17 matches found
Ubuntu: Security Advisory (USN-4381-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.17-alt1
Dec. 11, 2020 Alexey Shabalin 2.2.17-alt1 - new version 2.2.17 - Fixes for the following security vulnerabilities: + CVE-2020-13254 Potential data leakage via malformed memcached keys + CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget + CVE-2020-24583: Incorrect permissions on...
Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-django (FEDORA-2020-c2639662af)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : python-django (2020-2e7d30f7aa)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Fedora 32 : python-django (2020-c2639662af)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
Django 2.2.x < 2.2.13, 3.0.x < 3.0.7 Multiple Vulnerabilities - Windows
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
alcali (>=2018.3.4 <=3000.1.0), argus-server (>=1.0.0 <=1.1.1) +173 more potentially affected by CVE-2020-13596 via django (>=3.0.0 <=3.0.6)
django PYPI version =3.0.0, =2018.3.4, =1.0.0, =0.1.0, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.1.1, =0.0.1, =0.1.3 - deustest2022 =1.0.0 - djangelo =0.1.4 - django-account-rcg-chandu =0.1.0 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...
FreeBSD : Django -- multiple vulnerabilities (597d02ce-a66c-11ea-af32-080027846a02)
Django security release reports : CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Django vulnerabilities (USN-4381-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4381-1 advisory. Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to...
Ubuntu: Security Advisory (USN-4381-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
CVE-2020-13596
CVE-2020-13596 affects Django 2.2.x prior to 2.2.13 and 3.0.x prior to 3.0.7. The issue is an XSS vulnerability arising from query parameters generated by the admin ForeignKeyRawIdWidget not being properly URL encoded, enabling cross-site scripting. Several advisories note that upgrading Django t...
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
USN-4381-1: Django vulnerabilities
Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. CVE-2020-13254 Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin...
Django -- multiple vulnerabilities
Django security release reports: CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...