238 matches found
TencentOS Server 3: postgresql:15 (TSSA-2026:0555)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0555 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Astra Linux – Vulnerability in PostgresSQL-15
Integer wraparound in several PostgreSQL libpq client library functions allows an application’s input provider or network peer to cause libpq to undersize allocations and write out-of-bounds data, involving hundreds of megabytes. This leads to a segmentation fault in the application that uses...
CVE-2023-29146
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...
JLSEC-2026-601
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...
Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1767)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1767 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...
Important: postgresql
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Important: postgresql16
Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...
Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-024 (ALASPOSTGRESQL14-2026-024)
The version of postgresql installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-024 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use...
Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2026-1768)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1768 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...
OESA-2026-2479 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
OESA-2026-2414 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
OESA-2026-2413 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
OESA-2026-2382 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
OESA-2026-2381 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
CLSA-2026-1779389543 Fix of 6 CVEs
SECURITY UPDATE: integer wraparound on 32-bit systems in palloc callers - debian/patches/CVE-2026-6473.patch: integer wraparound on 32-bit systems in palloc callers - CVE-2026-6473 SECURITY UPDATE: format-string memory disclosure in timeofday via crafted timezones -...
Astra Linux – Vulnerability in Linux 5.10, Linux
A issue was discovered in the Linux kernel through version 6.0.10. In the l2capconfigreq function within net/bluetooth/l2capcore.c, there is an integer wraparound occurring when processing L2CAPCONFREQ packets...
Updated postgresql15 packages fix security vulnerabilities
PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...
SUSE CVE-2026-6473
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...
BIT-POSTGRESQL-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...
PostgreSQL server undersizes allocations, via integer wraparound
...