Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jdbc vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 up to and including 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.
Insightsoftware Magnitude Simba Amazon Redshift Jdbc Driver
NA
CVE-2024-1597
pgjdbc, the PostgreSQL JDBC Driver, allows malicious user to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second ...
Postgresql Postgresql Jdbc Driver
Fedoraproject Fedora 40
7.5
CVSSv2
CVE-2012-1618
Interaction error in the PostgreSQL JDBC driver prior to 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, w...
Postgresql Postgresql 9.1
Postgresql Postgresql Jdbc Driver 8.1
7.5
CVSSv2
CVE-2022-21724
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin ...
Postgresql Postgresql Jdbc Driver
Postgresql Postgresql Jdbc Driver 42.3.2
Fedoraproject Fedora 35
Quarkus Quarkus
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8 Github repositories
6.8
CVSSv2
CVE-2018-10936
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a tru...
Postgresql Postgresql Jdbc Driver
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
7.5
CVSSv2
CVE-2022-26520
In pgjdbc prior to 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JS...
Postgresql Postgresql Jdbc Driver
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) prior to 42.2.13 allows XXE.
Postgresql Postgresql Jdbc Driver
Quarkus Quarkus
Netapp Steelstore Cloud Integrated Storage -
Fedoraproject Fedora 32
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
7.5
CVSSv2
CVE-2002-0866
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote malicious users to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL ...
Microsoft Virtual Machine 3300
Microsoft Virtual Machine 3802
Microsoft Virtual Machine 3100
Microsoft Virtual Machine 3188
Microsoft Virtual Machine 3200
Microsoft Virtual Machine 2000
Microsoft Virtual Machine 3000
Microsoft Virtual Machine 3805
1 EDB exploit
5
CVSSv2
CVE-2002-0867
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote malicious users to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."
Microsoft Virtual Machine 3200
Microsoft Virtual Machine 3300
Microsoft Virtual Machine 3100
Microsoft Virtual Machine 3188
Microsoft Virtual Machine 2000
Microsoft Virtual Machine 3000
Microsoft Virtual Machine 3802
Microsoft Virtual Machine 3805
NA
CVE-2023-35701
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »