Lucene search
+L

23 matches found

RedHat Linux
RedHat Linux
added 2 days ago6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS6.3AI score0.00415EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/07 1:15 p.m.15 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS7AI score0.00415EPSS
Exploits0References9
OSV
OSV
added 2026/07/06 3:38 p.m.2 views

OPENSUSE-SU-2026:21244-1 Security update for podman

This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39827: Invoking memory leak when rejecting channels can lead to Do...

10CVSS6.9AI score0.01008EPSS
Exploits2References22
OSV
OSV
added 2026/06/26 8:29 a.m.2 views

SUSE-SU-2026:22376-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References21
EUVD
EUVD
added 2026/06/25 10:18 p.m.11 views

EUVD-2026-31396

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References7
Amazon
Amazon
added 2026/06/22 12:0 a.m.13 views

Important: containerd

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS6.8AI score0.00533EPSS
Exploits0
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

SUSE-SU-2026:22226-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.9AI score0.00781EPSS
Exploits0References25
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

SUSE-SU-2026:22193-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.9AI score0.00781EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-39829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could...

7.5CVSS6.5AI score0.00415EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 4:16 a.m.20 views

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS0.00415EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42708

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description RSA and DSA public key parsers fail to enforce size limits on key parameters. An unauthenticated client can trigger excessive CPU consumption during signature...

9.8CVSS5.8AI score0.00415EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0689

Malware in sbrugna...

7.5CVSS7.6AI score0.032EPSS
Exploits0References18
OSV
OSV
added 2025/03/21 1:20 p.m.6 views

OESA-2025-1327 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or...

5.3CVSS7AI score0.01131EPSS
Exploits0References2
OSV
OSV
added 2025/03/21 1:20 p.m.6 views

OESA-2025-1326 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or...

5.3CVSS7AI score0.01131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/20 12:0 a.m.14 views

Tenable Security Center Multiple Vulnerabilities (TNS-2024-21)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-21 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14,...

9.8CVSS8.2AI score0.66582EPSS
Exploits5References11
RedHat Linux
RedHat Linux
added 2024/11/12 9:22 a.m.7 views

openssl: Excessive time spent checking DSA keys and parameters

A flaw was found in OpenSSL. Applications that use the EVPPKEYparamcheck or EVPPKEYpubliccheck function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters. In applications that allow untrusted sources to provide the key or...

5.3CVSS7.2AI score0.01131EPSS
Exploits0References5
NVD
NVD
added 2024/05/16 4:15 p.m.24 views

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.2AI score0.01131EPSS
Exploits0References7
OSV
OSV
added 2024/05/16 4:15 p.m.7 views

AZL-78534 CVE-2024-4603 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/05/16 3:21 p.m.73 views

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.3AI score0.01131EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.5 views

bouncycastle: DSA key pair generator generates a weak private key by default

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS7.1AI score0.032EPSS
Exploits0References4
Rows per page
Query Builder