oss-sec: by author
RSS Feed
About List
All Lists
Previous period
287 messages
starting Feb 01 18 and
ending Mar 22 18
Date index |
Thread index |
Author index
Adam Maris
Re: report a vulnerability in sfcb software. Adam Maris (Feb 01)
Ailin Nemui
Irssi 1.0.6: CVE-2018-5206, CVE-2018-5205, CVE-2018-5208, CVE-2018-5207 Ailin Nemui (Jan 06)
Irssi 1.1.1&1.0.7: CVE-2018-7054, CVE-2018-7053, CVE-2018-7050, CVE-2018-7052, CVE-2018-7051 Ailin Nemui (Feb 15)
Akira Ajisaka
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka (Jan 24)
Aki Tuomi
Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability Aki Tuomi (Mar 01)
CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. Aki Tuomi (Jan 25)
Re: CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted. Aki Tuomi (Jan 31)
Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS Aki Tuomi (Mar 01)
Alexander Popov
Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Alexander Popov (Feb 20)
Alex O'Ree
[Security] CVE-2018-1307 XML Entity Expansion in juddi-client v3.2 through 3.3.4 Alex O'Ree (Feb 09)
Alex Rudyy
[SECURITY][CVE-2018-1298] Apache Qpid Broker-J Denial of Service Vulnerability with PLAIN and XOAUTH2 SASL mechanisms Alex Rudyy (Feb 08)
Amos Jeffries
SQUID-2018:1 Denial of Service issue in ESI Response processing Amos Jeffries (Jan 22)
Re: SQUID-2018:2 Denial of Service issue in HTTP Message processing Amos Jeffries (Jan 28)
Re: SQUID-2018:1 Denial of Service issue in ESI Response processing Amos Jeffries (Jan 28)
SQUID-2018:2 Denial of Service issue in HTTP Message processing Amos Jeffries (Jan 22)
Andrea Pescetti
Apache OpenOffice 4.1.4 - fixes CVE-2017-3157 CVE-2017-9806 CVE-2017-12607 CVE-2017-12608 Andrea Pescetti (Jan 01)
Andrey Konovalov
Linux kernel: syzkaller dashboard Andrey Konovalov (Mar 27)
Andy LoPresto
[ANNOUNCE] CVE advisory for Apache NiFi 1.0.0 - 1.3.0 Andy LoPresto (Jan 25)
[ANNOUNCE] CVE fixes in Apache NiFi 1.5.0 Andy LoPresto (Jan 23)
Anthony Baker
[SECURITY] CVE-2017-15696 Apache Geode configuration request authorization vulnerability Anthony Baker (Feb 22)
[SECURITY] CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer Anthony Baker (Feb 23)
[SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability Anthony Baker (Jan 09)
[SECURITY] CVE-2017-15693 Apache Geode unsafe deserialization of application objects Anthony Baker (Feb 23)
[SECURITY] CVE-2017-12622 Apache Geode gfsh authorization vulnerability Anthony Baker (Jan 09)
[SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability Anthony Baker (Jan 09)
Anthony Liguori
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Anthony Liguori (Feb 18)
Bertrand Delacretaz
CVE-2012-3353: Apache Sling Content Loading Vulnerability Bertrand Delacretaz (Jan 08)
Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with TLS handshake - CVE-2017-7671 Bryan Call (Feb 27)
[ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660 Bryan Call (Feb 27)
Cantor, Scott
Apache Xerces-C Security Advisory for versions < 3.2.1 [CVE-2017-12627] Cantor, Scott (Feb 28)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2018-0002 Carlos Alberto Lopez Perez (Jan 24)
WebKitGTK+ Security Advisory WSA-2018-0001 Carlos Alberto Lopez Perez (Jan 10)
chbi
CVE-2018-7290: Stored XSS vulnerability in Tiki <= 18 chbi (Mar 08)
XSS vulnerability in Tiki < 18 chbi (Feb 16)
Re: XSS vulnerability in Tiki < 18 chbi (Feb 16)
Christopher Shannon
[ANNOUNCE] CVE-2017-15709 - Information Leak Christopher Shannon (Feb 13)
Colm O hEigeartaigh
[ANNOUNCE] Apache Sentry 1.7.1 released Colm O hEigeartaigh (Jan 05)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Feb 14)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Jan 25)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 25)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jan 22)
Re: Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution Daniel Beck (Jan 25)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Mar 26)
Re: Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck (Jan 25)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 28)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Feb 28)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 26)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 05)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Feb 05)
