- EPSS 2.69%
- Veröffentlicht 16.01.2015 16:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.
- EPSS 4.33%
- Veröffentlicht 16.01.2015 16:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
CVE-2015-0220
- EPSS 3.03%
- Veröffentlicht 16.01.2015 16:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL...
CVE-2014-9496
- EPSS 0.58%
- Veröffentlicht 16.01.2015 16:59:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2014-9471
- EPSS 7.09%
- Veröffentlicht 16.01.2015 16:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date comman...
- EPSS 5.21%
- Veröffentlicht 15.01.2015 15:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
CVE-2014-8150
- EPSS 6.81%
- Veröffentlicht 15.01.2015 15:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
CVE-2014-9585
- EPSS 0.56%
- Veröffentlicht 09.01.2015 21:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the ...
CVE-2014-9584
- EPSS 0.46%
- Veröffentlicht 09.01.2015 21:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel...
CVE-2014-9529
- EPSS 0.34%
- Veröffentlicht 09.01.2015 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that...