1277 matches found
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
Django < 3.2.23, 4.1.x < 4.1.13, 4.2.x < 4.2.7 DoS Vulnerability - Windows
Django is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; ...
Rocky Linux 8 : python27:2.7 (RLSA-2019:0981)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:0981 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. CVE-2019-7164 - SQLAlchemy 1.2.17 has SQL Injectio...
Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23
This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—theyre spying on each other more. Whether reading someones DMs, rifling through a partners text messages, or even rummaging through the bags and belongings of someone else,...
Denial Of Service (DoS)
Django is vulnerable to Denial Of Service DoS. The vulnerability exists in the topython functionality within the UsernameField class of forms.py. It fails to implement a maximum length check for the NFKC normalization, which allows an attacker to potentially crash the application on Windows by...
CLSA-2023-1698945053 libgcrypt: Fix of 4 CVEs
CVE-2013-4576: Normalize the MPIs to prevent possible side-channel attacks - CVE-2014-3591: Use ciphertext blinding for Elgamal to prevent possible side-channel attacks - CVE-2021-33560: Use of smaller K for ephemeral key in ElGamal prevent generation of weak keys - CVE-2021-40528: Add exponent...
GHSA-QMF9-6JQF-J8FQ Django potential denial of service vulnerability in UsernameField on Windows
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
Django potential denial of service vulnerability in UsernameField on Windows
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
PYSEC-2023-222
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
Code injection
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
PYSEC-2023-222
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
CVE-2023-46695
CVE-2023-46695 affects Django 3.2 < 3.2.23, 4.1 < 4.1.13, and 4.2
PT-2023-7674 · Django +2 · Django +2
Name of the Vulnerable Software and Affected Versions: Django versions 3.2 before 3.2.23 Django versions 4.1 before 4.1.13 Django versions 4.2 before 4.2.7 Description: The issue is related to the NFKC normalization being slow on Windows, which can lead to a potential denial of service DoS attack...
CVE-2023-46695
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...
CVE-2023-46695
A vulnerability was discovered in the Django package, where NFKC normalization could take a significant time. This flaw allows a remote, unauthenticated attacker to cause a denial of service by submitting inputs with a large number of Unicode characters...