Daniel Kahn Gillmor
Re: [SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements Daniel Kahn Gillmor (Mar 23)
Daniel Ruggeri
CVE-2018-1303: Possible out of bound read in mod_cache_socache Daniel Ruggeri (Mar 24)
CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request Daniel Ruggeri (Mar 24)
CVE-2018-1283: Tampering of mod_session data for CGI applications Daniel Ruggeri (Mar 24)
CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name Daniel Ruggeri (Mar 24)
CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown Daniel Ruggeri (Mar 24)
CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest Daniel Ruggeri (Mar 24)
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Daniel Ruggeri (Mar 24)
Daniel Stenberg
[SECURITY ADVISORY] curl: LDAP NULL pointer dereference Daniel Stenberg (Mar 13)
[SECURITY ADVISORY] curl: FTP path trickery leads to NIL byte out of bounds write Daniel Stenberg (Mar 13)
[SECURITY ADVISORY] curl: HTTP/2 trailer out-of-bounds read Daniel Stenberg (Jan 23)
[SECURITY ADVISORY] curl: RTSP RTP buffer over-read Daniel Stenberg (Mar 13)
[SECURITY ADVISORY] curl: HTTP authentication leak in redirects Daniel Stenberg (Jan 23)
Daniël van Eeden
DBD::mysql and SSL/TLS Daniël van Eeden (Jan 12)
Daniel Veditz
libvorbis/libtremor OOB write Daniel Veditz (Mar 16)
Dave Brondsema
[SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability Dave Brondsema (Feb 06)
[SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting Dave Brondsema (Mar 15)
Dhiru Kholia
Remote DoS flaw in 389-ds-base Dhiru Kholia (Mar 05)
Dominik Csapak
Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Dominik Csapak (Feb 23)
Doran Moppert
Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Doran Moppert (Feb 22)
CVE-2018-1000018: ovirt-engine-setup: root password disclosed in provisioning logs Doran Moppert (Jan 23)
dormando
Re: Memcached remote DoS in older versions dormando (Mar 08)
Memcached remote DoS in older versions dormando (Mar 07)
Doug Goldstein
Re: [Xen-devel] Xen Security Advisory 254 - Information leak via side effects of speculative execution Doug Goldstein (Jan 05)
Fernando Perez
Re: CVE request: maliciously crafted notebook files in Jupyter Fernando Perez (Mar 19)
flanker017
Fwd: [scr485440] 5 Samsung CVEs flanker017 (Mar 30)
Florian Weimer
Re: How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 20)
How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 18)
Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Florian Weimer (Jan 29)
Francesco Chicchiriccò
[SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements Francesco Chicchiriccò (Mar 19)
[SECURITY] CVE-2018-1322: Information disclosure via FIQL and ORDER BY sorting Francesco Chicchiriccò (Mar 19)
Ganesh Murthy
[SECURITY] CVE-2017-15699: Apache Qpid Dispatch Router Denial of Service Vulnerability when specially crafted frame is sent to the Router Ganesh Murthy (Feb 13)
Georgi Guninski
Own on install. How grave it is? Georgi Guninski (Jan 09)
Gordo Lowrey
Re: CVE request: maliciously crafted notebook files in Jupyter Gordo Lowrey (Mar 20)
Greg KH
Re: How to deal with reporters who don't want their bugs fixed? Greg KH (Jan 19)
Guido Vranken
Re: OpenSSL: bug in modular exponentiation Guido Vranken (Mar 22)
OpenSSL: bug in modular exponentiation Guido Vranken (Mar 20)
Gynvael Coldwind
Re: How to deal with reporters who don't want their bugs fixed? Gynvael Coldwind (Jan 18)
halfdog
On reading, thinking, copying halfdog (Jan 12)
Re: How to deal with reporters who don't want their bugs fixed? halfdog (Jan 27)
OpenSSH sftp remote code execution in chroot mode in VERY RARE cases halfdog (Jan 11)
Libc Realpath Buffer Underflow CVE-2018-1000001 halfdog (Jan 11)
util-linux mount/unmount ASLR bypass via environment variable halfdog (Jan 11)
Hanno Böck
Re: Information on file, sqlite, libarchive, pcre issues for CVE IDs assigned by Apple? Hanno Böck (Feb 28)
qpdf: multiple vulnerabilities before 7.0.0 Hanno Böck (Feb 13)
Re: Path traversal flaws in awstats 7.6 and earlier. Hanno Böck (Jan 06)
