Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 8 : django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - django: Information leakage in AuthenticationForm CVE-2018-6188 Note that Nessus has not tested for this issue but...

7.5CVSS7.6AI score0.04897EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.23 views

RHEL 8 : django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - django: Information leakage in AuthenticationForm CVE-2018-6188 Note that Nessus has not tested for this issue but...

7.6AI score0.04897EPSS
Exploits0References1
ALT Linux
ALT Linux
added 2019/07/15 12:0 a.m.32 views

Security fix for the ALT Linux 10 package python3-module-django version 2.2.3-alt1

July 15, 2019 Alexey Shabalin 2.2.3-alt1 - 2.2.3 - build python3 only - rename package to python3-module-django2.2 - Fixes for the following security vulnerabilities: + CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS + CVE-2019-12308 AdminURLFieldWidget XSS +...

5.8CVSS6.6AI score0.2549EPSS
Exploits0
ALT Linux
ALT Linux
added 2019/07/15 12:0 a.m.41 views

Security fix for the ALT Linux 9 package python3-module-django version 2.2.3-alt1

July 15, 2019 Alexey Shabalin 2.2.3-alt1 - 2.2.3 - build python3 only - rename package to python3-module-django2.2 - Fixes for the following security vulnerabilities: + CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS + CVE-2019-12308 AdminURLFieldWidget XSS +...

5.8CVSS6.6AI score0.2549EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.82 views

Ubuntu: Security Advisory (USN-3559-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.23566EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2018/10/03 9:13 p.m.3 views

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +117 more potentially affected by CVE-2018-6188 via django (>=2.0.0 <=2.0.13)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-6188 Source advisory: OSV:GHSA-RF4J-J272-FJ86...

7.5CVSS6.7AI score0.04897EPSS
Exploits0
OSV
OSV
added 2018/03/07 1:14 p.m.8 views

OPENSUSE-SU-2018:0632-1 Security update for python-Django

This update for python-Django fixes the following issues: Update to version 1.11.10 LTS Fixes CVE-2018-6188 boo1077714, CVE-2017-7234, CVE-2017-7233, CVE-2017-12794...

7.5CVSS6.8AI score0.23566EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2018/02/15 12:0 a.m.26 views

Fedora Update for python-django FEDORA-2018-2c612c6d92

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04897EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/15 12:0 a.m.30 views

Fedora 27 : python-django (2018-2c612c6d92)

update to 1.11.10, fix for CVE-2018-6188: Information leakage in AuthenticationForm Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...

7.5CVSS6.3AI score0.04897EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/08 12:0 a.m.24 views

Ubuntu 17.10 : python-django vulnerabilities (USN-3559-1)

It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

7.5CVSS6.4AI score0.23566EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2018/02/07 12:38 p.m.74 views

USN-3559-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188...

7.5CVSS6.5AI score0.23566EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/02/05 1:49 p.m.22 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS5.8AI score0.04897EPSS
Exploits0References2
NVD
NVD
added 2018/02/05 3:29 a.m.19 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.3AI score0.04897EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2018/02/05 3:29 a.m.3 views

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +117 more potentially affected by CVE-2018-6188 via django (>=2.0.0 <=2.0.13)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-6188 Source advisory: OSV:PYSEC-2018-4...

7.5CVSS6.7AI score0.04897EPSS
Exploits0
CVE
CVE
added 2018/02/05 3:0 a.m.151 views

CVE-2018-6188

CVE-2018-6188 affects Django: AuthenticationForm exposure in Django 2.0 before 2.0.2 and 1.11.8/1.11.9. The confirm_login_allowed() path can leak whether an account is inactive, enabling remote information exposure. Impact is information leakage (no mention of code execution). Patched versions in...

7.5CVSS7.1AI score0.04897EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2018/02/05 3:0 a.m.38 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.3AI score0.04897EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/02/05 3:0 a.m.30 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS5.7AI score0.04897EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/02/05 12:0 a.m.28 views

FreeBSD : Django -- information leakage (d696473f-9f32-42c5-a106-bf4536fb1f74)

Django release notes : CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...

7.5CVSS6.6AI score0.04897EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2018/02/01 12:0 a.m.46 views

Django -- information leakage

Django release notes: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...

7.5CVSS7.6AI score0.04897EPSS
Exploits0References2
Rows per page
Query Builder