A Bootiful Podcast: 'Just Use Postgres!' author Denis Magda

Hi, Spring fans! In this installment we talk to Java and distributed database ninja Denis Magda about his new book, "Just Use Postgres!", which looks at how to wield Postgres for a variety of use cases that an application developer should know...

CVE-2020-4062

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...

BIT-SUPERSET-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

This Week in Spring - February 11th, 2025

Hi, Spring fans! It's almost Valentine's day, and let me just say: I love the Spring community! It's such an exciting and interesting place to be. Thank you everyone for all that you do. I'm busy preparing for ConFoo, in Montreal, Canada, and for Devnexus, in Atlanta, Georgia. If you're around be...

MAL-2025-1198 Malicious code in worker-template-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06ee62f6404cbc2ab384a294313e49c9685b3f7a3251a4c9b86dd1d8e90dfb05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in worker-template-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06ee62f6404cbc2ab384a294313e49c9685b3f7a3251a4c9b86dd1d8e90dfb05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BIT-PHP-MIN-2022-31625 Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-55633

CVE-2024-55633 is an Improper Authorization vulnerability in Apache Superset. An attacker with SQLLab access to a PostgreSQL analytic database can craft a SQL DML statement that is incorrectly identified as a read-only query, allowing its execution. The issue does not affect non-PostgreSQL analyt...

PT-2024-9601 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.0 Description: The issue is related to improper authorization in Apache Superset, specifically affecting Postgres analytic databases. An attacker with access to SQLLab can craft a specially designed SQL D...

SQL Injection

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to SQL Injection due to improper handling of certain PostgreSQL functions in the SQL parsing and authorization process. An attacker can execute unauthoriz...

The vulnerability of the PostgreSQL database extension Ash Postgres lies in the Ash Framework, which allows a hacker to execute arbitrary code.

The vulnerability of the extension for using the PostgreSQL database, Ash Postgres framework, is related to the use of files and directories accessible to external parties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by replacing the installation files...

postgresql:15 security update

pgaudit pgrepack postgres-decoderbufs postgresql 15.10-1 - Update to 15.10 - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979...

postgresql:16 security update

pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1 postgres-decoderbufs 2.4.0-1.Final - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql 16.6-1 - Update to 16.6 - Fixes:...

postgresql:16 security update

pgaudit pgrepack 1.5.1-1 - Update to v1.5.1 pgvector 0.6.2-1 - Initial packaging postgres-decoderbufs postgresql 16.6-1 - Update to 16.6 - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979 16.4-2 - Fix build on 16.4 16.4-1 - Update to 16.4 16.1-3 - Remove /var/run/postgresql - Related: RHEL-512...

io.github.openfeign.querydsl:querydsl-jpa-codegen (>=5.0.1 <=5.6), io.github.zzagtung:querydsl-jpa-postgres-json (=0.1.1) potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-jpa (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-jpa MAVEN version =5.0.1, =5.0.1, =5.6 - io.github.zzagtung:querydsl-jpa-postgres-json =0.1.1 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

15 bug fix and enhancement update

An update is available for pgaudit, module.pgaudit, module.postgres-decoderbufs, postgres-decoderbufs, pgrepack, module.pgrepack. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director versions prior to 22.1.4, which stems from a generic password in the default...