- Home
- CVEs with nessus.description==Python Django was updated to fix security issues and bugs.
Update to version 1.4.15 on openSUSE 12.3 :
Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480)
Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481)
Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482)
Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483)
Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418)
Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730)
Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474)
Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473)
Fixed a remote code execution vulnerability in URL reversing (bnc#874950, CVE-2014-0472)
Update to version 1.5.10 on openSUSE 13.1 :
Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480)
Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481)
Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482)
Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483)
- Update to version 1.5.8 :
Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418)
Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730)
Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474)
Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473)
Fixed a remote code execution vulnerability in URL reversing (bnc#874950, CVE-2014-0472)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top