Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/25 10:22 p.m.8 views

golang.org/x/crypto vulnerable to auth bypass via unenforced @revoked status

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS6AI score0.00469EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.72 views

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

0.00469EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:31 a.m.128 views

CVE-2026-42508

CVE-2026-42508 concerns revocation checks for a CA SignatureKey. The fix adds revocation checks for both the CA 'key' and 'key.SignatureKey' (prevents bypass). The CVE is rated CRITICAL (CVSS 3.1: 9.1, Network, no user interaction). Exploitation details are not provided in the documents; mitigati...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.15 views

GO-2026-5021 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/09/12 3:10 a.m.3 views

SUSE CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

6.5CVSS7.5AI score0.00729EPSS
Exploits1References8
OSV
OSV
added 2024/09/11 12:0 a.m.4 views

UBUNTU-CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

6.5CVSS7.2AI score0.00729EPSS
Exploits1References5
Rows per page
Query Builder