CLSA-2026-1779697425 postgresql: Fix of CVE-2026-6478

CVE-2026-6478: backport upstream prerequisite that introduces the timingsafebcmp constant-time memory comparison helper, then apply it to SCRAM and MD5 authentication paths that previously used memcmp or strcmp on password hashes, computed keys, and SCRAM nonces, to prevent timing-side-channel...

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

EUVD-2026-14880

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

EUVD-2020-24436

Malware in sbrugna...

EUVD-2007-2289

Malware in sbrugna...

EUVD-2024-38085

Malicious code in bioql PyPI...

EUVD-2021-2916

Malicious code in bioql PyPI...

CVE-2025-48925

Summary: The TeleMessage service (through 2025-05-05) relies on a client-side MD5 hashing step (in the TM SGNL app) and accepts the resulting hash as the authentication credential. This design implies that authentication can be performed using a hash generated on the client, effectively tying cre...

CVE-2024-39559

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device vmcore by sending a specific TCP packet over an established TCP session with MD5 authentication...

CVE-2024-39559

Junos OS Evolved vulnerability CVE-2024-39559 affects dual RE systems with NSR enabled. An unauthenticated network attacker can crash the device (vmcore) by sending a specific TCP packet over an established session using MD5 authentication (e.g., BGP with MD5). The issue stems from an improper ch...

CVE-2024-39559 Junos OS Evolved: Receipt of a specific TCP packet may result in a system crash (vmcore) on dual RE systems with NSR enabled

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device vmcore by sending a specific TCP packet over an established TCP session with MD5 authentication...

Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass (CVE-2020-3165)

A vulnerability in the implementation of Border Gateway Protocol BGP Message Digest 5 MD5 authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD...

SUSE CVE-2005-0198

A logic error in the CRAM-MD5 code for the University of Washington IMAP UW-IMAP server, when Challenge-Response Authentication Mechanism with MD5 CRAM-MD5 is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticat...

CVE-2021-0297

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being...

Authentication flaw

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being...

CVE-2021-0297 Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being...

CVE-2021-0297

The CVE-2021-0297 issue affects Juniper Networks Junos OS Evolved: TCP MD5 authentication processing may allow a BGP/LDP session with MD5 enabled to succeed against a peer that is not configured for MD5. Affected are Junos OS Evolved versions prior to 20.3R2-S1-EVO, 20.4 prior to 20.4R2-EVO, and ...

UBUNTU-CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...