Lucene search
K

108 matches found

RedHat Linux
RedHat Linux
added 2025/06/25 7:47 p.m.4 views

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS5.8AI score0.00461EPSS
Exploits0References6
OSV
OSV
added 2025/06/14 5:57 a.m.4 views

BIT-POSTGRESQL-JDBC-DRIVER-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.9AI score0.00461EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/11 9:33 p.m.6 views

CVE-2025-49146

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS7.9AI score0.00461EPSS
Exploits0References5
OSV
OSV
added 2025/06/11 3:15 p.m.2 views

DEBIAN-CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

5.9CVSS7.7AI score0.00461EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 2:32 p.m.5 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.3AI score0.00461EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/11 2:32 p.m.47 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS0.00461EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/06/11 2:32 p.m.9 views

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.7AI score0.00461EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/06/11 2:32 p.m.8 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7AI score0.00461EPSS
Exploits0References2
CVE
CVE
added 2025/06/11 2:32 p.m.242 views

CVE-2025-49146

CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...

8.2CVSS7AI score0.00461EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.3 views

pgJDBC 授权问题漏洞

pgJDBC is a PostgreSQL driver for pgJDBC open source. An authorization issue vulnerability exists in pgJDBC versions 42.7.4 through 42.7.7, which stems from a channel binding misconfiguration that could lead to a man-in-the-middle attack...

8.2CVSS7.4AI score0.00461EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-41946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

5.5CVSS6.6AI score0.0048EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/08/27 12:0 a.m.4 views

The vulnerability of the JDBC driver pgjdbc for connecting Java programs to a PostgreSQL database lies in insufficient validation of input data. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, is related to the creation of arbitrary files. Exploiting this vulnerability can enable a malicious actor to compromise the confidentiality, integrity, and accessibility of protected...

10CVSS7.4AI score0.02999EPSS
Exploits0References8Affected Software4
RedHat Linux
RedHat Linux
added 2024/07/25 7:26 p.m.30 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.

Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

10CVSS7AI score0.0481EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.9 views

RHEL 8 : pgjdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597 Note tha...

10CVSS9.7AI score0.0481EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 6 : pgjdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597 Note tha...

10CVSS9.7AI score0.0481EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.30 views

RHEL 9 : pgjdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597 Note tha...

10CVSS9.7AI score0.0481EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/27 12:0 a.m.42 views

Atlassian Confluence 6.0.1 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 SQLI (CONFSERVER-95837)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95837 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mo...

10CVSS7.8AI score0.0481EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.14 views

RHEL 8 : pgjdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597 Note tha...

9.7AI score0.0481EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.33 views

RHEL 9 : pgjdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597 Note tha...

9.7AI score0.0481EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2024/05/02 11:24 a.m.42 views

K000139489: PostgreSQL JDBC Driver vulnerability CVE-2024-1597

Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...

10CVSS8.2AI score0.0481EPSS
Exploits0
Rows per page
Query Builder