SUSE CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

SUSE CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

SUSE CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

SUSE CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

SUSE CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

postgresql16-16.12-1.1 on GA media (moderate)

postgresql16-16.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:10192-1 Rating: moderate Cross-References: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...

postgresql14-14.21-1.1 on GA media (moderate)

postgresql14-14.21-1.1 on GA media Announcement ID: openSUSE-SU-2026:10190-1 Rating: moderate Cross-References: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...

postgresql15-15.16-1.1 on GA media (moderate)

postgresql15-15.16-1.1 on GA media Announcement ID: openSUSE-SU-2026:10191-1 Rating: moderate Cross-References: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...

Linux Distros Unpatched Vulnerability : CVE-2026-2006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun...

Debian dsa-6132 : libecpg-compat3 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6132 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6132-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-2003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks...

Debian: Security Advisory (DSA-6132-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-6133-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2026-2005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions...

Debian dsa-6133 : libecpg-compat3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6133 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6133-1 [email protected] https://www.debian.org/securit...

Important Photon OS Security Update - PHSA-2026-5.0-0762

Updates of 'postgresql14', 'postgresql15', 'rubygem-faraday' packages of Photon OS have been released...

CVE-2026-25949

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

[SECURITY] [DSA 6133-1] postgresql-17 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6133-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6132-1] postgresql-15 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6132-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...