 19)
Re: subuid security patches for shadow package Sebastian Krahmer (Jul 19)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer (Jul 25)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer (Jul 25)
Sébastien Delafond
Re: CVE request: mongodb: world-readable .dbshell history file Sébastien Delafond (Aug 01)
CVE request: mongodb: world-readable .dbshell history file Sébastien Delafond (Jul 29)
Seth Arnold
Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Seth Arnold (Sep 14)
Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode Seth Arnold (Sep 19)
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
Shiz
Re: cve request: systemd-machined: information exposure for docker containers Shiz (Aug 01)
Simon McVittie
Re: cve request: systemd-machined: information exposure for docker containers Simon McVittie (Jul 28)
Solar Designer
Re: multiple crashes in radare2/radiff2 Solar Designer (Sep 08)
Re: Heapoverflow in giflib5.1.4 Solar Designer (Sep 13)
CVE-2016-4971: wget < 1.18 trusts server-provided filename on HTTP to FTP redirects Solar Designer (Jul 09)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Solar Designer (Jul 25)
Re: memory issues in libksba 1.3.4 and git Solar Designer (Aug 22)
Libgcrypt and GnuPG 1.4 RNG output prediction Solar Designer (Aug 17)
Re: Libgcrypt and GnuPG 1.4 RNG output prediction Solar Designer (Aug 18)
Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Solar Designer (Sep 12)
Re: memory issues in libksba 1.3.4 and git Solar Designer (Aug 22)
Fwd: CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] Solar Designer (Jul 05)
Re: gorgeous Solar Designer (Aug 14)
Re: Re: ezmlm warning Solar Designer (Sep 19)
Re: TLS testing results - OS distro vulnerabilities Solar Designer (Aug 22)
Re: CVE request for webkit js engine javascriptcore Solar Designer (Jul 18)
Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer (Jul 18)
Re: A CGI application vulnerability for PHP, Go, Python and others Solar Designer (Jul 18)
Re: ffmpeg afl bugs Solar Designer (Sep 25)
Sona Sarmadi
RE: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 17)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 14)
Re: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 16)
RE: CVE-2016-5696: linux kernel - challange ack information leak. Sona Sarmadi (Aug 14)
squid3
gorgeous squid3 (Aug 14)
Sravya Tirukkovalur
CVE-2016-0760: Hive builtin functions “reflect”, “reflect2”, and “java_method” are not blocked in Apache Sentry Sravya Tirukkovalur (Aug 04)
Stefan Kanthak
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking Stefan Kanthak (Jul 18)
Summer of Pwnage
Multiple vulnerabilities affecting five WordPress Plugins (XSS, CSRF & SQLi) Summer of Pwnage (Jul 20)
Multiple vulnerabilities affecting seven WordPress (XSS, CSRF, SQLi) Summer of Pwnage (Aug 02)
Multiple vulnerabilities affecting eleven WordPress Plugins (XSS, CSRF, LFI & object injection) Summer of Pwnage (Aug 15)
Multiple stored Cross-Site Scripting vulnerabilities affecting three WordPress Plugins Summer of Pwnage (Jul 17)
Multiple Local File Inclusion vulnerabilities affecting three WordPress Plugins Summer of Pwnage (Jul 17)
Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
Multiple Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins Summer of Pwnage (Aug 04)
Multiple reflected Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins Summer of Pwnage (Jul 17)
Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names Summer of Pwnage (Sep 08)
Multiple vulnerabilities affecting four WordPress Plugins & one Theme Summer of Pwnage (Jul 31)
Sylvain Corlay
Re: CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay (Aug 11)
CVE Request: ipywidgets executes untrusted JavaScript Sylvain Corlay (Jul 01)
Sysdream Labs
Re: CVE ID Request: FOG Project Multiple Vulnerabilities Sysdream Labs (Sep 04)
CVE ID Request : OpenFire multiple vulnerabilities Sysdream Labs (Jul 05)
CVE ID Request: FOG Project Multiple Vulnerabilities Sysdream Labs (Jul 19)
Tavis Ormandy
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
Re: multiple crashes in radare2/radiff2 Tavis Ormandy (Sep 09)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)
Re: CVE-2016-7543 -- bash SHELLOPTS+PS4 Tavis Ormandy (Sep 26)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
Thomas Deutschmann
CVEs for vulnerabilities listed in MySQL 5.6.33 release note Thomas Deutschmann (Sep 23)
Tim Allison
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Tim Allison (Jul 22)
Tim Graham
[ANNOUNCE] Django security releases issued: 1.9.10 and 1.8.15 Tim Graham (Sep 26)
[ANNOUNCE] Django security releases issued: 1.10 release candidate 1, 1.9.8, and 1.8.14 Tim Graham (Jul 18)
Tim Rühsen
Re: [Bug-wget] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen (Aug 14)
Re: [Bug-wget] [oss-security] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen (Aug 12)
Tristan Cacqueray
CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Sep 20)
[OSSA 2016-011] Nova may fail to delete images in resize state regression (CVE-2016-7498) Tristan Cacqueray (Sep 22)
Tyler Hicks
