120816 matches found
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
compat-openssl11 security update
An update is available for compat-openssl11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSSL toolkit provides support for secure communications betwe...
RLSA-2026:4472 Moderate: compat-openssl11 security update
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the exec.Command function via the compressionalgorithm parameter in API calls to the image and backup endpoints. An attacker can execute arbitrary commands as the LXD daemon by sending specially crafted...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
Important: Red Hat Security Advisory: postgresql:13 security update
An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
Important: Red Hat Security Advisory: postgresql security update
An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
Important: Red Hat Security Advisory: postgresql:12 security update
An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
CVE-2026-3979
A flaw was found in quickjs-ng. A local attacker could exploit a use-after-free vulnerability by manipulating the jsiteratorconcatreturn function. This could potentially lead to information disclosure, denial of service, or limited arbitrary code execution...
CVE-2026-3989 CVE-2026-3989
SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...
vim: Vim: Arbitrary code execution via 'helpfile' option processing
A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...