49 matches found
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
Linux Distros Unpatched Vulnerability : CVE-2026-6412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...
MGASA-2026-0233 Updated krb5 packages fix security vulnerabilities
CVE-2025-3576, A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
DEBIAN-CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-8881 CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-8881 CVE-2026-8881
Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...
CVE-2026-25861
CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...
CVE-2026-6914
CVE-2026-6914 : The vulnerability arises from computing the MD5 checksum of a malformed BSON object, potentially causing loss of availability on MongoDB Server. Affected are all MongoDB Server v8.2, all v8.1, v8.0 prior to 8.0.21, and v7.0 prior to 7.0.32. The provided documents do not specify ex...
CVE-2026-3256
The CVE-2026-3256 issue affects the HTTP::Session Perl module (versions through 0.53). The root cause is insecure session ID generation: HTTP::Session::ID::SHA1 creates IDs by hashing a seed composed of the built-in rand() value, high-resolution epoch time, and the process ID. The PID comes from ...
CVE-2026-27651
A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...