oss-sec: by author
284 messages
starting Aug 22 18 and
ending Aug 28 18
Date index |
Thread index |
Author index
Alan Coopersmith
Fwd: X.Org security advisory: August 22, 2018 Alan Coopersmith (Aug 22)
Alexander Gerus
Apache Ignite: CVE-2018-8018, CVE-2018-1273, CVE-2018-1274: Notification on available mitigation Alexander Gerus (Sep 26)
Alexander Potapenko
Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko (Jul 03)
Alexey Sokolov
CVE-2018-14056: path traversal in ZNC Alexey Sokolov (Jul 18)
CVE-2018-14055: privilege escalation in ZNC Alexey Sokolov (Jul 18)
Alex Gaynor
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Alex Gaynor (Aug 21)
Alex R
CVE-2018-1330: Libprocess might crash when decoding malformed HTTP requests or malformed JSON payload. Alex R (Sep 13)
CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Alex R (Sep 21)
AmitB
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? AmitB (Aug 22)
Amos Jeffries
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Amos Jeffries (Aug 09)
Re: Rule for releasing fixes for embargoed bugs Amos Jeffries (Aug 17)
Andrea Cosentino
[SECURITY] New security advisory CVE-2018-8027 released for Apache Camel Andrea Cosentino (Jul 31)
[SECURITY] New security advisory CVE-2018-8041 released for Apache Camel Andrea Cosentino (Sep 12)
Andrey Konovalov
Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 09)
Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 02)
Andrus Adamchik
CVE-2018-11758: Apache Cayenne XXE Vulnerability in CayenneModeler GUI tool Andrus Adamchik (Aug 22)
Antonio Diaz Diaz
Re: Heap-based buffer overflow in zutils zcat Antonio Diaz Diaz (Aug 23)
Ariel Zelivansky
Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Ariel Zelivansky (Sep 22)
Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Ariel Zelivansky (Sep 25)
Ash Berlin-Taylor
CVE-2017-12614 XSS Vulnerability in Airflow < 1.9 Ash Berlin-Taylor (Aug 06)
Ben Hutchings
Re: Heap-based buffer overflow in zutils zcat Ben Hutchings (Aug 22)
Heap-based buffer overflow in zutils zcat Ben Hutchings (Aug 05)
Bobby Evans
CVE-2018-1331: Apache Storm remote code execution vulnerability Bobby Evans (Jul 10)
Bob Friesenhahn
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 21)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 22)
Brandon Perry
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Brandon Perry (Sep 04)
Bryan Call
[ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022 Bryan Call (Aug 29)
[ANNOUNCE] Apache Traffic Server vulnerability with header variable access in the ESI plugin - CVE-2018-8040 Bryan Call (Aug 29)
[ANNOUNCE] Apache Traffic Server vulnerability with multi-range requests - CVE-2018-8005 Bryan Call (Aug 29)
[ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318 Bryan Call (Aug 29)
[ANNOUNCE] Apache Traffic Server vulnerability with multiple HTTP smuggling and cache poisoning attacks - CVE-2018-8004 Bryan Call (Aug 29)
Re: [ANNOUNCE] Apache Traffic Server vulnerability with header variable access in the ESI plugin - CVE-2018-8040 Bryan Call (Aug 29)
Cedric Buissart
cobbler CVE-2018-10931: CobblerXMLRPCInterface exports internal only functions over XMLRPC Cedric Buissart (Aug 09)
chbi
CVE-2018-12642: Incorrect Access Control of tickets in Froxlor <= 0.9.39.5 chbi (Sep 19)
Re: Stored XSS vulnerabilities in Tiki <= 18.1 chbi (Aug 02)
Stored XSS vulnerabilities in Tiki <= 18.1 chbi (Aug 02)
Chris Coulson
CVE-2018-14424: Use-after-free in GDM Chris Coulson (Aug 14)
Christopher Shannon
[ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
Colm O hEigeartaigh
Apache CXF Fediz 1.4.4 is released Colm O hEigeartaigh (Jul 04)
Damien Miller
About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller (Aug 24)
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller (Aug 26)
Re: Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller (Aug 25)
Daniel Beck
Multiple vulnerabilities in Jenkins Daniel Beck (Aug 15)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Jul 18)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 30)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 31)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 25)
Multiple vulnerabilities in Jenkins Daniel Beck (Jul 18)
Daniel Kahn Gillmor
Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 28)
Re: tdesktop leaks user IP address Daniel Kahn Gillmor (Sep 12)
Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 31)
Daniel Stenberg
[SECURITY ADVISORY] curl: NTLM password overflow via integer overflow Daniel Stenberg (Sep 04)
[SECURITY ADVISORY] curl SMTP send heap buffer overflow Daniel Stenberg (Jul 10)
Dariusz Tytko
Re: OpenSSH Username Enumeration Dariusz Tytko (Aug 23)
Re: OpenSSH Username Enumeration Dariusz Tytko (Aug 17)
Dave Cottlehuber
CVE-2018-8007: Apache CouchDB administrative privilege escalation Dave Cottlehuber (Jul 11)
Dave Horsfall
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Dave Horsfall (Aug 09)
David Karlsen
Re: Apache CXF 3.2.6 and 3.1.16 are released David Karlsen (Jul 02)
Davidlohr Bueso
Linux kernel: potential local priviledge escalation bug in vmacache code Davidlohr Bueso (Sep 18)
David T.
