exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

CVE-2021-3281

Status Candidate

Overview

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

Related Files

Red Hat Security Advisory 2021-5070-02
Posted Dec 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5070-02 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.

tags | advisory, remote, local, vulnerability, python, file inclusion
systems | linux, redhat
advisories | CVE-2021-28658, CVE-2021-31542, CVE-2021-3281, CVE-2021-33203, CVE-2021-33571
SHA-256 | ffda29beeea0e12945c6104476712c3a616df43c26b412c9ebce4eee73c3f2a8
Ubuntu Security Notice USN-5132-1
Posted Nov 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5132-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-32810, CVE-2021-38500
SHA-256 | 6734659fb538697fc9e55a6846e5f3eac3e7dd2532f86fca4ea8f44c13787b12
Red Hat Security Advisory 2021-3841-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3841-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502
SHA-256 | d140dd7f9f644cedee174f9db631321c570cb71993aabebe6381cd1bf62d5a2c
Red Hat Security Advisory 2021-3838-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3838-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502
SHA-256 | e13df085807f4a6696c0a03687c48746ba4f3a0b4277d80a474aeebeffaf8bd6
Red Hat Security Advisory 2021-3840-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3840-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502
SHA-256 | 4758ce692a082d3ba58aa9cb273bb63485a4af02556e5136efb033f70944e8eb
Red Hat Security Advisory 2021-3839-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3839-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502
SHA-256 | df42751e3fccd0c823c188f062a5cac14fc8e08ca7e9a0ed6b006e9653e7b9f8
Red Hat Security Advisory 2021-3791-01
Posted Oct 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3791-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
SHA-256 | 0fe8deab866877fe2b931bc6a8a24826328b78f70cf86ce99c46c72739e06c06
Red Hat Security Advisory 2021-3757-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3757-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
SHA-256 | 38c10353c3be2c00f30a90bde27cd8a37e0eff559d3b8a2e81315440a0301603
Red Hat Security Advisory 2021-3755-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3755-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
SHA-256 | 183b7fa3104243a5b8c4805e9541c027d34d33a5d577e9978401ec54fcba0c21
Red Hat Security Advisory 2021-3756-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3756-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
SHA-256 | ccbdd2580dec6e85c2f4465847fb5548a68a7326e4720e5e910a0406ed7da2fb
Ubuntu Security Notice USN-5107-1
Posted Oct 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5107-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-32810, CVE-2021-38499
SHA-256 | 6d1f089cb10402fc933ad4bc4b1beab9d857e7e5775470e2594a641bc55637fe
Red Hat Security Advisory 2021-3490-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.

tags | advisory, remote, local, vulnerability, python, file inclusion
systems | linux, redhat
advisories | CVE-2021-3281, CVE-2021-33203, CVE-2021-33571
SHA-256 | 7acd802c838e14356fda2dd84f235e3bbe000e4229b9386b3483399a41ad00f5
Ubuntu Security Notice USN-5043-1
Posted Aug 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5043-1 - It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-32815, CVE-2021-37616, CVE-2021-37619, CVE-2021-37621
SHA-256 | 3ac5d046dc916ad450b4a05daee42e21ff86c2bfbdef34c36a1944a33ecff6a2
Red Hat Security Advisory 2021-0780-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0780-01 - Red Hat Ansible Tower 3.8.2-1 has a security and bug fix update. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253, CVE-2021-3281
SHA-256 | a31c39fa66b6bc6b23e3b19170fc67487d8151e576474565c044fe7a2b50c600
Red Hat Security Advisory 2021-0781-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0781-01 - Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, Automation Hub and use-case specific capabilities for Microsoft Windows, network, security, and more, along with Software-as-a-Service -based capabilities and features for organization-wide effectiveness. This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. Issues addressed include code execution, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat, windows
advisories | CVE-2020-15366, CVE-2020-7789, CVE-2021-20270, CVE-2021-3281
SHA-256 | 31eef7ec3b851813c547d30e87efc846893d2cc98b58d36edf0cac10328e2710
Ubuntu Security Notice USN-4715-2
Posted Feb 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4715-2 - USN-4715-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3281
SHA-256 | 6199f66f5209e1c50a292e4f37bada9901ce9f7db9e57739c89d1de4302b47fb
Ubuntu Security Notice USN-4715-1
Posted Feb 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4715-1 - Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3281
SHA-256 | 3c1b2ddbb607d17a935031efc630c2f408994493a1853996df23f8f92e372e62
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close