Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality (CVE-2026-9839)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality CVE-2026-9839 Vulnerability Details CVEID:CVE-2026-9839 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM...

Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements (CVE-2026-9837)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements CVE-2026-9837 Vulnerability Details CVEID:CVE-2026-9837 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements. CWE:CWE-89: Imprope...

[SECURITY] Fedora 42 Update: migrate-4.19.0-1.fc42

Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...

[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43

Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...

This Week in Spring - February 11th, 2025

Hi, Spring fans! It's almost Valentine's day, and let me just say: I love the Spring community! It's such an exciting and interesting place to be. Thank you everyone for all that you do. I'm busy preparing for ConFoo, in Montreal, Canada, and for Devnexus, in Atlanta, Georgia. If you're around be...

Fedora: Security Advisory for golang-github-cockroachdb-pebble (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-cockroachdb-pebble-0-0.9.20210108git48f5530.fc36

RocksDB/LevelDB inspired key-value database in Go...

Fedora: Security Advisory for golang-github-cockroachdb-pebble (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-cockroachdb-pebble-0-0.6.20210108git48f5530.fc35

RocksDB/LevelDB inspired key-value database in Go...

Fedora: Security Advisory for golang-github-cockroachdb-pebble (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-cockroachdb-pebble-0-0.8.20210108git48f5530.fc36

RocksDB/LevelDB inspired key-value database in Go...

Fedora: Security Advisory for golang-github-cockroachdb-pebble (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-cockroachdb-pebble-0-0.7.20210108git48f5530.fc36

RocksDB/LevelDB inspired key-value database in Go...

CockroachDB < 2.1.10 / 19.x < 19.1.6 / 19.2.x < 19.2.2 Information Disclosure Direct Check (A44348)

Binary data cockroachdba44348directcheck.nbin...

CockroachDB < 2.1.12 / 19.x < 19.1.8 / 19.2 < 19.2.4 Information Disclosure (A44348)

The version of CockroachDB installed on the remote host has a privileged HTTP endpoint which is incorrectly available to non-admin users. An unauthenticated, remote attacker can exploit this issue by sending a specially crafted HTTP request to obtain sensitive information from the remote cliuser...

CockroachDB 19.2 < 19.2.12 / 20.1 < 20.1.11 / 20.2 < 20.2.4 DoS (A58932)

The version of CockroachDB installed on the remote host is prior to 19.2.12, 20.1.x prior to 20.1.11, or 20.2.x prior to 20.2.4. Therefore, a denial of service DoS vulnerability exists in protobuf binary decode functions. An unauthenticated, remote attacker can exploit this issue by sending a...

CockroachDB < 2.1.12 / 19.x < 19.1.8 / 19.2.x < 19.2.4 Broken Access Control Direct Check (A42567)

Binary data cockroachdba42567directcheck.nbin...

CockroachDB < 2.1.10 / 19.1.x < 19.1.16 / 19.2.x < 19.2.2 Broken Access Control Vulnerability (A42567)

The version of CockroachDB installed on the remote host has a privileged HTTP endpoint which is incorrectly available to non-admin users. An unauthenticated, remote attacker can exploit this issue by sending a specially crafted HTTP request to obtain & modify sensitive information from the remote...

CockroachDB Web Console Detection

Binary data cockroachdbwebconsoledetect.nbin...

Denial Of Service (DoS)

github.com/cockroachdb/cockroach is vulnerable to denial of service DoS attacks. getPrepareType throws an index out of range error when it is given an empty readBuffer, causing the application to crash. This flaw was exploitable through the v3Conn...