Lucene search
+L

12 matches found

OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.33 views

Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.3AI score0.65336EPSS
Exploits15References2
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.79 views

GLSA-202004-17 : Django: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202004-17 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted input,...

9.8CVSS6.7AI score0.65336EPSS
Exploits15References10
ALT Linux
ALT Linux
added 2020/04/12 12:0 a.m.40 views

Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1

April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...

7.5CVSS9.2AI score0.65336EPSS
Exploits15
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.14 views

Fedora Update for python-django FEDORA-2019-adc8990386

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.8AI score0.01656EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2019/12/04 9:26 p.m.5 views

a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +670 more potentially affected by CVE-2019-19118 via django (>=2.2.0 <=2.2.7)

django PYPI version =2.2.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-19118 Source advisory: OSV:GHSA-HVMF-R92R-27HR...

6.5CVSS6.8AI score0.01656EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/12/04 9:26 p.m.5 views

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +13 more potentially affected by CVE-2019-19118 via django (>=2.1.0 <=2.1.12)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =0.1.1, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-19118 Source advisory: OSV:GHSA-HVMF-R92R-27HR...

6.5CVSS6.8AI score0.01656EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/03 12:0 a.m.29 views

FreeBSD : Django -- multiple vulnerabilities (4e3fa78b-1577-11ea-b66e-080027bdabe8)

Django release reports : CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...

6.5CVSS6.9AI score0.01656EPSS
Exploits0References3
OSV
OSV
added 2019/12/02 2:15 p.m.2 views

DEBIAN-CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

6.5CVSS7AI score0.01656EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2019/12/02 2:15 p.m.4 views

a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +670 more potentially affected by CVE-2019-19118 via django (>=2.2.0 <=2.2.7)

django PYPI version =2.2.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-19118 Source advisory: OSV:PYSEC-2019-15...

6.5CVSS6.8AI score0.01656EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/12/02 2:15 p.m.3 views

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +13 more potentially affected by CVE-2019-19118 via django (>=2.1.0 <=2.1.12)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =0.1.1, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-19118 Source advisory: OSV:PYSEC-2019-15...

6.5CVSS6.8AI score0.01656EPSS
Exploits0
CVE
CVE
added 2019/12/02 1:16 p.m.140 views

CVE-2019-19118

CVE-2019-19118 affects Django Framework: versions 2.1 before 2.1.15 and 2.2 before 2.2.8. The issue arises in the admin inline editing UI: if a user has view permissions on a parent model but edit permissions on the inline model, the UI could allow POST requests to update the inline model, while ...

6.5CVSS6.3AI score0.01656EPSS
Exploits0References7Affected Software1
FreeBSD
FreeBSD
added 2019/11/25 12:0 a.m.33 views

Django -- multiple vulnerabilities

Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...

6.5CVSS1.1AI score0.01656EPSS
Exploits0References1
Rows per page
Query Builder