13195 matches found
JLSEC-2026-607
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...
JLSEC-2026-600
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
JLSEC-2026-606
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
RHSA-2026:24348 Red Hat Security Advisory: postgresql-jdbc security update
Bulletin has no description...
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...
Important: Red Hat Security Advisory: postgresql-jdbc security update
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Important: postgresql
Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...
Amazon Linux 2 : postgresql, --advisory ALAS2-2026-3344 (ALAS-2026-3344)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3344 advisory. Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and...
RHEL 10 : postgresql-jdbc (RHSA-2026:24348)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:24348 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java program...
Important: postgresql16
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql17
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1767)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1767 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...
Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2026-1768)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1768 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...
Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-024 (ALASPOSTGRESQL14-2026-024)
The version of postgresql installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-024 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use...
TencentOS Server 4: postgresql (TSSA-2026:0343)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0343 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Amazon Linux 2 : libpq, --advisory ALAS2POSTGRESQL14-2026-023 (ALASPOSTGRESQL14-2026-023)
The version of libpq installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-023 advisory. Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64,...
Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2026-1766)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1766 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...
Amazon Linux 2023 : postgresql18, postgresql18-contrib, postgresql18-llvmjit (ALAS2023-2026-1780)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1780 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...
Exploit for SQL Injection in Drupal
CVE-2026-9082 Unauthenticated SQL injection in Drupal Core on...