Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.16 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-834)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-834 advisory. 2025-02-11: CVE-2024-45338 was added to this advisory. 2025-02-11: CVE-2024-51744 was added to this advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback...

9.1CVSS7.1AI score0.03153EPSS
Exploits2References8
OSV
OSV
added 2024/12/11 10:3 p.m.21 views

GHSA-V778-237X-GJRC Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate."...

9.1CVSS9.1AI score0.03153EPSS
Exploits2References9
OSV
OSV
added 2024/12/11 6:40 p.m.19 views

GO-2024-3321 Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

9.1CVSS9.1AI score0.03153EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.2 views

PT-2024-9626

Name of the Vulnerable Software and Affected Versions golang.org/x/crypto versions prior to 0.31.0 Description The issue is related to the misuse of the ServerConfig.PublicKeyCallback callback in applications and libraries, which may lead to an authorization bypass. The SSH protocol allows client...

9.4CVSS8.2AI score0.03153EPSS
Exploits2
Rows per page
Query Builder