Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES16 Security Update : mcphost (SUSE-SU-2026:22193-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22193-1 advisory. This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

10CVSS5.9AI score0.00781EPSS
Exploits0References45
Github Security Blog
Github Security Blog
added 2026/06/25 10:22 p.m.7 views

golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2026/06/25 10:22 p.m.3 views

GHSA-5CGQ-3RG8-M6CV golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References13
OSV
OSV
added 2026/06/24 8:46 a.m.2 views

SUSE-SU-2026:2609-1 Security update for apptainer

This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal bsc1264177. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of...

10CVSS6.8AI score0.01557EPSS
Exploits1References27
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

SUSE-SU-2026:22193-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.9AI score0.00781EPSS
Exploits0References25
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

SUSE-SU-2026:22226-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.9AI score0.00781EPSS
Exploits0References25
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.9 views

openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20956-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20956-1 advisory. This update for trivy fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

10CVSS5.5AI score0.00781EPSS
Exploits0References47
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:18 a.m.15 views

Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

...

9.1CVSS5.8AI score0.00469EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.63 views

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

0.00469EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:31 a.m.110 views

CVE-2026-42508

CVE-2026-42508 concerns revocation checks for a CA SignatureKey. The fix adds revocation checks for both the CA 'key' and 'key.SignatureKey' (prevents bypass). The CVE is rated CRITICAL (CVSS 3.1: 9.1, Network, no user interaction). Exploitation details are not provided in the documents; mitigati...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References11Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.8 views

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

5.8AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:8 a.m.12 views

GO-2026-5021 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 2:8 a.m.9 views

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 2:8 a.m.9 views

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/03/31 7:9 a.m.31 views

curl: Bypassing Strict SSH Server Verification via Connection Pool Reuse in libcurl

Summary There is a logic flaw in how libcurl manages its connection pool for SSH protocols SFTP/SCP. When evaluating an existing connection for reuse, sshconfigmatches in lib/url.c fails to compare server identity verification policies. By ignoring CURLOPTSSHKNOWNHOSTS, CURLOPTSSHHOSTPUBLICKEYMD5...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/12 11:48 a.m.7 views

CLSA-2026-1773316090 Fix CVE(s): CVE-2025-14524, CVE-2025-15079

SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override - debian/patches/CVE-2025-15079.patch: set...

5.3CVSS6.4AI score0.00611EPSS
Exploits2References1
OSV
OSV
added 2026/03/10 9:25 a.m.10 views

CLSA-2026-1773134717 curl: Fix of 2 CVEs

CVE-2025-14524: prevent bearer token leak on cross-protocol redirect - CVE-2025-15079: set both SSH knownhosts options to the same file to prevent libssh global knownhosts override...

5.3CVSS6.6AI score0.00611EPSS
Exploits2References1
Amazon
Amazon
added 2026/02/18 12:0 a.m.6 views

Medium: curl

Issue Overview: No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.html NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 curl-880 NOTE: Fixed by:...

6.3CVSS5.5AI score0.00679EPSS
Exploits3
OSV
OSV
added 2026/01/10 5:7 a.m.3 views

MGASA-2026-0003 Updated curl packages fix security vulnerabilities

curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass...

6.3CVSS6.7AI score0.00679EPSS
Exploits3References3
Rows per page
Query Builder