AZL-43344 CVE-2021-43565 affecting package moby-buildx for versions less than 0.7.1-20

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

CVE-2021-43565

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

Code injection

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

CVE-2021-43565

The CVE-2021-43565 vulnerability affects golang.org/x/crypto’s x/crypto/ssh: the package before 0.0.0-20211202192323-5770296d904e can cause an SSH server to panic. The issue is tied to the x/crypto/ssh component and is triggered by the cited pre-release version of the package. A patched version e...

CVE-2021-43565

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

SUSE SLES15 Security Update : podman (SUSE-SU-2022:2839-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry...

SUSE SLES15 Security Update : podman (SUSE-SU-2022:2834-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2834-1 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry...

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the gssapi-with-mic method which will cause...

NULL Pointer Dereference

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...

GO-2021-0356 Denial of service via crafted Signer in golang.org/x/crypto/ssh

Attackers can cause a crash in SSH servers when the server has been configured by passing a Signer to ServerConfig.AddHostKey such that 1 the Signer passed to AddHostKey does not implement AlgorithmSigner, and 2 the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey...

Use of a Broken or Risky Cryptographic Algorithm

golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey...

CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

UBUNTU-CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

openSUSE: Security Advisory for kubevirt, (openSUSE-SU-2022:0040-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:0130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:0040-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Golang 输入验证错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.8.0 Images

Red Hat OpenShift Virtualization release 4.8.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference

A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the gssapi-with-mic authentication method and cause the server to panic...