Lucene search
+L

283 matches found

Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS5.4AI score
Exploits0References2
CVE
CVE
added 5 hours ago22 views

CVE-2026-53712

The CVE describes a vulnerability in the OnGres SCRAM library (com.ongres.scram:scram-client and scram-common) where, prior to version 3.3, a TLS MITM can silently downgrade SCRAM-SHA-256-PLUS with channel binding to SCRAM-SHA-256 without channel binding when an X.509 certificate uses modern sign...

8.2CVSS5.4AI score
Exploits0References2
NVD
NVD
added 2026/07/06 7:17 p.m.12 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:55 p.m.5 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/06 6:55 p.m.10 views

EUVD-2026-41903

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-54841

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.11 Description Connections using channelBinding=require can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256. This results in the loss of man-in-the-middle protectio...

8.2CVSS6AI score0.00236EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

AlmaLinux 9 : postgresql-jdbc (ALSA-2026:22304)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/01 9:51 p.m.6 views

OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/07/01 9:51 p.m.4 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/07/01 9:51 p.m.7 views

GHSA-P9JG-FCR6-3MHF OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-55221

Name of the Vulnerable Software and Affected Versions com.ongres.scram:scram-client versions prior to 3.3 com.ongres.scram:scram-common versions prior to 3.3 Description A flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker performing a TLS man-in-the-middle...

8.2CVSS5.3AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 7:2 p.m.2 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/30 2:25 p.m.3 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/30 2:25 p.m.2 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
Ubuntu
Ubuntu
added 2026/06/29 10:42 a.m.5 views

USN-8478-1: Ruby vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that TLS encryption was started after issuing a STARTTLS command. A remote attacker could use this to perform a machine-in-the-middle attack and silently bypass TLS encryption. CVE-2026-42246 It was discovered that Ruby's...

9.8CVSS6.1AI score0.00429EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Oracle Linux 9 : postgresql-jdbc (ELSA-2026-22304)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22304 advisory. - Add tests for CVE-2026-42198 - Fix CVE-2026-42198: limit SCRAM PBKDF2 iterations to prevent DoS Tenable has extracted the preceding description block directl...

7.5CVSS6AI score0.0077EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/20 12:51 a.m.9 views

[SECURITY] Fedora 44 Update: ongres-scram-3.3-1.fc44

This is a Java implementation of SCRAM Salted Challenge Response Authentication Mechanism which is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. It is described as part of RFC 5802 and RFC7677...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/19 1:10 a.m.17 views

[SECURITY] Fedora 43 Update: ongres-scram-3.3-1.fc43

This is a Java implementation of SCRAM Salted Challenge Response Authentication Mechanism which is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. It is described as part of RFC 5802 and RFC7677...

5.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:24 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service...

7.5CVSS5.3AI score0.0077EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References2
Rows per page
Query Builder