CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8124 – python-django-horizon: denial of service via login page requests
https://notcve.org/view.php?id=CVE-2014-8124
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. OpenStack Dashboard (Horizon) anterior a 2014.1.3 y 2014.2.x anterior a 2014.2.1 no maneja correctamente los archivos de sesiones cuando utiliza un motor de sesión db o memcached, lo que permite a atacantes remotos causar una denegación de servicio a través de un número grande de solicitudes en la página de inicio de sesión. A denial of service flaw was found in the OpenStack Dashboard (horizon) when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-0839.html http://rhn.redhat.com/errata/RHSA-2015-0845.html http://secunia.com/advisories/61186 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugs.launchpad.net/horizon/+bug/1394370 https:&#x • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9066
https://notcve.org/view.php?id=CVE-2014-9066
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. Xen 4.4.x y versiones anteriores, cuando utiliza un gran número de VCPUs, no maneja adecuadamente los bloqueos de lectura y escritura, lo que permite a usuarios invitados x86 locales causar una denegación de servicio (denegación de escritura o tiempo de espera agotado del watchdog NMI y caida de host) a través de un gran número de peticiones de lectura, una vulnerabilidad diferente a CVE-2014-9065. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71546 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9065
https://notcve.org/view.php?id=CVE-2014-9065
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. common/spinlock.c en Xen 4.4.x y anteriores no maneja correctamente los bloqueos de lectura y escritura, lo que permite a usuarios locales invitados de x86 causar una denegación de servicio (denegación de escritura o fin de sesión de la vigilancia NMI y caída del anfitrión) a través de un número grande de solicitudes de lectura, una vulnerabilidad diferente a CVE-2014-9066. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://www.openwall.com/lists/oss-security/2014/12/08/4 http://www.securityfocus.com/bid/71544 http://xenbits.xen.org/xsa/advisory-114.html https://security.gentoo.org/glsa/201504-04 • CWE-17: DEPRECATED: Code •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 2CVE-2014-9273 – hivex: missing checks for small-sized files
https://notcve.org/view.php?id=CVE-2014-9273
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. lib/handle.c en Hivex anterior a 1.3.11 permite a usuarios locales ejecutar código arbitrario y ganar privilegios a través de un fichero de hive pequeño, lo que provoca una lectura o escritura fuera de rango. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0301.html http://rhn.redhat.com/errata/RHSA-2015-1378.html http://secunia.com/advisories/62792 http://www.openwall.com/lists/oss-security/2014/11/25/6 http://www.openwall.com/lists/oss-security/2014/12/04/14 http://www.securityfocus.com/bid/71279 https://bugzilla.redhat.com/show_bug.cgi?id=1167756 https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2014-9220
https://notcve.org/view.php?id=CVE-2014-9220
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html http://openwall.com/lists/oss-security/2014/11/30/2 http://www.openvas.org/OVSA20141128.html https://www.alienvault.com/forums/discussion/4415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •