Lucene search
K

21203 matches found

Ubuntu
Ubuntu
added 2025/05/07 6:52 p.m.18 views

USN-7501-2: Django vulnerability

USN-7501-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue ...

5.3CVSS6.8AI score0.13969EPSS
Exploits0
OSV
OSV
added 2025/05/07 6:52 p.m.1 views

USN-7501-2 python-django vulnerability

USN-7501-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue ...

5.3CVSS7.2AI score0.13969EPSS
Exploits0References2
OSV
OSV
added 2025/05/07 3:22 p.m.2 views

USN-7501-1 python-django vulnerability

Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

5.3CVSS7.2AI score0.13969EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/05/07 3:22 p.m.13 views

USN-7501-1: Django vulnerability

Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

5.3CVSS6.8AI score0.13969EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/05/07 2:0 p.m.8 views

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS6.8AI score0.13969EPSS
Exploits0References3
OSV
OSV
added 2025/05/07 2:0 p.m.0 views

UBUNTU-CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS7.1AI score0.13969EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/07 12:24 a.m.14 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS6.9AI score0.01812EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.6 views

PT-2025-20317 · Django +5 · Django +5

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.20 Django versions 5.1 through 5.1.8 Django versions 5.2 through 5.2.0 Description: An issue was discovered in Django, where the django.utils.html.strip tags function is vulnerable to a potential...

7.5CVSS6.7AI score0.13969EPSS
Exploits0References61
CNVD
CNVD
added 2025/05/07 12:0 a.m.16 views

Apache Tomcat Input Validation Error Vulnerability (CNVD-2025-10031)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. An input validation error vulnerability exists in Apache Tomcat that stems from improperly neutralizing escape, meta, or control...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1416)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.5AI score0.00494EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1415)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.5AI score0.00494EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.5 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Django vulnerability (USN-7501-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7501-1 advisory. Elias Myllymki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote...

5.3CVSS6.7AI score0.13969EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/06 8:31 p.m.2 views

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/06 6:26 a.m.21 views

Security Bulletin: Location Service for ESRI Component uses multiple vulnerable libraries and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to multiple CVEs

Summary Location Service for ESRI Component uses jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl, cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to CVE-2024-56326, CVE-2024-56201,...

8.8CVSS7.6AI score0.02357EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.6 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1416)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

8.8CVSS7.8AI score0.00494EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.4 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1415)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

8.8CVSS7.8AI score0.00494EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/05 6:49 p.m.19 views

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-56201, CVE-2024-56326].

Summary The jinja2 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-56201, CVE-2024-56326. Vulnerability Details CVEID:CVE-2024-56201 DESCRIPTION: Jinja is an extensible templating engine. In versions on the 3.x bran...

8.8CVSS7AI score0.005EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/05/05 4:15 p.m.13 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS0.01812EPSS
Exploits0References4
OSV
OSV
added 2025/05/05 4:15 p.m.4 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS5.8AI score0.01812EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/05 12:0 a.m.7 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

7.2CVSS9.4AI score0.01812EPSS
Exploits0References2
Rows per page
Query Builder