| Max CVSS | 6.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-0483 | 3.5 |
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated use
|
30-10-2018 - 16:27 | 26-08-2014 - 14:55 | |
| CVE-2014-0480 | 5.8 |
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slas
|
30-10-2018 - 16:27 | 26-08-2014 - 14:55 | |
| CVE-2014-0482 | 6.0 |
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticat
|
30-10-2018 - 16:27 | 26-08-2014 - 14:55 | |
| CVE-2014-0481 | 4.3 |
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is up
|
30-10-2018 - 16:27 | 26-08-2014 - 14:55 |