USN-7136-1: Django vulnerabilities

Read Time:22 Second

jiangniao discovered that Django incorrectly handled the API to strip tags.
A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service. (CVE-2024-53907)

Seokchan Yoon discovered that Django incorrectly handled HasKey lookups
when using Oracle. A remote attacker could possibly use this issue to
inject arbitrary SQL code. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2024-53908)

Stored XSS with Filter Bypass – blogenginev3.3.8

Posted by Andrey Stoykov on Dec 18 # Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024...

December 19, 2024

[SYSS-2024-085]: Broadcom CA Client Automation – Improper Privilege Management (CWE-269)

Posted by Matthias Deeg via Fulldisclosure on Dec 18 Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom...

December 19, 2024

webkitgtk-2.46.5-1.fc40

FEDORA-2024-03a1955920 Packages in this update: webkitgtk-2.46.5-1.fc40 Update description: Update to 2.46.5: Fix several crashes and rendering issues. CVE-2024-54479, CVE-2024-54502, CVE-2024-54508,...

December 19, 2024

webkitgtk-2.46.5-1.fc41

FEDORA-2024-32bc143584 Packages in this update: webkitgtk-2.46.5-1.fc41 Update description: Update to 2.46.5: Fix several crashes and rendering issues. CVE-2024-54479, CVE-2024-54502, CVE-2024-54508,...

December 19, 2024