SUSE-SU-2026:2303-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

CVE-2026-25621 Arista Edge Threat Management NGFW Reports Application Insecure Input Validation

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...

GHSA-Q4WQ-4WHJ-CXHX vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

GHSA-5FXQ-F64V-57FQ vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

CVE-2025-10911 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

CVE-2026-34268 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

GHSA-75HH-423H-RVWG vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

CVE-2007-3716 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

GHSA-99RJ-3595-5FRJ vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...

CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

ALPINE-CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6638

Summary: CVE-2026-6638 is a SQL injection vulnerability in PostgreSQL’s logical replication via ALTER SUBSCRIPTION ... REFRESH PUBLICATION. The issue affects major versions 16, 17, and 18 with specific vulnerable minor versions (16.14, 17.10, 18.4) and is triggered at the next REFRESH PUBLICATION...

CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

PT-2026-40921

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 17.0 through 17.9 PostgreSQL versions 18.0 through 18.3 Description SQL injection in the pg createsubscriber function allows an attacker with pg create subscription rights to execute arbitrary SQL commands with superuser...

Vulnerability in client (CVE-2026-6476)

PostgreSQL pgcreatesubscriber allows SQL injection via subscription name SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17...