Lucene search
K

108 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-54291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from...

8.2CVSS6.1AI score0.00236EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 7:17 p.m.12 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/06 6:55 p.m.6 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:55 p.m.5 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-54841

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.11 Description Connections using channelBinding=require can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256. This results in the loss of man-in-the-middle protectio...

8.2CVSS6AI score0.00236EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/01 10:21 a.m.18 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/20 12:47 p.m.13 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.3.SP2 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libpgjava

The PostgreSQL JDBC Driver abbreviated as PgJDBC allows Java programs to connect to a PostgreSQL database using standard, database-independent Java code. The implementation of the java.sql.ResultRow.refreshRow method in PgJDBC does not escape column names, which means that a malicious column name...

8CVSS7.1AI score0.0167EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in libpgjava

In pgjdbc before version 42.3.3, an attacker who controls the jdbc URL or properties can use java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example scenario is that an attacker could create a executable JSP file under a...

9.8CVSS7.3AI score0.02999EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libpgjava

pgjdbc, the PostgreSQL JDBC Driver, allows attackers to inject SQL statements if the PreferQueryMode=SIMPLE setting is used. Note that this is not the default setting. In the default mode, there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus sign...

10CVSS7.1AI score0.0481EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 8:9 p.m.12 views

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 3:6 p.m.8 views

CVE-2026-42198

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References5
NVD
NVD
added 2026/04/29 4:16 p.m.6 views

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS0.0077EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/29 3:58 p.m.3 views

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

pgJDBC 安全漏洞

pgJDBC is an open-source PostgreSQL driver developed by pgJDBC. Versions of pgJDBC from 42.2.0 to 42.7.11 contained security vulnerabilities. These vulnerabilities stemmed from a client denial-of-service vulnerability during SCRAM-SHA-256 authentication. A malicious server could instruct the driv...

7.5CVSS7.1AI score0.0077EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-7235

Malicious code in bioql PyPI...

5.5CVSS6AI score0.0048EPSS
Exploits1References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18118

Malicious code in bioql PyPI...

8.2CVSS7.5AI score0.00461EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/12 7:35 p.m.7 views

Security Bulletin: Vulnerabilities in pgjdbc affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in pgjdbc has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is...

8.2CVSS6.8AI score0.00461EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/08/07 10:51 a.m.4 views

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS5.8AI score0.00461EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/08/06 4:17 p.m.4 views

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS5.8AI score0.00461EPSS
Exploits0References6
Rows per page
Query Builder