PostgreSQL 18.x < 18.2 Heap Buffer Overflow (CVE-2026-2007)

The version of PostgreSQL installed on the remote host is 18 prior to 18.2. As such, it is potentially affected by a vulnerability: - Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the...

OPENSUSE-SU-2026:20266-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

SUSE-SU-2026:20587-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation

Command Injection via Unsanitized locate Output in versions — systeminformation Package: systeminformation npm Tested Version: 5.30.7 Affected Platform: Linux Author: Sebastian Hildebrandt Weekly Downloads: 5,000,000+ Repository: https://github.com/sebhildebrandt/systeminformation Severity: Mediu...

PT-2026-20783

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...

CVE-2026-2003 affecting package postgresql for versions less than 14.21-1

CVE-2026-2003 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2005 affecting package postgresql for versions less than 14.21-1

CVE-2026-2005 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-2004 affecting package postgresql for versions less than 14.21-1

CVE-2026-2004 affecting package postgresql for versions less than 14.21-1. An upgraded version of the package is available that resolves this issue...

BIT-POSTGRESQL-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

BIT-POSTGRESQL-2026-2004 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

SUSE CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

Debian dsa-6132 : libecpg-compat3 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6132 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6132-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-2005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions...

CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

ALPINE-CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

AZL-77589 CVE-2026-2006 affecting package postgresql for versions less than 14.21-1

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

AZL-77583 CVE-2026-2004 affecting package postgresql for versions less than 14.21-1

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

AZL-77586 CVE-2026-2005 affecting package postgresql for versions less than 14.21-1

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...