MAL-2023-1379 Malicious code in matplotlib-sqlalchemy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e95f621034f0f8a7815196be16626cb63483120da948a396c70ae3d6e0f14b9 The OpenSSF Package Analysis project identified 'matplotlib-sqlalchemy' @ 16.18.4 pypi as malicious. It is considered malicious because: - The...

Malicious code in sqlalchemy-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3ce12486a1a8196d6697337e961e7b9410b2fbd2b426fb7fe0005a6a08db2255 The OpenSSF Package Analysis project identified 'sqlalchemy-install' @ 10.9.4 pypi as malicious. It is considered malicious because: - The packa...

MAL-2023-1413 Malicious code in sqlalchemy-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3ce12486a1a8196d6697337e961e7b9410b2fbd2b426fb7fe0005a6a08db2255 The OpenSSF Package Analysis project identified 'sqlalchemy-install' @ 10.9.4 pypi as malicious. It is considered malicious because: - The packa...

The vulnerability of the Sqlalchemy mako Python template library, related to an incorrect regular expression, allows attackers to cause service interruptions.

The vulnerability of the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploiting this vulnerability allows a malicious actor to deliver specially crafted data to the application and execute a...

Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2023-1745)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : python-mako (EulerOS-SA-2023-1745)

According to the versions of the python-mako package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This...

ROS-20230428-02

A vulnerability in the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted data to an application and perform ...

FreeBSD : py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities (d2293e22-4390-42c2-a323-34cca2066000)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2293e22-4390-42c2-a323-34cca2066000 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby...

FreeBSD : py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities (8ccff771-ceca-43a0-85ad-3e595e73b425)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8ccff771-ceca-43a0-85ad-3e595e73b425 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby...

CBL Mariner 2.0 Security Update: python-mako (CVE-2022-40023)

The version of python-mako installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-40023 advisory. - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer...

Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2023-1514)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python-mako (EulerOS-SA-2023-1514)

According to the versions of the python-mako package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects...

SUSE CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

SUSE CVE-2019-7164

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...

SUSE CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

SUSE CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

PT-2023-14020 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the...

Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset versions 1.5.2 and earlier and 2.0.0 have a SQL injection vulnerability that stems from a problem with the SQL Alchemy connector, which allows an authenticated user with read acce...

Ubuntu 22.10 : Mako vulnerability (USN-5625-2)

The remote Ubuntu 22.10 host has a package installed that is affected by a vulnerability as referenced in the USN-5625-2 advisory. USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding update for Ubuntu 22.10. Tenable has extracted the preceding description block direct...

SUSE SLED15 / SLES15 Security Update : python-Mako (SUSE-SU-2022:3979-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3979-1 advisory. - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to pars...