CVE-2015-3982

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

CVE-2015-3982

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

[SECURITY] [DLA 91-2] tomcat6 regression update

Package : tomcat6 Version : 6.0.41-2+squeeze6 This update fixes a "NoSuchElementException" when an XML attribute has an empty string as value...

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

ruby: denial of service

CPU exhaustion can occur as a result of recursive expansion with an empty string. When reading text nodes from an XML document, the REXML parser can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service...

CVE-2009-5072

Memory leak in the ldapexplodedn function in IBM Tivoli Directory Server TDS 6.0 before 6.0.0.61 aka 6.0.0.8-TIV-ITDS-IF0003 allows remote authenticated users to cause a denial of service memory consumption via an empty string argument...