665 matches found
CVE-2015-5143
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...
CVE-2015-5143
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...
DOS by filling session store
The session backends created a new empty record in the session storage anytime request.session was accessed and there was a session key provided in the request cookies that didn't already have a session record. This could allow an attacker to easily create many new session records simply by sendi...
FreeBSD : xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends (0d732fd1-27e0-11e5-a4a5-002590263bf5)
The Xen Project reports : When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these...
CVE-2015-5143
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...
UBUNTU-CVE-2015-5143
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...
Fedora 22 : xen-4.5.0-6.fc22 (2015-3935)
Additional patch for XSA-98 on arm64 HVM qemu unexpectedly enabling emulated VGA graphics backends XSA-119, CVE-2015-2152 Hypervisor memory corruption due to x86 emulator flaw XSA-123, CVE-2015-2151 Information leak via internal x86 system device emulation, Information leak through version...
CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
Default credentials
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
[SECURITY] Fedora 20 Update: cups-filters-1.0.53-6.fc20
Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrintin...
[SECURITY] Fedora 21 Update: cups-filters-1.0.66-1.fc21
Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrintin...
HVM qemu unexpectedly enabling emulated VGA graphics backends
ISSUE DESCRIPTION When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these default...
RedHat Update for cups-filters RHSA-2014:1795-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: cups-filters security update
Updated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
xen: security and bugfix update (important)
XEN was updated to fix security issues and bugs. Security issues fixed: - bnc897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc895799 - CVE-2014-7155:...
DEBIAN-CVE-2014-0485
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...
DEBIAN-CVE-2014-0139
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...
IP address wildcard certificate validation
libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. RFC 2818 covers the requirements for matching Common Names CNs and subjectAltNames in order to establish valid SSL connections. It first discusses CNs that are for hostnames, and the rules for wildcards in th...
[SECURITY] Fedora 19 Update: catfish-0.4.0.2-4.fc19
A handy file search tool using different backends which is configurable via the command line. This program acts as a frontend for different file search engines. The interface is intentionally lightweight and simple. But it takes configuration options from the command line...