77 matches found
ROS-20250619-13
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-12
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-11
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-10
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-14
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
DEBIAN-CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
UBUNTU-CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
CVE-2025-46801
CVE-2025-46801 affects Pgpool-II (PgPool Global Development Group) and related pgpool2 packages, causing authentication bypass via a primary weakness. Exploitation could allow logging in as arbitrary users, leading to reading/tampering data or disabling the database. Public advisories from IBM an...
Pgpool-II 安全漏洞
Pgpool-II is an open source cluster management tool from PgPool Global Development Group. A security vulnerability exists in Pgpool-II that stems from a major weakness that results in an authentication bypass that could allow an attacker to log in to the system as an arbitrary user...
Pgpool-II vulnerable to authentication bypass by primary weakness
Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
PT-2025-21640 · Pgpool-Ii +3 · Pgpool-Ii +3
Name of the Vulnerable Software and Affected Versions: Pgpool-II versions 4.0.x through 4.6.0 Description: The issue allows attackers to bypass authentication. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...
JVN#06238225: Pgpool-II vulnerable to authentication bypass by primary weakness
Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-46801...
CVE-2025-22248
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOLSRCHECKUSER is the user that Pgpool itself uses to perform streaming replication check...
CVE-2025-22248
CVE-2025-22248 affects the Bitnami pgpool image and Bitnami Postgres-HA chart. In default configurations, a repmgr user exists inside the cluster that allows unauthenticated access to PostgreSQL; PGPOOL_SR_CHECK_USER is used for streaming replication checks and should not be trusted. If Pgpool is...