Lucene search
K

9 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in freeipa

A flaw was discovered in all IPA versions ranging from 4.x.x to 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU resources, resulting in a denial of service and making the website unresponsive. The greatest...

5.4CVSS6.5AI score0.01047EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.5 views

SUSE CVE-2026-24458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-M5RV-56XX-HFC6 Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.14 views

Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/16 12:2 p.m.2 views

CVE-2026-24458 DoS attack via login attempts with multi-megabyte passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 12:2 p.m.14 views

CVE-2026-24458

Summary of CVE-2026-24458 : Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/09 2:17 a.m.5 views

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/04 1:31 a.m.3 views

ipa: No password length restriction leads to denial of service

A flaw was found in IPA. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability...

5.4CVSS6.3AI score0.01047EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/08/01 2:11 p.m.7 views

openssh: Denial of service via very long passwords

It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords...

7.8CVSS7.3AI score0.58568EPSS
Exploits5References4
Rows per page
Query Builder