Re: CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) David T. (Aug 15)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) David T. (Aug 09)
Denis Magda
[CVE-2018-8018] Possible Execution of Arbitrary Code via Apache Ignite GridClientJdkMarshaller Denis Magda (Jul 19)
[CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons Denis Magda (Jul 19)
Dhiraj Mishra
tdesktop leaks user IP address Dhiraj Mishra (Sep 11)
Telegram uses SOCKS5 to share user/creds Dhiraj Mishra (Sep 27)
tdesktop 1.3.14: index out of range Dhiraj Mishra (Sep 19)
Dominique Martinet
Re: Rule for releasing fixes for embargoed bugs Dominique Martinet (Aug 17)
Rule for releasing fixes for embargoed bugs Dominique Martinet (Aug 17)
Doran Moppert
spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Doran Moppert (Aug 16)
Emilio Pozuelo Monfort
Re: CVE request: Wesnoth arbitrary code execution/sandbox escape Emilio Pozuelo Monfort (Jul 20)
Emmanuel Lecharny
[Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel Emmanuel Lecharny (Jul 10)
Florian Bruhin
CVE-2018-10895: Remote code execution due to CSRF in qutebrowser Florian Bruhin (Jul 11)
Florian Weimer
Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Florian Weimer (Aug 17)
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Florian Weimer (Aug 28)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Florian Weimer (Aug 22)
Frank Morgner
OpenSC release 0.19.0 Frank Morgner (Sep 13)
Frediano Ziglio
Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Frediano Ziglio (Aug 17)
Georgi Guninski
coverity scan of qmail -- 53 potential defects (with false positives) Georgi Guninski (Jul 03)
Greg KH
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH (Aug 28)
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH (Jul 10)
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH (Aug 28)
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH (Jul 06)
Re: Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH (Jul 11)
Re: CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS Greg KH (Aug 28)
Guillaume Quéré
Cleartext passwords external services in Squash TM's web interface Guillaume Quéré (Sep 13)
halfdog
Re: Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 halfdog (Jul 12)
Hanno Böck
haskell-tls: Inconsistencies in answers to RSA errors (possiby Bleichenbacher/ROBOT attack) Hanno Böck (Sep 15)
Squirrelmail XSS security fix Hanno Böck (Jul 26)
Fw: New cabextract 1.7 and libmspack 0.7 release Hanno Böck (Jul 26)
Henri Salo
Re: Requesting CVE number for Qt Creator / Botan issue Henri Salo (Aug 06)
Iris Morelle
CVE request: Wesnoth arbitrary code execution/sandbox escape Iris Morelle (Jul 20)
Re: CVE request: Wesnoth arbitrary code execution/sandbox escape Iris Morelle (Jul 22)
Jakub Wilk
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Jakub Wilk (Sep 06)
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 20)
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
Travis CI MITM RCE Jakub Wilk (Aug 25)
Jean-Baptiste Onofré
[SECURITY] New security advisory for CVE-2018-11787 released for Apache Karaf Jean-Baptiste Onofré (Sep 18)
[SECURITY] New security advisory for CVE-2018-11786 released for Apache Karaf Jean-Baptiste Onofré (Sep 18)
Jeffrey Walton
Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Jeffrey Walton (Aug 17)
Jens Timmerman
Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jens Timmerman (Aug 08)
Jeremy Choi
perl Crypt::JWT vulnerability Jeremy Choi (Sep 07)
Jeremy Stanley
Re: Travis CI MITM RCE Jeremy Stanley (Aug 26)
Re: bounties Jeremy Stanley (Sep 25)
Joan Touzet
CVE-2018-11769: Apache CouchDB Remote Code Execution (affects versions 1.x and ≤2.1.2) Joan Touzet (Aug 08)
Jonathan Gallimore
CVE-2018-8031 Apache TomEE Webapp XSS Jonathan Gallimore (Jul 23)
Jouni Malinen
Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jouni Malinen (Aug 08)
Unauthenticated EAPOL-Key decryption in wpa_supplicant Jouni Malinen (Aug 08)
Justin Bull
[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper Justin Bull (Jul 17)
Justin Ferguson
Re: bounties Justin Ferguson (Sep 26)
bounties Justin Ferguson (Sep 25)
Re: Pointer misuse unziping files with busybox Justin Ferguson (Jul 29)
