283 matches found
CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms
SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...
CVE-2026-53712
The CVE describes a vulnerability in the OnGres SCRAM library (com.ongres.scram:scram-client and scram-common) where, prior to version 3.3, a TLS MITM can silently downgrade SCRAM-SHA-256-PLUS with channel binding to SCRAM-SHA-256 without channel binding when an X.509 certificate uses modern sign...
CVE-2026-54291
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...
CVE-2026-54291
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...
EUVD-2026-41903
pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...
PT-2026-54841
Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.11 Description Connections using channelBinding=require can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256. This results in the loss of man-in-the-middle protectio...
AlmaLinux 9 : postgresql-jdbc (ALSA-2026:22304)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...
OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms
Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...
Not Failing Securely ('Failing Open')
Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...
GHSA-P9JG-FCR6-3MHF OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms
Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...
PT-2026-55221
Name of the Vulnerable Software and Affected Versions com.ongres.scram:scram-client versions prior to 3.3 com.ongres.scram:scram-common versions prior to 3.3 Description A flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker performing a TLS man-in-the-middle...
ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...
ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...
ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...
USN-8478-1: Ruby vulnerabilities
It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. CVE-2026-42246 It was discovered that Ruby's...
Oracle Linux 9 : postgresql-jdbc (ELSA-2026-22304)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22304 advisory. - Add tests for CVE-2026-42198 - Fix CVE-2026-42198: limit SCRAM PBKDF2 iterations to prevent DoS Tenable has extracted the preceding description block directl...
[SECURITY] Fedora 44 Update: ongres-scram-3.3-1.fc44
This is a Java implementation of SCRAM Salted Challenge Response Authentication Mechanism which is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. It is described as part of RFC 5802 and RFC7677...
[SECURITY] Fedora 43 Update: ongres-scram-3.3-1.fc43
This is a Java implementation of SCRAM Salted Challenge Response Authentication Mechanism which is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. It is described as part of RFC 5802 and RFC7677...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service...
Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...