CVE Requests: Information exposure caused by ecryptfs-setup-swap failures Tyler Hicks (Jul 12)
Re: CVE request: apparmor: oops in apparmor_setprocattr() Tyler Hicks (Jul 11)
CVE Request: File Roller path traversal Tyler Hicks (Sep 07)
up201407890
CVE-2016-7543 -- bash SHELLOPTS+PS4 up201407890 (Sep 26)
Re: CVE-2016-7545 -- SELinux sandbox escape up201407890 (Sep 26)
CVE-2016-7545 -- SELinux sandbox escape up201407890 (Sep 25)
Vahagn Vardanyan
multiple crashes in radare2/radiff2 Vahagn Vardanyan (Sep 08)
Fwd: multiple crashes in radare2/radiff2 Vahagn Vardanyan (Sep 09)
Velmurugan Periasamy
CVE update (CVE-2016-5395) - Fixed in Apache Ranger 0.6.1 Velmurugan Periasamy (Aug 22)
Vitaly Nikolenko
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Vitaly Nikolenko (Sep 29)
Vladis Dronov
CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Vladis Dronov (Aug 26)
Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Vladis Dronov (Aug 29)
kernel: ACPI table override is allowed when securelevel is enabled Vladis Dronov (Sep 22)
vul
CVE request -libdwarf 20160613 heap-buffer-overflow vul (Sep 13)
Heapoverflow in giflib5.1.4 vul (Sep 13)
CVE request - openjpeg null ptr dereference vul (Sep 18)
Wade Mealing
CVE-2016-5389: linux kernel - challange ack information leak. Wade Mealing (Jul 11)
CVE request: Linux kernel mbcache lock contention denial of service. Wade Mealing (Aug 21)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Wade Mealing (Aug 19)
CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Wade Mealing (Jul 24)
Re: CVE-2016-5389: linux kernel - challange ack information leak. Wade Mealing (Jul 12)
Walter
XSS vulnerability in ILIAS before version 5.1.3, 5.0.11 and 4.4.14 Walter (Jul 23)
watashiwaher
libxml with CGI fix watashiwaher (Sep 13)
Werner Koch
Re: memory issues in libksba 1.3.4 and git Werner Koch (Aug 22)
Re: memory issues in libksba 1.3.4 and git Werner Koch (Aug 22)
Re: Libgcrypt and GnuPG 1.4 RNG output prediction Werner Koch (Aug 17)
William Pitcock
Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis William Pitcock (Sep 05)
Will Sargent
Re: CVE request for the Play Framework Will Sargent (Jul 20)
Willy Tarreau
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Willy Tarreau (Aug 22)
Re: Re: CVE Request: Linux kernel crash of OHCI when plugging in malicious USB devices Willy Tarreau (Aug 18)
Xen . org security team
Xen Security Advisory 188 (CVE-2016-7154) - use after free in FIFO event channel code Xen . org security team (Sep 08)
Xen Security Advisory 187 (CVE-2016-7094) - x86 HVM: Overflow of sh_ctxt->seg_reg[] Xen . org security team (Sep 08)
Xen Security Advisory 185 (CVE-2016-7092) - x86: Disallow L3 recursive pagetable for 32-bit PV guests Xen . org security team (Sep 08)
Xen Security Advisory 184 (CVE-2016-5403) - virtio: unbounded memory allocation issue Xen . org security team (Jul 27)
Xen Security Advisory 183 (CVE-2016-6259) - x86: Missing SMAP whitelisting in 32-bit exception / event delivery Xen . org security team (Jul 26)
Xen Security Advisory 186 (CVE-2016-7093) - x86: Mishandling of instruction pointer truncation during emulation Xen . org security team (Sep 08)
Xen Security Advisory 182 (CVE-2016-6258) - x86: Privilege escalation in PV guests Xen . org security team (Jul 26)
x ksi
Re: Re: CVE request - slock, all versions NULL pointer dereference x ksi (Aug 19)
yi
CVE Request : Libtorrent 1.1.0 inflate_gzip denial of service yi (Sep 07)
zer0mem
panic at big_key_preparse #4.7-r6/rc7 & master zer0mem (Jul 22)
פאי פי
badUSB exploit - affects all Linux distros פאי פי (Jul 31)
刘科
CVE Request: Multiple security issues in OpenJPEG 刘科 (Sep 18)
Re: Re: CVE Request: OpenJPEG Heap Buffer Overflow Issue(Internet mail) 刘科 (Sep 08)
CVE Request: OpenJPEG Integer Overflow Issue 刘科 (Sep 07)
CVE Request: libgd: Integer overflow in function gdImageWebpCtx of gd_webp.c 刘科 (Sep 27)
CVE Request: OpenJPEG Heap Buffer Overflow Issue 刘科 (Sep 07)
张开翔
CVE Request: docker swarm node Dos occurs when join a cluster failed using local CA certificate 张开翔 (Sep 01)
cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node 张开翔 (Jul 29)
cve request: docker swarm node Dos occurs when join a cluster failed using local CA certificate 张开翔 (Sep 01)
CVE Request: docker2aci: Path traversals present in image converting 张开翔 (Sep 28)
张谦
CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call 张谦 (Sep 29)
曾鸿坤
CVE Request - Intelliants Subrion CMS Arbitrary Files Delete 曾鸿坤 (Aug 27)
王畅
CVE Request: XSS Vulnerability in Exponent CMS 2.3.9 王畅 (Sep 21)
王禹哲
Exponent CMS 2.3.9 SQL injection vulnerabilities 王禹哲 (Sep 19)
CVE request - Exponent CMS 2.3.9 SQL injection 王禹哲 (Sep 19)
连一汉
[CVE-2016-6881] ffmpeg endless loop when dealing with craft swf file. 连一汉 (Sep 26)
[CVE-2016-6671] ffmpeg buffer overflow when decoding swf 连一汉 (Aug 12)
陈佩文
CVE-2016-7101 - ImageMagick SGI Coder Out-Of-Bounds Read Vulnerability 陈佩文 (Sep 26)
CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write Vulnerability 陈佩文 (Sep 25)
陈瑞琦
CVE request: XSS vulns in Dotclear v2.9.1 陈瑞琦 (Aug 01)
CVE request: XSS vuln in b2evolution v6.7.4 陈瑞琦 (Aug 12)
CVE Request: XSS vulns in b2evolution v6.7.5 陈瑞琦 (Sep 11)