Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2023-1745)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : python-mako (EulerOS-SA-2023-1745)

According to the versions of the python-mako package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This...

ROS-20230428-02

A vulnerability in the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted data to an application and perform ...

FreeBSD : py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities (8ccff771-ceca-43a0-85ad-3e595e73b425)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8ccff771-ceca-43a0-85ad-3e595e73b425 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby...

FreeBSD : py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities (d2293e22-4390-42c2-a323-34cca2066000)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2293e22-4390-42c2-a323-34cca2066000 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby...

CBL Mariner 2.0 Security Update: python-mako (CVE-2022-40023)

The version of python-mako installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-40023 advisory. - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer...

Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2023-1514)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python-mako (EulerOS-SA-2023-1514)

According to the versions of the python-mako package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects...

SUSE CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

SUSE CVE-2019-7164

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...

SUSE CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

SUSE CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset versions 1.5.2 and earlier and 2.0.0 have a SQL injection vulnerability that stems from a problem with the SQL Alchemy connector, which allows an authenticated user with read acce...

PT-2023-14020 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the...

Ubuntu 22.10 : Mako vulnerability (USN-5625-2)

The remote Ubuntu 22.10 host has a package installed that is affected by a vulnerability as referenced in the USN-5625-2 advisory. USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding update for Ubuntu 22.10. Tenable has extracted the preceding description block direct...

SUSE SLED15 / SLES15 Security Update : python-Mako (SUSE-SU-2022:3979-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3979-1 advisory. - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to pars...

python-sqlalchemy bug fix and enhancement update

An update is available for python-sqlalchemy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Debian dla-3116 : python-mako - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3116 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3116-1 [email protected] https://www.debian.org/lts/security/...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Mako vulnerability (USN-5625-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5625-1 advisory. It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to caus...

GHSA-V973-FXGF-6XHP mako is vulnerable to Regular Expression Denial of Service

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...