ROOT-APP-NPM-CVE-2025-6547 CVE-2025-6547 in @rootio/pbkdf2 - Patched by Root

Root has patched CVE-2025-6547 in the @rootio/pbkdf2 package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-6545 CVE-2025-6545 in @rootio/pbkdf2 - Patched by Root

Root has patched CVE-2025-6545 in the @rootio/pbkdf2 package for Root:npm. Multiple fixed versions available...

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

GHSA-87PF-FPWV-P7M7 net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

Use of Blocking Code in Single-threaded, Non-blocking Context

Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...

PT-2026-36987

Name of the Vulnerable Software and Affected Versions net-imap affected versions not specified Description A hostile IMAP server can trigger a computational denial-of-service attack on the client process during authentication using SCRAM-SHA1 or SCRAM-SHA256. By sending an arbitrarily large PBKDF...

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

CVE-2026-42198

CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

CVE-2026-32633

Glances CVE-2026-32633 affects the Glances browser API in Central Browser mode prior to v4.5.2. The /api/4/serverslist endpoint returns in-memory mutated server objects that can include a uri field with embedded HTTP Basic credentials for downstream Glances servers. If the frontend is started wit...

Multi‑Layer Encrypted Python Payload Loader AES‑GCM + XOR + Zlib

This Python script acts as a loader that decrypts and executes a protected Python payload using multiple cryptographic and obfuscation layers. The program first requests a password from the user and derives a 256‑bit encryption key using PBKDF2 with a fixed salt salt123. The encrypted payload is...

openSUSE 16 Security Update : python-joserfc (openSUSE-SU-2026:20322-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20322-1 advisory. Changes in python-joserfc: - CVE-2026-27932: unbounded PBKDF2 iteration count can lead to a denial of service bsc1259154 Tenable has extracted the...

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

CVE-2025-68703 Jervis has a Salt for PBKDF2 derived from password

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

Inadequate Encryption Strength

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Inadequate Encryption Strength in the PBKDF2 key derivation process. An attacker c...