Debian: Security Advisory (DLA-1814-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1814-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u5 CVE ID : CVE-2019-12308 Debian Bug : 929927 It was discovered that there was a cross-site scripting XSS vulnerability in the Django web development framework. For Debian 8 "Jessie", this issue has been fixed in python-django version 1.7.11-1+deb8u...

[ASA-201906-2] python-django: cross-site scripting

Arch Linux Security Advisory ASA-201906-2 ========================================= Severity: Medium Date : 2019-06-04 CVE-ID : CVE-2019-11358 CVE-2019-12308 Package : python-django Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-969 Summary ======= The package...

Fedora Update for python-django FEDORA-2019-ec55814c1c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cross-site Scripting (XSS)

OpenStack Dashboard Horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting XSS flaw was found in the Horizo...

Fedora 28 : python-django (2019-9760933547)

fix CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format ---- fix CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora Update for python-django FEDORA-2019-9760933547

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 29 : python-django (2019-ec55814c1c)

fix CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format ---- fix CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

SUSE-SU-2019:0483-1 Security update for python-Django

This update for python-Django fixes the following issues: Security issue fixed: - CVE-2019-3498: Fixed a content spoofing attack in the default 404 page bsc1120932...

MGASA-2019-0086 Updated python-django packages fix security vulnerability

If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...

Ubuntu: Security Advisory (USN-3890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3890-1: Django vulnerability

It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

cklauth (>=0.1.0 <=0.3.0), dj-saml-idp (>=1.1.0 <=1.2.1) +18 more potentially affected by CVE-2019-6975 via django (>=2.0.0 <=2.0.1)

django PYPI version =2.0.0, =0.1.0, =1.1.0, =4.3.1, =1.2.7, =0.1.0, =1.7.0, =0.0.3, =0.0.20, =0.1.0 - djangotheming =0.1.0 - fastaudiovisal =0.0.1 - fastaudiovisual =0.0.1 and more Source cves: CVE-2019-6975 Source advisory: OSV:GHSA-WH4H-V3F2-R2PP...

[ASA-201902-14] python-django: denial of service

Arch Linux Security Advisory ASA-201902-14 ========================================== Severity: Medium Date : 2019-02-12 CVE-ID : CVE-2019-6975 Package : python-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-881 Summary ======= The package python-django...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 28 : python-django (2019-e6ca5847c7)

fix CVE-2019-3498 python-django: Content spoofing via URL path in Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora Update for python-django FEDORA-2019-e6ca5847c7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descriptio...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via...