Lucene search
+L

22 matches found

CVE
CVE
added 2 days ago26 views

CVE-2026-53712

The CVE describes a vulnerability in the OnGres SCRAM library (com.ongres.scram:scram-client and scram-common) where, prior to version 3.3, a TLS MITM can silently downgrade SCRAM-SHA-256-PLUS with channel binding to SCRAM-SHA-256 without channel binding when an X.509 certificate uses modern sign...

8.2CVSS5.4AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 7:17 p.m.12 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/01 9:51 p.m.8 views

OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-55221

Name of the Vulnerable Software and Affected Versions com.ongres.scram:scram-client versions prior to 3.3 com.ongres.scram:scram-common versions prior to 3.3 Description A flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker performing a TLS man-in-the-middle...

8.2CVSS5.3AI score0.0026EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 2:25 p.m.5 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
OSV
OSV
added 2026/06/11 12:5 p.m.9 views

RLSA-2026:24348 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

RHEL 8 : postgresql-jdbc (RHSA-2026:25030)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25030 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs...

7.5CVSS5.6AI score0.0077EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 9:58 a.m.25 views

Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.11 views

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 12:0 a.m.8 views

ALSA-2026:25030 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

RockyLinux 9 : postgresql-jdbc (RLSA-2026:22304)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/02 6:3 p.m.19 views

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...

7.5CVSS7.1AI score0.0077EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2026/06/01 12:0 a.m.5 views

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.1AI score0.0077EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/05/20 9:8 a.m.11 views

Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256 authentication bsc1264174. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 9:8 a.m.9 views

SUSE-SU-2026:2028-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256 authentication bsc1264174...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-6478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticat...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References3
OSV
OSV
added 2026/05/09 8:16 p.m.12 views

UBUNTU-CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/05/09 7:38 p.m.16 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:38 p.m.15 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 8:9 p.m.14 views

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder