20 matches found
TencentOS Server 4: python-django (TSSA-2024:0158)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0158 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
RHEL 8 : Django 3.2.14 Security Update (Important) (RHSA-2022:5738)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:5738 advisory. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also...
Fedora: Security Advisory for python-django (FEDORA-2023-a53ab7c969)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-django (FEDORA-2023-8fed428c5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : python-django (2023-a53ab7c969)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a53ab7c969 advisory. Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347...
Fedora 37 : python-django (2023-8fed428c5e)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8fed428c5e advisory. Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347...
Important: Red Hat Security Advisory: Satellite 6.12 Release
An update is now available for Red Hat Satellite 6.12. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...
RLSA-2022:8506 Important: Satellite 6.12 Release
Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: netty-codec: Bzip2Decoder doesn't allow setting...
[SECURITY] [DSA 5254-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5254-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 15, 2022 https://www.debian.org/security/faq -...
Security fix for the ALT Linux 10 package python3-module-django version 3.2.15-alt1
3.2.15-alt1 built Aug. 30, 2022 Alexey Shabalin in task 305627 Aug. 22, 2022 Alexey Shabalin - new version 3.2.15 - Fixes for the following security vulnerabilities: + CVE-2022-34265 Potential SQL injection via Trunckind and Extractlookupname arguments. + CVE-2022-36359 Potential reflected file...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-34265 PoC for CVE-2022-34265 --- Description...
Important: Red Hat Security Advisory: Django 3.2.14 Security Update
A security fix for a CVE in the Django library is now available. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-34265 Usage start bash docker-compose bui...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +223 more potentially affected by CVE-2022-34265 via django (>=4.0.0 <=4.0.5)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.2.0, =0.6.1, =0.6.10 and more Source cves: CVE-2022-34265 Source advisory: OSV:PYSEC-2022-213...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.4.0) +87 more potentially affected by CVE-2022-34265 via django (>=3.2.0 <=3.2.13)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =1.1.0, =1.1.1 - common-framework =2021.4.1 - directory-constants =21.3.0 and more Source cves: CVE-2022-34265 Source advisory: OSV:PYSEC-2022-213...
CVE-2022-34265
A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
CVE-2022-34265
Django 3.2 before 3.2.14 and 4.0 before 4.0.6 are affected by a SQL injection in Trunc() and Extract() when untrusted data is used for kind/lookup_name. Applications that constrain these to a safe list are unaffected. Remediation: upgrade to Django 3.2.14 or 4.0.6 (or later).
FreeBSD : Django -- multiple vulnerabilities (5be19b0d-fb85-11ec-95cd-080027b24e86)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5be19b0d-fb85-11ec-95cd-080027b24e86 advisory. - SO-AND-SO reports: CVE-2022-34265: Potential SQL injection via Trunckind and Extractlookupname...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...