312 matches found
EUVD-2024-0465
Malicious code in bioql PyPI...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-49146)
Summary The following vulnerabilities that can affect IBM Storage Scale and the Management GUI and could provide weaker than expected security are now fixed CVE-2025-49146. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and unt...
Linux Distros Unpatched Vulnerability : CVE-2025-49146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to require...
postgresql-jdbc-42.7.7-1.1 on GA media (moderate)
postgresql-jdbc-42.7.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15264-1 Rating: moderate Cross-References: CVE-2025-49146 CVSS scores: CVE-2025-49146 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-49146 SUSE : 8.3...
CVE-2025-53005
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
OPENSUSE-SU-2025:15264-1 postgresql-jdbc-42.7.7-1.1 on GA media
These are all security issues fixed in the postgresql-jdbc-42.7.7-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
TencentOS Server 3: postgresql-jdbc (TSSA-2024:0094)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0094 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 3: postgresql-jdbc (TSSA-2022:0069)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0069 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: postgresql-jdbc (TSSA-2024:0662)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0662 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
FreeBSD : PostgreSQL JDBC library -- Improper Authentication (2a220a73-4759-11f0-a44a-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a220a73-4759-11f0-a44a-6cc21735f730 advisory. PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite...
PostgreSQL JDBC library -- Improper Authentication
PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...
CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...
CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
PT-2025-25224
Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.6 Description The issue arises when the PostgreSQL JDBC driver is configured with channel binding set to required, allowing connections to proceed with authentication methods that do not support channel...