Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-1597

Medium priority
Needs evaluation

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-41946

Low priority
Needs evaluation

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-31197

Medium priority
Needs evaluation

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-26520

Medium priority
Ignored

** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-21724

Medium priority
Needs evaluation

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-13692

Medium priority

Some fixes available 2 of 3

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Not affected Not affected Fixed Fixed Not affected
Show less packages

CVE-2018-10936

Low priority
Needs evaluation

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2012-1618

Low priority
Ignored

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape...

1 affected package

libpgjava

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpgjava
Show less packages