Vulnerabilities > Pgbouncer

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-3672 Cross-site Scripting vulnerability in multiple products
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking.
5.6
2021-11-22 CVE-2021-3935 Improper Certificate Validation vulnerability in multiple products
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption.
network
high complexity
pgbouncer redhat fedoraproject debian CWE-295
8.1
2017-05-23 CVE-2015-6817 Improper Authentication vulnerability in Pgbouncer 1.6
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
network
pgbouncer CWE-287
6.8
2017-05-23 CVE-2015-4054 NULL Pointer Dereference vulnerability in Pgbouncer
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
network
low complexity
pgbouncer CWE-476
5.0