13285 matches found
GHSA-HQ9P-PM7W-8P54 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146
CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...
CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
CVE-2025-49146
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
Medium: postgresql
Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...
PT-2025-25224
Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.6 Description The issue arises when the PostgreSQL JDBC driver is configured with channel binding set to required, allowing connections to proceed with authentication methods that do not support channel...
pgJDBC 授权问题漏洞
pgJDBC is a PostgreSQL driver for pgJDBC open source. An authorization issue vulnerability exists in pgJDBC versions 42.7.4 through 42.7.7, which stems from a channel binding misconfiguration that could lead to a man-in-the-middle attack...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2025-018)
The version of postgresql installed on the remote host is prior to 14.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2025-018 advisory. Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary deni...
MGASA-2025-0179 Updated php-adodb packages fix security vulnerability
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...
Updated php-adodb packages fix security vulnerability
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...
CVE-2025-5690
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pgdump. This problem occurs only when dynamic masking is enabled, which is not the...
SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2025:01766-2)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01766-2 advisory. Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails...
CVE-2025-5690
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pgdump. This problem occurs only when dynamic masking is enabled, which is not the...
CVE-2025-5690
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pgdump. This problem occurs only when dynamic masking is enabled, which is not the...
CVE-2025-5690
The CVE-2025-5690 entry concerns PostgreSQL Anonymizer (versions 2.0 and 2.1). Affected component: the masking mechanism when dynamic masking is enabled, which allows a masked user to bypass table masking rules and read original data via a database cursor or the --insert option in pg_dump. This i...
CVE-2025-5690 Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pgdump. This problem occurs only when dynamic masking is enabled, which is not the...
CVE-2025-5690 Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pgdump. This problem occurs only when dynamic masking is enabled, which is not the...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 16.9: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/ Patch Instructions: To...