python36:3.6 security update

python-PyMySQL 0.8.0-10 - Bumping due to problems with modular RPM upgrade path 1695587 - Related: rhbz1693974 python-docs 3.6.7-2 - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz1695587 python-docutils 0.14-12 - Bumping due to problems with modular RPM upgrade path 169558...

django-markupfield Arbitrary File Read Vulnerability

Django is the Python programming language driven by an open source model-view-controller style Web application framework. Versions prior to django-markupfield 1.3.2 use the default docutils RESTRUCTUREDTEXTFILTERSETTINGS setting, which allows remote attackers to exploit vulnerabilities to include...

DEBIAN-CVE-2015-0846

django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...

CVE-2015-0846

django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...

CVE-2015-0846

django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...

PYSEC-2015-12

django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...

Security notice: Django framework arbitrary file include vulnerability-vulnerability warning-the black bar safety net

In the 4 on 2 1 May, based on the python open source web framework Django released a security Bulletin, saying that in≤1.5 version of Django contrib. markup the package there is any file that contains the vulnerability, the attacker may be by docutils to attack. On docutils The Docutils project i...

CVE-2011-1058

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

PYSEC-2011-6

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

CVE-2011-1058

CVE-2011-1058 is a cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser of MoinMoin. The issue occurs in parser/text_rst.py when docutils is installed or when the “format rst” setting is used, allowing remote attackers to inject arbitrary web script or HTML via a javascri...

moinmoin -- cross-site scripting via RST parser

MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...

PYSEC-2009-7

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

CVE-2009-4405

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

Code injection

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

PYSEC-2009-7

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

CVE-2009-4405

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

Debian Security Advisory DSA 1152-1 (trac)

The remote host is missing an update to trac announced via advisory DSA 1152-1. Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated...

Debian: Security Advisory (DSA-1152)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1152-1 : trac - missing input sanitising

Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

PYSEC-2006-8

The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...