Lucene search
+L

79 matches found

Rockylinux
Rockylinux
added 2026/07/10 12:3 p.m.6 views

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

9.1CVSS6.2AI score0.00525EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/09 6:56 p.m.5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.7 views

openSUSE 16 Security Update : buildah (openSUSE-SU-2026:21241-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21241-1 advisory. This update for buildah fixes the following issues - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels...

9.6CVSS6.8AI score0.00533EPSS
Exploits0References10
OSV
OSV
added 2026/07/06 3:38 p.m.2 views

OPENSUSE-SU-2026:21244-1 Security update for podman

This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39827: Invoking memory leak when rejecting channels can lead to Do...

10CVSS6.9AI score0.01008EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.11 views

RHEL 8 : container-tools:rhel8 (RHSA-2026:35833)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:35833 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

9.1CVSS6.7AI score0.00651EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:35833)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:35833 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986...

9.1CVSS6.8AI score0.00651EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 10:44 a.m.3 views

SUSE-SU-2026:22442-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6AI score0.01557EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.11 views

SUSE SLES15 Security Update : amazon-ssm-agent (SUSE-SU-2026:2467-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2467-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
OSV
OSV
added 2026/06/20 6:52 a.m.5 views

OPENSUSE-SU-2026:21120-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS6.7AI score0.00781EPSS
Exploits0References24
SUSE Linux
SUSE Linux
added 2026/06/19 11:3 a.m.32 views

Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702...

9.1CVSS6.8AI score0.00868EPSS
Exploits3References62
BDU FSTEC
BDU FSTEC
added 2026/05/29 12:0 a.m.2 views

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.8CVSS5.7AI score0.00415EPSS
Exploits0References6Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:12 a.m.14 views

Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

...

9.1CVSS5.8AI score0.00533EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 5:32 a.m.16 views

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attacker ca...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.11 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attack...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.8 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read...

9.1CVSS5.9AI score0.00533EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.9 views

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

8.7CVSS5.8AI score0.00359EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:29 a.m.13 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback...

10CVSS5.8AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

5.8AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS5.9AI score0.0044EPSS
Exploits0References31
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References7
Rows per page
Query Builder