rpm package
opensuse/postgresql-jdbc&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/postgresql-jdbc&distro=openSUSE%20Leap%2015.4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41946 | — | < 42.2.25-150400.3.9.2 | 42.2.25-150400.3.9.2 | Nov 23, 2022 | pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will crea | ||
| CVE-2022-31197 | — | < 42.2.25-150400.3.6.1 | 42.2.25-150400.3.6.1 | Aug 3, 2022 | PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c | ||
| CVE-2022-26520 | — | < 42.2.25-150400.3.3.2 | 42.2.25-150400.3.3.2 | Mar 7, 2022 | In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP |
- CVE-2022-41946Nov 23, 2022affected < 42.2.25-150400.3.9.2fixed 42.2.25-150400.3.9.2
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will crea
- CVE-2022-31197Aug 3, 2022affected < 42.2.25-150400.3.6.1fixed 42.2.25-150400.3.6.1
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c
- CVE-2022-26520Mar 7, 2022affected < 42.2.25-150400.3.3.2fixed 42.2.25-150400.3.3.2
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP