AZL-77559 CVE-2026-2303 affecting package telegraf 1.31.0-12

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

Permissive List of Allowed Inputs

Overview Affected versions of this package are vulnerable to Permissive List of Allowed Inputs due to incorrect handling of string termination in the GSSAPI standard during authentication on Linux and macOS. An attacker can cause an application crash or leak information by triggering a read...

Permissive List of Allowed Inputs

Overview Affected versions of this package are vulnerable to Permissive List of Allowed Inputs due to incorrect handling of string termination in the GSSAPI standard during authentication on Linux and macOS. An attacker can cause an application crash or leak information by triggering a read...

CVE-2026-2303 Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

CVE-2026-2303 Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

Buffer Underwrite (Buffer Underflow)

Overview Affected versions of this package are vulnerable to Buffer Underwrite Buffer Underflow in the sshgethexa function on invalid input. An attacker can cause a buffer underflow and potentially execute arbitrary code or crash the application by supplying specially crafted input. Workaround Th...

CLEANSTART-2026-WK88787 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3155 (ALAS-2026-3155)

The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3155 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program ...

CLEANSTART-2026-WP20592 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-094 (ALASECS-2026-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-094 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

Azure Linux 3.0 Security Update: samba (CVE-2022-3437)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3437 advisory. - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3...

MiracleLinux 7 : bind-9.11.4-26.P2.4.0.1.el7.AXS7 (AXSA:2021-1548:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1548:04 advisory. bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation CVE-2020-8625 Tenable has extracted the preceding description...

oauth2-proxy -- multiple vulnerabilities

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

SUSE-SU-2026:20085-1 Security update for bind

This update for bind fixes the following issues: - Upgrade to release 9.20.15 Security Fixes: CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs bsc1252379 CVE-2025-40780: Fixed cache poisoning due to weak PRNG bsc1252380 CVE-2025-8677: Fixed resource exhaustion via malformed DNSK...

Ubuntu: Security Advisory (USN-7956-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 4 : rsyslog-5.8.10-2.AXS4 (AXSA:2012-586:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-586:02 advisory. Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1358)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1358 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1336)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1336 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

Important: amazon-cloudwatch-agent

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Medium: runfinch-finch

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...