Alibaba Cloud Linux 3 : 0057: python-mako (ALINUX3-SA-2023:0057)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-40023: Sqlalchemy mako before 1.2.2 is...

Linux Distros Unpatched Vulnerability : CVE-2019-7164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. CVE-2019-7164 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2019-7548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled. CVE-2019-7548 Note that Nessus relies on the presence of the package as report...

Insufficient Type Distinction

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. An attacker can access unauthorized data by queryin...

Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...

GHSA-5XH2-23CC-5JC6 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...

PT-2025-4385 · Unknown +2 · Sqlalchemy +3

Name of the Vulnerable Software and Affected Versions: Strawberry GraphQL versions 0.182.0 through 0.257.0 Description: A type confusion vulnerability exists in Strawberry GraphQL's relay integration, affecting multiple ORM integrations, including Django, SQLAlchemy, and Pydantic. This issue occu...

RHSA-2012:0369 Red Hat Security Advisory: python-sqlalchemy security update

Bulletin has no description...

OPENSUSE-SU-2024:11211-1 python-SQLAlchemy-doc-1.4.22-1.2 on GA media

These are all security issues fixed in the python-SQLAlchemy-doc-1.4.22-1.2 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : calamari-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the orderby parameter can be controlled CVE-2019-7164 Note that Nessus has no...

RHEL 7 : python-sqlalchemy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the groupby parameter can be controlled CVE-2019-7548 Note that Nessus has no...

RHEL 6 : python-sqlalchemy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-sqlalchemy: SQL Injection when the groupby parameter can be controlled CVE-2019-7548 Note that Nessus has no...

Partial Password Leakage

ethyca-fides is vulnerable to Partial Password Leakage. The vulnerability is due to improper sanitization/redaction of the SQLAlchemy password string in error logs, which partially exposes the database password when special characters are used inside the password...

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715

CVE-2024-34715 affects the Fides webserver, where an improper escaping of the SQLAlchemy password string can cause the database password to be partially exposed in webserver logs when the password contains characters like @ or $. This is due to insufficient escaping of the password in the connect...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

GHSA-8CM5-JFJ2-26Q7 Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

PT-2024-26129 · Unknown +1 · Sqlalchemy +2

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.37.0 Description: The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes...