Lucene search
K

979 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-44087

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS5.9AI score0.00141EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-39833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any...

9.1CVSS6AI score0.0036EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00403EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.18 views

SUSE CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

7.7CVSS5.8AI score0.0036EPSS
Exploits0References24
NVD
NVD
added 2026/05/22 4:16 a.m.20 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS0.0036EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 4:16 a.m.30 views

CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS0.00403EPSS
Exploits0References18
OSV
OSV
added 2026/05/22 4:16 a.m.13 views

UBUNTU-CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.70 views

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

0.00403EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.70 views

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

0.0036EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.16 views

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

5.9AI score0.00403EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

5.9AI score0.00403EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.9 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

5.8AI score0.0036EPSS
Exploits0References6
CVE
CVE
added 2026/05/22 2:31 a.m.73 views

CVE-2026-39833

The CVE-2026-39833 issue affects the in-memory keyring used by golang.org/x/crypto/ssh/agent. The ConfirmBeforeUse constraint was silently accepted but not enforced by NewKeyring(), allowing keys to sign without a required confirmation prompt and without notifying the caller. The patch fixes this...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

5.8AI score0.0036EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 2:31 a.m.66 views

CVE-2026-39832

CVE-2026-39832 concerns how remote agent constraint extensions are serialized. The issue allowed destination restrictions (e.g., [email protected]) to be stripped when forwarding keys, effectively enabling unrestricted use of the key on the remote host. The description notes th...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.9 views

GO-2026-5006 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 2:8 a.m.17 views

GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42711

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Constraint extensions, such as [email protected], were not serialized in requests when adding a key to a remote agent. This caused destination...

9.1CVSS5.8AI score0.00403EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42712

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The in-memory keyring returned by the NewKeyring function silently accepted keys with the ConfirmBeforeUse constraint but failed to enforce it. This allowed keys...

9.8CVSS5.8AI score0.0036EPSS
Exploits0
Rows per page
Query Builder