- Home
- CVEs with nessus.description==This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed :
- CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305)
- CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters (bsc#1083304).
- CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374).
- CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade (bsc#968000).
- CVE-2016-2512: Fixed malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth (bsc#967999).
- CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050).
- CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047).
- CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451).
- CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450).
- CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top