Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.8 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:35833)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:35833 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986...

9.1CVSS6.8AI score0.00651EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

SUSE SLES15 Security Update : amazon-ssm-agent (SUSE-SU-2026:2467-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2467-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
Snyk
Snyk
added 2026/05/22 5:32 a.m.16 views

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attacker ca...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.11 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attack...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.9 views

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

8.7CVSS5.8AI score0.00359EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:29 a.m.13 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback...

10CVSS5.8AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

5.8AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS5.9AI score0.0044EPSS
Exploits0References27
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.10 views

RHEL 9 : podman (RHSA-2026:5222)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5222 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

7.5CVSS6.7AI score0.00632EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.8 views

MiracleLinux 9 : buildah-1.41.8-1.el9_7 (AXSA:2026-029:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-029:01 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the...

7.5CVSS6.6AI score0.00632EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/19 8:33 p.m.51 views

CVE-2025-47914 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

0.00484EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.8 views

podman security update

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

8.7CVSS7AI score0.00868EPSS
Exploits0
OSV
OSV
added 2025/10/03 7:56 p.m.9 views

RLSA-2025:7462 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144...

7.5CVSS6.5AI score0.00868EPSS
Exploits0References3
OSV
OSV
added 2025/03/26 9:3 a.m.9 views

SUSE-SU-2025:1018-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339...

8.7CVSS7.8AI score0.00868EPSS
Exploits0References4
OSV
OSV
added 2022/09/06 6:15 p.m.5 views

AZL-43344 CVE-2021-43565 affecting package moby-buildx for versions less than 0.7.1-20

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

7.5CVSS6.6AI score0.00984EPSS
Exploits0References1
OSV
OSV
added 2022/09/06 6:15 p.m.14 views

CVE-2021-43565

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

7.5CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2022/03/18 7:15 a.m.5 views

UBUNTU-CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

7.5CVSS7AI score0.03931EPSS
Exploits0References6
OSV
OSV
added 2020/12/17 5:15 a.m.4 views

DEBIAN-CVE-2020-29652

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...

7.5CVSS7.6AI score0.03228EPSS
Exploits0References1
Rows per page
Query Builder