NotCVE - vendor:"Djangoproject" product:"Django" version:"1.4"

Page 4 of 33 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2012-3442

https://notcve.org/view.php?id=CVE-2012-3442

31 Jul 2012 — The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. Las clases (1) django.http.HttpResponseRedirect y (2) django.http.HttpResponsePermanentRedirect en Django anteriores a v1.3.2 y v1.4.x anteriores a v1.4.1 no validan el esquema de un destino dredireccionado, lo que podrí... • http://www.debian.org/security/2012/dsa-2529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 1%CPEs: 29EXPL: 0

CVE-2012-3443

https://notcve.org/view.php?id=CVE-2012-3443

31 Jul 2012 — The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. La clase django.forms.ImageField en el sistema de formularios en Django anteriores a v1.3.2 y v1.4.x anteriores a v1.4.1 descomprime completamente los datos de la imagen durante la validación de la misma, lo que permite a atacantes remotos provo... • http://www.debian.org/security/2012/dsa-2529 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 1%CPEs: 29EXPL: 0

CVE-2012-3444

https://notcve.org/view.php?id=CVE-2012-3444

31 Jul 2012 — The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image. La función get_image_dimensions en la funcionalidad image-handling en Django anteriores a v1.3.2 y v1.4.x anteriores a v1.4.1 un tamaño de trozo constante en todos los intentos por determinar las dimensiones, lo q... • http://www.debian.org/security/2012/dsa-2529 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1 2 3 4