17 matches found
CVE-2024-32979
Nautobot (a Django-based network automation platform) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability due to improper handling and escaping of user-supplied query parameters. All filterable object-list views are susceptible to injecting malicious scripts via crafted URLs, pote...
CVE-2023-51649
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...
Code injection
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...
CVE-2023-50263
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...
CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...
CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...
CVE-2023-46128
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
Code injection
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
PYSEC-2023-220
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-46128
CVE-2023-46128 affects Nautobot (network automation platform built on Django) prior to version 2.0.3. In Nautobot 2.0.x, certain REST API endpoints, when used with the query parameter ?depth=, can cause authenticated users to retrieve hashed (not plaintext) passwords stored in the database. This ...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale
Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...
Girls Who Code Weeks 3 and 4: Robots, the Internet and College
The summer is flying by, and we have reached the mid-point of our Girls Who Code Summer Immersion program. Our students are smart, engaged, learning a ton, and seem to be having a lot of fun! Last week was about robotics. The girls wired and programmed Arduino robots to perform a variety of tasks...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Mageia: Security Advisory (MGASA-2015-0327)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...