Lucene search
K

19 matches found

OpenVAS
OpenVAS
added 2025/05/28 12:0 a.m.8 views

Debian: Security Advisory (DLA-4180-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.01029EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.8 views

Debian dla-4180 : pgbouncer - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4180 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4180-1 [email protected]...

9.8CVSS7.6AI score0.01029EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-25e04398c7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.00323EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2025-d919f11f99)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.7 views

Azure Linux 3.0 Security Update: pgbouncer (CVE-2025-2291)

The version of pgbouncer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...

9.8CVSS7.6AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.12 views

CBL Mariner 2.0 Security Update: pgbouncer (CVE-2025-2291)

The version of pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...

9.8CVSS7.6AI score0.00323EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/05/05 3:9 p.m.12 views

CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1

CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1. An upgraded version of the package is available that resolves this issue...

9.8CVSS6.9AI score0.00323EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/25 4:25 p.m.8 views

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

8.1CVSS6.7AI score0.00323EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/04/25 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2025-31397c2b6c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/25 12:0 a.m.11 views

Fedora 41 : pgbouncer (2025-d919f11f99)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d919f11f99 advisory. Update to 1.24.1, fixes CVE-2025-2291. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

9.8CVSS7.6AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/25 12:0 a.m.10 views

Fedora 40 : pgbouncer (2025-31397c2b6c)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-31397c2b6c advisory. Update to 1.24.1, fixes CVE-2025-2291. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

9.8CVSS7.6AI score0.00323EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/04/23 3:8 p.m.30 views

CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1

CVE-2025-2291 affecting package pgbouncer for versions less than 1.24.1-1. An upgraded version of the package is available that resolves this issue...

9.8CVSS7.3AI score0.00323EPSS
Exploits0
Circl
Circl
added 2025/04/22 1:38 a.m.5 views

CVE-2025-2291

creationtimestamp| type| source ---|---|--- 2025-04-22 01:38:00+00:00| seen| https://bsky.app/profile/PostgreSQL.activitypub.awakari.com.ap.brid.gy/post/3lnek5qwsyqo2 2025-04-23 07:35:38+00:00| seen| https://bsky.app/profile/theemerichunter.bsky.social/post/3lnhomvsxmg25 2025-08-09 13:26:56+00:00...

9.8CVSS7.2AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2025/04/16 6:16 p.m.8 views

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

9.8CVSS0.00323EPSS
Exploits0References2
OSV
OSV
added 2025/04/16 6:16 p.m.10 views

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

9.8CVSS6.9AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/04/16 6:16 p.m.11 views

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

9.8CVSS7.1AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2025/04/16 6:0 p.m.74 views

CVE-2025-2291

CVE-2025-2291 affects PgBouncer; the flaw arises because auth_query does not respect the PostgreSQL VALID UNTIL expiry, allowing login with an already expired password. The issue impacts versions older than the fixed release (upstream 1.24.1 line; many advisories reference versions < 1.24.1-1 or

9.8CVSS8.1AI score0.00323EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/16 6:0 p.m.27 views

CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

8.1CVSS0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 6:0 p.m.11 views

CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

8.1CVSS8.1AI score0.00323EPSS
Exploits0References1
Rows per page
Query Builder