PT-2026-24433

Name of the Vulnerable Software and Affected Versions Sequelize versions prior to 6.37.8 Description Sequelize, a Node.js ORM tool, contains a SQL injection flaw due to unescaped cast type handling within JSON/JSONB where clause processing. The traverseJSON function splits JSON path keys using ':...

MAL-2025-12130 Malicious code in @zalastax/nolb-jsonb (npm)

The package @zalastax/nolb-jsonb was found to contain malicious code...

Malicious code in @zalastax/nolb-jsonb (npm)

The package @zalastax/nolb-jsonb was found to contain malicious code...

ai.timefold.solver:timefold-solver-quarkus-jsonb (>=0.9.38 <=1.2.0), ai.timefold.solver:timefold-solver-quarkus-jsonb-deployment (>=0.9.38 <=1.2.0) +2527 more potentially affected by CVE-2023-7272 via org.eclipse.parsson:parsson (>=1.1.0 <=1.1.2)

org.eclipse.parsson:parsson MAVEN version =1.1.0, =0.9.38, =0.9.38, =0.9.38, =22.12.0, =22.11.0, =22.9.0, =24.7.0, =22.5.0, =22.10.0, =22.11.0, =24.7.0 and more Source cves: CVE-2023-7272 Source advisory: OSV:GHSA-2RWM-XV5J-777P...

SUSE CVE-2015-5289

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service server crash via unspecified vectors, which are not properly handled in 1 json or 2 jsonb values...

The vulnerability of the json_populate_recordset and jsonb_populate_recordset functions in the PostgreSQL database management system allows a hacker to cause a service failure or gain unauthorized access to protected information.

The vulnerability of the jsonpopulaterecordset and jsonbpopulaterecordset functions in the PostgreSQL database management system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to...

postgresql: Memory disclosure in JSON functions

Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...

UBUNTU-CVE-2017-15098

Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...

openSUSE Security Update : postgresql94 (openSUSE-2016-271)

This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun...

postgresql: stack overflow DoS when parsing json or jsonb inputs

A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input...

Updated postgresql packages fix security vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...

CVE-2015-5289

CVE-2015-5289 covers multiple stack-based buffer overflows in PostgreSQL’s json/jsonb input parsing, allowing denial of service (server crash) via crafted input. Public advisories across distributions confirm the issue in PostgreSQL before 9.3.10 and 9.4.5. The affected components are the json an...

[SECURITY] [DSA 3374-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3374-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2015 https://www.debian.org/security/faq -...

USN-2772-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...

USN-2772-1: PostgreSQL vulnerabilities

Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt function was provided a too-short salt. An attacker could use this flaw to read private data. CVE-2015-5288 Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust...

PostgreSQL -- minor security problems.

PostgreSQL project reports: Two security issues have been fixed in this release which affect users of specific PostgreSQL features. CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The cryp...