Kevin A. McGrail
[SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Kevin A. McGrail (Sep 16)
Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Kevin A. McGrail (Sep 17)
Kristian Fiskerstrand
Statistics for distros lists updated for Q2 Kristian Fiskerstrand (Jul 04)
Kurt H Maier
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Kurt H Maier (Aug 09)
Larry W. Cashdollar
Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Larry W. Cashdollar (Sep 11)
Leo Famulari
Re: Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Leo Famulari (Sep 17)
Leonardo Taccari
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
Leonid Isaev
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
Lubomir Rintel
CVE-2018-10900: NetworkManager-vpnc-1.2.4 local privilege escalation Lubomir Rintel (Jul 20)
Luke Hinds
[OSSN-0084] Data retained after deletion of a ScaleIO volume Luke Hinds (Jul 10)
Marcus Meissner
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Aug 28)
Re: Rule for releasing fixes for embargoed bugs Marcus Meissner (Aug 17)
Re: Another OpenSSH "user enumeration" Marcus Meissner (Aug 28)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Sep 03)
CVE-2018-14722: btrfsmaintenance: Code execution Marcus Meissner (Aug 14)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Sep 06)
Re: Re: Ghostscript 9.24 issues Marcus Meissner (Sep 10)
Re: CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) Marcus Meissner (Aug 15)
Mark Cox
CVE-2018-8011: Apache HTTP Server mod_md DoS Mark Cox (Jul 18)
CVE-2018-1333: Apache HTTP Server HTTP/2 DoS Mark Cox (Jul 18)
Mateusz Lenik
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Mateusz Lenik (Aug 23)
Matthew Daley
Re: OpenSSH Username Enumeration Matthew Daley (Aug 16)
Matthew Garrett
Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett (Aug 08)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett (Aug 09)
Matthew Thode
[OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432) Matthew Thode (Jul 25)
Matthias Gerstner
Re: cinnamon: possible symlink attack in cinnamon-settings-users.py Matthias Gerstner (Jul 02)
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)
accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
blueman before version 2.0.6 is not enforcing authorization for polkit action org.blueman.network.setup Matthias Gerstner (Jul 31)
Using quilt on untrusted RPM spec files Matthias Gerstner (Sep 27)
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
cinnamon: possible symlink attack in cinnamon-settings-users.py Matthias Gerstner (Jul 02)
polkit: CVE-2018-1116: polkitd trusting client-supplied UID allows spoofed authentication dialogs Matthias Gerstner (Jul 11)
Matthieu Herrb
X.Org security advisory: August 21, 2018 Matthieu Herrb (Aug 21)
Michael Catanzaro
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 Michael Catanzaro (Sep 28)
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 Michael Catanzaro (Aug 08)
Michael McNally
CVE-2018-5739: ISC Kea 1.4.0 failure to release memory may exhaust system resources Michael McNally (Jul 11)
ISC has issued new patch releases of BIND Michael McNally (Sep 19)
CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named Michael McNally (Aug 08)
BIND Operational Notification: Extremely large zone transfers can result in corrupted journal files or server process termination Michael McNally (Jul 04)
Nikolaus Rath
[CVE-2018-10906] libfuse: restriction bypass of the "allow_other" option when SELinux is active Nikolaus Rath (Jul 24)
Perry E. Metzger
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Aug 27)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Sep 05)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Sep 05)
Petr Špaček
Knot Resolver 2.4.1 security release Petr Špaček (Aug 09)
Phil Pennock
Re: Travis CI MITM RCE Phil Pennock (Aug 26)
P J P
CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write P J P (Sep 02)
CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads P J P (Aug 28)
Qualys Security Advisory
Re: OpenSSH Username Enumeration Qualys Security Advisory (Aug 23)
Another OpenSSH "user enumeration" Qualys Security Advisory (Aug 27)
