Search CVE reports
241 – 250 of 31991 results
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake...
1 affected package
fastdds
| Package | 24.04 LTS |
|---|---|
| fastdds | Needs evaluation |
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage...
1 affected package
fastdds
| Package | 24.04 LTS |
|---|---|
| fastdds | Needs evaluation |
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage...
1 affected package
fastdds
| Package | 24.04 LTS |
|---|---|
| fastdds | Needs evaluation |
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage...
1 affected package
fastdds
| Package | 24.04 LTS |
|---|---|
| fastdds | Needs evaluation |
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to...
1 affected package
pdfminer
| Package | 24.04 LTS |
|---|---|
| pdfminer | Needs evaluation |
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage...
1 affected package
fastdds
| Package | 24.04 LTS |
|---|---|
| fastdds | Needs evaluation |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html`...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier,...
1 affected package
python-django
| Package | 24.04 LTS |
|---|---|
| python-django | Fixed |