Lucene search
K

310 matches found

Nuclei
Nuclei
added yesterday25 views

Django RasterField - SQL Injection

Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...

8.3CVSS6.8AI score0.09436EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/07 4:40 p.m.5 views

Buffer Access with Incorrect Length Value

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...

6.3CVSS6AI score0.00291EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/07 2:10 p.m.7 views

CVE-2026-53877

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0
EUVD
EUVD
added 2026/07/07 2:10 p.m.8 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 2:10 p.m.14 views

CVE-2026-53877

This CVE affects Django’s GIS GDALRaster: in Django 6.0 prior to 6.0.7 and 5.2 prior to 5.2.16, constructing GDALRaster from a bytes object causes an in-memory buffer over-read, potentially disclosing adjacent memory or triggering a segmentation fault when the vsi_buffer property is accessed. Ear...

6.3CVSS6AI score0.00291EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/07 2:10 p.m.34 views

CVE-2026-53877 Heap buffer over-read in GDALRaster

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS0.00291EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/07 2:10 p.m.4 views

CVE-2026-53877

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56196

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description An issue exists where django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object. This can lead to the disclosure of...

7.5CVSS6.2AI score0.62575EPSS
Exploits0References80
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed fr...

6.3CVSS7AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

RockyLinux 9 : libtiff (RLSA-2025:20801)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20801 advisory. libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM CVE-2023-52355 libtiff: Segment fault in libtiff in TIFFReadRGBATileExt leadi...

7.5CVSS5.8AI score0.02187EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in cups

The vulnerability of the raster-interpret.c component in the CUPS printing server is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to cause service failures...

7.5CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2026/04/30 9:18 a.m.9 views

CLSA-2026-1777540724 cups: Fix of CVE-2023-4504

CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...

7CVSS6AI score0.00663EPSS
Exploits2References1
OSV
OSV
added 2026/04/29 2:23 p.m.68 views

CLSA-2026-1777462768 cups: Fix of CVE-2023-4504

CVE-2023-4504: validate PPD PostScript input length to prevent heap-based buffer overflow in raster-interpret.c...

7CVSS6AI score0.00663EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/04/26 2:54 a.m.166 views

Exploit for SQL Injection in Djangoproject Django

CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...

5.4CVSS7.6AI score0.09436EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.9 views

openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...

7.5CVSS6AI score0.00865EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/26 8:28 p.m.7 views

Django: Django: SQL Injection via RasterField band index parameter

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...

8.3CVSS7.4AI score0.09436EPSS
Exploits1References7
Fedora
Fedora
added 2026/03/16 1:11 a.m.8 views

[SECURITY] Fedora 42 Update: qgis-3.44.8-1.fc42

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

8.7CVSS5.8AI score0.00414EPSS
Exploits0
OSV
OSV
added 2026/03/12 9:40 a.m.9 views

CLSA-2026-1773308416 cups-filters: Fix of 2 CVEs

CVE-2025-64503: fix out-of-bounds write in pdftoraster filter caused by integer overflow when processing PDFs with large MediaBox values - CVE-2025-57812: fix out-of-bounds read/write in imagetoraster TIFF processing caused by incorrect buffer size calculation in cupsImageLut...

4CVSS6AI score0.0044EPSS
Exploits2References1
OSV
OSV
added 2026/03/07 12:2 a.m.11 views

OSV-2026-357 Heap-buffer-overflow in _cupsRasterAddError

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=489911024 Crash type: Heap-buffer-overflow WRITE 3 Crash state: cupsRasterAddError cupsRasterExecPS fuzzcups.c...

5.8AI score
Exploits0References1
Rows per page
Query Builder