GNU patch out of bounds read, null pointer crash and double free Hanno Böck (Feb 13)
Squirrelmail directory traversal vulnerability allows exfiltrating files from server Hanno Böck (Mar 17)
Re: clamav: Out of bounds read and segfault in xar parser Hanno Böck (Feb 15)
Stack buffer overflow in WolfSSL before 3.13.0 Hanno Böck (Mar 24)
memcached UDP amplification attacks Hanno Böck (Mar 02)
Vulnerabilities and default credentials in Ilias e-learning software / German gov hack Hanno Böck (Mar 08)
Heiko Schlittermann
Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow) Heiko Schlittermann (Feb 10)
Re: Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 08)
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 10)
CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Heiko Schlittermann (Feb 07)
i
Re: How to deal with reporters who don't want their bugs fixed? i (Jan 19)
Ian Zimmerman
Re: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow Ian Zimmerman (Feb 08)
Re: How to deal with reporters who don't want their bugs fixed? Ian Zimmerman (Jan 22)
Igor Seletskiy
Re: How to deal with reporters who don't want their bugs fixed? Igor Seletskiy (Jan 19)
Ilya Smith
New bypass and protection techniques for ASLR on Linux Ilya Smith (Feb 27)
ISC Security Officer
New vulnerability in ISC BIND announced (CVE-2017-3145) ISC Security Officer (Jan 16)
Isuru Udana
Re: [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana (Jan 14)
Jakub Wilk
Re: Libc Realpath Buffer Underflow CVE-2018-1000001 Jakub Wilk (Jan 12)
Jason A. Donenfeld
KDE Notification URI Loading Issues Jason A. Donenfeld (Feb 04)
CVE-2017-18021: predictably random password generation in third-party pass-compatible software, "QtPass" Jason A. Donenfeld (Jan 05)
Jason Lowe
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability Jason Lowe (Jan 19)
Jesse Hertz
Re: Terminal Control Chars Jesse Hertz (Mar 05)
Jochen Wiedmann
CVE-2018-1294: Apache Commons Email vulnerability information disclosure Jochen Wiedmann (Jan 26)
John Lightsey
Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Jan 06)
Julien Cristau
Fwd: Firefox 52.7.2 (Fwd: Linux ARM ESR-52 builds need additional patch!) Julien Cristau (Mar 16)
Justin Bull
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull (Feb 22)
[CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 Justin Bull (Feb 21)
Karol Babioch
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Karol Babioch (Feb 19)
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Karol Babioch (Feb 19)
Kurt H Maier
Re: KDE Notification URI Loading Issues Kurt H Maier (Feb 04)
Kurt Seifried
Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
Re: memcached UDP amplification attacks Kurt Seifried (Mar 02)
Re: How to deal with reporters who don't want their bugs fixed? Kurt Seifried (Jan 18)
Re: Own on install. How grave it is? Kurt Seifried (Jan 09)
CVE-2018-1000140 - rsyslog librelp X.509 parsing issue Kurt Seifried (Mar 23)
Re: Own on install. How grave it is? Kurt Seifried (Jan 09)
Re: sound driver Conditional competition Kurt Seifried (Jan 16)
Re: memcached UDP amplification attacks Kurt Seifried (Mar 07)
Leo Famulari
Re: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip Leo Famulari (Feb 12)
Ludovic Courtès
Re: How to deal with reporters who don't want their bugs fixed? Ludovic Courtès (Jan 18)
Luedtke, Nicholas (Cyber Security)
Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
Lukasz Lenart
[ANN] A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin Lukasz Lenart (Mar 27)
Luke Hinds
opendaylight-advisory: Multiple "expired" flows consume the memory resource of CONFIG DS Luke Hinds (Jan 16)
luo
sound driver Conditional competition luo (Jan 16)
Marcus Meissner
Re: sound driver Conditional competition Marcus Meissner (Jan 16)
Re: Fw:Re: [scr459004] sfcb - 1.4.9 Marcus Meissner (Feb 09)
Re: transmission: rpc session-id mechanism design flaw results in RCE Marcus Meissner (Jan 15)
Marius Bakke
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Marius Bakke (Mar 25)
Mark Thomas
Re: Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Mark Thomas (Feb 23)
