Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

编号撤回

pgproto3 is a PostgreSQL protocol encoding library developed by Jack Christensen. This CVE number has been withdrawn...

Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

EUVD-2026-8864

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Packetbeat is affected by CVE-2026-26932 due to improper validation of an array index in the PostgreSQL protocol parser. The issue can cause a Go runtime panic, terminating the Packetbeat process and resulting in a Denial of Service. Attack requires the pgsql protocol to be explicitly enabled and...

CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-10)

Improper Validation of Array Index in Packetbeat Leading to Denial of Service Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go...

PT-2026-22162

Name of the Vulnerable Software and Affected Versions Packetbeat affected versions not specified Description A flaw exists in the PostgreSQL protocol parser within Packetbeat that allows for Denial of Service through manipulation of input data. Specifically, improper validation of an array index...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the libpq client library functions. An attacker can cause the client application to crash or experience a segmentation fault by sending specially crafted PostgreSQL protocol data that triggers integer...

EUVD-2022-0944

Malicious code in bioql PyPI...

Packetbeat vulnerable to denial-of-service (DoS)

Overview Packetbeat provided by Elastic contains a denial-of-service DoS vulnerability. Packetbeat provided by Elastic is a network packet analyzer. Packetbeat contains a flaw in processing the PostgreSQL handler CWE-129 . Impact Processing a specially crafted packet may lead to a denial-of-servi...

UBUNTU-CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

SQL Injection

Npgsql is vulnerable to SQL injection. The vulnerability is caused by an integer overflow in the WriteBind method within NpgsqlConnector.FrontendMessages.cs, which leads to miscalculated message lengths when constructing PostgreSQL protocol messages. This allows attackers to manipulate message...

SQL Injection

Overview Npgsql is a .NET data provider for PostgreSQL. Affected versions of this package are vulnerable to SQL Injection by overflowing the sum of the integer and parameter lengths in NpgsqlConnector.FrontendMessages.cs, allowing arbitrary SQL to be injected into a PostgreSQL protocol message if...

GHSA-9Q3G-M353-CP4P Denial of Service in Packetbeat

Packetbeat versions prior to 5.6.4 and 6.0.0 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from proper...