CVSS: 5.3EPSS: 8%CPEs: 18EXPL: 1CVE-2015-0221 – Ubuntu Security Notice USN-2469-1
https://notcve.org/view.php?id=CVE-2015-0221
14 Jan 2015 — The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. La visualización django.views.static.serve en Django anterior a 1.4.18, 1.6.x anterior a 1.6.10, y 1.7.x anterior a 1.7.3 lee ficheros por líneas enteras, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una lí... • http://advisories.mageia.org/MGASA-2015-0026.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 4%CPEs: 18EXPL: 0CVE-2015-0222 – Ubuntu Security Notice USN-2469-1
https://notcve.org/view.php?id=CVE-2015-0222
14 Jan 2015 — ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. ModelMultipleChoiceField en Django 1.6.x anterior a 1.6.10 y 1.7.x anterior a 1.7.3, cuando show_hidden_initial está configurado a 'True', permite a atacantes remotos causar una denegación de servicio mediante la presentación de valores duplicados, lo que provo... • http://advisories.mageia.org/MGASA-2015-0026.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 5%CPEs: 8EXPL: 2CVE-2014-8738 – binutils: out of bounds memory write
https://notcve.org/view.php?id=CVE-2014-8738
14 Jan 2015 — The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. La función _bfd_slurp_extended_name_table en bfd/archive.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura inválida, fallo de segmentación y caída) a través de una tabla extendida de nombres manipulada en un ar... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 0CVE-2014-9529 – kernel: use-after-free during key garbage collection
https://notcve.org/view.php?id=CVE-2014-9529
09 Jan 2015 — Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Condición de carrera en la función key_gc_unused_keys en security/keys/gc.c en el kernel de Linux hasta 3.18.2 permite a usuarios locales causar una denegación de servicio (corrupción ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 41EXPL: 0CVE-2014-9584 – kernel: isofs: unchecked printing of ER records
https://notcve.org/view.php?id=CVE-2014-9584
09 Jan 2015 — The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 4%CPEs: 119EXPL: 0CVE-2014-8150 – curl: URL request injection vulnerability in parseurlandfillconn()
https://notcve.org/view.php?id=CVE-2014-8150
09 Jan 2015 — CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. Vulnerabilidad de inyección CRLF en libcurl 6.0 hasta 7.x anterior a 7.40.0, cuando utiliza un proxy HTTP, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través de secuencias de CRLF en una URL. It was discovered tha... • http://advisories.mageia.org/MGASA-2015-0020.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 26%CPEs: 17EXPL: 0CVE-2014-8109 – Ubuntu Security Notice USN-2523-1
https://notcve.org/view.php?id=CVE-2014-8109
29 Dec 2014 — mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a se... • http://advisories.mageia.org/MGASA-2015-0011.html • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
16 Dec 2014 — The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) a... • http://advisories.mageia.org/MGASA-2014-0536.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 5%CPEs: 13EXPL: 5CVE-2014-9322 – Linux Kernel - 'BadIRET' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9322
16 Dec 2014 — arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.17.5 no maneja correctamente los fallos asociados con el registro de segmento Stack Segment (SS), lo que permite a usuarios locales ganar privilegios mediante... • https://packetstorm.news/files/id/130593 • CWE-269: Improper Privilege Management CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 7.5EPSS: 19%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
15 Dec 2014 — The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflo... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •