Lucene search
+L

388 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...

10CVSS5.8AI score0.00533EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.24 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3348 (ALAS-2026-3348)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3348 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively...

9.1CVSS5.7AI score0.00533EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.19 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1788)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1788 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

10CVSS6.1AI score0.00533EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.13.1 : avahi (EulerOS-SA-2026-2120)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...

6.5CVSS5.6AI score0.00353EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.15 views

EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2026-2159)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...

6.5CVSS5.6AI score0.00353EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39830

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS5.5AI score0.00533EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.14 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39830)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39830 advisory. - A malicious SSH peer could send unsolicited global request responses to fill an internal buffe...

9.1CVSS5.8AI score0.00533EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 6:30 p.m.3 views

GHSA-MFVP-7P3V-X9MH Casdoor SAML callback handler accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

9.1CVSS5.8AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 4:31 p.m.36 views

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

0.0023EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-39830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine coul...

9.1CVSS6AI score0.00533EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/22 5:32 a.m.8 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read...

9.1CVSS5.9AI score0.00533EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.17 views

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read loop...

9.1CVSS5.9AI score0.00533EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 a.m.18 views

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS0.00533EPSS
Exploits0References38
CVE
CVE
added 2026/05/22 2:31 a.m.98 views

CVE-2026-39830

CVE-2026-39830 describes a vulnerability in golang.org/x/crypto/ssh where a malicious SSH peer can send unsolicited global request responses to fill an internal buffer, causing the connection read loop to block. The blocked goroutine cannot be released by Close(), leading to a per-connection reso...

9.1CVSS5.8AI score0.00533EPSS
Exploits0References38Affected Software1
OSV
OSV
added 2026/05/22 2:31 a.m.3 views

CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS6AI score0.00533EPSS
Exploits0References41
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.87 views

CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

0.00533EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 2:8 a.m.9 views

GO-2026-5017 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS5.8AI score0.00533EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42709

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked...

9.8CVSS5.8AI score0.00533EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/28 4:5 a.m.2 views

avahi: Avahi: Denial of Service via unsolicited CNAME announcements

A flaw was found in Avahi, a system that enables devices to discover services on a local network using the mDNS/DNS-SD Multicast Domain Name System/DNS-based Service Discovery protocols. A remote attacker can exploit this by sending two specific network messages, known as unsolicited announcement...

6.5CVSS6.6AI score0.00353EPSS
Exploits1References7
OSV
OSV
added 2026/04/17 2:19 p.m.3 views

SUSE-SU-2026:1442-1 Security update for avahi

This update for avahi fixes the following issue: - CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References3
Rows per page
Query Builder