RHEL 6 : python-sqlalchemy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the orderby parameter can be controlled CVE-2019-7164 - SQLAlchemy...

EulerOS 2.0 SP8 : python-mako (EulerOS-SA-2024-1294)

According to the versions of the python-mako packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects...

Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2024-1294)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-20579 · Unknown · Sqlalchemyda

Name of the Vulnerable Software and Affected Versions: SQLAlchemyDA versions prior to 2.2 Description: A vulnerability in SQLAlchemyDA allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem...

NewStart CGSL MAIN 6.06 : PyYAML Multiple Vulnerabilities (NS-SA-2023-0139)

The remote NewStart CGSL host, running version MAIN 6.06, has PyYAML packages installed that are affected by multiple vulnerabilities: - In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the...

NewStart CGSL MAIN 6.06 : python-lxml Multiple Vulnerabilities (NS-SA-2023-0136)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The urllib3...

couchbase-mcp-server (>=0.3.1rc2 <=0.5.0), couchbase-sqlalchemy (=1.0.3) +4 more potentially affected by CVE-2023-45875 via couchbase (>=4.1.8 <=4.5.0)

couchbase PYPI version =4.1.8, =0.3.1rc2, =0.2.2.dev0, =1.0.2 - pyxi-azdo-analytics =0.0.1 - pyxi-couchbase-client =0.0.10 Source cves: CVE-2023-45875 Source advisory: OSV:PYSEC-2023-235...

Rocky Linux 8 : python27:2.7 (RLSA-2019:0981)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:0981 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. CVE-2019-7164 - SQLAlchemy 1.2.17 has SQL Injectio...

Rocky Linux 8 : python36:3.6 (RLSA-2019:0984)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:0984 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. CVE-2019-7164 - SQLAlchemy 1.2.17 has SQL Injectio...

Amazon Linux 2 : python-mako (ALAS-2023-2164)

The version of python-mako installed on the remote host is prior to 0.8.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2164 advisory. Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This al...

EulerOS Virtualization 3.0.6.6 : python-mako (EulerOS-SA-2023-2416)

According to the versions of the python-mako package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This...

Medium: python-mako

Issue Overview: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. CVE-2022-40023 Affected Packages: python-mako Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Malicious code in sqlalchemy-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0e9079084215abb63a9468cc5ba89b5275afec40b081f77e9518498eb56a0c30 The OpenSSF Package Analysis project identified 'sqlalchemy-os' @ 14.0.10 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1414 Malicious code in sqlalchemy-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0e9079084215abb63a9468cc5ba89b5275afec40b081f77e9518498eb56a0c30 The OpenSSF Package Analysis project identified 'sqlalchemy-os' @ 14.0.10 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1415 Malicious code in sqlalchemy-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis be7d898e9281f3e8f393a19f3b1e4eece53fe128076fb65cc38c73116fc8de64 The OpenSSF Package Analysis project identified 'sqlalchemy-requests' @ 7.1.1 pypi as malicious. It is considered malicious because: - The packa...

Malicious code in sqlalchemy-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis be7d898e9281f3e8f393a19f3b1e4eece53fe128076fb65cc38c73116fc8de64 The OpenSSF Package Analysis project identified 'sqlalchemy-requests' @ 7.1.1 pypi as malicious. It is considered malicious because: - The packa...

Malicious code in matplotlib-sqlalchemy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e95f621034f0f8a7815196be16626cb63483120da948a396c70ae3d6e0f14b9 The OpenSSF Package Analysis project identified 'matplotlib-sqlalchemy' @ 16.18.4 pypi as malicious. It is considered malicious because: - The...

MAL-2023-1379 Malicious code in matplotlib-sqlalchemy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e95f621034f0f8a7815196be16626cb63483120da948a396c70ae3d6e0f14b9 The OpenSSF Package Analysis project identified 'matplotlib-sqlalchemy' @ 16.18.4 pypi as malicious. It is considered malicious because: - The...

MAL-2023-1413 Malicious code in sqlalchemy-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3ce12486a1a8196d6697337e961e7b9410b2fbd2b426fb7fe0005a6a08db2255 The OpenSSF Package Analysis project identified 'sqlalchemy-install' @ 10.9.4 pypi as malicious. It is considered malicious because: - The packa...

Malicious code in sqlalchemy-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3ce12486a1a8196d6697337e961e7b9410b2fbd2b426fb7fe0005a6a08db2255 The OpenSSF Package Analysis project identified 'sqlalchemy-install' @ 10.9.4 pypi as malicious. It is considered malicious because: - The packa...