Lucene search
K

74 matches found

Rockylinux
Rockylinux
added 4 days ago6 views

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

9.1CVSS6.2AI score0.00525EPSS
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.8 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:35833)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:35833 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986...

9.1CVSS6.8AI score0.00651EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 10:44 a.m.3 views

SUSE-SU-2026:22442-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6AI score0.01557EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

SUSE SLES15 Security Update : amazon-ssm-agent (SUSE-SU-2026:2467-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2467-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

OPENSUSE-SU-2026:21120-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS6.7AI score0.00781EPSS
Exploits0References24
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:12 a.m.14 views

Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

...

9.1CVSS5.8AI score0.00533EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 5:32 a.m.16 views

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attacker ca...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.11 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attack...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.8 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read...

9.1CVSS5.9AI score0.00533EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.9 views

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

8.7CVSS5.8AI score0.00359EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:29 a.m.13 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback...

10CVSS5.8AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

5.8AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:31 a.m.1 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS5.9AI score0.0044EPSS
Exploits0References27
OSV
OSV
added 2026/05/22 2:31 a.m.1 views

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.10 views

RHEL 9 : podman (RHSA-2026:5222)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5222 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

7.5CVSS6.7AI score0.00632EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.0 views

SUSE SLES12 Security Update : docker (SUSE-SU-2026:0772-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0772-1 advisory. - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904 Tenable has...

5.3CVSS5.8AI score0.00533EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/03 1:14 p.m.3 views

Security update for docker

This update for docker fixes the following issues: CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

6.9CVSS5.9AI score0.00533EPSS
Exploits0References4
OSV
OSV
added 2026/03/03 1:14 p.m.2 views

SUSE-SU-2026:0772-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904...

5.3CVSS5.9AI score0.00533EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/02/26 3:17 p.m.4 views

Security update for docker

This update for docker fixes the following issues: CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

6.9CVSS5.4AI score0.00533EPSS
Exploits0References4
Rows per page
Query Builder