19 matches found
Debian: Security Advisory (DLA-4180-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-4180 : pgbouncer - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4180 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4180-1 [email protected]...
Fedora: Security Advisory (FEDORA-2025-25e04398c7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-d919f11f99)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Azure Linux 3.0 Security Update: pgbouncer (CVE-2025-2291)
The version of pgbouncer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...
CBL Mariner 2.0 Security Update: pgbouncer (CVE-2025-2291)
The version of pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...
CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1
CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-2291
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
Fedora: Security Advisory (FEDORA-2025-31397c2b6c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : pgbouncer (2025-d919f11f99)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d919f11f99 advisory. Update to 1.24.1, fixes CVE-2025-2291. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
Fedora 40 : pgbouncer (2025-31397c2b6c)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-31397c2b6c advisory. Update to 1.24.1, fixes CVE-2025-2291. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1
CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-2291
creationtimestamp| type| source ---|---|--- 2025-04-22 01:38:00+00:00| seen| https://bsky.app/profile/PostgreSQL.activitypub.awakari.com.ap.brid.gy/post/3lnek5qwsyqo2 2025-04-23 07:35:38+00:00| seen| https://bsky.app/profile/theemerichunter.bsky.social/post/3lnhomvsxmg25 2025-08-09 13:26:56+00:00...
CVE-2025-2291
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
CVE-2025-2291
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
CVE-2025-2291
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
CVE-2025-2291
CVE-2025-2291 affects PgBouncer; the flaw arises because auth_query does not respect the PostgreSQL VALID UNTIL expiry, allowing login with an already expired password. The issue impacts versions older than the fixed release (upstream 1.24.1 line; many advisories reference versions < 1.24.1-1 or
CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...
CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account
Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...