Lucene search
K

132 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

9.8CVSS6.2AI score0.00561EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/06 8:42 p.m.5 views

Incorrect Implementation of Authentication Algorithm

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the ScramAuthenticator class, which fails open by confirming only that the server advertised a...

8.2CVSS6AI score0.00236EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/06 6:55 p.m.6 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0
EUVD
EUVD
added 2026/07/06 6:55 p.m.9 views

EUVD-2026-41903

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 6:55 p.m.2 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 6:55 p.m.87 views

CVE-2026-54291

CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 7:41 p.m.5 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact 7.1.1.0

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.1 Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of...

9.1CVSS6.1AI score0.0077EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-351 H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.8AI score0.01441EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/13 12:0 a.m.6 views

postgresql-jdbc-42.7.11-1.1 on GA media (moderate)

postgresql-jdbc-42.7.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:11001-1 Rating: moderate Cross-References: CVE-2026-42198 CVSS scores: CVE-2026-42198 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

7.5CVSS7.2AI score0.0077EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 3:5 a.m.10 views

Security Bulletin: Due to use of postgresql-42.7.10.jar, IBM Sterling Connect:Direct Web Services is affected by client-side denial of service.

Summary postgresql-42.7.10.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42198. Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial o...

7.5CVSS7AI score0.0077EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/29 1:35 p.m.9 views

OESA-2026-2501 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:22 p.m.6 views

OESA-2026-2446 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 12:47 p.m.13 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libpgjava

pgjdbc is the official PostgreSQL JDBC Driver. A security flaw was discovered in the JDBC driver for the postgresql database during security research. Systems that use the postgresql library will be vulnerable if an attacker controls the JDBC URL or connection properties. pgjdbc creates plugin...

9.8CVSS7.5AI score0.0301EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/19 4:11 p.m.10 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

9.8CVSS6.1AI score0.00561EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/19 1:51 a.m.25 views

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

7.5CVSS5.7AI score0.00356EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/15 3:52 p.m.15 views

CVE-2026-41889

A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an...

9.8CVSS5.8AI score0.00356EPSS
Exploits0References6
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.22 views

DoS (Denial of Service) at postgresql dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

7.5CVSS5.7AI score0.0077EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:3 a.m.10 views

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

...

9.8CVSS5.8AI score0.00356EPSS
Exploits0
OSV
OSV
added 2026/05/08 5:16 p.m.7 views

UBUNTU-CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS5.7AI score0.00356EPSS
Exploits0References5
Rows per page
Query Builder