DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier have security vulnerabilities. These vulnerabilities stem from operations on the blog/views.py file, which results in lack of authentication. This may lead to remote attacks...

PT-2026-33648

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET KEY results in hard-coded credentials. The attack can be launched remotely. T...

PT-2026-33650

Name of the Vulnerable Software and Affected Versions liangliangyy DjangoBlog versions prior to 2.1.0.0 Description An issue exists in the Amap API Call Handler component within the file 'owntracks/views.py'. Manipulation of the key argument leads to the use of a hard-coded cryptographic key. Thi...

CVE-2026-35559

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

CVE-2026-35561

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...

EUVD-2026-18859

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

EUVD-2026-18855

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

CVE-2026-35561

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...

CVE-2026-35562

CVE-2026-35562 affects the Amazon Athena ODBC driver prior to version 2.1.0.0, where allocations of resources in the parsing components may be unbounded, enabling a threat actor to induce a denial of service via crafted input during parsing. Affected platforms include Windows, Linux, and macOS bu...

CVE-2026-35562

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

CVE-2026-35560

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

PT-2026-30221

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

Amazon Athena ODBC driver 安全漏洞

The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient security controls in the browser-based...

CVE-2024-47978

Dell NativeEdge 2.1.0.0 is affected by an Execution with Unnecessary Privileges vulnerability. A locally privileged attacker could escalate privileges. The PT-2024-32928 entry confirms the affected version and suggests there is no information yet about a fix in this version; no explicit remediati...

PT-2024-35368 · Dell · Dell Nativeedge

Name of the Vulnerable Software and Affected Versions: Dell NativeEdge version 2.1.0.0 Description: The issue is related to the creation of temporary files with insecure permissions. A high-privileged attacker with local access could potentially exploit this, leading to information disclosure...

PT-2024-35715 · Dell · Dell Nativeedge

Name of the Vulnerable Software and Affected Versions: Dell NativeEdge version 2.1.0.0 Description: The issue is related to an Exposure of Sensitive Information Through Metadata, which could be exploited by an unauthenticated attacker with remote access, potentially leading to information...

PT-2024-32928 · Dell · Dell Nativeedge

Name of the Vulnerable Software and Affected Versions: Dell NativeEdge version 2.1.0.0 Description: The issue is related to an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

Design/Logic Flaw

Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access...