15 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-2317
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URL...
Debian: Security Advisory (DLA-272-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0127)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-272-1 : python-django security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...
Fedora Update for python-django14 FEDORA-2015-9604
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[USN-2539-1] Django vulnerabilities
========================================================================== Ubuntu Security Notice USN-2539-1 March 23, 2015 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
Fedora 22 : python-django-1.8-1.fc22 (2015-5766)
update to 1.8 final modernize spec for python3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
openSUSE Security Update : python-Django (openSUSE-2015-281)
python-django was updated to 1.6.11 to fix security issues and non-security bugs. THe following vulnerabilities were fixed : - Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 - Fixed an infinite...
SUSE-SU-2015:0694-1 Security update for python-Django
python-Django has been updated to fix two vulnerabilities: URLs starting with control characters could have allowed XSS cross-site-scripting attacks via user-supplied redirect URLs CVE-2015-2317 An infinite loop possibility could be triggered in the striptags function, which allowed denial of...
CVE-2015-2317
The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a control character in a URL, as demonstrated by a...
[SECURITY] [DSA 3204-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3204-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...
Ubuntu: Security Advisory (USN-2539-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2539-1: Django vulnerabilities
Andrey Babak discovered that Django incorrectly handled striptags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. CVE-2015-2316 Daniel Chatfield discovered tha...
CVE-2015-2317
The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a control character in a URL, as demonstrated by a...