Lucene search
K
PostgresqlPostgresql Jdbc Driver42.3.0

5 matches found

CVE
CVE
added 2022/02/02 11:48 a.m.804 views

CVE-2022-21724

CVE-2022-21724 affects the official PostgreSQL JDBC Driver (libpgjava) used by pgjdbc. The vulnerability stems from the driver instantiating plugin classes based on connection properties (authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback) without v...

9.8CVSS8.4AI score0.0301EPSS
CVE
CVE
added 2024/02/19 12:58 p.m.533 views

CVE-2024-1597

CVE-2024-1597 affects the PostgreSQL JDBC Driver (libpgjava) used with pgjdbc. The vulnerability exists when PreferQueryMode=SIMPLE is enabled (not the default); an attacker can inject SQL to alter queries. Affected versions include before 42.7.2, and older 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42....

10CVSS9.8AI score0.0481EPSS
CVE
CVE
added 2022/11/23 12:0 a.m.516 views

CVE-2022-41946

Summary (CVE-2022-41946) pgjdbc (PostgreSQL JDBC Driver) is affected where a prepared statement using Either setText(int, InputStream) or setBytea(int, InputStream) creates a temporary file when the InputStream exceeds ~2 KB. The created temp file in the system temp directory can be readable by o...

5.5CVSS5.2AI score0.0048EPSS
CVE
CVE
added 2022/08/03 12:0 a.m.471 views

CVE-2022-31197

PgJDBC (PostgreSQL JDBC Driver) is affected by CVE-2022-31197 due to the java.sql.ResultRow.refreshRow() not escaping column names, enabling SQL injection when a column name contains a terminator like ;. Attack requires tricking a user into running SQL against a table with malicious column names ...

8CVSS7.7AI score0.01662EPSS
In wild
CVE
CVE
added 2022/03/07 5:0 p.m.374 views

CVE-2022-26520

CVE-2022-26520 affects the PostgreSQL JDBC (PgJDBC) driver prior to 42.3.3. An attacker who controls the JDBC URL or properties can cause java.util.logging.FileHandler to write to arbitrary files via the loggerFile and loggerLevel properties, potentially enabling tasks like placing an executable ...

9.8CVSS9.2AI score0.02999EPSS