SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2024:2266-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2266-1 advisory. PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsex...

SUSE-SU-2024:2266-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SQL Injection

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309

Parse Server (Node.js) prior to versions 6.5.7 and 7.1.0 is vulnerable to SQL injection when configured with PostgreSQL. The issue stems from how user input is handled in the PostgreSQL path, and the detection algorithm was improved in 6.5.7 and 7.1.0. Remediation is to upgrade to the fixed relea...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

GHSA-C2HR-CQG6-8J6R ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

Parse Server Security Vulnerability

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 6.5.7 and 7.1.0 that stems from vulnerability to SQL injection attacks when configured to use a...

PT-2024-28434 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.7 Parse Server versions prior to 7.1.0 Description: A vulnerability in Parse Server allows SQL injection when configured to use the PostgreSQL database. This issue enables remote attackers to bypass...

pgx SQL Injection via Protocol Message Size Overflow

...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

SQL Injection

silverstripe/postgresql is vulnerable to SQL injection. The vulnerability is due to the inadequate handling of table names in the silverstripe/postgresql database adapter, which allows malicious SQL injection attacks if table names are not properly escaped or sanitized...

ROS-20240626-14

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

Malicious code in belong_plugin-rds-pgsql-log (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in activerecord_postgresql-expression (RubyGems)

--- -= Per source details. Do not edit below this line.=-...