CVE-2026-4427

Duplicate of CVE-2026-32286...

CVE-2026-4427

Removed by vendor...

CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

Important: postgresql

Issue Overview: Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. CVE-2026-2005 Affected Packages: postgresql Note: This...

Amazon Linux 2 : postgresql, --advisory ALAS2-2026-3193 (ALAS-2026-3193)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3193 advisory. Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user...

编号撤回

pgproto3 is a PostgreSQL protocol encoding library developed by Jack Christensen. This CVE number has been withdrawn...

SUSE-SU-2026:20906-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: - Update to version 17.9. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

OPENSUSE-SU-2026:20388-1 Security update for postgresql17

This update for postgresql17 fixes the following issues: - Update to version 17.9. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

OPENSUSE-SU-2026:20131-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

SUSE-SU-2026:20194-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

MiracleLinux 8 : postgresql:16 (AXSA:2026-332:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-332:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

MiracleLinux 8 : postgresql:15 (AXSA:2026-331:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-331:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

CLSA-2026-1773784132 Update of alt-php

Port to Debian 10 buster with renamed libraries to avoid conflicts with system PostgreSQL packages. Rename library packages to allow coexistence with other PostgreSQL versions: - libpq5 - libpq5-9.6 library: libpq-9.6.so.5 - libpq-dev - libpq-dev-9.6 - libecpg6 - libecpg6-9.6 library:...

MiracleLinux 8 : postgresql:13 (AXSA:2026-327:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-327:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

MiracleLinux 9 : postgresql:16 (AXSA:2026-326:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-326:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

MiracleLinux 9 : postgresql:15 (AXSA:2026-325:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-325:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability by sending a DataRow message with a negative field length from a malicious or compromised PostgreS...

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

ROOT-OS-DEBIAN-11-CVE-2026-2006 CVE-2026-2006 in rootio-postgresql-13 - Patched by Root

Root has patched CVE-2026-2006 in the rootio-postgresql-13 package for Root:Debian:11. Multiple fixed versions available...