Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are vulnerable to SQL injection if untrusted data is used as a kind/lookupname value. Applications that restrict the choice of lookup names and kinds to a known safe list are not...

python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments

A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...

DEBIAN-CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

PYSEC-2022-213

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

PYSEC-2022-213

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

UBUNTU-CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

The vulnerability of the ntfs inode_lookup_by_name function in the NTFS file system driver for the FUSE NTFS-3G module relates to writing beyond the buffer boundaries in memory. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ntfs inodelookupbyname function in the NTFS file system driver for the FUSE NTFS-3G module is related to the lack of length checking for attributes. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service...

UBUNTU-CVE-2021-39256

A crafted NTFS image can cause a heap-based buffer overflow in ntfsinodelookupbyname in NTFS-3G 2021.8.22...