Lucene search
K

77 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-58051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:18 p.m.2 views

GHSA-W879-237Q-WC7R golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References13
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed key parsing memory leak. In rxrpcpreparsexdryfsrxgk, the memory associated with token-rxgk can be leaked in several error paths after it is allocated. This issue was fixed by releasing that memory in the “rejecttoken...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Arm Mbed TLS before version 2.23.0. A side channel allows the recovery of an ECC private key, which is related to functions such as mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable...

5.3CVSS5.6AI score0.01264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 9:2 p.m.13 views

ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing

Summary The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to Int values or allocating arrays. A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger tha...

5.4AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-108 (ALASNITRO-ENCLAVES-2026-108)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-108 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with ...

10CVSS6.9AI score0.03092EPSS
Exploits2References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39829

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS4.9AI score0.004EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.57 views

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

0.004EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0
OSV
OSV
added 2026/05/22 2:8 a.m.7 views

GO-2026-5018 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:22 p.m.6 views

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

7.5CVSS7.1AI score0.00569EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/24 9:34 p.m.6 views

CVE-2026-31643

A flaw was found in the Linux kernel's rxrpc subsystem. During key parsing, a memory leak can occur in certain error paths. This vulnerability could allow a local or remote attacker to cause a denial of service by exhausting system memory...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 3:16 p.m.5 views

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.5CVSS0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:44 p.m.2 views

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.2AI score0.00121EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/24 2:44 p.m.16 views

CVE-2026-31643

CVE-2026-31643 covers a Linux kernel rxrpc memleak in the key parsing path. In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk could leak on several error paths after allocation. The issue is mitigated by freeing the allocated memory in the reject_token: path. Technical cover...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/24 2:44 p.m.5 views

EUVD-2026-25536

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.4AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.27 views

CVE-2026-31643 rxrpc: Fix key parsing memleak

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.4 views

CVE-2026-31643

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpcpreparsexdryfsrxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "rejecttoken:" case...

5.5CVSS5.3AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-34995

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc preparse xdr yfs rxgk, the memory attached to token-rxgk can be leaked in a few error paths after it's allocated. Fix this by freeing it in the "reject token:" case...

5.3AI score0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 10:21 p.m.23 views

CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS0.0015EPSS
Exploits0References2
Rows per page
Query Builder