Postgresql

Postgresql Jdbc Driver

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-49146

  • EPSS 0.02%
  • Veröffentlicht 11.06.2025 14:32:39
  • Zuletzt bearbeitet 06.10.2025 19:29:58

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed wit...

9.8

CVE-2024-1597

  • EPSS 0.31%
  • Veröffentlicht 19.02.2024 13:15:07
  • Zuletzt bearbeitet 12.06.2025 16:15:21

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus....

5.5

CVE-2022-41946

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.11.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:24:07

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is ...

8

CVE-2022-31197

Exploit
  • EPSS 1.28%
  • Veröffentlicht 03.08.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:06

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of...

9.8

CVE-2022-26520

  • EPSS 0.68%
  • Veröffentlicht 10.03.2022 17:47:45
  • Zuletzt bearbeitet 21.11.2024 06:54:06

In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker c...

9.8

CVE-2022-21724

Exploit
  • EPSS 4.81%
  • Veröffentlicht 02.02.2022 12:15:08
  • Zuletzt bearbeitet 05.05.2025 17:17:48

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or propertie...

7.7

CVE-2020-13692

  • EPSS 2.47%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:44

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

8.1

CVE-2018-10936

  • EPSS 1.35%
  • Veröffentlicht 30.08.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:20

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle atta...

7.5

CVE-2012-1618

  • EPSS 1.33%
  • Veröffentlicht 06.10.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC state...