postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

SUSE-SU-2023:0451-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files bsc1206921...

SUSE CVE-2012-1151

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg aka DBD-Pg or libdbd-pg-perl module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service process crash via format string specifiers in 1 a crafted database warning to the pgwarn function or 2 a...

SUSE CVE-2020-13692

PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE...

SUSE CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

OESA-2022-1835 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: PostgreSQL JDBC...

PostgreSQL JDBC Driver SQL注入漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure...

jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

postgresql-jdbc: Arbitrary File Write Vulnerability

A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...

jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

PostgreSQL JDBC Driver 安全漏洞

The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol. A security vulnerability existed in PostgreSQL JDBC Driver before 42.3.3. No information about the vulnerability is available at this time, so please...

GHSA-88CC-G835-76RP Improper Restriction of XML External Entity Reference

PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE...

UBUNTU-CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

PostgreSQL JDBC Driver 安全漏洞

The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol. A security vulnerability exists in the PostgreSQL JDBC Driver or PgJDBC for short that stems from the instantiation of plugin instances by the class na...

postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...

postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...

postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML

A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability...

PostgreSQL JDBC Driver Code Issue Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A code issue exists in PostgreSQL JDBC Driver PgJDBC versions prior...

PT-2020-6672 · Postgresql +9 · Postgresql Jdbc Driver +9

Name of the Vulnerable Software and Affected Versions: PostgreSQL JDBC Driver aka PgJDBC versions prior to 42.2.13 Description: The issue is related to the incorrect restriction of XML external entities, which can lead to XXE attacks. A remote attacker can exploit this to conduct XXE attacks...