Lucene search
K

264 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Fedora 45 : junit5 / ongres-scram / ongres-stringprep / postgresql-jdbc (2026-ef76680eea)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-ef76680eea advisory. postgresql-jdbc update and CVE fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 10:16 p.m.10 views

CVE-2026-10143

A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations...

8.7CVSS5.1AI score0.00517EPSS
Exploits0References7
OSV
OSV
added 2026/06/10 10:16 p.m.10 views

DEBIAN-CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/10 8:22 p.m.11 views

CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS5.5AI score0.00517EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/10 8:22 p.m.34 views

CVE-2026-10143 kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS0.00517EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 8:22 p.m.8 views

CVE-2026-10143 kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 8:22 p.m.31 views

CVE-2026-10143

CVE-2026-10143 affects kafka-python prior to 2.3.2. The denial‑of‑service arises from ScramClient.process_server_first_message() passing the broker‑provided SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation in scram.py. This can freeze the client event loop, blocking prod...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References10Affected Software1
Snyk
Snyk
added 2026/06/10 8:22 p.m.6 views

Unchecked Input for Loop Condition

Overview kafka-python is a Pure Python client for Apache Kafka Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SCRAM authentication handling. An attacker can cause the client's event loop to freeze by supplying an excessively large iteration count...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 9:58 a.m.25 views

Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 9:58 a.m.10 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS7.1AI score0.0077EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2026/06/10 12:0 a.m.11 views

postgresql-jdbc security update

42.2.14-4 - Limit SCRAM PBKDF2 iterations to prevent DoS via malicious server - Resolves: CVE-2026-42198...

7.5CVSS7.2AI score0.0077EPSS
Exploits0
OSV
OSV
added 2026/06/10 12:0 a.m.7 views

ALSA-2026:25030 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

kafka-python 资源管理错误漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained a resource management vulnerability. This vulnerability stemmed from the lack of verification of the iteration count during SCRAM...

8.7CVSS5.3AI score0.00517EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

openSUSE 16 Security Update : postgresql-jdbc (openSUSE-SU-2026:20847-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20847-1 advisory. This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.11 views

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 1:54 p.m.11 views

JLSEC-2026-605

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.5AI score0.00558EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

RHEL 10 : postgresql-jdbc (RHSA-2026:24348)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:24348 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java program...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

RockyLinux 9 : postgresql-jdbc (RLSA-2026:22304)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 6:3 p.m.12 views

RLSA-2026:22304 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.1AI score0.0077EPSS
Exploits0References2
Rows per page
Query Builder