Fwd: [SECURITY] CVE-2018-1304 Security constraints mapped to context root are ignored Mark Thomas (Feb 22)
Fwd: [SECURITY] CVE-2018-1305 Security constraint annotations applied too late Mark Thomas (Feb 22)
Matthias Fetzer
Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
Maxim Solodovnik
[ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 25)
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 26)
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Maxim Solodovnik (Feb 26)
Michael Hanselmann
Denial of service and other vulnerabilities in Icinga 2.x before version 2.8.2 (CVE-2018-6532, CVE-2018-6534, CVE-2018-6535) Michael Hanselmann (Mar 22)
Michael McNally
Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 & CVE-2018-5733, BIND CVE-2018-5734) Michael McNally (Feb 28)
ISC has announced CVE-2017-3144, a defect in ISC DHCP Michael McNally (Jan 16)
Michael Orlitzky
CVE-2017-18188: opentmpfiles root privilege escalation via recursive chown Michael Orlitzky (Feb 14)
Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
Re: How to deal with reporters who don't want their bugs fixed? Michael Orlitzky (Jan 18)
CVE-2017-16933: Icinga2 root privilege escalation via init script and systemd service Michael Orlitzky (Jan 16)
CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
CVE-2017-18018: GNU chown and chgrp (coreutils) privilege escalation via recursive dereferences Michael Orlitzky (Jan 04)
Re: CVE-2017-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0 Michael Orlitzky (Jan 29)
Michal Hrušecký
Re: Own on install. How grave it is? Michal Hrušecký (Jan 09)
Michiel Beijen
Re: DBD::mysql and SSL/TLS Michiel Beijen (Jan 14)
Mike Dalessio
[CVE-2018-8048] Loofah XSS Vulnerability Mike Dalessio (Mar 19)
Mike O'Connor
Re: How to deal with reporters who don't want their bugs fixed? Mike O'Connor (Jan 23)
Mikhail Utin
Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 26)
Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 22)
Mohamed Ghannam
Re: CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Mohamed Ghannam (Feb 20)
Moritz Muehlenhoff
Information on file, sqlite, libarchive, pcre issues for CVE IDs assigned by Apple? Moritz Muehlenhoff (Feb 28)
Nicholas Luedtke
Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke (Jan 19)
oststrom (public)
CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass oststrom (public) (Jan 09)
Patrick Forsberg
Re: memcached UDP amplification attacks Patrick Forsberg (Mar 08)
Paul Jakma
Quagga 1.2.3 release with BGP security issue fixes Paul Jakma (Feb 15)
Petr Špaček
Re: bug in DNS resolvers - DNSSEC validation Petr Špaček (Feb 09)
Philippe Mouawad
CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode Philippe Mouawad (Feb 11)
CVE-2018-1287: Apache JMeter binds RMI server to wildcard in distributed mode (based on RMI) Philippe Mouawad (Feb 11)
P J P
CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine P J P (Jan 15)
CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display P J P (Mar 09)
CVE-2018-7550 Qemu: i386: multiboot OOB access while loading kernel image P J P (Mar 08)
CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine P J P (Jan 15)
CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS P J P (Jan 19)
Re: Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P (Jan 31)
Radu Cotescu
CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API Radu Cotescu (Jan 10)
Rafael Mendonça França
[CVE-2018-3741] XSS vulnerability in rails-html-sanitizer Rafael Mendonça França (Mar 22)
Rafael Weingärtner
[CVE-2013-4317] Apache CloudStack information disclosure vulnerability Rafael Weingärtner (Jan 03)
Ralph Dolmans
CVE-2017-15105 Unbound: NSEC processing vulnerability (DNSSEC) Ralph Dolmans (Jan 19)
Raphael Geissert
Portus, missing certificate validation on proxified https traffic Raphael Geissert (Mar 07)
And Harbor? (was: Portus, missing certificate validation on proxified https traffic) Raphael Geissert (Mar 07)
Re: Portus, missing certificate validation on proxified https traffic Raphael Geissert (Mar 11)
r . hering
Re: How to deal with reporters who don't want their bugs fixed? r . hering (Jan 22)
Rich Felker
Re: How to deal with reporters who don't want their bugs fixed? Rich Felker (Jan 18)
