Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

Security update for postgresql14

This update for postgresql14 fixes the following issues Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against malicious time zone names...

SUSE-SU-2026:2085-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

Astra Linux - уязвимость в libseccomp

In versions of libsseccomp before 2.4.0, 64-bit syscall argument comparisons using arithmetic operators LT, GT, LE, GE were not generated correctly. This issue could potentially allow bypassing seccomp filters and leading to potential privilege escalations...

Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

SUSE-SU-2026:1999-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

SUSE SLES12 Security Update : postgresql18 (SUSE-SU-2026:1946-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1946-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE...

Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

SUSE-SU-2026:1946-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

SUSE-SU-2026:1943-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, built using Django for hosting self-hosted FLOSS fitness/exercise, nutrition, and weight tracking applications. Versions of WGER prior to 2.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of Python object...

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via revision comparisons. An attacker can gain unauthorized access to sensitive information by supplying th...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-41407

OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handli...

PT-2026-35790

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description A timing side channel occurs in shared-secret comparison call sites that utilize early length-mismatch checks rather than fixed-length comparison helpers. This allows attackers to measure timing...

PT-2026-35358

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.1 Description Numeric truncation occurs during text range comparison when an application accepts URIs with a length in gigabytes. This issue is characterized as an integer overflow, which happens when a numeric...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of incorrect private data in the rxrpcpostresponse function when comparing cached response...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007029 advisory. In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as...

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign from 7.0.0 to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete comparisons in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located...

H3 安全漏洞

H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...