Lucene search
K

39 matches found

OSV
OSV
added 2026/06/25 10:14 p.m.2 views

GHSA-45GG-VH54-H5M9 golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS6AI score0.00295EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS6AI score0.00295EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...

10CVSS5.8AI score0.00513EPSS
Exploits0References28
Amazon
Amazon
added 2026/06/08 12:0 a.m.18 views

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.8AI score0.00513EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1788)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1788 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

10CVSS6.1AI score0.00513EPSS
Exploits0References40
Amazon
Amazon
added 2026/06/08 12:0 a.m.16 views

Important: nerdctl

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

10CVSS6.1AI score0.00513EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.67 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

0.00295EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:31 a.m.54 views

CVE-2026-39828

CVE-2026-39828 affects golang.org/x/crypto/ssh: when an SSH server authentication callback returns PartialSuccessError with non-nil Permissions, the permissions were previously discarded, potentially dropping certificate restrictions such as force-command after a second factor. Returning non-nil ...

8.8CVSS5.8AI score0.00295EPSS
Exploits0References10Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: tracefs: Resets permissions on files when they are remounted, if the permissions are specified as options. There is an inconsistency in how permissions are handled in tracefs. Since permissions are generated upon access, they...

7.8CVSS6.2AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 3:15 a.m.3 views

CVE-2026-23857

Dell Update Package DUP Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

8.2CVSS5.8AI score0.00092EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 2:5 a.m.6 views

CVE-2026-23857

Dell Update Package DUP Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

8.2CVSS5.4AI score0.00092EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/22 10:30 p.m.6 views

GHSA-CQ3J-QJ2H-6RV3 Container and Containerization archive extraction does not guard against escapes from extraction base directory.

Summary The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system...

4.8CVSS5.6AI score0.00244EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.23 views

CVE-2026-20817

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.05333EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 3:3 p.m.27 views

CVE-2025-58770 TCG2 TPM RT Not Locked Issue

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

8.4CVSS0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.6 views

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 15.5.00.18, which stems from improper handling of permissions and could allow a local attacker to access Samsung Account data...

5.5CVSS6.3AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-7406

Malicious code in bioql PyPI...

9.3CVSS8.6AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-30248

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00981EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-58148

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.6 views

PT-2025-36443

Name of the Vulnerable Software and Affected Versions: WAGO Coupler 0750-0362 affected versions not specified Description: A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runti...

7.5CVSS6.5AI score0.00217EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Sep-2025 Release 1, which stems from improper handling of permissions...

4.3CVSS6.6AI score0.00146EPSS
Exploits0References1
Rows per page
Query Builder