Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000177)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000177 advisory. An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers t...

5.3CVSS6.5AI score0.00889EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/13 1:16 p.m.3 views

python-django: Username enumeration through timing difference for users with unusable passwords

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...

5.3CVSS7.1AI score0.00889EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/05 5:49 p.m.2 views

python-django: Username enumeration through timing difference for users with unusable passwords

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...

5.3CVSS7.1AI score0.00889EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/05 2:13 p.m.2 views

python-django: Username enumeration through timing difference for users with unusable passwords

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...

5.3CVSS7.1AI score0.00889EPSS
Exploits0References4
OSV
OSV
added 2024/07/10 6:33 a.m.3 views

GHSA-X7Q2-WR7G-XQMF Django vulnerable to user enumeration attack

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

6.9CVSS5.9AI score0.00889EPSS
Exploits0References9
OSV
OSV
added 2024/07/10 5:15 a.m.1 views

DEBIAN-CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.4AI score0.00889EPSS
Exploits0References1
PyPA
PyPA
added 2024/07/10 5:15 a.m.5 views

PYSEC-2024-57

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS8.1AI score0.00889EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/10 5:15 a.m.6 views

PYSEC-2024-57

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.8AI score0.00889EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/07/10 3:24 a.m.2 views

SUSE CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS7.7AI score0.00889EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/07/09 2:0 p.m.16 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.8AI score0.00889EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 2:0 p.m.3 views

UBUNTU-CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.7AI score0.00889EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/23 12:0 a.m.6 views

PT-2024-6224

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. This is due to the...

9.8CVSS8AI score0.87218EPSS
Exploits29References133
Rows per page
Query Builder