VulnerableCode Package Details - pkg:rpm/redhat/Django14@1.4.4-1?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-8yfq-hpqh-zqcp Aliases: CVE-2013-1665 GHSA-x64m-686f-fmm3	XML External Entity (XXE) in Django The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.	There are no reported fixed by versions.
VCID-cnnp-j1tv-7uhu Aliases: CVE-2013-0306 GHSA-g8xg-jgj6-49r3 PYSEC-2013-17	The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.	There are no reported fixed by versions.
VCID-t3um-xpzf-23eg Aliases: CVE-2013-0305 GHSA-r7w6-p47g-vj53 PYSEC-2013-16	The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.	There are no reported fixed by versions.
VCID-t88t-p8tx-cfcu Aliases: CVE-2013-1664 GHSA-qrh7-x6fp-c2mp	Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-8yfq-hpqh-zqcp
Aliases:
CVE-2013-1665
GHSA-x64m-686f-fmm3

XML External Entity (XXE) in Django The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

There are no reported fixed by versions.

VCID-cnnp-j1tv-7uhu
Aliases:
CVE-2013-0306
GHSA-g8xg-jgj6-49r3
PYSEC-2013-17

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

There are no reported fixed by versions.

VCID-t3um-xpzf-23eg
Aliases:
CVE-2013-0305
GHSA-r7w6-p47g-vj53
PYSEC-2013-16

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

There are no reported fixed by versions.

VCID-t88t-p8tx-cfcu
Aliases:
CVE-2013-1664
GHSA-qrh7-x6fp-c2mp

Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:52:18.466659+00:00	RedHat Importer	Affected by	VCID-t88t-p8tx-cfcu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json	38.0.0
2026-04-01T14:52:18.412534+00:00	RedHat Importer	Affected by	VCID-cnnp-j1tv-7uhu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0306.json	38.0.0
2026-04-01T14:52:18.392095+00:00	RedHat Importer	Affected by	VCID-t3um-xpzf-23eg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0305.json	38.0.0
2026-04-01T14:52:17.666078+00:00	RedHat Importer	Affected by	VCID-8yfq-hpqh-zqcp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json	38.0.0