pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

RHEL 8 : postgresql-jdbc (RHSA-2024:4402)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4402 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

Denial Of Service (DoS)

github.com/jackc/pgx is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of robust error handling Pipeline panicking when PgConn PostgreSQL connection is busy or closed, which can result in potential instability and crashes in applications using Pipeline for database...

RHEL 8 : postgresql-jdbc (RHSA-2024:4375)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4375 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

BIT-PARSE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

Spring Tips: Testcontainers, Docker Compose, and Service Connections, oh my

Hi, Spring fans! In this installment, we look at the amazing service connection mechanism in Spring Boot. Service connections are what allow Spring Boot to connect to Testcontainers or Docker Compose containers for supporting infrastructure like SQL databases, middleare, and more. java...

CBL Mariner 2.0 Security Update: telegraf (CVE-2024-27289)

The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27289 advisory. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all o...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-4317)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2024:2266-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2266-1 advisory. PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsex...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-0985)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0985 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to...

SUSE-SU-2024:2266-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SQL Injection

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309

Parse Server (Node.js) prior to versions 6.5.7 and 7.1.0 is vulnerable to SQL injection when configured with PostgreSQL. The issue stems from how user input is handled in the PostgreSQL path, and the detection algorithm was improved in 6.5.7 and 7.1.0. Remediation is to upgrade to the fixed relea...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...