Lucene search
+L

46 matches found

RedHat Linux
RedHat Linux
added 2 days ago6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS6.3AI score0.0044EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.3 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS5.9AI score0.0044EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 10:23 p.m.13 views

EUVD-2026-31398

golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement...

10CVSS6.9AI score0.03153EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2026/06/25 10:23 p.m.18 views

golang.org/x/crypto: Invoking VerifiedPublicKeyCallback permissions skip enforcement

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS6.8AI score0.03153EPSS
Exploits2References31Affected Software1
Cvelist
Cvelist
added 2026/06/16 1:39 p.m.35 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 1:39 p.m.46 views

CVE-2025-11694

The CVE-2025-11694 issue affects 1769 CompactLogix controllers (CIP protocol). The root cause is missing validation of sequence numbers and source IP addresses, enabling an attacker to abuse exposed Connection IDs visible on the web interface to trigger denial-of-service conditions resulting in a...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 1:39 p.m.9 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.18 views

CVE-2026-46595

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS6.5AI score0.0044EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/04 12:43 p.m.5 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS6.9AI score0.0044EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/04 12:39 p.m.2 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS6.9AI score0.0044EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/22 5:29 a.m.8 views

Incorrect Authorization

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback type...

10CVSS5.8AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 a.m.21 views

CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS0.0044EPSS
Exploits0References28
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.95 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

0.0044EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS5.9AI score0.0044EPSS
Exploits0References31
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.8 views

CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

9.1CVSS6.8AI score0.03153EPSS
Exploits2References5
CVE
CVE
added 2026/05/22 2:31 a.m.268 views

CVE-2026-46595

CVE-2026-46595 affects golang.org/x/crypto/ssh. The issue arises when VerifiedPublicKeyCallback is invoked with a callback type other than public key, causing the source-address validation to be bypassed and enabling an authorization bypass. The description notes this is a continuation of CVE-202...

10CVSS5.8AI score0.0044EPSS
Exploits0References28Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.7 views

GO-2026-5023 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS5.8AI score0.0044EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/03 7:54 p.m.2 views

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

8.2CVSS7.4AI score0.00621EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/03 7:54 p.m.24 views

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

8.2CVSS0.00621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.8 views

Ubuntu 24.04 LTS / 25.04 / 25.10 : OpenVPN vulnerability (USN-7898-1)

The remote Ubuntu 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7898-1 advisory. Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass sour...

8.2CVSS7.3AI score0.00621EPSS
Exploits0References2
Rows per page
Query Builder