Lucene search
K

42 matches found

OSV
OSV
added 3 days ago3 views

SUSE-SU-2026:2693-1 Security update for podman

This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...

9.1CVSS6.7AI score0.00651EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-F5WC-C3C7-36MC golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS5.9AI score0.00338EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.9 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS5.8AI score0.004EPSS
Exploits0References9
OSV
OSV
added 2026/06/11 3:29 p.m.3 views

OPENSUSE-SU-2026:20956-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267047. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.5AI score0.00781EPSS
Exploits0References26
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:17 a.m.16 views

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

...

5.3CVSS5.8AI score0.00313EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:16 a.m.18 views

Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

...

8.8CVSS5.8AI score0.00295EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:15 a.m.14 views

Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

...

9.1CVSS5.8AI score0.00466EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:15 a.m.12 views

Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

...

7.5CVSS5.8AI score0.00369EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:13 a.m.11 views

Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

...

7.5CVSS5.8AI score0.00359EPSS
Exploits0
CVE
CVE
added 2026/05/22 2:31 a.m.164 views

CVE-2026-46595

CVE-2026-46595 affects golang.org/x/crypto/ssh. The issue arises when VerifiedPublicKeyCallback is invoked with a callback type other than public key, causing the source-address validation to be bypassed and enabling an authorization bypass. The description notes this is a continuation of CVE-202...

10CVSS5.8AI score0.0044EPSS
Exploits0References15Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.8 views

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

5.8AI score0.00469EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:31 a.m.50 views

CVE-2026-46597

CVE-2026-46597 describes an incorrectly placed cast from bytes to int that can cause a server-side panic in the AES-GCM packet decoder when processing crafted inputs. The entry lists high availability impact with network-based exploitability and no privileges required, but the provided documents ...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.9 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

5.8AI score0.00295EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.8 views

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

5.8AI score0.00359EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.55 views

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

0.00359EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 12:26 p.m.5 views

SUSE-SU-2026:1118-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904...

9.9CVSS7AI score0.16496EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.8 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2026:0777-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0777-1 advisory. Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065:...

7.5CVSS6AI score0.0053EPSS
Exploits4References28
Rockylinux
Rockylinux
added 2026/01/19 9:2 a.m.8 views

container-tools:rhel8 security update

An update is available for module.crun, fuse-overlayfs, module.slirp4netns, python-podman, module.runc, container-selinux, module.podman, module.udica, module.aardvark-dns, module.fuse-overlayfs, cockpit-podman, aardvark-dns, module.conmon, containers-common, libslirp, criu,...

7.5CVSS6.7AI score0.00591EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:0753)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0753 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the precedin...

7.5CVSS6.6AI score0.00591EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2025-9813:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9813:01 advisory. golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh CVE-2025-22869 Tenable has extracted the preceding description bloc...

7.5CVSS7AI score0.00868EPSS
Exploits0References2
Rows per page
Query Builder