Lucene search
+L

234 matches found

osv
osv
added 2026/07/08 11:16 a.m.4 views

UBUNTU-CVE-2026-15041

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS6.1AI score0.003EPSS
Exploits0References4
nessus
nessus
added 2026/06/25 12:0 a.m.8 views

Oracle Linux 9 : postgresql-jdbc (ELSA-2026-22304)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22304 advisory. - Add tests for CVE-2026-42198 - Fix CVE-2026-42198: limit SCRAM PBKDF2 iterations to prevent DoS Tenable has extracted the preceding description block directl...

7.5CVSS6AI score0.0077EPSS
Exploits0References2
fedora
fedora
added 2026/06/21 1:1 a.m.5 views

[SECURITY] Fedora 44 Update: perl-Crypt-PBKDF2-0.261630-1.fc44

PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily hig h. PBKDF2 uses any other cryptographic hash or cipher by convention, usually HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable, and allows for...

7.5CVSS5.8AI score0.00319EPSS
Exploits0
susecve
susecve
added 2026/06/16 2:30 a.m.13 views

SUSE CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References3
susecve
susecve
added 2026/06/16 2:23 a.m.14 views

SUSE CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/15 2:36 p.m.10 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References2
osv
osv
added 2026/06/15 12:0 a.m.6 views

OPENSUSE-SU-2026:11034-1 perl-Crypt-PBKDF2-0.261630-1.1 on GA media

These are all security issues fixed in the perl-Crypt-PBKDF2-0.261630-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.2AI score0.00319EPSS
Exploits0References3
osv
osv
added 2026/06/12 4:16 p.m.7 views

UBUNTU-CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.4AI score0.00226EPSS
Exploits0References7
osv
osv
added 2026/06/12 4:16 p.m.9 views

UBUNTU-CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/12 2:41 p.m.11 views

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

5.2AI score0.00305EPSS
Exploits0References2
cve
cve
added 2026/06/12 2:41 p.m.35 views

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References3
nvd
nvd
added 2026/06/12 2:16 p.m.13 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS0.00319EPSS
Exploits0References4
debiancve
debiancve
added 2026/06/12 1:19 p.m.11 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0
cve
cve
added 2026/06/12 1:19 p.m.21 views

CVE-2017-20240

CVE-2017-20240 affects Crypt::PBKDF2 for Perl, with versions before 0.261630 vulnerable to timing attacks due to using Perl’s built-in eq comparison. Discrepancies in timing could reveal information about the derived key. Affected software: Crypt::PBKDF2 prior to 0.261630. Root cause: insecure eq...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References4
rustsec
rustsec
added 2026/06/12 12:0 p.m.14 views

Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service

A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...

5.4AI score
Exploits0Affected Software1
susecve
susecve
added 2026/06/12 2:32 a.m.14 views

SUSE CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.18 views

PT-2026-48920

Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Crypt::PBKDF2 for Perl generates insecure random values for salts. This occurs because the software utilizes the built-in rand function, which is predictable and unsuitable for cryptographic...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.16 views

PT-2026-48869

Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Certain versions are susceptible to timing attacks because they utilize Perl's built-in eq comparison. This allows discrepancies in timing to be used to guess the underlying derived-key...

5.9CVSS5.1AI score0.00319EPSS
Exploits0References9
nessus
nessus
added 2026/06/12 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2017-20240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing coul...

5.9CVSS6.1AI score0.00319EPSS
Exploits0References3
nessus
nessus
added 2026/06/12 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be...

5.3CVSS6.1AI score0.00226EPSS
Exploits0References3
Rows per page
Query Builder