postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

CLEANSTART-2026-WY43835 PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access

Multiple security vulnerabilities affect the postgresql package. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. See references for individual vulnerability details...

SUSE SLES15 Security Update : postgresql15 (SUSE-SU-2026:0770-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0770-1 advisory. Update to version 15.17 bsc1258754. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow...

ALSA-2026:3730 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

TencentOS Server 4: postgresql (TSSA-2026:0125)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0125 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Fedora 43 : python-django5 (2026-3adb735295)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3adb735295 advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...

NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

GHSA-45RP-9P97-H852 NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

Security Bulletin: EDB PostgreSQL - CVE-2023-39417

Summary An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack...

Security update for postgresql17

This update for postgresql17 fixes the following issue: Update to version 17.9 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...

SUSE-SU-2026:0787-1 Security update for postgresql17

This update for postgresql17 fixes the following issue: Update to version 17.9 bsc1258754. Regression fixes: - the substring function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. - a...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.22 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...

SUSE-SU-2026:0786-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.22 bsc1258754. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to...

Security update for postgresql18

This update for postgresql18 fixes the following issue: Update to version 18.3 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standby...

SUSE-SU-2026:0785-1 Security update for postgresql18

This update for postgresql18 fixes the following issue: Update to version 18.3 bsc1258754. Regression fixes: - the substring function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. - a...

Security update for postgresql16

This update for postgresql16 fixes the following issue: Update to version 16.13 bsc1258754. Regression fixes: the substring function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. a standb...

SUSE-SU-2026:0784-1 Security update for postgresql16

This update for postgresql16 fixes the following issue: Update to version 16.13 bsc1258754. Regression fixes: - the substring function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column caused by CVE-2026-2006 fix. - a...