| Max CVSS | 6.4 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-1665 | 5.0 |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction wi
|
15-05-2013 - 03:35 | 03-04-2013 - 00:55 | |
| CVE-2013-1664 | 5.0 |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of s
|
15-05-2013 - 03:35 | 03-04-2013 - 00:55 | |
| CVE-2013-0306 | 5.0 |
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors
|
15-05-2013 - 03:34 | 02-05-2013 - 14:55 | |
| CVE-2013-0305 | 4.0 |
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history in
|
15-05-2013 - 03:34 | 02-05-2013 - 14:55 | |
| CVE-2012-4520 | 6.4 |
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
|
04-05-2013 - 03:20 | 18-11-2012 - 23:55 |