[SECURITY] Fedora 43 Update: pgadmin4-9.15-1.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 44 Update: pgadmin4-9.15-1.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in the PostgreSQL JDBC driver and Apache Neethi Vulnerability Details CVEID:CVE-2026-42402 DESCRIPTION: Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Speciall...

DRUPAL-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

RHSA-2026:19009 Red Hat Security Advisory: postgresql18 security update

Bulletin has no description...

RHSA-2026:19010 Red Hat Security Advisory: postgresql16 security update

Bulletin has no description...

Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256 authentication bsc1264174. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:2028-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256 authentication bsc1264174...

Astra Linux - уязвимость в postgresql-11

A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...

Astra Linux - уязвимость в postgresql-11

A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...

Astra Linux - уязвимость в rails

The PostgreSQL adapter in Active Record before versions 6.1.2.1, 6.0.3.5, and 5.2.4.5 is vulnerable to a regular expression denial of service REDoS vulnerability. Carefully crafted inputs can cause the input validation for the money type in the PostgreSQL adapter in Active Record to spend too muc...

Astra Linux - уязвимость в postgresql-11

An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL. A specially crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can carry out this attack at will. The attack does not require the ability to create objects. If the server settings include...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL. There is an issue where insufficient efforts are made to ensure safe operation when a privileged user is managing objects of another user. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activate relevant...

Astra Linux - уязвимость в postgresql-11

Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...

Astra Linux - уязвимость в postgresql-11

schemaelement defeats protective measures for search paths; It was discovered that certain database calls in PostgreSQL could allow an authenticated attacker with elevated database-level privileges to execute arbitrary code...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL that allows authenticated database users to execute arbitrary code through insufficient overflow checks during SQL array value modifications. This issue arises due to an integer overflow during array modifications, where a remote user can trigger the overflow b...

Astra Linux - уязвимость в postgresql-11

A memory disclosure vulnerability was discovered in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can reveal bytes,...

PT-2026-42361

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...