10 matches found
CVE-2022-21724
CVE-2022-21724 affects the official PostgreSQL JDBC Driver (libpgjava) used by pgjdbc. The vulnerability stems from the driver instantiating plugin classes based on connection properties (authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback) without v...
CVE-2020-13692
CVE-2020-13692 affects the PostgreSQL JDBC Driver (PgJDBC) prior to v42.2.13, where an XML External Entity (XXE) weakness exists in the driver (libpgjava). Exploitation could lead to data exposure and potential impact on availability as summarized in the connected advisories. The Debian/AlmaLinux...
CVE-2024-1597
CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....
CVE-2022-41946
Summary (CVE-2022-41946) pgjdbc (PostgreSQL JDBC Driver) is affected where a prepared statement using Either setText(int, InputStream) or setBytea(int, InputStream) creates a temporary file when the InputStream exceeds ~2 KB. The created temp file in the system temp directory can be readable by o...
CVE-2022-31197
PgJDBC (PostgreSQL JDBC Driver) is affected by CVE-2022-31197 due to the java.sql.ResultRow.refreshRow() not escaping column names, enabling SQL injection when a column name contains a terminator like ;. Attack requires tricking a user into running SQL against a table with malicious column names ...
CVE-2022-26520
CVE-2022-26520 affects the PostgreSQL JDBC (PgJDBC) driver prior to 42.3.3. An attacker who controls the JDBC URL or properties can cause java.util.logging.FileHandler to write to arbitrary files via the loggerFile and loggerLevel properties, potentially enabling tasks like placing an executable ...
CVE-2025-49146
CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...
CVE-2018-10936
CVE-2018-10936 affects the PostgreSQL JDBC driver prior to 42.2.5. If an SSL Factory is provided and no host name verifier is configured, the driver might skip host name verification, enabling a MITM attacker to impersonate a trusted server with a CA-signed certificate. The risk is constrained to...
CVE-2012-1618
CVE-2012-1618 affects the PostgreSQL JDBC Driver prior to 8.2 when used with servers enabling standard_conforming_strings, allowing remote SQL injection via unescaped JDBC parameters. The issue is documented across multiple sources; exploitation details are not provided in the connected documents...
CVE-2026-42198
CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...