1.3.3

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-11-22	CVE-2021-3935	Improper Certificate Validation vulnerability in multiple products When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. network high complexity pgbouncer redhat fedoraproject debian CWE-295	8.1
2017-05-23	CVE-2015-4054	NULL Pointer Dereference vulnerability in Pgbouncer PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. network low complexity pgbouncer CWE-476	7.5