Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 2.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-23599
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the ...
Plone Plone
7.8
CVSSv3
CVE-2021-31997
A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local malicious users to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and ...
Opensuse Python-postorius
6.5
CVSSv3
CVE-2019-19118
Django 2.1 prior to 2.1.15 and 2.2 prior to 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, al...
Djangoproject Django
Fedoraproject Fedora 31
3 Github repositories
9.8
CVSSv3
CVE-2019-14234
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, w...
Djangoproject Django
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
7.5
CVSSv3
CVE-2019-14232
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic back...
Djangoproject Django
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-14233
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete H...
Djangoproject Django
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-14235
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Djangoproject Django
Opensuse Leap 15.1
5.3
CVSSv3
CVE-2019-12781
An issue exists in Django 1.11 prior to 1.11.22, 2.1 prior to 2.1.10, and 2.2 prior to 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django....
Djangoproject Django
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
6.1
CVSSv3
CVE-2019-12308
An issue exists in Django 1.11 prior to 1.11.21, 2.1 prior to 2.1.9, and 2.2 prior to 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or...
Djangoproject Django
7.5
CVSSv3
CVE-2019-6975
Django 1.11.x prior to 1.11.19, 2.0.x prior to 2.0.11, and 2.1.x prior to 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
Djangoproject Django
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Fedoraproject Fedora 28
Fedoraproject Fedora 29
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »