26 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-28347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted...
RHEL 8 : RHUI 4.1.1 - Security Fixes and Enhancement Update (Important) (RHSA-2022:5602)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5602 advisory. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content...
RHEL 8 : Red Hat Ansible Automation Platform 2.1.2 (RHSA-2022:5702)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5702 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Manager...
RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and...
Fedora: Security Advisory for python-django (FEDORA-2023-a53ab7c969)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-django (FEDORA-2023-8fed428c5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : python-django (2023-a53ab7c969)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a53ab7c969 advisory. Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347...
Fedora 37 : python-django (2023-8fed428c5e)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8fed428c5e advisory. Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347...
[SECURITY] [DSA 5254-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5254-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 15, 2022 https://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 1.2 security update
An update is now available for Red Hat Ansible Automation Platform 1.2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Moderate: Red Hat Security Advisory: Satellite 6.11 Release
An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...
Mageia: Security Advisory (MGASA-2022-0190)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Django < 2.2.28, 3.x < 3.2.13, 4.x < 4.0.4 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +219 more potentially affected by CVE-2022-28347 via django (>=4.0.0 <=4.0.3)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.2.0, =0.6.1, =0.6.10 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...
aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28347 via django (>=2.2.0 <=2.2.27)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...
aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28347 via django (>=2.2.0 <=2.2.27)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28347 Source advisory: OSV:PYSEC-2022-191...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +219 more potentially affected by CVE-2022-28347 via django (>=4.0.0 <=4.0.3)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.2.0, =0.6.1, =0.6.10 and more Source cves: CVE-2022-28347 Source advisory: OSV:PYSEC-2022-191...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.0.1) +71 more potentially affected by CVE-2022-28347 via django (>=3.2.0 <=3.2.12)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =6.4.1 - coldfront =1.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 and more Source cves: CVE-2022-28347 Source advisory: OSV:PYSEC-2022-191...
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
[ASA-202204-9] python-django: sql injection
Arch Linux Security Advisory ASA-202204-9 ========================================= Severity: High Date : 2022-04-12 CVE-ID : CVE-2022-28346 CVE-2022-28347 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-2667 Summary ======= The package...