Integer overflow in Linux's create_elf_tables() (CVE-2018-14634) Qualys Security Advisory (Sep 25)
OpenSSH Username Enumeration Qualys Security Advisory (Aug 15)
Rajini Sivaram
CVE-2017-12610: Authenticated Kafka clients may impersonate other users Rajini Sivaram (Jul 26)
CVE-2018-1288: Authenticated Kafka clients may interfere with data replication Rajini Sivaram (Jul 26)
Randy Barlow
Re: Using quilt on untrusted RPM spec files Randy Barlow (Sep 28)
Reindl Harald
Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Reindl Harald (Sep 17)
Re: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 Reindl Harald (Sep 17)
Reinis Rozitis
RE: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Reinis Rozitis (Aug 09)
Robert Levas
CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out in Apache Ambari Robert Levas (Jul 18)
Rodric Rabbah
[CVE] CVE-2018-11756 PHP Runtime for Apache OpenWhisk Rodric Rabbah (Jul 20)
[CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk Rodric Rabbah (Jul 20)
Ruikai Liu
Fastbin double free in MP4v2 2.0.0 Ruikai Liu (Jul 13)
Integer underflow/overflow in MP4v2 2.0.0 Ruikai Liu (Jul 16)
Type confusion in MP4v2 2.0.0 Ruikai Liu (Jul 17)
Out-of-bounds memory access in MP4v2 2.0.0 Ruikai Liu (Jul 18)
Salvatore Bonaccorso
Re: Pointer misuse unziping files with busybox Salvatore Bonaccorso (Jul 26)
Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso (Sep 19)
Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso (Sep 19)
Re: Fw: New cabextract 1.7 and libmspack 0.7 release Salvatore Bonaccorso (Jul 28)
Re: OpenSSH Username Enumeration Salvatore Bonaccorso (Aug 17)
SBA Research Advisory
[SBA-ADV-20180420-01] CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal SBA Research Advisory (Sep 17)
[SBA-ADV-20180425-01] CVE-2015-5243 rediscovered: phpWhois before 5.1.0 PHP Code Injection SBA Research Advisory (Aug 01)
scrumpyjack
CVE-2018-5740 BIND (named vuln) and bad OVAL dict file maintenance scrumpyjack (Sep 20)
Sean Owen
CVE-2018-8024 Apache Spark XSS vulnerability in UI Sean Owen (Jul 12)
CVE-2018-1334 Apache Spark local privilege escalation vulnerability Sean Owen (Jul 12)
CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication Sean Owen (Aug 13)
Sergio Peña
[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive Sergio Peña (Aug 23)
Siddharth Sharma
glusterfs: multiple flaws Siddharth Sharma (Sep 04)
Simon McVittie
Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Simon McVittie (Aug 09)
Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
sjw
Another "user enumeration" in Dropbear sjw (Aug 27)
Solar Designer
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer (Aug 26)
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer (Aug 25)
Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer (Aug 24)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
Re: bounties Solar Designer (Sep 25)
Re: ISC has issued new patch releases of BIND Solar Designer (Sep 20)
Re: bounties Solar Designer (Sep 26)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
Re: tdesktop 1.3.14: index out of range Solar Designer (Sep 19)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Solar Designer (Sep 10)
Re: OpenSSH Username Enumeration Solar Designer (Aug 23)
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Solar Designer (Jul 06)
Stefan Bodewig
[CVE-2018-11771] Apache Commons Compress 1.7 to 1.17 denial of service vulnerability Stefan Bodewig (Aug 16)
Stéphane Graber
CVE-2018-6556: lxc-user-nic allows for open() of arbitrary paths Stéphane Graber (Aug 06)
Stiepan
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
Stuart D. Gathman
Re: tdesktop 1.3.14: index out of range Stuart D. Gathman (Sep 19)
Stuart Gathman
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Stuart Gathman (Sep 05)
Tavis Ormandy
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 05)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
Re: Ghostscript 9.24 issues Tavis Ormandy (Sep 09)
Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 27)
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 09)
Terry Chia
Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Terry Chia (Sep 23)
Thiago Macieira
Requesting CVE number for Qt Creator / Botan issue Thiago Macieira (Aug 06)
