Lucene search
K

75 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:12 a.m.14 views

Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

...

9.1CVSS5.8AI score0.00533EPSS
Exploits0
OSV
OSV
added 2025/03/27 9:44 a.m.6 views

SUSE-SU-2025:1037-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239330...

8.7CVSS6.8AI score0.00868EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/25 6:12 p.m.4 views

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

7.5CVSS7.1AI score0.00868EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/03/08 8:0 a.m.4 views

Potential denial of service in golang.org/x/crypto

...

7.5CVSS7.5AI score0.00868EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 6:7 a.m.8 views

Security Bulletin: IBM Observability with Instana is vulnerable to Authorization bypass in golang.org/x/crypto

Summary golang.org/x/crypto is used by IBM Instana Observability as part of the instana-agent-operator CVE-2024-45337. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...

9.1CVSS9.6AI score0.03153EPSS
Exploits2Affected Software1
SUSE Linux
SUSE Linux
added 2025/02/20 9:14 a.m.2 views

Security update for brise

This update for brise fixes the following issues: CVE-2025-21613: Fixed argument injection via the URL field bsc1235573. CVE-2024-45337: Fixed authorization bypass in golang.org/x/crypto via the ServerConfig.PublicKeyCallback callback bsc1234597. Patch Instructions: To install this SUSE update us...

8.1CVSS7.1AI score0.03153EPSS
Exploits2References8
Veracode
Veracode
added 2025/01/06 12:5 p.m.12 views

Authorization Bypass

golang.org/x/crypto is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of public key authentication callbacks where the order or reuse of keys in the callback can lead to incorrect authorization decisions, allowing attackers to exploit misused APIs or assumptions...

9.1CVSS7.1AI score0.03153EPSS
Exploits2References8Affected Software2
OSV
OSV
added 2024/12/12 7:20 p.m.10 views

GHSA-7PRJ-HGX4-2XC3 Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy

A security issue was identified in the NanoProxy project related to the golang.org/x/crypto dependency. The project was using an outdated version of this dependency, which potentially exposed the system to security vulnerabilities that have been addressed in subsequent updates. Impact: The specif...

9.1CVSS9.5AI score0.03153EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2024/12/12 7:20 p.m.14 views

Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy

A security issue was identified in the NanoProxy project related to the golang.org/x/crypto dependency. The project was using an outdated version of this dependency, which potentially exposed the system to security vulnerabilities that have been addressed in subsequent updates. Impact: The specif...

9.1CVSS7.4AI score0.03153EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2024/12/11 6:40 p.m.19 views

GO-2024-3321 Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

9.1CVSS9.1AI score0.03153EPSS
Exploits2References4
OSV
OSV
added 2024/09/10 7:43 a.m.22 views

SUSE-SU-2024:3186-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: correctly configure /etc/hosts and resolv.conf buildah: refactor resolv/hosts setup. rename...

8.6CVSS7.6AI score0.01956EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/07/02 7:51 p.m.18 views

CVE-2022-30636 Limited directory traversal vulnerability on Windows in golang.org/x/crypto

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

7.5AI score0.00632EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/02 7:51 p.m.36 views

CVE-2022-30636 Limited directory traversal vulnerability on Windows in golang.org/x/crypto

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

0.00632EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.25 views

RHEL 7 / 8 : OpenShift Virtualization 4.11.0 RPMs (RHSA-2022:6527)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6527 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

7.5CVSS7.7AI score0.03931EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/04/22 12:0 a.m.67 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1533)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.93305EPSS
Exploits12References2
Redos
Redos
added 2024/04/12 12:0 a.m.48 views

ROS-20240412-06

A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...

9.8CVSS8.6AI score0.87816EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/11 9:32 p.m.40 views

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to machine-in-the-middle due to golang.org/x/crypto ( CVE-2023-48795 )

Summary Golang.org/x/crypto is used by IBM Cloud Pak for Data Scheduling as part of the scheduler binaries . CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in th...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software1
OpenVAS
OpenVAS
added 2024/03/13 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.93305EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.101 views

RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...

7.5CVSS7.2AI score0.99999EPSS
Exploits23References16
Rows per page
Query Builder