PowerDNS Improper Input Validation Vulnerability

PowerDNS is a cross-platform open source DNS service component of the Dutch company PowerDNS , it supports the use of Access mdb files to record DNS information in Windows systems , in Linux/Unix systems to use MySQL to record DNS information.DNSSEC validators components DNSSEC validators compone...

CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

UBUNTU-CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

DEBIAN-CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

Session fixation

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

CVE-2015-1555

Zend Framework 2.2.x prior to 2.2.9 and 2.3.x prior to 2.3.4 are vulnerable in Zend\Session/SessionManager to a session validation bypass that allows remote attackers to create valid sessions without session validators. Root cause: improper session validation logic in SessionManager. Impact: pote...

Zend Framework < 2.2.9 / 2.3.x < 2.3.4 Session Validators Security Bypass

Binary data 9141.prm...

GLSA-201510-06 : Django: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201510-06 Django: Multiple vulnerabilities Multiple vulnerabilities have been found in Django: Session backends create a new record anytime request.session was accessed CVE-2015-5143 Built-in validators in Django do not properly...

Fedora 21 : php-ZendFramework2-2.4.8-1.fc21 (2015-16032)

Zend Framework 2.4.8 Security Update ZF2015-07: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created...

Debian DLA-272-1 : python-django security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...

[SECURITY] [DLA 272-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze13 CVE ID : CVE-2015-2317 CVE-2015-5143 CVE-2015-5144 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web developmen...

Header injection via multi-lines input

Some built-in validators django.core.validators.EmailValidator, most seriously don't prohibit newline characters due to the usage of $ instead of \Z in the regular expressions. If you use values with newlines in HTTP response or email headers, you can suffer from header injection attacks...

Debian DSA-3305-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...