Lucene search
K
PostgresqlPostgresql Jdbc Driver

4 matches found

CVE
CVE
added 2022/08/03 12:0 a.m.471 views

CVE-2022-31197

PgJDBC (PostgreSQL JDBC Driver) is affected by CVE-2022-31197 due to the java.sql.ResultRow.refreshRow() not escaping column names, enabling SQL injection when a column name contains a terminator like ;. Attack requires tricking a user into running SQL against a table with malicious column names ...

8CVSS7.7AI score0.0167EPSS
In wild
CVE
CVE
added 2025/06/11 2:32 p.m.241 views

CVE-2025-49146

CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...

8.2CVSS7AI score0.00461EPSS
CVE
CVE
added 2018/08/30 1:0 p.m.122 views

CVE-2018-10936

CVE-2018-10936 affects the PostgreSQL JDBC driver prior to 42.2.5. If an SSL Factory is provided and no host name verifier is configured, the driver might skip host name verification, enabling a MITM attacker to impersonate a trusted server with a CA-signed certificate. The risk is constrained to...

8.1CVSS7.6AI score0.0291EPSS
CVE
CVE
added 2026/07/06 6:55 p.m.85 views

CVE-2026-54291

CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...

8.2CVSS5.9AI score0.00236EPSS