27 matches found
CVE-2026-35085
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
CVE-2026-35085
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
CVE-2026-35085
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
CVE-2026-35085 Stack buffer overflow in method gdv-serverconfig
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
CVE-2026-35085 Stack buffer overflow in method gdv-serverconfig
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
EUVD-2026-34081
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
CVE-2026-35085
CVE-2026-35085 describes a stack buffer overflow in gdv-serverconfig that can be exploited by a remote attacker authenticated with user privileges to achieve full system access as root. The CVE is rated HIGH (CVSS 4.0: 8.7) with NETWORK attack vector, low complexity, and requires low privileges; ...
PT-2026-45926
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
EUVD-2025-27769
Malicious code in bioql PyPI...
PT-2025-34849 · Unknown · Serverconfig
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The serverConfig API endpoint returns the module configuration, including credentials, without requiring authentication. Recommendations: At the moment, there is no information about a newer versio...
Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2779)
The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300052.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2779 advisory. Calling any of the Parse functions on Go source code which contains deeply nested literals can cause ...
Security Bulletin: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass affects watsonx.data
Summary Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate...
Important: runfinch-finch
Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...
Important: containerd
Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...
Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-050)
The version of runfinch-finch installed on the remote host is prior to 1.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-050 advisory. 2025-02-12: CVE-2024-51744 was added to this advisory. 2025-02-12: CVE-2024-45338 was added to this advisory...
ROS-20250110-14
Vulnerability of ServerConfig.PublicKeyCallback function of the library for Go crypto programming language is related to a flaw in the authorization procedure for key processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...
CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / docker-compose / moby-compose / moby-engine / packer (CVE-2024-45337)
The version of cert-manager / cf-cli / docker-buildx / docker-compose / moby-compose / moby-engine / packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45337 advisory. - Applications and...
ROS-20241220-04
Vulnerability of ServerConfig.PublicKeyCallback function of the library for Go crypto programming language is related to a flaw in the authorization procedure for key processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...
CVE-2024-45337
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
CVE-2024-45337
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...