May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

GHSA-4463-8RVF-RJ9F vulnerabilities

Vulnerabilities for packages: pgbouncer...

GHSA-PMGP-Q838-FH9G vulnerabilities

Vulnerabilities for packages: pgbouncer...

BIT-PGBOUNCER-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

UBUNTU-CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

EUVD-2026-28879

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

Linux Distros Unpatched Vulnerability : CVE-2026-6664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-12819)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-12819 advisory. - Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an...

EUVD-2015-4080

Malware in sbrugna...

EUVD-2015-6754

Malware in sbrugna...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases / c-ares / pgbouncer (CVE-2021-3672)

The version of CBL-Mariner Releases / c-ares / pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3672 advisory. - A flaw was found in c-ares library, where a missing input validation check...

Azure Linux 3.0 Security Update: pgbouncer (CVE-2025-2291)

The version of pgbouncer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...

CBL Mariner 2.0 Security Update: pgbouncer (CVE-2025-2291)

The version of pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...

CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1

CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1. An upgraded version of the package is available that resolves this issue...

Fedora 41 : pgbouncer (2025-d919f11f99)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d919f11f99 advisory. Update to 1.24.1, fixes CVE-2025-2291. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 40 : pgbouncer (2025-31397c2b6c)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-31397c2b6c advisory. Update to 1.24.1, fixes CVE-2025-2291. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

CVE-2025-2291 affects PgBouncer; the flaw arises because auth_query does not respect the PostgreSQL VALID UNTIL expiry, allowing login with an already expired password. The issue impacts versions older than the fixed release (upstream 1.24.1 line; many advisories reference versions < 1.24.1-1 or