Filtered by vendor Redhat Subscriptions
Filtered by product Rhui Subscriptions
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-23969 3 Debian, Djangoproject, Redhat 5 Debian Linux, Django, Rhui and 2 more 2024-11-21 7.5 High
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
CVE-2022-41323 2 Djangoproject, Redhat 4 Django, Rhui, Satellite and 1 more 2024-11-21 7.5 High
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
CVE-2022-40899 2 Pythoncharmers, Redhat 4 Python-future, Rhui, Satellite and 1 more 2024-11-21 7.5 High
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
CVE-2022-34265 2 Djangoproject, Redhat 4 Django, Rhui, Satellite and 1 more 2024-11-21 9.8 Critical
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
CVE-2022-28347 3 Debian, Djangoproject, Redhat 6 Debian Linux, Django, Ansible Automation Platform and 3 more 2024-11-21 9.8 Critical
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
CVE-2022-28346 3 Debian, Djangoproject, Redhat 7 Debian Linux, Django, Ansible Automation Platform and 4 more 2024-11-21 9.8 Critical
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
CVE-2021-44420 5 Canonical, Debian, Djangoproject and 2 more 7 Ubuntu Linux, Debian Linux, Django and 4 more 2024-11-21 7.3 High
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
CVE-2018-10917 2 Pulpproject, Redhat 4 Pulp, Rhui, Satellite and 1 more 2024-11-21 N/A
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
CVE-2012-4574 2 Cloudforms Tools, Redhat 3 1, Cloudforms, Rhui 2024-11-21 N/A
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.