Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

71 – 80 of 132 results


CVE-2016-6186

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed
Show less packages

CVE-2016-2513

Medium priority
Fixed

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2016-2512

Medium priority
Fixed

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS)...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2016-2048

Medium priority
Not affected

Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2015-8213

Medium priority
Fixed

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2015-5964

Medium priority
Fixed

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances,...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2015-5963

Medium priority
Fixed

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2015-5145

Medium priority
Not affected

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2015-5144

Medium priority
Fixed

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages

CVE-2015-5143

Medium priority
Fixed

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django
Show less packages