32 matches found
Astra Linux - уязвимость в python-django
A issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are vulnerable to SQL injection if untrusted data is used as a kind/lookupname value. Applications that restrict the choice of lookup names and kinds to a known safe list are not...
PT-2025-31762 · Iperf +2 · Iperf +2
Name of the Vulnerable Software and Affected Versions: iperf versions prior to 3.19.1 Description: The software contains a buffer overflow in net.c when the --skip-rx-copy option is used in conjunction with MSG TRUNC during the recv operation. Recommendations: Update to iperf version 3.19.1 or...
CVE-2024-6443
In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...
BIT-DJANGO-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
CLSA-2023-1698351940 vim: Fix of 2 CVEs
CVE-2023-5441: segfault in exmode - CVE-2023-5344: buffer overflow in truncstring...
CLSA-2023-1698312539 Fix CVE(s): CVE-2023-5441, CVE-2023-5344
SECURITY UPDATE: a fix of buffer-overflow in truncstring - debian/patches/CVE-2023-5344.patch - CVE-2023-5344 SECURITY UPDATE: segfault in exmode - debian/patches/CVE-2023-5441.patch - CVE-2023-5441...
SUSE CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-34265 PoC for CVE-2022-34265 --- Description...
python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...
JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection
Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-34265 Usage start bash docker-compose bui...
Django SQL Injection Vulnerability (CNVD-2022-49971)
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes object-oriented mapper, view system, template system, etc. Django has a SQL injection vulnerability that can be exploited by attackers to send specially crafted SQL...
SQL Injection
django is vulnerable to SQL injection. An attacker is able to execute arbitrary SQL commands via the Trunc and Extract database functions which allows an attacker to execute arbitrary sql queries...
GHSA-P64X-8RXX-WF6Q Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
Django < 3.2.14, 4.x < 4.0.6 SQLi Vulnerability - Windows
Django is prone to an SQL injection SQLi vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...
DEBIAN-CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...