Lucene search
+L

50 matches found

redhat
redhat
added 2026/07/09 6:56 p.m.6 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
redhat
redhat
added 2026/07/09 7:38 a.m.5 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
redhat
redhat
added 2026/07/07 1:15 p.m.10 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
nessus
nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES15 Security Update : apptainer (SUSE-SU-2026:2609-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2609-1 advisory. This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for...

10CVSS7.2AI score0.00781EPSS
Exploits1References46
ossf
ossf
added 2026/06/11 7:16 a.m.15 views

Malicious code in 0x2ai-demo1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdc7c661d4867578d3dd920010bccc1e79fcae8753b5bf549f44ea8a45cde502 On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, cwd, recursive: true with cwd=process.env.INITCWD || process.cwd — recursively writing...

5.5AI score
Exploits0References3
mscve
mscve
added 2026/05/27 8:16 a.m.18 views

Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

...

9.1CVSS5.8AI score0.00525EPSS
Exploits0
nessus
nessus
added 2026/05/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-39832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination...

9.1CVSS6.1AI score0.00525EPSS
Exploits0References4
snyk
snyk
added 2026/05/22 5:32 a.m.8 views

Improper Check for Dropped Privileges

Overview Affected versions of this package are vulnerable to Improper Check for Dropped Privileges due to the omission of constraint extensions such as [email protected] when adding a key to a remote agent. An attacker can bypass intended key usage restrictions by forwarding ke...

9.1CVSS5.8AI score0.00525EPSS
Exploits0References2
osv
osv
added 2026/05/22 2:31 a.m.1 views

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS6AI score0.00525EPSS
Exploits0References23
osv
osv
added 2026/05/19 8:13 p.m.12 views

GHSA-7HGR-7H44-33W2 CamoFox MCP: Unauthenticated HTTP MCP browser-control surface

Unauthenticated HTTP MCP browser-control surface in camofox-mcp Summary camofox-mcp exposed a Streamable HTTP MCP endpoint at /mcp with rate limiting but no inbound MCP-layer authentication. When HTTP mode was enabled, any client that could reach /mcp could list and invoke browser-control tools. ...

7CVSS5.8AI score
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6714

Malicious code in bioql PyPI...

7.5CVSS8.4AI score0.0099EPSS
Exploits0References17
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6668

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.00655EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-41769

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00753EPSS
Exploits0References4
attackerkb
attackerkb
added 2025/09/29 8:38 p.m.9 views

CVE-2025-34207

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 VA and SaaS deployments configure the SSH client within Docker instances with the following options: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. These...

9.8CVSS5.8AI score0.00621EPSS
Exploits0References5
cve
cve
added 2025/09/29 8:38 p.m.23 views

CVE-2025-34207

Vasion Print (Virtual Appliance Host and Application) before versions 22.0.1049 and 20.0.2786 respectively use insecure SSH client settings in Docker: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. This disables host key verification and forwards the SSH agent, enab...

9.8CVSS6.5AI score0.00621EPSS
Exploits0References4Affected Software2
ptsecurity
ptsecurity
added 2025/09/29 12:0 a.m.16 views

PT-2025-39878

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.1049 Vasion Print Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application are configured with insecure SSH client settings within Docker instances...

9.8CVSS6.6AI score0.00621EPSS
Exploits0References6
nessus
nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-39254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their...

8.6CVSS6.8AI score0.00559EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS6.6AI score0.00655EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 7:32 p.m.10 views

CVE-2022-39257

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS6.3AI score0.00753EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 3:23 a.m.4 views

SUSE CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS9AI score0.0099EPSS
Exploits0References4
Rows per page
Query Builder