Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/25 10:15 p.m.8 views

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.8AI score0.00369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2025/09/29 9:15 p.m.24 views

CVE-2025-34207

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 VA and SaaS deployments configure the SSH client within Docker instances with the following options: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. These...

9.8CVSS0.00621EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.14 views

CVE-2024-6572

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 EOL allows man-in-the-middle attackers to intercept traffic...

7.4CVSS6.8AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.8 views

PT-2023-1358

Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.66.1 Description The issue is related to the Cargo package manager in Rust, which does not perform SSH host key verification when cloning indexes and dependencies via SSH. This allows an attacker to perform...

7.9CVSS6.6AI score0.00763EPSS
Exploits0References47
Rows per page
Query Builder