PT-2024-28434 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.7 Parse Server versions prior to 7.1.0 Description: A vulnerability in Parse Server allows SQL injection when configured to use the PostgreSQL database. This issue enables remote attackers to bypass...

Parse Server Security Vulnerability

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 6.5.7 and 7.1.0 that stems from vulnerability to SQL injection attacks when configured to use a...

pgx SQL Injection via Protocol Message Size Overflow

...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

SQL Injection

silverstripe/postgresql is vulnerable to SQL injection. The vulnerability is due to the inadequate handling of table names in the silverstripe/postgresql database adapter, which allows malicious SQL injection attacks if table names are not properly escaped or sanitized...

ROS-20240626-14

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

Malicious code in belong_plugin-rds-pgsql-log (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in activerecord_postgresql-expression (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6486 Malicious code in activerecord_postgresql-expression (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlаanderen.Basіsregisters.TicketingService.Storage.PgSqlMarten (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements

Release of OpenShift Serverless Logic 1.33.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System

Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details...

PostgreSQL Detection Consolidation

Consolidation of PostgreSQL detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.128025";...

OPENSUSE-SU-2024:13408-1 postgresql11-11.22-1.1 on GA media

These are all security issues fixed in the postgresql11-11.22-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11185-1 postgresql11-11.13-1.3 on GA media

These are all security issues fixed in the postgresql11-11.13-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12265-1 postgresql11-11.17-1.1 on GA media

These are all security issues fixed in the postgresql11-11.17-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11183-1 postgresql-13-2.7 on GA media

These are all security issues fixed in the postgresql-13-2.7 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11627-1 postgresql12-12.9-1.1 on GA media

These are all security issues fixed in the postgresql12-12.9-1.1 package on the GA media of openSUSE Tumbleweed...