Page 37 of 300 results (0.015 seconds)

CVSS: 7.8EPSS: 13%CPEs: 57EXPL: 0

CVE-2015-5143 – Django: possible DoS by filling session store

https://notcve.org/view.php?id=CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. La sesión Backend en Django anteriores a 1.4.21, de 1.5.x hasta 1.6.x, 1.7.x anteriores a 1.7.9 y 1.8.x anteriores a 1.8.3, permite a un atacante causar una denegación de servicios mediante el consumo de almacenamiento de sesión a través de múltiples peticiones con una única clave de sesión. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html http://rhn.redhat.com/errata/RHSA-2015-1678.html http://rhn.redhat.com/errata/RHSA-2015-1686.html http://www.debian.org/security/2015/dsa-3305 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75666 http://www.s • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

CVE-2015-1819 – libxml2: denial of service processing a crafted XML document

https://notcve.org/view.php?id=CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-2726

https://notcve.org/view.php?id=CVE-2015-2726

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://www.mozilla.org/security/announce/2015/mfsa2015-59.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0

CVE-2015-2730 – NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)

https://notcve.org/view.php?id=CVE-2015-2730

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros productos, no realiza correctamente las multiplicaciones Elliptical Curve Cryptography (ECC), lo que facilita a atacantes remotos falsificar firmas ECDSA a través de vectores no especificados. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://rhn.redhat.com/errata/RHSA-2015-1699.html http://www.debian.org&#x • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-2742

https://notcve.org/view.php?id=CVE-2015-2742

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream. Mozilla Firefox anterior a 39.0 en OS X incluye información de prensa clave nativa durante el registro de caídas, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento de el acceso a un flujo de datos de informes de caídas. • http://www.mozilla.org/security/announce/2015/mfsa2015-68.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75541 http://www.securitytracker.com/id/1032783 https://bugzilla.mozilla.org/show_bug.cgi?id=1138669 https://security.gentoo.org/glsa/201512-10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •