Search CVE reports
11 – 20 of 47057 results
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to...
1 affected package
pdfminer
| Package | 16.04 LTS |
|---|---|
| pdfminer | Needs evaluation |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Ignored |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html`...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier,...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Not affected |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier,...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Not affected |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Fixed |
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity...
1 affected package
moodle
| Package | 16.04 LTS |
|---|---|
| moodle | Needs evaluation |
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users...
1 affected package
moodle
| Package | 16.04 LTS |
|---|---|
| moodle | Needs evaluation |
A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing...
1 affected package
moodle
| Package | 16.04 LTS |
|---|---|
| moodle | Needs evaluation |