py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

Remote Code Execution (RCE)

sqlayamlfixtures is vulnerable to remote code execution RCE attacks. The vulnerability exists through the value of fixturetext which is supplied to yaml.load without sanitization, allowing RCE attacks...

eve-elastic (=2.6.0), eve-sqlalchemy (>=0.5.0 <=0.7.1) +1 more potentially affected by CVE-2018-8097 via eve (>=0.6.4 <=0.7.10)

eve PYPI version =0.6.4, =0.5.0, =1.0.0, =1.4.0rc2 Source cves: CVE-2018-8097 Source advisory: OSV:GHSA-8JXQ-75RW-FHJ9...

eve-elastic (=2.6.0), eve-sqlalchemy (>=0.5.0 <=0.7.1) +1 more potentially affected by CVE-2018-8097 via eve (>=0.6.4 <=0.7.10)

eve PYPI version =0.6.4, =0.5.0, =1.0.0, =1.4.0rc2 Source cves: CVE-2018-8097 Source advisory: OSV:PYSEC-2018-8...

MLAlchemy Command Execution Vulnerability

MLAlchemy is a Python based open source utility library that converts YAML/JSON to SQLAlchemy SELECT queries. A security vulnerability exists in the YAML parsing functionality of the parseyamlquery method of the arser.py file in versions of MLAlchemy prior to 0.2.2. An attacker can exploit this...

Oracle: Security Advisory (ELSA-2012-0369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

[SECURITY] Fedora 19 Update: python-elixir-0.7.1-14.fc19

Elixir is a declarative layer on top of SQLAlchemy. It is a fairly thin wrapper, which provides the ability to define model objects following the Active Record design pattern, and using a DSL syntax similar to that of the Ruby on Rails ActiveRecord system. Elixir does not intend to replace...

[SECURITY] Fedora 20 Update: python-elixir-0.7.1-14.fc20

Elixir is a declarative layer on top of SQLAlchemy. It is a fairly thin wrapper, which provides the ability to define model objects following the Active Record design pattern, and using a DSL syntax similar to that of the Ruby on Rails ActiveRecord system. Elixir does not intend to replace...

Oracle Linux 6 : python-sqlalchemy (ELSA-2012-0369)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2012-0369 advisory. 0.5.5-3 - sanitize inputs to limit and offset Resolves: CVE-2012-0805 Tenable has extracted the preceding description block directly from the Oracle Linux...

Gentoo Security Advisory GLSA 201209-16 (sqlalchemy)

The remote host is missing updates announced in advisory GLSA 201209-16. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 201209-16 (sqlalchemy)

The remote host is missing updates announced in advisory GLSA 201209-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GLSA-201209-16 : SQLAlchemy: SQL injection

The remote host is affected by the vulnerability described in GLSA-201209-16 SQLAlchemy: SQL injection SQLAlchemy does not properly sanitize input passed from the limit and offset keywords to the select function before using it in an SQL query. Impact : A remote attacker could exploit this...

SQLAlchemy: SQL injection

Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...

Mandriva Linux Security Advisory : python-sqlalchemy (MDVSA-2012:059)

It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perfor...

Mandriva Update for python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy)

Check for the Version of python-sqlalchemy OpenVAS Vulnerability Test Mandriva Update for python-sqlalchemy MDVSA-2012:059 python-sqlalchemy Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Scientific Linux Security Update : python-sqlalchemy on SL6.x (20120307)

SQLAlchemy is an Object Relational Mapper ORM that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these...