2748 matches found
CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
DEBIAN-CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
UBUNTU-CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...
Incorrect Implementation of Authentication Algorithm
Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm allowing fallback to insecure authentication despite channelBinding being set to required. The...
GHSA-HQ9P-PM7W-8P54 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146
CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
pgJDBC 授权问题漏洞
pgJDBC is a PostgreSQL driver for pgJDBC open source. An authorization issue vulnerability exists in pgJDBC versions 42.7.4 through 42.7.7, which stems from a channel binding misconfiguration that could lead to a man-in-the-middle attack...
CLSA-2025-1749568993 kernel: Fix of 24 CVEs
vsock: Keep the binding until socket destruction CVE-2025-21756 - mt76: fix use-after-free by removing a non-RCU wcid pointer CVE-2022-49328 - bpf, testrun: Fix alignment problem in bpfprogtestrunskb CVE-2022-49840 - ASoC: core: Fix use-after-free in sndsocexit CVE-2022-49842 - net: sched: Fix...
CLSA-2025-1749562017 kernel: Fix of 24 CVEs
vsock: Keep the binding until socket destruction CVE-2025-21756 - mt76: fix use-after-free by removing a non-RCU wcid pointer CVE-2022-49328 - bpf, testrun: Fix alignment problem in bpfprogtestrunskb CVE-2022-49840 - ASoC: core: Fix use-after-free in sndsocexit CVE-2022-49842 - net: sched: Fix...
CVE-2025-42993
Summary: CVE-2025-42993 affects SAP S/4HANA (Enterprise Event Enablement). A missing authorization check allows an attacker with access to Inbound Binding Configuration to create an RFC destination and assign a high-privilege user, enabling code execution under that user’s privileges. Impact is l...
OS Command Exec, Unix Command Shell, Pingback Bind TCP (via netcat)
Execute an OS command from PHP. Accept a connection, send a UUID, then exit Module Options msf use payload/php/unix/cmd/pingbackbind msf payloadpingbackbind show actions ...actions... msf payloadpingbackbind set ACTION msf payloadpingbackbind show options ...show and set options... msf...
nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS
A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...
nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS
A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...
nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS
A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...
nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS
A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...