Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

SUSE-SU-2026:20194-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

OPENSUSE-SU-2026:20131-1 Security update for postgresql17 and postgresql18

This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/17.7/ bsc1253332, CVE-2025-12817: Missing check for CREATE privileges on the schem...

MiracleLinux 8 : postgresql:16 (AXSA:2026-332:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-332:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

MiracleLinux 8 : postgresql:15 (AXSA:2026-331:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-331:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

CLSA-2026-1773784132 Update of alt-php

Port to Debian 10 buster with renamed libraries to avoid conflicts with system PostgreSQL packages. Rename library packages to allow coexistence with other PostgreSQL versions: - libpq5 - libpq5-9.6 library: libpq-9.6.so.5 - libpq-dev - libpq-dev-9.6 - libecpg6 - libecpg6-9.6 library:...

MiracleLinux 8 : postgresql:13 (AXSA:2026-327:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-327:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

MiracleLinux 9 : postgresql:15 (AXSA:2026-325:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-325:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

MiracleLinux 9 : postgresql:16 (AXSA:2026-326:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-326:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability by sending a DataRow message with a negative field length from a malicious or compromised PostgreS...

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

[SECURITY] Fedora 42 Update: pgadmin4-9.13-1.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 43 Update: pgadmin4-9.13-1.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 43 Update: qgis-3.44.8-1.fc43

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

[SECURITY] Fedora 44 Update: pgadmin4-9.13-1.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 44 Update: qgis-3.44.8-1.fc44

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

PT-2026-28437

Name of the Vulnerable Software and Affected Versions versions prior to 2026-32286 Description The DataRow.Decode function does not correctly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, resulting in a slice bounds o...

SUSE: Security Advisory (SUSE-SU-2026:0881-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:0883-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Express - Node.js API with PostgreSQL SQL注入漏洞

Express - Node.js API with PostgreSQL is a RESTful API service developed by Jawher Kl, based on Node.js and PostgreSQL. Versions of Express - Node.js API with PostgreSQL prior to version 2.5 have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the sort parameter...