CentOS 7 : python-flask (RHSA-2023:3525)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3525 advisory. - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be...

RHSA-2020:0870 Red Hat Security Advisory: python-flask security update

Bulletin has no description...

RHSA-2023:3440 Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-flask) security update

Bulletin has no description...

RHSA-2023:3444 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-flask) security update

Bulletin has no description...

RHSA-2023:3525 Red Hat Security Advisory: python-flask security update

Bulletin has no description...

Fedora: Security Advisory (FEDORA-2023-ebc3be7db1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

Real POC published https://github.com/ynwarcs/CVE-2024-38063 and...

GHSA-MWXM-35F8-6VG2 Vanna vulnerable to SQL Injection

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

Vanna vulnerable to SQL Injection

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

CVE-2024-5753

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

Vanna Information Disclosure Vulnerability

Vanna is a personalized AI SQL agent from Vanna. An information disclosure vulnerability exists in v0.3.4 of vanna, which stems from the vulnerability of certain file-related functions to SQL injection attacks. An unauthenticated, remote attacker exploiting this vulnerability could read arbitrary...

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-flask) (RHSA-2023:3444)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3444 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation...

openSUSE: Security Advisory for python (SUSE-SU-2023:2263-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-f34963bef8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : python-flask (2023-ebc3be7db1)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ebc3be7db1 advisory. Automatic update for python-flask-2.2.5-1.fc39. Changelog Tue May 9 2023 Frantisek Zatloukal - 2.2.5-1 - Update to 2.2.5 fixes RHBZ2196644 Tenable has...

Oracle Linux 8 : python-flask (ELSA-2023-12710)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12710 advisory. - Fix for CVE-2023-30861 Orabug: 35662469 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...