Lucene search
K

3727 matches found

CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

MongoDB Go Driver 安全漏洞

The MongoDB Go Driver is an open-source library written in Go language by MongoDB. There is a security vulnerability in the MongoDB Go Driver, which stems from an incorrect assumption in the C wrapper implementation regarding the termination of GSSAPI standard strings. This vulnerability may lead...

6.9CVSS5.8AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 12:41 a.m.5 views

CLEANSTART-2026-JQ02410 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
OSV
OSV
added 2026/01/30 4:8 p.m.10 views

CLEANSTART-2026-ZM51114 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
OSV
OSV
added 2026/01/30 4:5 p.m.11 views

CLEANSTART-2026-WA03785 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
Amazon
Amazon
added 2026/01/22 12:0 a.m.14 views

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.3AI score0.00585EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2026/01/16 9:3 a.m.5 views

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf

...

5.5CVSS5.4AI score0.0016EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Google Guest Agent vulnerability (USN-7956-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7956-1 advisory. Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not...

5.3CVSS6.8AI score0.00533EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 6:41 a.m.5 views

USN-7956-1 google-guest-agent vulnerability

Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not validate GSSAPI authentication requests during SSH operations. An attacker could possibly use this issue to cause a denial of service...

5.3CVSS6.8AI score0.00533EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/01/13 6:41 a.m.6 views

USN-7956-1: Google Guest Agent vulnerability

Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not validate GSSAPI authentication requests during SSH operations. An attacker could possibly use this issue to cause a denial of service...

5.3CVSS6.8AI score0.00533EPSS
Exploits0
Amazon
Amazon
added 2026/01/05 12:0 a.m.5 views

Important: amazon-cloudwatch-agent

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.3AI score0.00533EPSS
Exploits2
OSV
OSV
added 2025/11/19 11:1 p.m.5 views

GHSA-J5W8-Q4QC-RX2X golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.8AI score0.00533EPSS
Exploits0References5
OSV
OSV
added 2025/11/19 9:15 p.m.1 views

DEBIAN-CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.6AI score0.00533EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 8:33 p.m.47 views

CVE-2025-58181 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

0.00533EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/11/19 8:33 p.m.3 views

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS5.5AI score0.00533EPSS
Exploits0
OSV
OSV
added 2025/11/19 8:33 p.m.6 views

CVE-2025-58181 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.7AI score0.00533EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/19 8:33 p.m.3 views

CVE-2025-58181 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

6.5AI score0.00533EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.10 views

PT-2025-47532

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers that process GSSAPI authentication requests are susceptible to an issue where the number of mechanisms included in the request is not validated. This can lead to excessive...

9.8CVSS6.6AI score0.00533EPSS
Exploits0
OSV
OSV
added 2025/09/05 12:42 p.m.6 views

OESA-2025-2125 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...

5.9CVSS7AI score0.00308EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/02 3:57 a.m.6 views

krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

5.9CVSS7.1AI score0.00308EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-45142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding != 0 comparisons to the result of memcmp...

7.5CVSS6.7AI score0.0369EPSS
Exploits0References2
Rows per page
Query Builder