Search CVE reports
1 – 4 of 4 results
CVE-2021-3935
Medium priorityWhen PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This...
1 affected package
pgbouncer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pgbouncer | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2015-6817
Medium priorityPgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
1 affected package
pgbouncer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pgbouncer | — | — | — | — | — |
CVE-2015-4054
Medium priorityPgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
1 affected package
pgbouncer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pgbouncer | — | — | — | Not affected | Not affected |
CVE-2012-4575
Medium priorityThe add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.
1 affected package
pgbouncer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pgbouncer | — | — | — | — | — |