rpm package
suse/postgresql-jdbc&distro=SUSE Manager Server Module 4.1
pkg:rpm/suse/postgresql-jdbc&distro=SUSE%20Manager%20Server%20Module%204.1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31197 | — | < 42.2.10-150200.3.11.1 | 42.2.10-150200.3.11.1 | Aug 3, 2022 | PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c | ||
| CVE-2022-31248 | — | < 42.2.10-150200.3.8.2 | 42.2.10-150200.3.8.2 | Jun 22, 2022 | A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4. | ||
| CVE-2022-21952 | — | < 42.2.10-150200.3.8.2 | 42.2.10-150200.3.8.2 | Jun 22, 2022 | A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java version | ||
| CVE-2022-26520 | — | < 42.2.10-150200.3.8.2 | 42.2.10-150200.3.8.2 | Mar 7, 2022 | In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP | ||
| CVE-2022-21698 | — | < 42.2.10-150200.3.8.2 | 42.2.10-150200.3.8.2 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde | ||
| CVE-2022-21724 | — | < 42.2.10-150200.3.8.2 | 42.2.10-150200.3.8.2 | Feb 2, 2022 | pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin | ||
| CVE-2020-13692 | — | < 42.2.10-3.3.5 | 42.2.10-3.3.5 | Jun 4, 2020 | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. |
- CVE-2022-31197Aug 3, 2022affected < 42.2.10-150200.3.11.1fixed 42.2.10-150200.3.11.1
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c
- CVE-2022-31248Jun 22, 2022affected < 42.2.10-150200.3.8.2fixed 42.2.10-150200.3.8.2
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.
- CVE-2022-21952Jun 22, 2022affected < 42.2.10-150200.3.8.2fixed 42.2.10-150200.3.8.2
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java version
- CVE-2022-26520Mar 7, 2022affected < 42.2.10-150200.3.8.2fixed 42.2.10-150200.3.8.2
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP
- CVE-2022-21698Feb 15, 2022affected < 42.2.10-150200.3.8.2fixed 42.2.10-150200.3.8.2
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde
- CVE-2022-21724Feb 2, 2022affected < 42.2.10-150200.3.8.2fixed 42.2.10-150200.3.8.2
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin
- CVE-2020-13692Jun 4, 2020affected < 42.2.10-3.3.5fixed 42.2.10-3.3.5
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.