Lucene search
K

8 matches found

OSV
OSV
added 2026/06/07 5:10 a.m.20 views

MGASA-2026-0179 Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability

fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References5
OSV
OSV
added 2026/01/17 9:7 a.m.9 views

RLSA-2026:0545 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to...

7.5CVSS6.8AI score0.00632EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/11/13 10:15 p.m.5 views

CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

7.5CVSS6.8AI score0.00632EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-11840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the...

5.9CVSS6.8AI score0.03465EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/03/25 1:5 p.m.2 views

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS6.5AI score0.00868EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2024/12/20 8:0 a.m.6 views

Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

...

9.1CVSS6.8AI score0.03153EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2020/01/23 4:30 a.m.5 views

golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

5.9CVSS7.3AI score0.03465EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2017/04/04 12:0 a.m.5 views

PT-2017-4225 · Go · Golang.Org/X/Crypto/Ssh

Name of the Vulnerable Software and Affected Versions: golang.org/x/crypto/ssh versions prior to the version that includes commit e4e2799 Description: The issue is related to the default behavior of the Go SSH library, which does not verify host keys. This facilitates man-in-the-middle attacks if...

8.1CVSS6.2AI score0.03156EPSS
Exploits0References23
Rows per page
Query Builder