English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2025.0039
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2025-0039)
Zusammenfassung:The remote host is missing an update for the 'python-django' package(s) announced via the MGASA-2025-0039 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'python-django' package(s) announced via the MGASA-2025-0039 advisory.

Vulnerability Insight:
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before
5.0.7. urlize and urlizetrunc were subject to a potential denial of
service attack via certain inputs with a very large number of brackets.
(CVE-2024-38875)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before
4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate()
method allows remote attackers to enumerate users via a timing attack
involving login requests for users with an unusable password.
(CVE-2024-39329)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before
4.2.14. Derived classes of the django.core.files.storage.Storage base
class, when they override generate_filename() without replicating the
file-path validations from the parent class, potentially allow directory
traversal via certain inputs during a save() call. (CVE-2024-39330)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before
4.2.14. get_supported_language_variant() was subject to a potential
denial-of-service attack when used with very long strings containing
specific characters. (CVE-2024-39614)
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before
4.2.15. The floatformat template filter is subject to significant memory
consumption when given a string representation of a number in scientific
notation with a large exponent. (CVE-2024-41989)
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before
4.2.15. The urlize() and urlizetrunc() template filters are subject to a
potential denial-of-service attack via very large inputs with a specific
sequence of characters. (CVE-2024-41990)
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before
4.2.15. The urlize and urlizetrunc template filters, and the
AdminURLFieldWidget widget, are subject to a potential denial-of-service
attack via certain inputs with a very large number of Unicode
characters. (CVE-2024-41991)
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before
4.2.15. QuerySet.values() and values_list() methods on models with a
JSONField are subject to SQL injection in column aliases via a crafted
JSON object key as a passed *arg. (CVE-2024-42005)
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9,
and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters
are subject to a potential denial-of-service attack via very large
inputs with a specific sequence of characters. (CVE-2024-45230)
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The
django.contrib.auth.forms.PasswordResetForm class, when used in a view
implementing password reset flows, allows remote attackers to enumerate
user e-mail addresses by sending password reset requests and observing
the outcome (only when e-mail sending is consistently failing).
(CVE-2024-45231)
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10,
and 4.2 before 4.2.17. The strip_tags() method and striptags ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'python-django' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-38875
Common Vulnerability Exposure (CVE) ID: CVE-2024-39329
Common Vulnerability Exposure (CVE) ID: CVE-2024-39330
Common Vulnerability Exposure (CVE) ID: CVE-2024-39614
Common Vulnerability Exposure (CVE) ID: CVE-2024-41989
Common Vulnerability Exposure (CVE) ID: CVE-2024-41990
Common Vulnerability Exposure (CVE) ID: CVE-2024-41991
Common Vulnerability Exposure (CVE) ID: CVE-2024-42005
Common Vulnerability Exposure (CVE) ID: CVE-2024-45230
Common Vulnerability Exposure (CVE) ID: CVE-2024-45231
Common Vulnerability Exposure (CVE) ID: CVE-2024-53907
Common Vulnerability Exposure (CVE) ID: CVE-2024-53908
Common Vulnerability Exposure (CVE) ID: CVE-2024-56374
CopyrightCopyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.