Lucene search
K

33 matches found

prion
prion
added 2022/07/04 4:15 p.m.33 views

Sql injection

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

7.5CVSS9.5AI score0.73274EPSS
Exploits3References7Affected Software1
osv
osv
added 2022/07/04 4:15 p.m.7 views

PYSEC-2022-213

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS6.8AI score0.73274EPSS
Exploits3References4
pypa
pypa
added 2022/07/04 4:15 p.m.10 views

PYSEC-2022-213

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS8AI score0.73274EPSS
Exploits3References4Affected Software1
redhatcve
redhatcve
added 2022/07/04 2:36 p.m.56 views

CVE-2022-34265

A flaw was found in Django. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value...

9.8CVSS1.6AI score0.73274EPSS
Exploits3References3
osv
osv
added 2022/07/04 8:0 a.m.5 views

UBUNTU-CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS6.8AI score0.73274EPSS
Exploits3References3
ubuntucve
ubuntucve
added 2022/07/04 8:0 a.m.51 views

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS6.8AI score0.73274EPSS
Exploits3References2
cnnvd
cnnvd
added 2022/07/04 12:0 a.m.12 views

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes object-oriented mapper, view system, template system, etc. Django has a SQL injection vulnerability that can be exploited by attackers to send specially crafted SQL...

9.8CVSS8.5AI score0.73274EPSS
Exploits3References19
osv
osv
added 2022/07/04 12:0 a.m.32 views

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS9.7AI score0.73274EPSS
Exploits3References9
nessus
nessus
added 2022/07/04 12:0 a.m.45 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Django vulnerability (USN-5501-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5501-1 advisory. It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...

9.8CVSS7AI score0.73274EPSS
Exploits3References2
alpinelinux
alpinelinux
added 2022/07/04 12:0 a.m.76 views

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS9.8AI score0.73274EPSS
Exploits3
freebsd
freebsd
added 2022/06/21 12:0 a.m.36 views

Django -- multiple vulnerabilities

The Django Project reports: CVE-2022-34265: Potential SQL injection via Trunckind and Extractlookupname arguments...

9.8CVSS7AI score0.73274EPSS
Exploits3References1
ptsecurity
ptsecurity
added 2022/04/07 12:0 a.m.8 views

PT-2022-3421

Name of the Vulnerable Software and Affected Versions Django versions 3.2.0 through 3.2.13 Django versions 4.0.0 through 4.0.5 Description The issue is related to SQL injection in the Trunc and Extract database functions when untrusted data is used as a kind/lookup name value. This can allow an...

9.8CVSS6.7AI score0.73274EPSS
Exploits3References432
ossfuzz
ossfuzz
added 2020/03/12 6:49 p.m.14 views

llvm:clang-fuzzer: Segv on unknown address in llvm::APInt::trunc

Detailed Report: https://oss-fuzz.com/testcase?key=5653608042594304 Project: llvm Fuzzing Engine: libFuzzer Fuzz Target: clang-fuzzer Job Type: libfuzzermsanllvm Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: llvm::APInt::trunc AnalyzeBitFieldAssignment...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder