14 matches found
CVE-2026-39835
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...
EUVD-2026-31393
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...
CVE-2026-39835
CVE-2026-39835 affects SSH servers using CertChecker as a public key callback when IsUserAuthority or IsHostAuthority callbacks are nil. The root cause is a potential panic on client certificate presentation. The official fix changes CertChecker to return an error instead of panicking under these...
GO-2026-5015 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...
CVE-2021-22153
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM versions 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of th...
EUVD-2021-16152
Malware in sbrugna...
EUVD-2018-12130
Malware in sbrugna...
CVE-2019-12355
ZZCMS 2019 has a SQL injection vulnerability in /user/dls_print.php via the id parameter when the attacker has dls_print authority. This affects ZZCMS 2019 and could impact confidentiality, integrity, and availability as per CVSS metrics (high/critical-like impact across CIA). The CVE family and ...
CVE-2021-22153
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM versions 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of th...
PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...
CVE-2018-1000150
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...
PT-2013-24: Concealing User Authority in SAP NetWeaver
The specialists of the Positive Research center have detected "Concealing User Authority" vulnerability in SAP NetWeaver. No matter how much authority the user '............' has, it is not reflected in report RSUSR002. How to fix Update your software up to the latest version Advisory status...
User Authority Denial of Service vulnerability
...