Lucene search
K

79 matches found

RedHat Linux
RedHat Linux
added 10 hours ago4 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS6.4AI score0.004EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 4 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-54500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-58051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:18 p.m.2 views

GHSA-W879-237Q-WC7R golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/06/12 9:2 p.m.15 views

ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing

Summary The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to Int values or allocating arrays. A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger tha...

5.4AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.15 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-108 (ALASNITRO-ENCLAVES-2026-108)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-108 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with ...

10CVSS6.9AI score0.03092EPSS
Exploits2References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39829

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS4.9AI score0.004EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.59 views

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

0.004EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 2:8 a.m.8 views

GO-2026-5018 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed key parsing memory leak. In rxrpcpreparsexdryfsrxgk, the memory associated with token-rxgk can be leaked in several error paths after it is allocated. This issue was addressed by freeing this memory in the...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Arm Mbed TLS before version 2.23.0. A side channel allows the recovery of an ECC private key, which is related to functions such as mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable...

5.3CVSS5.6AI score0.01264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:22 p.m.6 views

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

7.5CVSS7.1AI score0.00569EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/24 9:34 p.m.6 views

CVE-2026-31643

A flaw was found in the Linux kernel's rxrpc subsystem. During key parsing, a memory leak can occur in certain error paths. This vulnerability could allow a local or remote attacker to cause a denial of service by exhausting system memory...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 3:16 p.m.6 views

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.5CVSS0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 2:44 p.m.5 views

EUVD-2026-25536

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.4AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.28 views

CVE-2026-31643 rxrpc: Fix key parsing memleak

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:44 p.m.2 views

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.2AI score0.00121EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.4 views

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.5CVSS5.3AI score0.00121EPSS
Exploits0
CVE
CVE
added 2026/04/24 2:44 p.m.18 views

CVE-2026-31643

CVE-2026-31643 covers a Linux kernel rxrpc memleak in the key parsing path. In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk could leak on several error paths after allocation. The issue is mitigated by freeing the allocated memory in the reject_token: path. Technical cover...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder