6 matches found
Fedora 44 : python-django5 (2026-e4146022ce)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e4146022ce advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...
SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:2318-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2318-1 advisory. This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in...
openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...
OPENSUSE-SU-2026:20937-1 Security update for python-Django
This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579 - CVE-2026-8404: Potential exposure of priva...
SUSE-SU-2026:2318-1 Security update for python-Django
This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in django.http.HttpRequest.getsignedcookie bsc1267578. - CVE-2026-7666: potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579. - CVE-2026-8404: potential...
CVE-2026-6873
CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...