Lucene search
+L

4 matches found

attackerkb
attackerkb
added 2026/06/24 8:15 p.m.5 views

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5Affected Software1
snyk
snyk
added 2026/05/22 5:32 a.m.9 views

Incorrect Authorization

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially droppin...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2
redhat
redhat
added 2026/04/09 11:0 a.m.4 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI Generic Security Service Application Program Interface authentication requests to an SSH Secure Shell server. The server fails to validate the number of mechanisms specified...

5.3CVSS6AI score0.00533EPSS
Exploits0References8
osv
osv
added 2020/02/20 8:15 p.m.1 views

DEBIAN-CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

7.5CVSS7.6AI score0.21052EPSS
Exploits6References1
Rows per page
Query Builder