jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

EUVD-2022-7235

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities in pgjdbc affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in pgjdbc has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is...

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

RHEL 9 : pgjdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597 Note tha...

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

CVE-2024-1597 pgjdbc SQL Injection via line comment generation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

SUSE SLES15 / openSUSE 15 Security Update : postgresql-jdbc (SUSE-SU-2022:2655-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2655-1 advisory. - CVE-2022-26520: Fixed arbitrary File Write Vulnerability bsc1197356 Tenable has extracted the preceding description block...

The vulnerability of the JDBC driver (PgJDBC) for connecting Java programs to the PostgreSQL database allows attackers to perform XXE attacks.

The vulnerability of the JDBC driver PgJDBC for connecting Java programs to the PostgreSQL database is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

The vulnerability of the JDBC driver pgjdbc for connecting Java programs to a PostgreSQL database allows a attacker to execute arbitrary code.

The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, is related to the lack of verification for the implementation of the expected interface class. Exploiting this vulnerability can enable a malicious actor to execute arbitrary code through...