ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2024.2817.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:2817-1)
Resumen:	The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2817-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2817-1 advisory. Vulnerability Insight: This update for python-Django fixes the following issues: - CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629) - CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630) - CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631) - CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632) - CVE-2022-28346: Fixed SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398) - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468) Affected Software/OS: 'python-Django' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12308 BugTraq ID: 108559 http://www.securityfocus.com/bid/108559 Bugtraq: 20190708 [SECURITY] [DSA 4476-1] python-django security update (Google Search) https://seclists.org/bugtraq/2019/Jul/10 Debian Security Information: DSA-4476 (Google Search) https://www.debian.org/security/2019/dsa-4476 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/ https://security.gentoo.org/glsa/202004-17 https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8 https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html http://www.openwall.com/lists/oss-security/2019/06/03/2 SuSE Security Announcement: openSUSE-SU-2019:1839 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html SuSE Security Announcement: openSUSE-SU-2019:1872 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html https://usn.ubuntu.com/4043-1/ Common Vulnerability Exposure (CVE) ID: CVE-2022-28346 Debian Security Information: DSA-5254 (Google Search) https://www.debian.org/security/2022/dsa-5254 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ http://www.openwall.com/lists/oss-security/2022/04/11/1 https://docs.djangoproject.com/en/4.0/releases/security/ https://groups.google.com/forum/#!forum/django-announce https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2024-41989 Common Vulnerability Exposure (CVE) ID: CVE-2024-41990 Common Vulnerability Exposure (CVE) ID: CVE-2024-41991 Common Vulnerability Exposure (CVE) ID: CVE-2024-42005
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.