3 matches found
CVE-2026-45309 AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py,...
PT-2026-56202
Name of the Vulnerable Software and Affected Versions phoenix versions 1.2.0-rc.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description The Presence JavaScript client in phoenix contains an improp...
UBUNTU-CVE-2018-12556
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...