558 matches found
ABB Ability Symphony Plus Engineering
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they...
JLSEC-2026-31
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...
JLSEC-2026-38
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
EUVD-2026-18007
Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
AlmaLinux 8 : postgresql:15 (ALSA-2026:4059)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4059 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...
Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2
Summary Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2024-22415 DESCRIPTION: jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters +...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
RHEL 8 : postgresql:12 (RHSA-2026:4064)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4064 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of...
OESA-2026-1531 postgresql-17 security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
GHSA-F3VJ-J2M6-8HFJ vulnerabilities
Vulnerabilities for packages: postgresql...
K000160172: PostgreSQL vulnerability CVE-2025-8714
Security Advisory Description Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also...
K000160142: PostgreSQL vulnerability CVE-2021-20229
Security Advisory Description A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. CVE-2021-20229 Impact...
CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-2006 affecting package postgresql for versions less than 16.12-1
CVE-2026-2006 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-2006 affecting package postgresql for versions less than 14.21-1
CVE-2026-2006 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...
Linux Distros Unpatched Vulnerability : CVE-2026-2006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun...
AZL-77580 CVE-2026-2003 affecting package postgresql for versions less than 14.21-1
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...
AZL-77417 CVE-2026-2005 affecting package postgresql for versions less than 16.12-1
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
CVE-2026-2006 PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...