Lucene search
K

36 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Debian dla-4646 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4646 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4646-1 [email protected]...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References16
OSV
OSV
added 2026/06/08 1:54 p.m.9 views

JLSEC-2026-602

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.4AI score0.00208EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Important: postgresql

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: postgresql18

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.7AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: postgresql16

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: postgresql17

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2026-1766)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1766 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-024 (ALASPOSTGRESQL14-2026-024)

The version of postgresql installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-024 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References18
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: postgresql15

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
OSV
OSV
added 2026/05/29 1:33 p.m.11 views

OESA-2026-2479 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6.5AI score0.00668EPSS
Exploits0References9
OSV
OSV
added 2026/05/22 1:19 p.m.13 views

OESA-2026-2414 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6.5AI score0.00668EPSS
Exploits0References9
OSV
OSV
added 2026/05/22 1:19 p.m.8 views

OESA-2026-2413 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6.5AI score0.00668EPSS
Exploits0References9
OSV
OSV
added 2026/05/22 1:17 p.m.16 views

OESA-2026-2382 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.8CVSS6.6AI score0.00668EPSS
Exploits0References9
OSV
OSV
added 2026/05/22 1:17 p.m.11 views

OESA-2026-2381 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

8.8CVSS6.5AI score0.00668EPSS
Exploits0References9
OSV
OSV
added 2026/05/21 8:39 p.m.6 views

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

8.8CVSS6.3AI score0.00668EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2026/05/20 12:0 a.m.4 views

The vulnerability of the timeofday() function in the PostgreSQL database management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the timeofday function in the PostgreSQL database management system is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References13Affected Software6
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.27 views

SUSE CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References22
OSV
OSV
added 2026/05/18 5:53 a.m.13 views

BIT-POSTGRESQL-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:4 a.m.18 views

PostgreSQL timeofday() can disclose portions of server memory

...

4.3CVSS5.8AI score0.00208EPSS
Exploits0
Snyk
Snyk
added 2026/05/14 3:23 p.m.9 views

Use of Externally-Controlled Format String

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in the timeofday function when processing crafted timezone zones. An attacker can access portions of server memory by supplying specially crafted input to the timeofday function. Remediation...

5.3CVSS5.8AI score0.00208EPSS
Exploits0References2
Rows per page
Query Builder