RSS   Vulnerabilities for 'Postgresql jdbc driver'   RSS

2020-06-04
 
CVE-2020-13692

CWE-611
 

 
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

 
2018-08-30
 
CVE-2018-10936

CWE-297
 

 
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.

 
2012-10-06
 
CVE-2012-1618

 

 
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

 

 >>> Vendor: Postgresql 4 Products
Postgresql
Postgresql jdbc driver
Postgresql-common
Pgjdbc


Copyright 2024, cxsecurity.com

 

Back to Top