79 matches found
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
PT-2025-25224
Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.6 Description The issue arises when the PostgreSQL JDBC driver is configured with channel binding set to required, allowing connections to proceed with authentication methods that do not support channel...
Alibaba Cloud Linux 3 : 0089: postgresql-jdbc (ALINUX3-SA-2024:0089)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0089 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-1597: pgjdbc, the PostgreSQL JDBC Driver,...
Alibaba Cloud Linux 3 : 0069: postgresql-jdbc (ALINUX3-SA-2022:0069)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0069 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-13692: PostgreSQL JDBC Driver aka PgJDBC...
Alibaba Cloud Linux 3 : 0065: postgresql-jdbc (ALINUX3-SA-2023:0065)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0065 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41946: pgjdbc is an open source postgresql...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...
Linux Distros Unpatched Vulnerability : CVE-2022-31197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC...
Linux Distros Unpatched Vulnerability : CVE-2024-1597
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no...
Linux Distros Unpatched Vulnerability : CVE-2022-21724
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system usi...
This Week in Spring - December 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...
VulnCheck KEV: CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a...
Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.7 release and security update.
Red Hat Integration Camel K 1.10.7 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements
Release of OpenShift Serverless Logic 1.33.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Atlassian Confluence 6.0.1 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 SQLI (CONFSERVER-95837)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95837 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mo...
Rocky Linux 9 : postgresql-jdbc (RLSA-2024:1436)
The remote Rocky Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:1436 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is n...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements when using...
Fedora 40 : postgresql-jdbc (2024-ed884c3203)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ed884c3203 advisory. This rebase fixes CVE-2024-1597. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Mageia: Security Advisory (MGASA-2024-0120)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0120 Updated postgresql-jdbc packages fix security vulnerability
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...