Lucene search
K

264 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-42256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0...

6.5CVSS5.9AI score0.00299EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/19 12:0 a.m.6 views

Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu (moderate)

openSUSE security update: security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20742-1 Rating: moderate References: bsc1250399 Cross-References:...

8.2CVSS5.8AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 2:57 p.m.16 views

CVE-2026-33603

A flaw was found in Dovecot. An attacker, positioned as a Man-in-the-Middle MITM between Dovecot and a client, can exploit a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to eavesdrop on communications between Dovecot and the client, leading to...

6.8CVSS5.7AI score0.00222EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.10 views

SUSE CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

SUSE SLES16 Security Update : ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu (SUSE-SU-2026:21608-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21608-1 advisory. Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/15 3:56 p.m.12 views

CVE-2026-6664

A flaw was found in PgBouncer. An integer overflow in the network packet parsing code allows an unauthenticated remote attacker to bypass a boundary check by sending a malformed SCRAM authentication packet. This can lead to a crash, resulting in a Denial of Service DoS for the PgBouncer instance...

7.5CVSS5.9AI score0.00698EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.15 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 2:16 p.m.7 views

UBUNTU-CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 1:0 p.m.39 views

CVE-2026-6478

CVE-2026-6478 enables a covert timing channel during MD5 password comparison in PostgreSQL authentication, allowing credential recovery sufficient to authenticate. The issue does not affect scram-sha-256 passwords. It can affect databases with MD5-hashed passwords originating from upgrades from P...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References33Affected Software1
Debian CVE
Debian CVE
added 2026/05/14 1:0 p.m.13 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/14 1:0 p.m.66 views

CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS0.00558EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40923

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A covert timing channel exists during the comparison of...

8.8CVSS5.8AI score0.00558EPSS
Exploits0References183
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-6478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticat...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 3:31 p.m.10 views

EUVD-2026-29468

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.11 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.13 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 12:36 p.m.4 views

SUSE-SU-2026:21608-1 Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu

This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues: Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated dependencies and maven plugins Use...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 12:33 p.m.6 views

OPENSUSE-SU-2026:20742-1 Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu

This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues: Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated dependencies and maven plugins Use...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/12 10:42 a.m.11 views

CVE-2026-6665

A flaw was found in PgBouncer, a lightweight connection pooler for PostgreSQL. A malicious backend server can exploit a vulnerability in the Salted Challenge Response Authentication Mechanism SCRAM code. By sending a specially crafted server-final-message with an excessively long nonce, the flaw...

9.8CVSS5.7AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:52 a.m.12 views

BIT-PGBOUNCER-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1References2
Rows per page
Query Builder