Access Control Bypass

Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to Access Control Bypass via multiple protocols. An attacker can take over t...

afw (>=0.0.6 <=0.0.21), akasha-plus (>=0.3.0 <=0.3.17) +16 more potentially affected by CVE-2024-21272 via mysql-connector-python (=9.0.0)

mysql-connector-python PYPI version =9.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mysql-connector-python and may be impacted: - afw =0.0.6, =0.3.0, =1.0.6, =0.2.1, =0.1.0, =0.8.0, =0.6.6, =1.0.0, =0.2.19, =0.1.0, =0.0.1, =0.0.2, =0.0.5 and mor...

Malicious code in postgresql-connector-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87f55ac62324b5fc631b711e125f897d8ae10d06a9d80173463d9a5fa1915302 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

UBUNTU-CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

CVE-2024-21170

CVE-2024-21170 affects Oracle MySQL Connectors, specifically the Connector/Python component. Affected versions are 8.4.0 and prior. Root cause is not detailed in the provided documents beyond the connector being vulnerable; the vulnerability is exploitable over network via multiple protocols and ...

OPENSUSE-SU-2024:14149-1 python310-mysql-connector-python-8.2.0-1.5 on GA media

These are all security issues fixed in the python310-mysql-connector-python-8.2.0-1.5 package on the GA media of openSUSE Tumbleweed...

CVE-2024-21090

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successf...

UBUNTU-CVE-2024-21090

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successf...

PT-2023-9595 · Mysql Server · Mysql Connectors

Name of the Vulnerable Software and Affected Versions: MySQL Connectors versions 9.0.0 and prior Description: The issue is related to a lack of authentication for a critical function in the Connector/Python component of MySQL Connectors, allowing a low-privileged attacker with network access via...

aigc-evals (>=0.0.2 <=0.0.3), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +103 more potentially affected by CVE-2023-34233 via snowflake-connector-python (>=1.7.11 <=3.0.0)

snowflake-connector-python PYPI version =1.7.11, =0.0.2, =2.4.0, =0.0.4, =0.1.0, =1.13.21, =20230717.1.0, =0.5.83, =0.1.0, =0.4.0, =0.5.1, =1.0.5, =1.0.6 - dataligo =0.6.1 and more Source cves: CVE-2023-34233 Source advisory: OSV:GHSA-5W5M-PFW9-C8FP...

CVE-2023-34233

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

Snowflake snowflake-connector-python 命令注入漏洞

Snowflake snowflake-connector-python is Snowflake's Snowflake connector for Python, which conforms to the Python DB API 2.0 specification. A command injection vulnerability exists in Snowflake snowflake-connector-python versions prior to 3.0.2. An attacker could exploit this vulnerability to caus...

SUSE CVE-2016-5598

Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python...

SUSE CVE-2019-2435

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...

snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the getfiletransfertype method...

GHSA-4R6J-FWCX-94CF snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the getfiletransfertype method...

Regular Expression Denial Of Service (ReDoS)

snowflake-connector-python is vulnerable to regular expression denial of service. The vulnerability is due to the getfiletransfertype function in cursor.py which does not properly validate the SQL queries, allowing an attacker to crash the application by providing a malicious input...