Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/25 10:13 p.m.11 views

EUVD-2026-31389

golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 10:13 p.m.5 views

GHSA-JPPX-RXG9-JMRX golang.org/x/crypto doesn't enforce invoking key constraints

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS6AI score0.0036EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/25 10:13 p.m.8 views

golang.org/x/crypto doesn't enforce invoking key constraints

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS6AI score0.0036EPSS
Exploits0References7Affected Software1
Amazon
Amazon
added 2026/06/08 12:0 a.m.15 views

Important: rclone

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

9.1CVSS5.6AI score0.00533EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39833

A flaw was found in golang.org/x/crypto/ssh/agent. The NewKeyring function, which creates an in-memory keyring, failed to enforce the ConfirmBeforeUse constraint on keys. This allowed keys configured to require user confirmation before use to perform signing operations without any prompt or...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-39833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any...

9.1CVSS6AI score0.0036EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.18 views

SUSE CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

7.7CVSS5.8AI score0.0036EPSS
Exploits0References24
Snyk
Snyk
added 2026/05/22 5:32 a.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 a.m.21 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS0.0036EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

5.8AI score0.0036EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.9 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

5.8AI score0.0036EPSS
Exploits0References6
CVE
CVE
added 2026/05/22 2:31 a.m.74 views

CVE-2026-39833

The CVE-2026-39833 issue affects the in-memory keyring used by golang.org/x/crypto/ssh/agent. The ConfirmBeforeUse constraint was silently accepted but not enforced by NewKeyring(), allowing keys to sign without a required confirmation prompt and without notifying the caller. The patch fixes this...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.72 views

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

0.0036EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 2:8 a.m.17 views

GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from keys that accept the ConfirmBeforeUse constraint but never enforce it, resulting in...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42712

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The in-memory keyring returned by the NewKeyring function silently accepted keys with the ConfirmBeforeUse constraint but failed to enforce it. This allowed keys...

9.1CVSS5.8AI score0.0036EPSS
Exploits0
Rows per page
Query Builder