CVE-2004-2026: Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string…

CVE-2026-2003 postgresql-14, postgresql-16, postgresql-17 vulnerabilities postgresql-14, postgresql-16, postgresql-17 vulnerabilities Altan Birler discovered that PostgreSQL incorrectly validated oidvector types. An attacker could possibly use this issue to obtain a few bytes of sensitive information. (CVE-2026-2003) Daniel Firer discovered that PostgreSQL incorrectly validated input in the intarray extension. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-2004) It was dicovered that PosgreSQL incorrectly handled certain pgcrypto memory operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-2005) Paul Gerste and Moritz Sanft discovered that PostgreSQL incorrectly validated multibyte character lengths. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-2006)

CVE-2004-2026 [HIGH] GHSA-rrwc-ph65-5p73: Format string vulnerability in the logmsg function in svc Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

CVE-2004-2026 [HIGH] CVE-2004-2026: Format string vulnerability in the logmsg function in svc Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

CVE-2026-9530 [LOW] CWE-125 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility A flaw was found in GNU LibreDWG, specifically within the Dwgbmp Utility component. A local attacker could exploit an out-of-bounds read vulnerability in the `read_2004_compressed_section` function by manipulating a file. This could lead to a denial of service, making the application unavailable. Package: vim (Red Hat Enterprise Linux 10) - Under investigation Package: vim (Red Hat Enterprise Linux 6) - Under investigation Package: vim (Red Hat Enterprise Linux 7) - Under investigation Package: vim (Red Hat Enterprise Linux 8) - Under investigation Package: vim (Red Hat Enterprise Linux 9) - Under investigation Package: rhcos (Red Hat OpenShift Container Platform 4) - Under investigation

CVE-2026-2004 [HIGH] CWE-1287 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security cri

CVE-2004-2026 [HIGH] CVE-2004-2026: pound - Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and ea... Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages. Scope: local bullseye: resolved (fixed in 1.7-1) forky: resolved (fixed in 1.7-1) sid: resolved (fixed in 1.7-1) trixie: resolved (fixed in 1.7-1)

CVE-2004-1077 [MEDIUM] Citrix Security Bulletin CTX105650 Citrix Security Bulletin CTX105650 CVE References: CVE-2004-1077, CVE-2004-1078, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2004-2026 APSIS Pound 1.5 - Remote Format String APSIS Pound 1.5 - Remote Format String --- // source: https://www.securityfocus.com/bid/10267/info APSIS Pound has been found to be prone to a remote format string vulnerability. The problem presents itself when Pound handles certain requests containing embedded format string specifiers. Ultimately this vulnerability could allow for execution of arbitrary code on the system implementing the affected software, which would occur in the security context of the server process. /* Pound #include #include #include #include #include #define PORT 8888 #define BUFSIZE 1024 #define NOP 0x90 #define POUND "/usr/sbin/pound" #define COMMAND "TERM=xterm; export TERM=xterm; id;uname -a;\n" #define LOCALHOST "127.0.0.1" typedef enum {LOCAL,REMOTE} type_t; struct target { char *arch; unsigned long jm

CVE-2026-9530 [LOW] CVE-2026-9530 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility CVE-2026-9530 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8f03865f37f5d4ffd616fef802acc980be54d300. It is advisable to implement a patch to correct this issue.

CVE-2026-2004 [HIGH] CVE-2026-2004 postgresql16: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42] CVE-2026-2004 postgresql16: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: This message is a reminder that Fedora Linux 42 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '42'. Package Maintainer: If you wish for this bug to remain open because you pl

CVE-2026-2004 [HIGH] CVE-2026-2004 postgresql17: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42] CVE-2026-2004 postgresql17: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: This message is a reminder that Fedora Linux 42 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '42'. Package Maintainer: If you wish for this bug to remain open because you pl

CVE-2026-2004 [HIGH] CVE-2026-2004 mingw-postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42] CVE-2026-2004 mingw-postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: This message is a reminder that Fedora Linux 42 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '42'. Package Maintainer: If you wish for this bug to remain open because yo