Lucene search
+L

234 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be...

5.3CVSS6.1AI score0.00226EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 8:22 p.m.32 views

CVE-2026-10143

CVE-2026-10143 affects kafka-python prior to 2.3.2. The denial‑of‑service arises from ScramClient.process_server_first_message() passing the broker‑provided SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation in scram.py. This can freeze the client event loop, blocking prod...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/10 8:22 p.m.3 views

CVE-2026-10143 kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS6AI score0.00517EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/10 2:35 p.m.13 views

EUVD-2026-36054

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/10 2:35 p.m.33 views

CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS0.00354EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 2:35 p.m.26 views

CVE-2026-48859

The CVE affects Erlang/OTP’s SSH server (ssh_auth and ssh_options) in OTP prior to 29.0.2 (SSH 6.0.x before 6.0.1). When the daemon uses user_passwords or password options, ssh_auth:check_password/3 performs PBKDF2-SHA256 with 600,000 iterations (~300 ms) for valid usernames, but returns in ~0 ms...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.32 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/09 6:33 p.m.12 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in PBMAC1PBKDF2HMAC. A user can craft an unencrypted PKCS12 file that uses PBMAC1 authentication specifying a one-byte HMAC key, causing a service that authenticates incoming files by passwor...

7.4CVSS7.1AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:16 p.m.15 views

UBUNTU-CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.2AI score0.00291EPSS
Exploits0References5
OSV
OSV
added 2026/06/04 8:54 p.m.8 views

ROOT-APP-NPM-CVE-2025-6545 CVE-2025-6545 in @rootio/pbkdf2 - Patched by Root

Root has patched CVE-2025-6545 in the @rootio/pbkdf2 package for Root:npm. Multiple fixed versions available...

9.1CVSS5.8AI score0.00359EPSS
Exploits0
OSV
OSV
added 2026/06/04 8:54 p.m.13 views

ROOT-APP-NPM-CVE-2025-6547 CVE-2025-6547 in @rootio/pbkdf2 - Patched by Root

Root has patched CVE-2025-6547 in the @rootio/pbkdf2 package for Root:npm. Multiple fixed versions available...

9.1CVSS5.8AI score0.00387EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/05 8:9 p.m.13 views

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 8:9 p.m.6 views

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 10:3 p.m.11 views

Use of Blocking Code in Single-threaded, Non-blocking Context

Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...

8.3CVSS5.9AI score0.00299EPSS
Exploits0References3
OSV
OSV
added 2026/05/04 10:3 p.m.25 views

GHSA-87PF-FPWV-P7M7 net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

6CVSS5.8AI score0.00299EPSS
Exploits0References11
NVD
NVD
added 2026/04/29 4:16 p.m.6 views

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS0.0077EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/29 3:58 p.m.37 views

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS0.0077EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 3:58 p.m.2 views

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS6.9AI score0.0077EPSS
Exploits0References11
CVE
CVE
added 2026/04/29 3:58 p.m.139 views

CVE-2026-42198

CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...

7.5CVSS5.3AI score0.0077EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/03/18 5:53 p.m.33 views

CVE-2026-32633

Glances CVE-2026-32633 affects the Glances browser API in Central Browser mode prior to v4.5.2. The /api/4/serverslist endpoint returns in-memory mutated server objects that can include a uri field with embedded HTTP Basic credentials for downstream Glances servers. If the frontend is started wit...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder