Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2021-3935

Medium priority
Needs evaluation

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This...

1 affected package

pgbouncer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pgbouncer Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2015-6817

Medium priority
Not affected

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.

1 affected package

pgbouncer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pgbouncer
Show less packages

CVE-2015-4054

Medium priority
Ignored

PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.

1 affected package

pgbouncer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pgbouncer Not affected Not affected
Show less packages

CVE-2012-4575

Medium priority
Fixed

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

1 affected package

pgbouncer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pgbouncer
Show less packages