Lucene search
K

109 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS6AI score0.00394EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/07 1:15 p.m.8 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-46597

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service DoS for the affected system...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:45 p.m.13 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

4.3CVSS5.8AI score0.0035EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/05/25 7:10 a.m.29 views

CVE-2026-4915

Mattermost is affected in CVE-2026-4915 across multiple release streams (11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x

6.5CVSS5.8AI score0.00277EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/22 5:32 a.m.10 views

Uncaught Exception

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Uncaught Exception in the CertChecker component when used as a public key callback without setting IsUserAuthority or IsHostAuthority. An attacker can cause the server to panic by...

8.7CVSS5.8AI score0.00394EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 a.m.15 views

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS0.00359EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.82 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

0.00394EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42717

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side pani...

9.8CVSS5.8AI score0.00359EPSS
Exploits0
Snyk
Snyk
added 2026/05/14 9:23 p.m.7 views

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the PublishLogs endpoint. An authenticated gRPC request from an enrolled launcher host can cause the server process to panic and terminate unexpectedly. Remediation Upgrade...

8.7CVSS5.5AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 9:23 p.m.6 views

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the PublishLogs endpoint. An authenticated gRPC request from an enrolled launcher host can cause the server process to panic and terminate unexpectedly. Remediation Upgrade...

8.7CVSS5.5AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 9:13 p.m.33 views

CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

8.7CVSS0.00202EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

7.1CVSS5.8AI score0.00404EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 8:33 p.m.6 views

GO-2026-4829 NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server

NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server...

7.5CVSS5.9AI score0.00658EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.8 views

CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

7.1CVSS5.8AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/25 9:21 p.m.6 views

CVE-2026-27889

A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service DoS for affected...

7.5CVSS5.7AI score0.00582EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 8:16 p.m.7 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS6.4AI score0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-28092

Name of the Vulnerable Software and Affected Versions NATS-Server versions 2.2.0 through 2.11.14 NATS-Server versions 2.12.0 through 2.12.5 Description NATS-Server, a high-performance messaging system, has a flaw where a missing sanity check on WebSocket frames can cause the server to panic. This...

9.8CVSS5.8AI score0.00582EPSS
Exploits12References156
Rows per page
Query Builder