39 matches found
GHSA-45GG-VH54-H5M9 golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...
golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)
The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...
Important: runfinch-finch
Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...
Amazon Linux 2023 : nerdctl (ALAS2023-2026-1788)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1788 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...
Important: nerdctl
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...
CVE-2026-39828
CVE-2026-39828 affects golang.org/x/crypto/ssh: when an SSH server authentication callback returns PartialSuccessError with non-nil Permissions, the permissions were previously discarded, potentially dropping certificate restrictions such as force-command after a second factor. Returning non-nil ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: tracefs: Resets permissions on files when they are remounted, if the permissions are specified as options. There is an inconsistency in how permissions are handled in tracefs. Since permissions are generated upon access, they...
CVE-2026-23857
Dell Update Package DUP Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-23857
Dell Update Package DUP Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
GHSA-CQ3J-QJ2H-6RV3 Container and Containerization archive extraction does not guard against escapes from extraction base directory.
Summary The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system...
CVE-2026-20817
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally...
CVE-2025-58770 TCG2 TPM RT Not Locked Issue
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...
SAMSUNG Account 安全漏洞
SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 15.5.00.18, which stems from improper handling of permissions and could allow a local attacker to access Samsung Account data...
EUVD-2021-7406
Malicious code in bioql PyPI...
EUVD-2023-30248
Malicious code in bioql PyPI...
EUVD-2023-58148
Malicious code in bioql PyPI...
PT-2025-36443
Name of the Vulnerable Software and Affected Versions: WAGO Coupler 0750-0362 affected versions not specified Description: A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runti...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Sep-2025 Release 1, which stems from improper handling of permissions...