Linux Distros Unpatched Vulnerability : CVE-2016-9014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding...

RHEL 6 : django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-django: DNS rebinding vulnerability when 'DEBUG=True' CVE-2016-9014 - Django before 1.4.21, 1.5.x...

RHEL 6 : python-django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-django: DNS rebinding vulnerability when 'DEBUG=True' CVE-2016-9014 - Django 1.10 before 1.10.7, 1...

django-admin-caching (>=0.1.0 <=0.1.2), django-automated-logging (=0.0.1a0) +6 more potentially affected by CVE-2016-9014 via django (>=1.10.0 <=1.10.2)

django PYPI version =1.10.0, =0.1.0, =2.0.0, =0.1.0, =0.3.1, =0.4.0 - silent-auction =0.1.3 - teamvault =0.6.1 Source cves: CVE-2016-9014 Source advisory: OSV:GHSA-3F2C-JM6V-CR35...

openSUSE Security Update : python3-Django (openSUSE-2018-318)

This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed : - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters bsc1083304. -...

Debian DSA-3835-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-9013 Marti Raudsepp reported that a user with a hard-coded password is created when running tests with ...

[SECURITY] [DSA 3835-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3835-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 26, 2017 https://www.debian.org/security/faq -...

Security fix for the ALT Linux 9 package python3-module-django version 1.8.17-alt1

Feb. 2, 2017 Alexey Shabalin 1.8.17-alt1 - 1.8.17 - fixed CVE-2016-9013,CVE-2016-9014...

Security fix for the ALT Linux 10 package python3-module-django version 1.8.17-alt1

Feb. 2, 2017 Alexey Shabalin 1.8.17-alt1 - 1.8.17 - fixed CVE-2016-9013,CVE-2016-9014...

django-admin-caching (>=0.1.0 <=0.1.2), django-automated-logging (=0.0.1a0) +6 more potentially affected by CVE-2016-9014 via django (>=1.10.0 <=1.10.2)

django PYPI version =1.10.0, =0.1.0, =2.0.0, =0.1.0, =0.3.1, =0.4.0 - silent-auction =0.1.3 - teamvault =0.6.1 Source cves: CVE-2016-9014 Source advisory: OSV:PYSEC-2016-18...

CVE-2016-9014

CVE-2016-9014 affects Django before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3. When settings.DEBUG is True, the HTTP Host header is not properly validated against settings.ALLOWED_HOSTS, enabling remote DNS rebinding attacks. Several connected advisories confirm this issue and recomme...

CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...

Fedora Update for python-django FEDORA-2016-d4571bf555

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for python-django FEDORA-2016-3eb5a55123

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : python-django (2016-d4571bf555)

Security fix for CVE-2016-9013, CVE-2016-9014 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[ASA-201611-15] python-django: multiple issues

Arch Linux Security Advisory ASA-201611-15 ========================================== Severity: High Date : 2016-11-16 CVE-ID : CVE-2016-9013 CVE-2016-9014 Package : python-django Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

[ASA-201611-14] python2-django: multiple issues

Arch Linux Security Advisory ASA-201611-14 ========================================== Severity: High Date : 2016-11-16 CVE-ID : CVE-2016-9013 CVE-2016-9014 Package : python2-django Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

Fedora 24 : python-django (2016-3eb5a55123)

Security fix for CVE-2016-9013, CVE-2016-9014 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...