Vulnerabilities > Postgresql > Postgresql Jdbc Driver

DATE CVE VULNERABILITY TITLE RISK
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
9.8
2022-11-23 CVE-2022-41946 Exposure of Resource to Wrong Sphere vulnerability in multiple products
pgjdbc is an open source postgresql JDBC Driver.
local
low complexity
postgresql debian CWE-668
5.5
2022-08-03 CVE-2022-31197 SQL Injection vulnerability in multiple products
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code.
network
low complexity
postgresql debian fedoraproject CWE-89
8.0
2022-03-10 CVE-2022-26520 In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.
network
low complexity
postgresql debian
critical
9.8
2022-02-02 CVE-2022-21724 Improper Initialization vulnerability in multiple products
pgjdbc is the offical PostgreSQL JDBC Driver.
network
low complexity
postgresql fedoraproject quarkus debian CWE-665
critical
9.8
2020-06-04 CVE-2020-13692 XXE vulnerability in multiple products
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
7.7
2018-08-30 CVE-2018-10936 Improper Validation of Certificate with Host Mismatch vulnerability in multiple products
A weakness was found in postgresql-jdbc before version 42.2.5.
network
high complexity
postgresql redhat CWE-297
8.1