Lucene search
K

312 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0465

Malicious code in bioql PyPI...

10CVSS7.9AI score0.0481EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/02 6:38 p.m.6 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-49146)

Summary The following vulnerabilities that can affect IBM Storage Scale and the Management GUI and could provide weaker than expected security are now fixed CVE-2025-49146. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and unt...

8.2CVSS6.8AI score0.00461EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-49146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to require...

8.2CVSS7.3AI score0.00461EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/07/05 12:0 a.m.3 views

postgresql-jdbc-42.7.7-1.1 on GA media (moderate)

postgresql-jdbc-42.7.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15264-1 Rating: moderate Cross-References: CVE-2025-49146 CVSS scores: CVE-2025-49146 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-49146 SUSE : 8.3...

8.3CVSS8.2AI score0.00461EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/03 1:19 a.m.13 views

CVE-2025-53005

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.8CVSS7.1AI score0.00522EPSS
Exploits1References1
OSV
OSV
added 2025/07/03 12:0 a.m.3 views

OPENSUSE-SU-2025:15264-1 postgresql-jdbc-42.7.7-1.1 on GA media

These are all security issues fixed in the postgresql-jdbc-42.7.7-1.1 package on the GA media of openSUSE Tumbleweed...

8.2CVSS7.2AI score0.00461EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/01 12:33 a.m.14 views

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS0.00522EPSS
Exploits1References1
OSV
OSV
added 2025/07/01 12:33 a.m.5 views

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS6.7AI score0.00522EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/01 12:33 a.m.2 views

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS7AI score0.00522EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 3: postgresql-jdbc (TSSA-2024:0094)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0094 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

10CVSS8AI score0.0481EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.2 views

TencentOS Server 3: postgresql-jdbc (TSSA-2022:0069)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0069 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.7CVSS7.4AI score0.04094EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 4: postgresql-jdbc (TSSA-2024:0662)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0662 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

10CVSS7.9AI score0.0481EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/13 12:0 a.m.3 views

FreeBSD : PostgreSQL JDBC library -- Improper Authentication (2a220a73-4759-11f0-a44a-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a220a73-4759-11f0-a44a-6cc21735f730 advisory. PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite...

8.2CVSS7.7AI score0.00461EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2025/06/12 12:0 a.m.8 views

PostgreSQL JDBC library -- Improper Authentication

PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...

8.2CVSS8.3AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 3:15 p.m.18 views

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS0.00461EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/06/11 2:44 p.m.11 views

pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...

8.2CVSS7.2AI score0.00461EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2025/06/11 2:32 p.m.8 views

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.7AI score0.00461EPSS
Exploits0
Cvelist
Cvelist
added 2025/06/11 2:32 p.m.44 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS0.00461EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/11 2:32 p.m.8 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7AI score0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.3 views

PT-2025-25224

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.6 Description The issue arises when the PostgreSQL JDBC driver is configured with channel binding set to required, allowing connections to proceed with authentication methods that do not support channel...

8.5CVSS7.3AI score0.00461EPSS
Exploits0References34
Rows per page
Query Builder