Lucene search
K

4 matches found

OSV
OSV
added 2026/06/25 10:21 p.m.4 views

GHSA-89GR-R52H-F8RX golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS6AI score0.00373EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.9 views

golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS6AI score0.00373EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39831

A flaw was found in golang.org/x/crypto/ssh. The Verify method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2017/02/03 3:18 p.m.31 views

CVE-2016-7924

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...

9.8CVSS1.4AI score0.03464EPSS
Exploits0References1
Rows per page
Query Builder