GHSA-F2F3-9CX3-WCMF Ella Core panics when processing a crafted NGAP LocationReport message

Summary Ella Core panics when processing a specially crafted NGAP LocationReport message. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Fix Add guards in NGAP Location Report handler...

EUVD-2019-7438

Malware in sbrugna...

Django Might Allow CSRF Requests via URL Verification

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

CVE-2014-0162

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

UBUNTU-CVE-2014-0162

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

Design/Logic Flaw

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

CVE-2011-4138

Affected software: Django prior to 1.2.7 and 1.3.x prior to 1.3.1. The verify_exists URLField validation tests a URL with HEAD, but on redirects uses GET to the redirected target, potentially causing unwanted GET requests with an unintended source IP via a crafted Location header. Impact: potenti...