Lucene search
K

28 matches found

OSV
OSV
added 2026/06/26 8:17 a.m.4 views

OPENSUSE-SU-2026:21069-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES16 Security Update : mcphost (SUSE-SU-2026:22193-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22193-1 advisory. This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

10CVSS5.9AI score0.00781EPSS
Exploits0References45
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-45GG-VH54-H5M9 golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS6AI score0.00314EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31394

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions...

6.3CVSS5.8AI score0.00314EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS6AI score0.00314EPSS
Exploits0References23Affected Software1
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

OPENSUSE-SU-2026:21084-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS6.7AI score0.00781EPSS
Exploits1References20
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-39828

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate...

8.8CVSS5.4AI score0.00314EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:16 a.m.20 views

Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

...

8.8CVSS5.8AI score0.00314EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.1CVSS5.8AI score0.00314EPSS
Exploits0References24
Snyk
Snyk
added 2026/05/22 5:32 a.m.10 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.72 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.10 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

5.8AI score0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:31 a.m.56 views

CVE-2026-39828

CVE-2026-39828 affects golang.org/x/crypto/ssh: when an SSH server authentication callback returns PartialSuccessError with non-nil Permissions, the permissions were previously discarded, potentially dropping certificate restrictions such as force-command after a second factor. Returning non-nil ...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References26Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.7 views

GO-2026-5014 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where non-empty permissions are silently discarded when an Authentication callback returns...

6.3CVSS5.8AI score0.00314EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42707

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an SSH server authentication callback returning PartialSuccessError with non-nil Permissions caused those permissions to be silently...

8.8CVSS5.8AI score0.00314EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-4306

Malware in sbrugna...

4CVSS6AI score0.01777EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-6219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoure...

3.8CVSS5.5AI score0.00156EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/12/12 7:17 a.m.6 views

SUSE CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

3.8CVSS6.9AI score0.00156EPSS
Exploits1References3
CNVD
CNVD
added 2018/01/25 12:0 a.m.4 views

Unspecified Vulnerability in Security Component of Multiple Apple Products (CNVD-2018-02629)

Apple iOS, macOS High Sierra, tvOS, and watchOS are products of Apple Inc. Apple iOS is a set of operating systems for mobile devices; macOS High Sierra is a specialized operating system for Mac computers; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. securit...

5.9CVSS6.2AI score0.00965EPSS
Exploits0References1
Rows per page
Query Builder