cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...

PowerDNS Improper Input Validation Vulnerability

PowerDNS is a cross-platform open source DNS service component of the Dutch company PowerDNS , it supports the use of Access mdb files to record DNS information in Windows systems , in Linux/Unix systems to use MySQL to record DNS information.DNSSEC validators components DNSSEC validators compone...

CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

DEBIAN-CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

UBUNTU-CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

Session fixation

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend Framework 2.2.x prior to 2.2.9 and 2.3.x prior to 2.3.4 are vulnerable in Zend\Session/SessionManager to a session validation bypass that allows remote attackers to create valid sessions without session validators. Root cause: improper session validation logic in SessionManager. Impact: pote...

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

Zend Framework < 2.2.9 / 2.3.x < 2.3.4 Session Validators Security Bypass

Binary data 9141.prm...

GLSA-201510-06 : Django: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201510-06 Django: Multiple vulnerabilities Multiple vulnerabilities have been found in Django: Session backends create a new record anytime request.session was accessed CVE-2015-5143 Built-in validators in Django do not properly...

Fedora 21 : php-ZendFramework2-2.4.8-1.fc21 (2015-16032)

Zend Framework 2.4.8 Security Update ZF2015-07: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created...

Debian DLA-272-1 : python-django security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...

[SECURITY] [DLA 272-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze13 CVE ID : CVE-2015-2317 CVE-2015-5143 CVE-2015-5144 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web developmen...

Header injection via multi-lines input

Some built-in validators django.core.validators.EmailValidator, most seriously don't prohibit newline characters due to the usage of $ instead of \Z in the regular expressions. If you use values with newlines in HTTP response or email headers, you can suffer from header injection attacks...

Debian DSA-3305-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...