169 matches found
CLEANSTART-2026-SM37781 Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
Multiple security vulnerabilities affect the cert-manager-fips package. Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic See references for individual vulnerability details...
CLEANSTART-2026-UH39784 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
CLEANSTART-2026-WQ07901 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the argo-cd-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
CLEANSTART-2026-OH86281 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
CLEANSTART-2026-AD41794 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
CLEANSTART-2026-BS24435 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
DEBIAN-CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message
Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...
PT-2026-4280
Name of the Vulnerable Software and Affected Versions Rekor versions 1.4.3 and below Description Rekor’s entry implementation can experience a panic when processing attacker-controlled input during the canonicalization of a proposed entry with an empty spec.message. The validate function...
AlmaLinux 10 : buildah (ALSA-2026:0436)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0436 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the precedin...
GHSA-J9XQ-69PF-PCM8 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...
RSA 安全漏洞
RSA is a Rust library open-sourced by Rust Crypto. A security vulnerability exists in versions of RSA prior to 0.9.10 that stems from a panic when creating an RSA private key, which could lead to mishandling of errors...
PT-2026-25373
Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT CREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body...
PT-2026-21806
Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.6 Wasmtime versions prior to 36.0.6 Wasmtime version 4.0.04 Wasmtime versions prior to 41.0.4 Wasmtime versions prior to 42.0.0 Description Wasmtime's implementation of the wasi:http/types.fields resource is...
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
GHSA-F6X5-JH6R-WRFV golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...
CVE-2025-58188
CVE-2025-58188 (panic on validating certificate chains with DSA keys) is confirmed in an F5 advisory tied to BIG-IP Next for Kubernetes. Affected component set includes TMM, f5-dwbld, and f5-downloader; the root cause is a cast assuming an Equal method when validating certificate chains containin...
EUVD-2021-1522
Malware in sbrugna...
EUVD-2019-11495
Malware in sbrugna...