Lucene search
K

26 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/27 8:12 a.m.13 views

Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

...

9.1CVSS5.8AI score0.005EPSS
Exploits0
OSV
OSV
added 2025/03/27 9:44 a.m.6 views

SUSE-SU-2025:1037-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239330...

8.7CVSS6.8AI score0.00868EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/25 6:12 p.m.3 views

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

7.5CVSS7.1AI score0.00868EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.24 views

RHEL 7 / 8 : OpenShift Virtualization 4.11.0 RPMs (RHSA-2022:6527)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6527 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

7.5CVSS7.7AI score0.03931EPSS
Exploits0References6
Redos
Redos
added 2024/04/12 12:0 a.m.46 views

ROS-20240412-06

A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...

9.8CVSS8.6AI score0.87816EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.37 views

RHCOS 4 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. - golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 - golang: path/filepath: path-filepath filepath.Clean path...

9.8CVSS7AI score0.03931EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.30 views

Rocky Linux 8 : container-tools:rhel8 (RLSA-2021:1796)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1796 advisory. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause ...

7.5CVSS7.4AI score0.03228EPSS
Exploits1References37
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.29 views

SUSE SLES12 Security Update : containerd (SUSE-SU-2022:4409-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4409-1 advisory. Update to containerd v1.6.12 including Docker v20.10.21-ce bsc1206065. Also includes the following fix: - CVE-2022-23471: host memo...

7.5CVSS7AI score0.03931EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.66 views

Rocky Linux 8 : container-tools:4.0 (RLSA-2022:7469)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7469 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 whe...

7.8CVSS7.5AI score0.03931EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.95 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...

7.8CVSS7.4AI score0.03931EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.35 views

AlmaLinux 8 : container-tools:4.0 (ALSA-2022:7469)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7469 advisory. cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 runc:...

7.8CVSS7.7AI score0.03931EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/11/09 12:0 a.m.23 views

CentOS 8 : container-tools:rhel8 (CESA-2022:7457)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7457 advisory. - golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 - opencontainers: OCI manifest and index parsing...

7.8CVSS7.4AI score0.03931EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/10/21 12:0 a.m.35 views

Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

9.3CVSS7.2AI score0.05335EPSS
Exploits7References32
Prion
Prion
added 2022/09/06 6:15 p.m.33 views

Code injection

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

5CVSS7.8AI score0.00948EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/08/20 12:0 a.m.82 views

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:2839-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory. Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image t...

8.8CVSS7.2AI score0.05994EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2022/08/18 12:0 a.m.93 views

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:2834-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2834-1 advisory. Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image t...

8.8CVSS7.2AI score0.05994EPSS
Exploits2References10
Github Security Blog
Github Security Blog
added 2022/05/24 10:1 p.m.78 views

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the gssapi-with-mic method which will cause...

7.5CVSS7.4AI score0.03228EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/04/25 8:38 p.m.35 views

GO-2021-0356 Denial of service via crafted Signer in golang.org/x/crypto/ssh

Attackers can cause a crash in SSH servers when the server has been configured by passing a Signer to ServerConfig.AddHostKey such that 1 the Signer passed to AddHostKey does not implement AlgorithmSigner, and 2 the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey...

7.5CVSS9.6AI score0.03931EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/19 12:0 a.m.37 views

Use of a Broken or Risky Cryptographic Algorithm

golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey...

7.5CVSS3.3AI score0.03931EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/03/18 7:15 a.m.47 views

CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

7.5CVSS7AI score0.03931EPSS
Exploits0References5
Rows per page
Query Builder