PT-2026-3859

Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.5.0 Description SQLBot is an intelligent data query system based on a large language model and RAG. A missing authentication check in the /api/v1/datasource/uploadExcel endpoint allows unauthenticated remote attacker...

MiracleLinux 9 : postgresql:16 (AXSA:2026-063:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-063:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

MiracleLinux 8 : postgresql:15 (AXSA:2026-060:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-060:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

MiracleLinux 9 : postgresql:15 (AXSA:2026-062:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-062:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

RHEL 10 : libpq (RHSA-2026:0865)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0865 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

MiracleLinux 8 : postgresql:16 (AXSA:2026-061:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-061:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

CLSA-2026-1768910677 postgresql: Fix of CVE-2025-12818

Update to 13.23 - CVE-2025-12818: fix integer overflow in allocation-size calculations...

RHSA-2026:0835 Red Hat Security Advisory: libpq security update

Bulletin has no description...

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

Moderate: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

MiracleLinux 7 : rh-postgresql96-postgresql-9.6.19-1.el7 (AXSA:2020-775:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-775:01 advisory. postgresql: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution CVE-2019-10208 postgresql: Uncontrolled search path element in...

MiracleLinux 9 : postgresql-jdbc-42.2.18-6.el9 (AXSA:2023-4969:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4969:01 advisory. postgresql: SQL Injection in ResultSet.refreshRow with malicious column names CVE-2022-31197 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : postgresql:13 (AXSA:2023-5263:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5263:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting wit...

MiracleLinux 8 : postgresql:13 (AXSA:2021-2338:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2338:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...

MiracleLinux 9 : postgresql:15 (AXSA:2024-9499:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9499:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

MiracleLinux 4 : postgresql-jdbc-8.4.704-4.AXS4 (AXSA:2020-253:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-253:02 advisory. postgresql-jdbc: XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692 This update introduces a backwards incompatible change required to resolve...

MiracleLinux 7 : postgresql-9.2.24-8.el7 (AXSA:2022-3279:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3279:01 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block...

RHEL 8 : libpq (RHSA-2026:0835)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0835 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

MiracleLinux 9 : postgresql-13.10-1.el9 (AXSA:2023-5280:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5280:02 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting wit...