TencentOS Server 4: postgresql (TSSA-2024:0559)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0559 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: postgresql16 (TSSA-2024:0642)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0642 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: postgresql:15 (TSSA-2024:0774)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0774 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: postgresql:16 (TSSA-2024:0773)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0773 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, enables attackers to execute “man-in-the-middle” attacks.

The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, is related to deficiencies in the authentication process. Exploiting this vulnerability could enable a malicious actor to carry out a “man-in-the-middle” attack...

CVE-2025-21085

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization...

CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization...

CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization...

CVE-2025-21085

PingFederate CVE-2025-21085 describes a grant attribute duplication issue in the PostgreSQL persistence store that can cause excessive memory utilization for OAuth2 requests. The affected product is PingFederate; the root cause is duplication in the OAuth2 grant storage within PostgreSQL, leading...

Ping Identity PingFederate 安全漏洞

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity PingFederate suffers from a security vulnerability that stems from duplicate OAuth2 authorizations in the PostgreSQL persistence store, which could le...

PT-2025-25497 · Ping Identity · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns PingFederate OAuth2 grant duplication in PostgreSQL persistent storage, allowing OAuth2 requests to use excessive memory utilization. Recommendations: At the moment,...

FreeBSD : PostgreSQL JDBC library -- Improper Authentication (2a220a73-4759-11f0-a44a-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a220a73-4759-11f0-a44a-6cc21735f730 advisory. PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite...

UBUNTU-CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/appendvalue.go...

Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.13: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/15.13/ Patch Instructions: T...

SUSE-SU-2025:01748-2 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.13: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/15.13/...

Man-In-The-Middle (MITM)

org.postgresql:postgresql is vulnerable to Man-In-The-Middle MITM. The vulnerability is due to improper enforcement of channel-binding requirements in the driver allowing authentication methods that do not support channel binding e.g., password, MD5, GSS, SSPI even when channel binding is set to...

PostgreSQL JDBC library -- Improper Authentication

PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

UBUNTU-CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

Incorrect Implementation of Authentication Algorithm

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm allowing fallback to insecure authentication despite channelBinding being set to required. The...