Download
| Alert*
oval:org.secpod.oval:def:701073
python-django: High-level Python web development framework Details: USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. Original advisory ... oval:org.secpod.oval:def:52207 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:52206 python-django: High-level Python web development framework Details: USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2169-1 introduced a regression in Djang ... oval:org.secpod.oval:def:52725 python-django: High-level Python web development framework Details: USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory USN-2 ... oval:org.secpod.oval:def:52734 python-django: High-level Python web development framework Details: USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2915-1 introduced a regression in Django. oval:org.secpod.oval:def:701072 python-django: High-level Python web development framework Django could be made to expose sensitive information over the network. oval:org.secpod.oval:def:700989 python-django: High-level Python web development framework Applications using Django could be made to crash or expose sensitive information. oval:org.secpod.oval:def:52433 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:71251 python-django: High-level Python web development framework Django could be made to overwrite files. oval:org.secpod.oval:def:601939 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0219 Jedediah Smith reported that the WSGI environ in Django does not distinguish between headers containing ... oval:org.secpod.oval:def:52376 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:602011 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. oval:org.secpod.oval:def:602163 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in th ... oval:org.secpod.oval:def:52523 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:52631 python-django: High-level Python web development framework Django could be made to expose sensitive information over the network. oval:org.secpod.oval:def:52557 python-django: High-level Python web development framework Django could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602284 Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application"s settings. oval:org.secpod.oval:def:602197 Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users" session records to be evicted. Additionally the contrib.sessions.backends.base.SessionB ... oval:org.secpod.oval:def:52721 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:602464 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication credentia ... oval:org.secpod.oval:def:601763 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0480 Florian Apolloner discovered that in certain situations, URL reversing could generate scheme-relative UR ... oval:org.secpod.oval:def:701731 python-django is installed oval:org.secpod.oval:def:601088 Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on the current host to avoid potentially dangerous redirects from maliciously-constructed querystrin ... oval:org.secpod.oval:def:701640 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:600867 Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues: CVE-2012-3442 Two functions do not validate the scheme of a redirect target, which might allow remote attackers to conduct cros ... oval:org.secpod.oval:def:70364 python-django: High-level Python web development framework Django could be made to overwrite files. oval:org.secpod.oval:def:701961 python-django: High-level Python web development framework Django applications could be made to expose sensitive information over the network. oval:org.secpod.oval:def:701207 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702856 python-django: High-level Python web development framework Django could be made to expose sensitive information over the network. oval:org.secpod.oval:def:600976 Several vulnerabilities have been discovered in python-django, a high-level python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4520 James Kettle discovered that django did not properly filter the HTTP Host header when proces ... oval:org.secpod.oval:def:601107 It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the expe ... oval:org.secpod.oval:def:601103 Rainer Koirikivi discovered a directory traversal vulnerability with "ssi" template tags in python-django, a high-level Python web development framework. It was shown that the handling of the "ALLOWED_INCLUDE_ROOTS" setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulne ... oval:org.secpod.oval:def:701639 python-django: High-level Python web development framework Details: USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2169-1 introduced a regression in Djang ... oval:org.secpod.oval:def:600173 Several vulnerabilities were discovered in the django web development framework: CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate ajax requests in the past. However, it was discovered that this exception can be exploited with a combination of browser plugins an ... oval:org.secpod.oval:def:703018 python-django: High-level Python web development framework Details: USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2915-1 introduced a regression in Django. oval:org.secpod.oval:def:600693 Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remo ... oval:org.secpod.oval:def:702720 python-django: High-level Python web development framework Django could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702208 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702404 python-django: High-level Python web development framework Details: USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. We ap ... oval:org.secpod.oval:def:702646 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702471 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:600165 The changes in python-django DSA-2163 necessary to fix the issues CVE-2011-0696 and CVE-2011-0697 introduced an unavoidable backward incompatibility, which caused a regression in dajaxice, which depends on python-django. This update supplies fixed packages for dajaxice. oval:org.secpod.oval:def:702356 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703005 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:601096 The wheezy part of the previous python-django update, DSA-2740-1, was incorrectly built and did not include all legacy symbolic links for the jquery Javascript library. oval:org.secpod.oval:def:701425 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703009 python-django: High-level Python web development framework Details: USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory USN-2 ... oval:org.secpod.oval:def:52227 python-django: High-level Python web development framework Django applications could be made to expose sensitive information over the network. oval:org.secpod.oval:def:52298 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:704245 python-django: High-level Python web development framework Django could be used as an open redirect. oval:org.secpod.oval:def:603478 Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled. oval:org.secpod.oval:def:51099 python-django: High-level Python web development framework Django could be used as an open redirect. oval:org.secpod.oval:def:53389 Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled. oval:org.secpod.oval:def:69953 Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks. oval:org.secpod.oval:def:73430 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:72091 python-django: High-level Python web development framework Django could be made to overwrite files. oval:org.secpod.oval:def:704206 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:51660 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:602859 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Orac ... oval:org.secpod.oval:def:703557 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:602560 It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin"s add/change related popup. oval:org.secpod.oval:def:703211 python-django: High-level Python web development framework A security issue was fixed in Django. oval:org.secpod.oval:def:703337 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703286 python-django: High-level Python web development framework Django could be made to set arbitrary cookies. oval:org.secpod.oval:def:602628 Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery protections built into Django. oval:org.secpod.oval:def:51641 python-django: High-level Python web development framework Django could be made to set arbitrary cookies. oval:org.secpod.oval:def:51765 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:51604 python-django: High-level Python web development framework A security issue was fixed in Django. oval:org.secpod.oval:def:704004 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:603341 James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that m ... oval:org.secpod.oval:def:52007 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:51187 python-django: High-level Python web development framework Django could be made to expose spoofed information over the network. oval:org.secpod.oval:def:704433 python-django: High-level Python web development framework Django could be made to expose spoofed information over the network. oval:org.secpod.oval:def:53488 It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework. oval:org.secpod.oval:def:603602 It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework. oval:org.secpod.oval:def:51218 python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704493 python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:1902043 AdminURLFieldWidget XSS oval:org.secpod.oval:def:69935 Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retr ... oval:org.secpod.oval:def:89456 python-django: High-level Python web development framework Django could be made to stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:89443 python-django: High-level Python web development framework Django could be made to consume memory if it received specially crafted network traffic. oval:org.secpod.oval:def:706262 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:78170 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:80400 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:708120 python-django: High-level Python web development framework A Django hardening measure could be bypassed. oval:org.secpod.oval:def:91744 python-django: High-level Python web development framework A Django hardening measure could be bypassed. oval:org.secpod.oval:def:57440 Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS. oval:org.secpod.oval:def:69899 Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection, oval:org.secpod.oval:def:57457 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:705100 python-django: High-level Python web development framework Several security issues were fixed in Django. |