Ricter Zheng
Re: CVE request: maliciously crafted notebook files in Jupyter Ricter Zheng (Mar 19)
Rohini Palaniswamy
[CVE-2017-15712] Apache Oozie Server vulnerability Rohini Palaniswamy (Feb 15)
Ryan Grove
Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove (Mar 19)
Re: Sanitize <= 4.6.2 HTML injection and XSS Ryan Grove (Mar 20)
Sahil Dhar
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar (Feb 26)
Re: [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls Sahil Dhar (Feb 26)
Salvatore Bonaccorso
Anymail: CVE-2018-6596: timing attack on WEBHOOK_AUTHORIZATION secret Salvatore Bonaccorso (Feb 04)
util-linux: CVE-2018-7738: code execution in bash-completion for umount Salvatore Bonaccorso (Mar 06)
Re: CVE request: maliciously crafted notebook files in Jupyter Salvatore Bonaccorso (Mar 17)
Re: Squirrelmail directory traversal vulnerability allows exfiltrating files from server Salvatore Bonaccorso (Mar 17)
Sandro Gauci
ES2018-05 Kamailio heap overflow Sandro Gauci (Mar 20)
Seaman, Chad
Re: memcached UDP amplification attacks Seaman, Chad (Mar 07)
Re: memcached UDP amplification attacks Seaman, Chad (Mar 08)
Sebastien Briquet
[ANNOUNCE] CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG Editor Sebastien Briquet (Feb 25)
SEC Consult Vulnerability Lab
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip SEC Consult Vulnerability Lab (Feb 08)
Secunia Research
Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Secunia Research (Feb 02)
Secunia Research: Linux Kernel USB over IP Information Disclosure Vulnerability Secunia Research (Feb 02)
Seth Arnold
[cve-request () mitre org: Re: [scr479280] sqlite3 - all; fix is in source control but not yet released] Seth Arnold (Mar 16)
Simon McVittie
Re: KDE Notification URI Loading Issues Simon McVittie (Feb 05)
Re: Own on install. How grave it is? Simon McVittie (Jan 09)
Slavco Mihajloski
Authentication bypass mainwp-child < 3.4.5 Slavco Mihajloski (Mar 06)
Solar Designer
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Mar 25)
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Feb 22)
Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Solar Designer (Feb 23)
Re: Fwd: [scr485440] 5 Samsung CVEs Solar Designer (Mar 30)
LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Feb 18)
Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage() case rfbClientCutText doesn't sanitize msg.cct.length Solar Designer (Feb 18)
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
Re: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip Solar Designer (Feb 08)
review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Solar Designer (Feb 22)
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
Stefan Bodewig
[CVE-2018-1324] Apache Commons Compress denial of service vulnerability Stefan Bodewig (Mar 16)
Stefan Pietsch
Re: Path traversal flaws in awstats 7.6 and earlier. Stefan Pietsch (Jan 07)
Stiepan
Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 27)
Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 26)
Sydream Labs
[CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability Sydream Labs (Mar 15)
Taher Alkhateeb
"[SECURITY] CVE-2017-15714 Apache OFBiz BIRT code vulnerability" Taher Alkhateeb (Jan 04)
Tavis Ormandy
transmission: rpc session-id mechanism design flaw results in RCE Tavis Ormandy (Jan 11)
Re: How to deal with reporters who don't want their bugs fixed? Tavis Ormandy (Jan 20)
Re: transmission: rpc session-id mechanism design flaw results in RCE Tavis Ormandy (Jan 11)
Thomas Kluyver
Re: CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver (Mar 18)
CVE request: maliciously crafted notebook files in Jupyter Thomas Kluyver (Mar 15)
Thomas Voegtlin
JSONRPC vulnerability in Electrum 2.6 to 3.0.4 Thomas Voegtlin (Jan 10)
Tim Allison
CVE-2017-12626 – Denial of Service Vulnerabilities in Apache POI < 3.17 Tim Allison (Jan 26)
Tim Graham
Django security releases issued: 2.0.3, 1.11.11, and 1.8.19 Tim Graham (Mar 06)
Tomas Hoger
Re: memcached UDP amplification attacks Tomas Hoger (Mar 07)
MySQL sha256_password authentication plugin DoS issues Tomas Hoger (Jan 17)
Tomer Brisker
