20 matches found
RHEL 6 : django (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-django: DNS rebinding vulnerability when 'DEBUG=True' CVE-2016-9014 - Django before 1.4.21, 1.5.x...
Debian: Security Advisory (DLA-272-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : python-Django (openSUSE-2015-677)
python-django was updated to fix two security issues. These security issues were fixed : - CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 used an incorrect regular expression, which allowed remote attackers to inject arbitrary headers and...
openSUSE Security Update : python-django (openSUSE-2015-674)
python-django was updated to fix two security issues. These security issues were fixed : - CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 used an incorrect regular expression, which allowed remote attackers to inject arbitrary headers and...
Mageia: Security Advisory (MGASA-2015-0293)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 10 package python3-module-django version 1.8.5-alt1
Oct. 13, 2015 Alexey Shabalin 1.8.5-alt1 - 1.8.5 - fixed CVE-2015-5143, CVE-2015-5144, CVE-2015-5145, CVE-2015-5964, CVE-2015-5963...
Security fix for the ALT Linux 9 package python3-module-django version 1.8.5-alt1
Oct. 13, 2015 Alexey Shabalin 1.8.5-alt1 - 1.8.5 - fixed CVE-2015-5143, CVE-2015-5144, CVE-2015-5145, CVE-2015-5964, CVE-2015-5963...
Updated python-django and python-django14 packages fix security vulnerabilities
Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users' sessi...
Fedora Update for python-django FEDORA-2015-11403
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : python-django-1.8.3-1.fc22 (2015-11403)
update to 1.8.3 fixing 3 CVE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Debian DLA-272-1 : python-django security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...
CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
CVE-2015-5144
CVE-2015-5144 affects Django prior to 1.4.21, 1.5.x–1.6.x, 1.7.x prior to 1.7.9, and 1.8.x prior to 1.8.3. The root cause is an incorrect regular expression in built‑in validators, enabling remote attackers to inject arbitrary headers and perform HTTP response splitting via newline characters in ...
USN-2671-1: Django vulnerabilities
Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. CVE-2015-5143 Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote...
USN-2671-1 python-django vulnerabilities
Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. CVE-2015-5143 Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote...
Debian DSA-3305-1 : python-django - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...
[SECURITY] [DSA 3305-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3305-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 08, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3305-1 (python-django - security update)
Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in...
CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
Debian: Security Advisory (DSA-3305-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...