Количество 43
Количество 43
RLSA-2019:0981
Important: python27:2.7 security update
ELSA-2019-0981
ELSA-2019-0981: python27:2.7 security update (IMPORTANT)
openSUSE-SU-2019:2064-1
Security update for python-SQLAlchemy
openSUSE-SU-2019:2039-1
Security update for python-SQLAlchemy
SUSE-SU-2019:2253-2
Security update for python-SQLAlchemy
SUSE-SU-2019:2253-1
Security update for python-SQLAlchemy
RLSA-2019:0984
Moderate: python36:3.6 security update
ELSA-2019-0984
ELSA-2019-0984: python36:3.6 security update (MODERATE)
CVE-2019-7164
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-7164
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-7164
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-7164
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injecti ...
GHSA-887w-45rq-vxgf
SQLAlchemy vulnerable to SQL Injection via order_by parameter
BDU:2021-00766
Уязвимость библиотеки для работы с реляционными СУБД SQLAlchemy, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2019:0981 Important: python27:2.7 security update | около 6 лет назад | ||
| ELSA-2019-0981 ELSA-2019-0981: python27:2.7 security update (IMPORTANT) | почти 6 лет назад | ||
 | openSUSE-SU-2019:2064-1 Security update for python-SQLAlchemy | почти 6 лет назад | ||
| openSUSE-SU-2019:2039-1 Security update for python-SQLAlchemy | почти 6 лет назад | ||
| SUSE-SU-2019:2253-2 Security update for python-SQLAlchemy | больше 5 лет назад | ||
| SUSE-SU-2019:2253-1 Security update for python-SQLAlchemy | почти 6 лет назад | ||
| RLSA-2019:0984 Moderate: python36:3.6 security update | около 6 лет назад | ||
| ELSA-2019-0984 ELSA-2019-0984: python36:3.6 security update (MODERATE) | почти 6 лет назад | ||
 | CVE-2019-7164 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
 | CVE-2019-7164 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | CVSS3: 7.3 | 2% Низкий | больше 6 лет назад |
 | CVE-2019-7164 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
| CVE-2019-7164 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injecti ... | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
| GHSA-887w-45rq-vxgf SQLAlchemy vulnerable to SQL Injection via order_by parameter | CVSS3: 9.8 | 2% Низкий | около 6 лет назад |
 | BDU:2021-00766 Уязвимость библиотеки для работы с реляционными СУБД SQLAlchemy, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 2% Низкий | больше 6 лет назад |
| CVE-2019-7548 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | CVSS3: 7.8 | 1% Низкий | больше 6 лет назад |
| CVE-2019-7548 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | CVSS3: 7.3 | 1% Низкий | больше 6 лет назад |
| CVE-2019-7548 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | CVSS3: 7.8 | 1% Низкий | больше 6 лет назад |
| CVE-2019-7548 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ... | CVSS3: 7.8 | 1% Низкий | больше 6 лет назад |
| CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | CVSS3: 9.8 | 6% Низкий | больше 6 лет назад |
| CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | CVSS3: 9.8 | 6% Низкий | больше 6 лет назад |
Уязвимостей на страницу