Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Red Hat Security Advisory 2024-0975-03

Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.

Packet Storm
#sql#vulnerability#linux#red_hat#js#postgres
Red Hat Security Advisory 2024-0974-03

Red Hat Security Advisory 2024-0974-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-0973-03

Red Hat Security Advisory 2024-0973-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-0951-03

Red Hat Security Advisory 2024-0951-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-0950-03

Red Hat Security Advisory 2024-0950-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

GHSA-24rp-q3w6-vc56: org.postgresql:postgresql vulnerable to SQL Injection via line comment generation

# Impact SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted. # Exploitation To exploit this behavior the following conditions must be met: 1. A placeholder for a numeric value must be immediately preceded by a minus (i.e. `-`) 1. There must be a second placeholder for a string value after the first placeholder on the same line. 1. Both parameters must be user controlled. The prior behavior of the driver when operating in simple query mode would inline the negative value of the first parameter and cause the resulting line to be treated as a `--` SQL comment. That would extend to the beginning of the next parameter and cause the quoting of that parameter to be consumed by the comment line. If that string parame...

Fuelflow 1.0 SQL Injection

Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.

GHSA-7rw2-3hhp-rc46: Cross-site Scripting Vulnerability in Statement Browser

### Impact A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. ### Patches The problem is patched in version 1.2.17 of the LRS library and [version 0.7.5 of SQL LRS](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5). ### Workarounds No workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately. ### References * [LRS Tag](https://github.com/yetanalytics/lrs/releases/tag/v1.2.17) * [LRS lib on Clojars](https://clojars.org/com.yetanalytics/lrs/versions/1.2.17) * [SQL LRS 0.7.5 Release](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5)

Environment-as-a-Service, part 4: External resources and dynamic credentials

Welcome to part 4 of this miniseries on the concept of Environment as a Service. As discussed in part one, an environment comprises everything that is needed to run an application and, in a kubernetes-centric platform, it starts with the provisioning of a namespace.Sometimes, though, we need components and configurations to exist outside of our namespace for our applications to run properly.These external configurations may involve everything from external global load balancers, external firewalls, provisioning of certificates from external PKI’s, and more… just to name a few. Sometimes, t

GHSA-36xr-4x2f-cfj9: Deserialization of Untrusted Data in Apache Camel SQL

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1