Tendenci

Latest version: v15.0

Vulnerabilities (35)

CVE/PVE	Vulnerability ID	Advisory	Affected versions	Severity	Severity Score
PVE-2021-35055	35055	Tendenci 7.4.0 disables GZipMiddleware to prevent BREACH attacks and …	<7.4.0	-	-
CVE-2021-25289	40133	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	CRITICAL	9.8
CVE-2021-25290	43487	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	HIGH	7.5
CVE-2021-27921	43489	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	HIGH	7.5
CVE-2021-25293	43493	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	HIGH	7.5
CVE-2021-25292	43492	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	MEDIUM	6.5
CVE-2021-27922	43488	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	HIGH	7.5
PVE-2021-40133	43486	Tendenci 12.4.8 tightens the security check for the password change p…	<12.4.8	-	-
CVE-2021-25291	43491	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	HIGH	7.5
CVE-2021-27923	43490	Tendenci 12.4.8 updates its dependency 'Pillow' to v8.1.2 to include …	<12.4.8	HIGH	7.5
CVE-2020-11022	40826	Tendenci 12.4.13 upgrades its dependency 'jQuery' from 3.4.1 to 3.6.0…	<12.4.13	MEDIUM	6.1
CVE-2020-11023	42991	Tendenci 12.4.13 upgrades its dependency 'jQuery' from 3.4.1 to 3.6.0…	<12.4.13	MEDIUM	6.1
PVE-2021-38976	38976	Tendenci 12.3.2 updates exports to prevent potential CSV injection in…	<12.3.2	HIDDEN	X.Y
PVE-2021-38970	38970	Tendenci 12.3.1 fixes a HTML Injection vulnerability in the several p…	<12.3.1	HIDDEN	X.Y
PVE-2021-42738	42738	Tendenci 12.3.1 fixes a XSS vulnerability in the the admin backend. …	<12.3.1	HIDDEN	X.Y
CVE-2020-24583	38767	Tendenci 12.2 updates Django version to 2.2.16, which fixes two secur…	<12.2	HIGH	7.5
CVE-2020-24584	42477	Tendenci 12.2 updates Django version to 2.2.16, which fixes two secur…	<12.2	HIGH	7.5
PVE-2021-38274	38274	Tendenci 12.0.5 removes .doc and .xls from the allowed file upload ex…	<12.0.5	-	-
CVE-2020-14942	42276	Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk…	==12.0.10	CRITICAL	9.8
PVE-2021-38939	38939	Tendenci 11.4.9 handles the case in event registrations when manageme…	<11.4.9	-	-
PVE-2021-38509	38509	Tendenci 11.4.7 prevents unauthorized use of renewal URLs.	<11.4.7	-	-
CVE-2018-14040	42994	Tendenci 11.2.8 upgrades its dependency 'bootstrap' from 3.3.1 to 3.4…	<11.2.8	MEDIUM	6.1
CVE-2018-20677	42992	Tendenci 11.2.8 upgrades its dependency 'bootstrap' from 3.3.1 to 3.4…	<11.2.8	MEDIUM	6.1
CVE-2018-20676	42993	Tendenci 11.2.8 upgrades its dependency 'bootstrap' from 3.3.1 to 3.4…	<11.2.8	MEDIUM	6.1
CVE-2016-10735	42996	Tendenci 11.2.8 upgrades its dependency 'bootstrap' from 3.3.1 to 3.4…	<11.2.8	MEDIUM	6.1
CVE-2018-14042	42995	Tendenci 11.2.8 upgrades its dependency 'bootstrap' from 3.3.1 to 3.4…	<11.2.8	MEDIUM	6.1
CVE-2019-8331	37150	Tendenci 11.2.8 upgrades its dependency 'bootstrap' from 3.3.1 to 3.4…	<11.2.8	MEDIUM	6.1
PVE-2021-37350	37350	Tendenci 11.2.12 strips null bytes to avoid null byte injection attac…	<11.2.12	HIDDEN	X.Y
CVE-2019-6975	36888	Tendenci 11.1.1 updates Django version to 1.11.20 to include a securi…	<11.1.1	HIGH	7.5
CVE-2017-12794	38940	Tendenci 11.0.4 updates its requirements.txt to require django >=1.11…	<11.0.4	MEDIUM	6.1
CVE-2018-7536	49768	Tendenci 11.0.4 updates its requirements.txt to require django >=1.11…	<11.0.4	MEDIUM	5.3
CVE-2018-7537	49769	Tendenci 11.0.4 updates its requirements.txt to require django >=1.11…	<11.0.4	MEDIUM	5.3
CVE-2018-14574	49770	Tendenci 11.0.4 updates its requirements.txt to require django >=1.11…	<11.0.4	MEDIUM	6.1
CVE-2018-6188	49767	Tendenci 11.0.4 updates its requirements.txt to require django >=1.11…	<11.0.4	HIGH	7.5
PVE-2021-38510	38510	Tendenci 11.0.1 patches a security hole in payments that could potent…	<11.0.1	-	-