Lucene search
+L

71 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 12:26 p.m.5 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

AlmaLinux 8 : postgresql:12 (ALSA-2026:28999)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28999 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

8.8CVSS6AI score0.00668EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 6:0 p.m.3 views

RLSA-2026:28999 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

AlmaLinux 8 : postgresql:13 (ALSA-2026:28208)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28208 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 Tenable has extracted the preceding description blo...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 12:1 p.m.5 views

RLSA-2026:28143 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/23 12:1 p.m.10 views

postgresql:16 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6AI score0.00668EPSS
Exploits0
OSV
OSV
added 2026/06/23 12:0 a.m.7 views

ALSA-2026:28143 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References6
OSV
OSV
added 2026/06/23 12:0 a.m.4 views

ALSA-2026:28208 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 12:0 a.m.9 views

ALSA-2026:27741 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2026/06/16 12:0 a.m.16 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.4AI score0.00668EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.16 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/03 5:16 a.m.3 views

CVE-2026-35541

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...

4.2CVSS5.9AI score0.00243EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/18 4:17 p.m.7 views

h3 has an observable timing discrepancy in basic auth utils

Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...

5.9CVSS6.1AI score0.00319EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29730

Malware in sbrugna...

7.5CVSS7.5AI score0.01004EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25168

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2025/07/07 12:30 p.m.60 views

GHSA-J5PR-VRJJ-9V4H Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS7.3AI score0.00371EPSS
Exploits0References4
NVD
NVD
added 2025/07/07 10:15 a.m.35 views

CVE-2025-6386

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS0.00371EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/07 9:55 a.m.2 views

CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS7.4AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/07 9:55 a.m.35 views

CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS0.00371EPSS
Exploits0References2
CVE
CVE
added 2025/07/04 10:12 p.m.34 views

CVE-2025-48952

NetAlertX (pre-25.6.7) contains an authentication bypass vulnerability in the PHP login check. The issue arises from a loose comparison using the == operator in front/index.php (line 40), which allows specially crafted SHA-256 magic hashes to bypass password verification. Hash values starting wit...

9.4CVSS6.8AI score0.00498EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder