1089 matches found
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow bsc1257598. CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this...
Security update for cockpit-machines
This update for cockpit-machines fixes the following issues: CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. bsc1257324 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Security update for expat
This update for expat fixes the following issues: CVE-2026-24515: Fixed a null dereference in XMLExternalEntityParserCreate. bsc1257144 CVE-2026-25210: Fixed an integer overflow in doContent. bsc1257496 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...
SUSE CVE-2026-1312
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...
cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)
django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...
GHSA-GVG8-93H5-G6QQ Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...
GHSA-6426-9FV3-65X8 Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...
CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
EUVD-2026-5251
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
Security update for libsodium
This update for libsodium fixes the following issues: CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004041)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004041 advisory. An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003895)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003895 advisory. A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. Tenable has...
CVE-2020-7007
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service...
CVE-2020-7001
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...
CVE-2023-40556
Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...
CVE-2025-49346
Cross-Site Request Forgery CSRF vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through = 5.2...
Django 4.2.x < 4.2.27, 5.0.x < 5.1.15, 5.2.x < 5.2.9 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
CVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
Security update for glib2
This update for glib2 fixes the following issues: CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via gettmpfile bsc1249055 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...