Lucene search
K

8 matches found

Amazon
Amazon
added 2026/06/08 12:0 a.m.16 views

Important: docker

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

10CVSS5.6AI score0.005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39833

A flaw was found in golang.org/x/crypto/ssh/agent. The NewKeyring function, which creates an in-memory keyring, failed to enforce the ConfirmBeforeUse constraint on keys. This allowed keys configured to require user confirmation before use to perform signing operations without any prompt or...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References8
NVD
NVD
added 2026/05/22 4:16 a.m.20 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS0.0036EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 4:16 a.m.28 views

CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS0.00338EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

5.8AI score0.0036EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.57 views

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

0.0036EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 2:8 a.m.6 views

GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References4
Rows per page
Query Builder