Tim Allison
[CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app Tim Allison (Sep 19)
[CVE-2018-8017] Apache Tika Denial of Service Vulnerability -- Potential Infinite Loop in IptcAnpaParser Tim Allison (Sep 19)
[CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability Tim Allison (Sep 19)
Tim Graham
Django security releases issued: 1.11.15 and 2.0.8 Tim Graham (Aug 01)
Tyler Hicks
CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free Tyler Hicks (Sep 04)
Uwe Schindler
[SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext) Uwe Schindler (Jul 04)
vines
Re: Travis CI MITM RCE vines (Aug 31)
Vladis Dronov
CVE-2018-13405: Linux kernel: fs/inode.c:inode_init_owner() function mishandled a file creation in setgid directories Vladis Dronov (Jul 13)
CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() Vladis Dronov (Sep 18)
CVE-2018-14633: Linux kernel: security flaw in iscsi target code Vladis Dronov (Sep 24)
CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) Vladis Dronov (Aug 14)
CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS Vladis Dronov (Aug 27)
Re: CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free Vladis Dronov (Sep 05)
Re: Linux kernel: potential local priviledge escalation bug in vmacache code Vladis Dronov (Sep 19)
Wade Mealing
Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Wade Mealing (Sep 03)
CVE-2018-10902 - linux kernel - double free in midi subsystem Wade Mealing (Aug 20)
Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Wade Mealing (Aug 27)
will martin
Re: [SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext) will martin (Jul 04)
X41 D-Sec GmbH Advisories
X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX X41 D-Sec GmbH Advisories (Sep 19)
X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty X41 D-Sec GmbH Advisories (Sep 19)
X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv X41 D-Sec GmbH Advisories (Aug 14)
Xen . org security team
Xen Security Advisory 269 v2 - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team (Aug 14)
Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path Xen . org security team (Jul 25)
Xen Security Advisory 271 v2 (CVE-2018-14007) - XAPI HTTP directory traversal Xen . org security team (Aug 14)
Xen Security Advisory 270 v3 (CVE-2018-15471) - Linux netback driver OOB access in hash handling Xen . org security team (Aug 20)
Xen Security Advisory 269 v3 (CVE-2018-15468) - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team (Aug 20)
Xen Security Advisory 272 v3 (CVE-2018-15470) - oxenstored does not apply quota-maxentity Xen . org security team (Aug 20)
Xen Security Advisory 274 v3 (CVE-2018-14678) - Linux: Uninitialized state in x86 PV failsafe callback path Xen . org security team (Aug 15)
Xen Security Advisory 273 v1 (CVE-2018-3620,CVE-2018-3646) - L1 Terminal Fault speculative side channel Xen . org security team (Aug 14)
Xen Security Advisory 268 v3 (CVE-2018-15469) - Use of v2 grant tables may cause crash on ARM Xen . org security team (Aug 20)
Xen Security Advisory 268 v2 - Use of v2 grant tables may cause crash on ARM Xen . org security team (Aug 14)
Xen Security Advisory 272 v2 - oxenstored does not apply quota-maxentity Xen . org security team (Aug 14)
Xen Security Advisory 274 v2 (CVE-2018-14678) - Linux: Uninitialized state in x86 PV failsafe callback path Xen . org security team (Jul 31)
Xen Security Advisory 270 v2 - Linux netback driver OOB access in hash handling Xen . org security team (Aug 14)
Xiami
Re: Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down Xiami (Aug 28)
Yasser Zamani
[ANN] CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Yasser Zamani (Aug 22)
zrlw
mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw (Jul 06)
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw (Jul 11)
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw (Jul 11)
Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw (Jul 06)
zugtprgfwprz
Re: Travis CI MITM RCE zugtprgfwprz (Aug 30)
Re: Travis CI MITM RCE zugtprgfwprz (Sep 01)
Re: Travis CI MITM RCE zugtprgfwprz (Sep 01)
张洪睿
Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down 张洪睿 (Aug 28)