RHEL 10 : postgresql18 (RHSA-2026:19009)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19009 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

postgresql16-16.14-1.1 on GA media (moderate)

postgresql16-16.14-1.1 on GA media Announcement ID: openSUSE-SU-2026:10808-1 Rating: moderate Cross-References: CVE-2026-6472 CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479 CVE-2026-6637 CVE-2026-6638 CVSS scores: CVE-2026-6472 SUSE : 5.4...

ALSA-2026:19009 Important: postgresql18 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

postgresql14-14.23-1.1 on GA media (moderate)

postgresql14-14.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:10806-1 Rating: moderate Cross-References: CVE-2026-6472 CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479 CVE-2026-6637 CVSS scores: CVE-2026-6472 SUSE : 5.4...

SUSE SLED15 / SLES15 Security Update : postgresql18 (SUSE-SU-2026:1944-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1944-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: -...

RHEL 10 : postgresql16 (RHSA-2026:19010)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19010 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

CVE-2026-6637 affecting package postgresql for versions less than 16.14-1

CVE-2026-6637 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6478 affecting package postgresql for versions less than 16.14-1

CVE-2026-6478 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6479 affecting package postgresql for versions less than 16.14-1

CVE-2026-6479 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6638 affecting package postgresql for versions less than 16.14-1

CVE-2026-6638 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6474 affecting package postgresql for versions less than 16.14-1

CVE-2026-6474 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6472 affecting package postgresql for versions less than 16.14-1

CVE-2026-6472 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6473 affecting package postgresql for versions less than 16.14-1

CVE-2026-6473 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6475 affecting package postgresql for versions less than 16.14-1

CVE-2026-6475 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-6477 affecting package postgresql for versions less than 16.14-1

CVE-2026-6477 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

db-security-ctf

Database Security – CTF Vulnerability Lab SEC304 / CN5134...

SUSE CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

SUSE CVE-2026-6473

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

SUSE CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

SUSE CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...