Foreman 1.9+ SQL injection in dashboard page Tomer Brisker (Mar 28)
Tristan Henning
Re: Re: How to deal with reporters who don't want their bugs fixed? Tristan Henning (Jan 22)
up201407890
Terminal Control Chars up201407890 (Mar 05)
Vladis Dronov
CVE-2018-7492: Linux kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() Vladis Dronov (Feb 27)
CVE-2018-1068: Linux kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets Vladis Dronov (Mar 16)
CVE-2018-1049: systemd: automount: access to automounted volumes can lock up Vladis Dronov (Jan 19)
CVE-2017-15129: Linux kernel: net: double-free and memory corruption in get_net_ns_by_id() Vladis Dronov (Jan 05)
a number of CVEs for issues in the filesystem's code in the Linux kernel Vladis Dronov (Mar 29)
CVE-2018-1091: Linux kernel: a KVM guest kernel crash during core dump on POWER9 host Vladis Dronov (Mar 27)
VMware Security Response Center
Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) VMware Security Response Center (Jan 26)
Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952) VMware Security Response Center (Feb 13)
Wade Mealing
CVE-2018-1066 : kernel - CIFS - Null pointer dereference in ntlmv2 response client crash. Wade Mealing (Mar 05)
Linux kernel: CVE-2018-1065 - netfilter rule insertion may panic system. Wade Mealing (Mar 04)
Xen . org security team
Xen Security Advisory 254 - Information leak via side effects of speculative execution Xen . org security team (Jan 03)
Xen Security Advisory 256 - x86 PVH guest without LAPIC may DoS the host Xen . org security team (Feb 27)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 05)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 11)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 12)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 18)
Xen Security Advisory 255 (CVE-2018-7541) - grant table v2 -> v1 transition may crash Xen Xen . org security team (Mar 01)
Xen Security Advisory 256 (CVE-2018-7542) - x86 PVH guest without LAPIC may DoS the host Xen . org security team (Mar 01)
Xen Security Advisory 253 (CVE-2018-5244) - x86: memory leak with MSR emulation Xen . org security team (Jan 06)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Feb 23)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Feb 23)
Xen Security Advisory 248 (CVE-2017-17566) - x86 PV guests may gain access to internally used pages Xen . org security team (Jan 06)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 12)
Xen Security Advisory 250 (CVE-2017-17564) - improper x86 shadow mode refcount error handling Xen . org security team (Jan 06)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 12)
Xen Security Advisory 253 - x86: memory leak with MSR emulation Xen . org security team (Jan 04)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 17)
Xen Security Advisory 252 - DoS via non-preemptable L3/L4 pagetable freeing Xen . org security team (Feb 27)
Xen Security Advisory 251 (CVE-2017-17565) - improper bug check in x86 log-dirty handling Xen . org security team (Jan 06)
Xen Security Advisory 249 (CVE-2017-17563) - broken x86 shadow mode refcount overflow check Xen . org security team (Jan 06)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 16)
Xen Security Advisory 252 (CVE-2018-7540) - DoS via non-preemptable L3/L4 pagetable freeing Xen . org security team (Mar 01)
Xen Security Advisory 255 - grant table v2 -> v1 transition may crash Xen Xen . org security team (Feb 27)
Xen Security Advisory 254 (CVE-2017-5753,CVE-2017-5715,CVE-2017-5754) - Information leak via side effects of speculative execution Xen . org security team (Jan 03)
XinleiHe
Fw:Re: [scr459004] sfcb - 1.4.9 XinleiHe (Feb 06)
report a vulnerability in sfcb software. XinleiHe (Jan 31)
Yann Ylavic
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 27)
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 26)
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 25)
Yves-Alexis Perez
Re: Stack buffer overflow in WolfSSL before 3.13.0 Yves-Alexis Perez (Mar 26)
Re: How to deal with reporters who don't want their bugs fixed? Yves-Alexis Perez (Jan 18)
zugtprgfwprz
Re: OpenSSL: bug in modular exponentiation zugtprgfwprz (Mar 22)