Filtered by vendor Pgbouncer
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3935 | 3 Fedoraproject, Pgbouncer, Redhat | 3 Fedora, Pgbouncer, Enterprise Linux | 2022-02-14 | 5.1 MEDIUM | 8.1 HIGH |
| When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. | |||||
| CVE-2015-4054 | 1 Pgbouncer | 1 Pgbouncer | 2020-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. | |||||
| CVE-2015-6817 | 1 Pgbouncer | 1 Pgbouncer | 2020-11-03 | 6.8 MEDIUM | 8.1 HIGH |
| PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | |||||