USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

MiracleLinux 4 : rh-postgresql94-postgresql-9.4.14-1.AXS4 (AXSA:2017-2281:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2281:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.9-1.el7 (AXSA:2017-2240:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2240:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...

MiracleLinux 4 : rh-postgresql95-postgresql-9.5.9-1.AXS4 (AXSA:2017-2280:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2280:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...

CVE-2025-62260

Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-servi...

EUVD-2023-45634

Malicious code in bioql PyPI...

EUVD-2025-29072

Malicious code in bioql PyPI...

GHSA-F3HF-R62C-MFRJ Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack

Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...

CVE-2022-49963 drm/i915/ttm: fix CCS handling

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

llama-index-packs-finchat SQL Injection vulnerability

A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...

CVE-2024-12909 SQL Injection to RCE in run-llama/llama_index

A vulnerability in the FinanceChatLlamaPack of the run-llama/llamaindex repository, versions up to v0.12.3, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code executi...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

CVE-2023-41115

CVE-2023-41115 affects EnterpriseDB Postgres Advanced Server (EPAS). The issue arises in the UTL_ENCODE function: authenticated users can read large objects regardless of permissions due to improper permission validation. Affected EPAS/EDB versions include 11.x up to 15.x before the stated fixes ...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

OESA-2023-1355 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...

SUSE CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

ALPINE-CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...