504 matches found
SUSE-SU-2026:1945-1 Security update for postgresql18
This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...
EUVD-2026-30286
Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...
CVE-2026-6476
CVE-2026-6476 describes a SQL injection in PostgreSQL pg_createsubscriber. An attacker with pg_create_subscription rights can execute arbitrary SQL as a superuser when pg_createsubscriber runs next. Affected are major versions 17 and 18, with minor versions before PostgreSQL 18.4 and 17.10; versi...
CVE-2026-6475
Summary (CVE-2026-6475) : PostgreSQL suffers a symlink-following issue in the pg_basebackup plain format and in pg_rewind. An origin superuser can overwrite local files (for example, /var/lib/postgres/.bashrc), which could later be trusted when the server starts due to features like shared_preloa...
CVE-2026-6475
Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...
PostgreSQL SQL注入漏洞
PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4 and 17.10 contained an SQL...
Vulnerability in client (CVE-2026-6477)
PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...
Privilege Dropping / Lowering Errors
Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pgmonitor. SET ROLE changes only currentuser; sessionuser remains postgres. That residual superuser identity is the foothold fo...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: src, argo-workflows-fips, steampipe, seaweedfs-fips, step-issuer, hydra, kube-bench-fips, kots, jitsucom-bulker, spicedb, gitlab-kas, sqlexporter-fips, chainloop-control-plane, seaweedfs-rocksdb-fips, authentik-fips, step-ca-fips, sftpgo-plugin-eventsearch, keda-fips...
GHSA-9JJ7-4M8R-RFCM vulnerabilities
Vulnerabilities for packages: kots, k3s, envoy-gateway, kine, spire-server...
CVE-2026-33816 vulnerabilities
Vulnerabilities for packages: kots, k3s, envoy-gateway, kine, spire-server...
GHSA-9JJ7-4M8R-RFCM vulnerabilities
Vulnerabilities for packages: kots, commercial-chainloop-backend, k3s, spire-server, kine, commercial-expanso-edge, envoy-gateway, envoy-gateway-fips...
CVE-2026-33816 vulnerabilities
Vulnerabilities for packages: kots, commercial-chainloop-backend, k3s, spire-server, kine, commercial-expanso-edge, envoy-gateway, envoy-gateway-fips...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: cilium-envoy, grafana-mimir, aactl, cluster-autoscaler, kyverno-policy-reporter-ui, envoy-gateway, amazon-cloudwatch-agent-operator, rancher-machine, seaweedfs, spegel, step-ca, falco-exporter, cert-manager-csi-driver, kubernetes-csi-node-driver-registrar, telegraf,...
JLSEC-2026-37
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
CLEANSTART-2026-PV93827 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.25.4-r0, 1.25.4-r1, 1.25.4-r2
Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-TS54009 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.27.3-r0, 1.27.3-r1
Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LI47669 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.26.2-r0, 1.26.3-r0, 1.26.3-r1
Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-NC32267 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.28.1-r0, 1.28.1-r1
Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...