Vulnerabilities > Code
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-30 | CVE-2014-4467 | Code vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. | 4.3 |
2015-01-27 | CVE-2015-1361 | Code vulnerability in Google Chrome platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. | 6.8 |
2015-01-16 | CVE-2015-0222 | Code vulnerability in multiple products ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. | 5.0 |
2015-01-16 | CVE-2015-0219 | Code vulnerability in Djangoproject Django Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. | 5.0 |
2015-01-16 | CVE-2014-6386 | Code vulnerability in Juniper Junos Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix. | 7.8 |
2015-01-16 | CVE-2014-6383 | Code vulnerability in Juniper Junos 13.3/14.1/14.2 The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. | 5.0 |
2014-12-24 | CVE-2014-9222 | Code vulnerability in Allegrosoft Rompager 4.07 AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability. | 10.0 |
2014-12-20 | CVE-2014-9296 | Code vulnerability in NTP The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. | 5.0 |
2014-12-09 | CVE-2014-9066 | Code vulnerability in multiple products Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. | 4.7 |
2014-12-09 | CVE-2014-9065 | Code vulnerability in multiple products common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. | 4.4 |