Lucene search
K

58 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

SUSE SLES15 Security Update : amazon-ssm-agent (SUSE-SU-2026:2467-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2467-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
OSV
OSV
added 2026/06/17 4:31 p.m.4 views

SUSE-SU-2026:22157-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702. ...

10CVSS6.9AI score0.00868EPSS
Exploits3References31
Snyk
Snyk
added 2026/05/29 7:43 p.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-45570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec...

9.6CVSS5.6AI score0.00365EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-45022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that...

7.5CVSS5.5AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:57 p.m.33 views

CVE-2026-45571

Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:46 p.m.19 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git [CVE-2026-34165]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, due to a flaw which can allow a maliciously crafted .idx file to cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition...

5CVSS7.1AI score0.00147EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 2:48 p.m.26 views

go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

Impact go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally,...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/05/08 1:43 p.m.17 views

EUVD-2026-28596

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

4.7CVSS5.7AI score0.00259EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:31 p.m.5 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:9 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git [CVE-2026-25934]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git, due to an issue where data integrity values for .pack and .idx files were not properly verified CVE-2026-25934. GO-git is used as a component of our ibm-watson-speech-catalog...

4.3CVSS7AI score0.00136EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/31 3:16 p.m.6 views

UBUNTU-CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.7AI score0.00153EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:46 p.m.2 views

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS5.7AI score0.00147EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 1:46 p.m.25 views

CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS0.00147EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 5:17 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...

6.9CVSS5.9AI score0.00147EPSS
Exploits0References3
OSV
OSV
added 2026/03/30 5:17 p.m.13 views

GHSA-JHF3-XXHW-2WPP go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/30 5:17 p.m.23 views

go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29159

Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0 Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition. Exploitation requires write access to the...

5CVSS5.9AI score0.00201EPSS
Exploits0References184
Redos
Redos
added 2026/03/27 12:0 a.m.6 views

ROS-20260327-73-0012

Vulnerability in go-git related to lack of integrity checking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

4.3CVSS7.1AI score0.00136EPSS
Exploits0
Rows per page
Query Builder