20 matches found
openSUSE Security Advisory (SUSE-SU-2024:2577-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 / 9 : Satellite 6.16.0 (Critical) (RHSA-2024:8906)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8906 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...
Critical: Red Hat Security Advisory: Satellite 6.16.0 release
A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Fedora: Security Advisory (FEDORA-2024-a7eef0ca7b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-d05d37ead7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-82547e3e16)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-7dac82a14e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : python-django (2024-82547e3e16)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-82547e3e16 advisory. Security fixes for - https://nvd.nist.gov/vuln/detail/CVE-2024-38875 - https://nvd.nist.gov/vuln/detail/CVE-2024-39329 -...
openSUSE Security Advisory (SUSE-SU-2024:2545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2545-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets bsc1227590 - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords bsc12275...
Django 4.x < 4.2.14, 5.x < 5.0.7 Multiple Vulnerabilities - Windows
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
Django 4.x < 4.2.14, 5.x < 5.0.7 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-39329 via django (>=4.2.0 <=4.2.13)
django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-39329 Source advisory: OSV:GHSA-X7Q2-WR7G-XQMF...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +234 more potentially affected by CVE-2024-39329 via django (>=5.0.0 <=5.0.6)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-39329 Source advisory: OSV:GHSA-X7Q2-WR7G-XQMF...
CVE-2024-39329
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...
CVE-2024-39329 vulnerabilities
Vulnerabilities for packages: py3-django...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +234 more potentially affected by CVE-2024-39329 via django (>=5.0.0 <=5.0.6)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-39329 Source advisory: OSV:PYSEC-2024-57...
CVE-2024-39329
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...
USN-6888-1: Django vulnerabilities
Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service. CVE-2024-38875 It was discovered that Django...
CVE-2024-39329
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...