Lucene search
K

27 matches found

RedHat Linux
RedHat Linux
added 2026/06/01 10:21 a.m.18 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/20 12:47 p.m.13 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/15 4:8 p.m.26 views

CVE-2026-42256

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/13 3:38 a.m.13 views

SUSE CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:1 a.m.12 views

PgBouncer buffer overflow in SCRAM

...

9.8CVSS5.8AI score0.00372EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/09 8:16 p.m.15 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/09 7:38 p.m.9 views

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/09 1:16 a.m.7 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.00372EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/09 12:43 a.m.8 views

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1
OSV
OSV
added 2026/05/01 8:48 a.m.5 views

BIT-POSTGRESQL-JDBC-DRIVER-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/27 8:10 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/10/31 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: ongres-scram (UTSA-2025-988625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988625 advisory. SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms...

8.7CVSS5.7AI score0.00835EPSS
Exploits0References4
OSV
OSV
added 2025/10/11 1:20 p.m.6 views

OESA-2025-2396 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

8.7CVSS7AI score0.00835EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 1:20 p.m.5 views

OESA-2025-2392 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

8.7CVSS7AI score0.00835EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 1:20 p.m.5 views

OESA-2025-2391 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

8.7CVSS7AI score0.00835EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-59432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication...

8.7CVSS6AI score0.00835EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/09/23 11:23 p.m.3 views

SUSE CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

6.8CVSS7AI score0.00835EPSS
Exploits0References6
OSV
OSV
added 2025/09/22 8:15 p.m.5 views

DEBIAN-CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

8.7CVSS5.6AI score0.00835EPSS
Exploits0References1
OSV
OSV
added 2025/09/22 8:15 p.m.3 views

UBUNTU-CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/09/22 7:22 p.m.6 views

CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

8.7CVSS5.6AI score0.00835EPSS
Exploits0
Rows per page
Query Builder