SUSE-SU-2026:2085-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

SUSE SLES12 Security Update : postgresql18 (SUSE-SU-2026:1946-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1946-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE...

Security update for postgresql16

This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2026-34782

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

CVE-2026-34782

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

EUVD-2026-20566

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

PT-2026-31423

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description Zammad, a web-based open source helpdesk system, had an issue where the REST endpoint ''/api/v1/ai assistance/text tools/:id'' did not verify user privileges for using text tools...

DEBIAN-CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...

CVE-2025-47385

Memory Corruption when accessing trusted execution environment without proper privilege check...

EUVD-2025-208192

Memory Corruption when accessing trusted execution environment without proper privilege check...

CVE-2025-47385 Improper Access Control for Register Interface in SCE-Mink

Memory Corruption when accessing trusted execution environment without proper privilege check...

Siemens SIMATIC S7-1500 Improper Check for Dropped Privileges (CVE-2025-39798)

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again. This plugin...

SUSE SLES16 Security Update : postgresql17 and postgresql18 (SUSE-SU-2026:20194-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20194-1 advisory. Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/...

CLSA-2026-1769516785 postgresql: Fix of CVE-2025-12817

CVE-2025-12817: fix missing CREATE privilege check on target schema in CREATE STATISTICS, preventing unauthorized statistics creation...

MiracleLinux 8 : postgresql:16 (AXSA:2026-061:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-061:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

MiracleLinux 9 : postgresql:16 (AXSA:2026-063:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-063:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

MiracleLinux 9 : postgresql:15 (AXSA:2026-062:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-062:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...