Lucene search
+L

541 matches found

OSV
OSV
added 2026/05/19 8:21 a.m.7 views

SUSE-SU-2026:2001-1 Security update for postgresql16

This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/05/19 8:20 a.m.22 views

Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References36
SUSE Linux
SUSE Linux
added 2026/05/18 7:46 a.m.14 views

Security update for postgresql16

This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References40
OSV
OSV
added 2026/05/14 2:16 p.m.13 views

ALPINE-CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 2:16 p.m.14 views

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS0.00464EPSS
Exploits0References33
EUVD
EUVD
added 2026/05/14 1:0 p.m.14 views

EUVD-2026-30283

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 1:0 p.m.81 views

CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS0.00464EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.12 views

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

8.8CVSS6AI score0.00464EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2026/05/14 12:0 a.m.23 views

KLA91052 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in refint can be exploited to...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.33 views

PostgreSQL -- Multiple vulnerabilities

The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's...

8.8CVSS6.4AI score0.00668EPSS
Exploits0References11
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.34 views

Vulnerability in client (CVE-2026-6477)

PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...

8.8CVSS6.1AI score0.00464EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server...

8.8CVSS8.1AI score0.00464EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/10 11:48 a.m.114 views

Exploit for CVE-2025-1094

--- POC Khai thác lỗ hổng CVE-2025-1094: PostgreSQL psql SQL...

8.1CVSS5.9AI score0.89914EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: libpq (UTSA-2026-007266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007266 advisory. Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocati...

5.9CVSS6.5AI score0.00332EPSS
Exploits0References4
OSV
OSV
added 2026/04/03 1:27 p.m.6 views

JLSEC-2026-39

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

3.7CVSS6.6AI score0.00616EPSS
Exploits0References3
OSV
OSV
added 2026/03/30 3:24 p.m.3 views

SUSE-SU-2026:20986-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 -...

5.9CVSS6.7AI score0.00332EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2026/03/10 9:18 p.m.14 views

K000160291: PostgreSQL vulnerability CVE-2025-12818

Security Advisory Description Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the...

5.9CVSS5.8AI score0.00332EPSS
Exploits0
OSV
OSV
added 2026/03/06 12:41 p.m.2 views

OESA-2026-1515 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005376)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005376 advisory. Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocati...

5.9CVSS6.2AI score0.00332EPSS
Exploits0References4
Rows per page
Query Builder