Lucene search
+L

99 matches found

nessus
nessus
added 6 days ago11 views

Fedora 44 : pam (2026-377015b34b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-377015b34b advisory. pamuserdb: fix password comparison timing leak Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

8.2CVSS6.2AI score0.00321EPSS
Exploits0References2
osv
osv
added last week1 views

OESA-2026-2902 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/08 10:15 a.m.7 views

CVE-2026-15041

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS5.9AI score0.003EPSS
Exploits0References3
nessus
nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-13758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form...

3.7CVSS6AI score0.00295EPSS
Exploits0References3
rocky
rocky
added 2026/06/24 6:0 p.m.6 views

postgresql:12 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6AI score0.00668EPSS
Exploits0
redhat
redhat
added 2026/06/24 1:59 p.m.7 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References3
cve
cve
added 2026/06/23 8:17 p.m.25 views

CVE-2026-47379

CVE-2026-47379 – NocoDB : The shared-view password check used a strict-equality comparison for legacy plaintext passwords, leaking the password length and per-character prefix via response timing. The bcrypt branch was unaffected; the vulnerability lies in the legacy comparison path in the shared...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 8:17 p.m.6 views

CVE-2026-47379

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/23 8:17 p.m.30 views

CVE-2026-47379 NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS0.00253EPSS
Exploits0References1
nessus
nessus
added 2026/06/16 12:0 a.m.7 views

RockyLinux 9 : postgresql:16 (RLSA-2026:26203)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26203 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

8.8CVSS7AI score0.00668EPSS
Exploits0References9
almalinux
almalinux
added 2026/06/16 12:0 a.m.16 views

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.4AI score0.00668EPSS
Exploits0References8
cve
cve
added 2026/06/14 5:21 p.m.55 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
nessus
nessus
added 2026/06/08 12:0 a.m.13 views

Amazon Linux 2 : libpq, --advisory ALAS2POSTGRESQL14-2026-023 (ALASPOSTGRESQL14-2026-023)

The version of libpq installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-023 advisory. Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64,...

8.8CVSS6AI score0.00558EPSS
Exploits0References6
nessus
nessus
added 2026/06/08 12:0 a.m.18 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1808)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1808 advisory. Permitted name constraints were wrongfully ignored when prior CAs only had excluded name constraints, resulting in a name constraint bypass. The issue was reported in the issue tracker as 1824...

8.2CVSS5.5AI score0.00475EPSS
Exploits0References10
nessus
nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: bouncycastle (UTSA-2026-016627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016627 advisory. Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library...

5.9CVSS6.8AI score0.01522EPSS
Exploits0References4
mscve
mscve
added 2026/05/21 8:1 a.m.11 views

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

...

8.1CVSS5.8AI score0.01312EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.13 views

PT-2026-42109

Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42 Description Username data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass function utilizes a loop that terminates immediately up...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References42
github
github
added 2026/05/06 11:37 p.m.12 views

Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

6AI score
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/04/28 6:10 p.m.38 views

CVE-2026-41407 OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret Comparison

OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handli...

6.3CVSS0.00225EPSS
Exploits0References3
osv
osv
added 2026/04/17 1:2 p.m.9 views

OESA-2026-1954 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.7AI score0.26356EPSS
Exploits0References7
Rows per page
Query Builder