Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2024.2817.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:2817-1)
Summary:	The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2817-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2817-1 advisory. Vulnerability Insight: This update for python-Django fixes the following issues: - CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629) - CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630) - CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631) - CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632) - CVE-2022-28346: Fixed SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398) - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468) Affected Software/OS: 'python-Django' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12308 BugTraq ID: 108559 http://www.securityfocus.com/bid/108559 Bugtraq: 20190708 [SECURITY] [DSA 4476-1] python-django security update (Google Search) https://seclists.org/bugtraq/2019/Jul/10 Debian Security Information: DSA-4476 (Google Search) https://www.debian.org/security/2019/dsa-4476 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/ https://security.gentoo.org/glsa/202004-17 https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8 https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html http://www.openwall.com/lists/oss-security/2019/06/03/2 SuSE Security Announcement: openSUSE-SU-2019:1839 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html SuSE Security Announcement: openSUSE-SU-2019:1872 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html https://usn.ubuntu.com/4043-1/ Common Vulnerability Exposure (CVE) ID: CVE-2022-28346 Debian Security Information: DSA-5254 (Google Search) https://www.debian.org/security/2022/dsa-5254 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ http://www.openwall.com/lists/oss-security/2022/04/11/1 https://docs.djangoproject.com/en/4.0/releases/security/ https://groups.google.com/forum/#!forum/django-announce https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2024-41989 Common Vulnerability Exposure (CVE) ID: CVE-2024-41990 Common Vulnerability Exposure (CVE) ID: CVE-2024-41991 Common Vulnerability Exposure (CVE) ID: CVE-2024-42005
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.