Lucene search
+L

5809 matches found

OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2423 perl-Authen-SASL security update

Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

6.5CVSS5.8AI score0.00394EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PostgreSQL vulnerabilities (USN-8294-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8294-1 advisory. It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use...

8.8CVSS6.4AI score0.00668EPSS
Exploits0References12
OSV
OSV
added 2026/05/21 8:39 p.m.7 views

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

8.8CVSS6.3AI score0.00668EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in krb5

The RADIUS protocol, as described in RFC 2865, is vulnerable to forgery attacks by local attackers who can modify any valid response—whether an Access-Accept, Access-Reject, or Access-Challenge response—into any other response, using a chosen-prefix collision attack against the MD5 Response...

9CVSS7.8AI score0.14859EPSS
Exploits2References2
Mageia
Mageia
added 2026/05/19 2:46 a.m.30 views

Updated postgresql15 packages fix security vulnerabilities

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 2:27 p.m.11 views

CVE-2026-6659

A flaw was found in Crypt::PasswdMD5 for Perl. This component generates insecure random values for cryptographic salts, which are used to strengthen password hashes. The built-in rand function, used for generating these salts, is predictable and not suitable for cryptographic purposes. This...

7.5CVSS5.6AI score0.00447EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.19 views

SUSE CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References33
Vulnrichment
Vulnrichment
added 2026/05/15 5:5 p.m.13 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
Debian
Debian
added 2026/05/14 2:38 p.m.12 views

[SECURITY] [DSA 6271-1] gsasl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6271-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq -...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/14 2:16 p.m.14 views

ALPINE-CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 1:0 p.m.18 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.24 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.6 views

Debian dsa-6271 : gsasl - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6271 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6271-1 [email protected] https://www.debian.org/security/...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-6478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticat...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:17 p.m.8 views

SUSE CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.11 views

SUSE CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/11 8:53 a.m.9 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/11 8:10 a.m.11 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.7AI score0.00921EPSS
Exploits0References5
OSV
OSV
added 2026/05/11 6:37 a.m.4 views

CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

6.5CVSS5.9AI score0.00304EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WebDyne::Session 安全特征问题漏洞

WebDyne::Session is a server-side component developed by ASPEER’s individual developers, used for session management in web applications. Versions of WebDyne::Session 2.075 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The sessi...

6.5CVSS5.8AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder