287 matches found
Django RasterField - SQL Injection
Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...
RockyLinux 9 : libtiff (RLSA-2025:20801)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20801 advisory. libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM CVE-2023-52355 libtiff: Segment fault in libtiff in TIFFReadRGBATileExt leadi...
Astra Linux - уязвимость в cups
The vulnerability of the raster-interpret.c component in the CUPS printing server is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to cause service failures...
CLSA-2026-1777540724 cups: Fix of CVE-2023-4504
CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...
CLSA-2026-1777462768 cups: Fix of CVE-2023-4504
CVE-2023-4504: validate PPD PostScript input length to prevent heap-based buffer overflow in raster-interpret.c...
Exploit for SQL Injection in Djangoproject Django
CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...
openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...
Django: Django: SQL Injection via RasterField band index parameter
A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...
[SECURITY] Fedora 42 Update: qgis-3.44.8-1.fc42
Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...
CLSA-2026-1773308416 cups-filters: Fix of 2 CVEs
CVE-2025-64503: fix out-of-bounds write in pdftoraster filter caused by integer overflow when processing PDFs with large MediaBox values - CVE-2025-57812: fix out-of-bounds read/write in imagetoraster TIFF processing caused by incorrect buffer size calculation in cupsImageLut...
Django: Django: SQL Injection via RasterField band index parameter
A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...
OESA-2026-1507 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
Django: Django: SQL Injection via RasterField band index parameter
A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...
Fedora 42 : python-django4.2 (2026-ca3d81129a)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ca3d81129a advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...
Fedora 42 : python-django5 (2026-00b5bf3150)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-00b5bf3150 advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...
VulnCheck KEV: CVE-2026-1207
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...
Debian dla-4484 : python-django-doc - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4484 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4484-1 [email protected]...
OESA-2026-1344 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2026:0440-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0440-1 advisory. - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potenti...
Security update for python-Django
This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...