Total
1214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5964 | 4 Canonical, Djangoproject, Oracle and 1 more | 4 Ubuntu Linux, Django, Solaris and 1 more | 2024-11-21 | N/A |
| The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. | ||||
| CVE-2015-5963 | 4 Canonical, Djangoproject, Oracle and 1 more | 4 Ubuntu Linux, Django, Solaris and 1 more | 2024-11-21 | N/A |
| contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. | ||||
| CVE-2015-5262 | 3 Apache, Canonical, Fedoraproject | 3 Httpclient, Ubuntu Linux, Fedora | 2024-11-21 | N/A |
| http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | ||||
| CVE-2015-5220 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Operations Network, Jboss Wildfly Application Server | 2024-11-21 | N/A |
| The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. | ||||
| CVE-2015-4893 | 2 Oracle, Redhat | 7 Jdk, Jre, Jrockit and 4 more | 2024-11-21 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. | ||||
| CVE-2015-1779 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 8.6 High |
| The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | ||||
| CVE-2015-1420 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. | ||||
| CVE-2015-0221 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2024-11-21 | N/A |
| The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. | ||||
| CVE-2015-0202 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2024-11-21 | N/A |
| The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. | ||||
| CVE-2014-9621 | 1 File Project | 1 File | 2024-11-21 | N/A |
| The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. | ||||
| CVE-2014-9620 | 2 File Project, Redhat | 2 File, Enterprise Linux | 2024-11-21 | N/A |
| The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. | ||||
| CVE-2014-9601 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Opensuse, Solaris and 1 more | 2024-11-21 | N/A |
| Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | ||||
| CVE-2014-8602 | 4 Canonical, Debian, Nlnetlabs and 1 more | 4 Ubuntu Linux, Debian Linux, Unbound and 1 more | 2024-11-21 | N/A |
| iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | ||||
| CVE-2014-8158 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Opensuse and 2 more | 2024-11-21 | N/A |
| Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | ||||
| CVE-2014-7300 | 2 Gnome, Redhat | 6 Gnome-shell, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | ||||
| CVE-2014-3696 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2024-11-21 | N/A |
| nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. | ||||
| CVE-2014-0230 | 3 Apache, Oracle, Redhat | 5 Tomcat, Virtualization, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. | ||||
| CVE-2014-0109 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2024-11-21 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. | ||||
| CVE-2013-6478 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2024-11-21 | N/A |
| gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. | ||||
| CVE-2011-0419 | 10 Apache, Apple, Debian and 7 more | 12 Http Server, Portable Runtime, Mac Os X and 9 more | 2024-11-21 | N/A |
| Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | ||||