23 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-39833
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any...
SUSE CVE-2026-39833
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...
CVE-2026-39833
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
EUVD-2026-31389
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833
The CVE-2026-39833 issue affects the in-memory keyring used by golang.org/x/crypto/ssh/agent. The ConfirmBeforeUse constraint was silently accepted but not enforced by NewKeyring(), allowing keys to sign without a required confirmation prompt and without notifying the caller. The patch fixes this...
GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
PT-2026-42712
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The in-memory keyring returned by the NewKeyring function silently accepted keys with the ConfirmBeforeUse constraint but failed to enforce it. This allowed keys...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from keys that accept the ConfirmBeforeUse constraint but never enforce it, resulting in...
PT-2026-38971
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amd/display component related to dsc eDP, which requires the implementation of a function hook check before use to ensure proper operation. Recommendations At...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read from and write to shared, unencrypted memory directly. This may lead to the leakage of information, as well as allowing the host to tamper with the...
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532receivebuf reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already hand a complete frame to pn533recvframe befo...
CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...
drm/amd/display: Check phantom_stream before it is used
...
CVE-2025-55000
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...
CVE-2025-55000 OpenBao TOTP Secrets Engine Enables Code Reuse
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...
SUSE CVE-2025-38412
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content...