Lucene search
K

52 matches found

EUVD
EUVD
added last week9 views

EUVD-2026-31395

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
OSV
OSV
added last week4 views

GHSA-89GR-R52H-F8RX golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/06/22 5:23 p.m.4 views

USN-8447-3: Google Guest Agent vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...

10CVSS6.2AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:23 p.m.2 views

USN-8447-3 google-guest-agent vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...

10CVSS6.1AI score0.005EPSS
Exploits0References5
Amazon
Amazon
added 2026/06/22 12:0 a.m.10 views

Important: containerd

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS6.8AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/17 1:43 p.m.5 views

USN-8447-1 golang-go.crypto vulnerabilities

It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker could possibly use this issue to cause a denial of service. CVE-2026-39830 It was discovered that Go Cryptography did not properly verify user presence when using FIDO/U2F security keys...

10CVSS5.7AI score0.005EPSS
Exploits0References8
Amazon
Amazon
added 2026/06/08 12:0 a.m.17 views

Important: containerd

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.7AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.17 views

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.8AI score0.005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS5.4AI score0.00373EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-39831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Verify method for FIDO/U2F security key types [email protected], sk-ssh- [email protected] did not check the User Presence flag. Signatur...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.14 views

SUSE CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

8.1CVSS5.8AI score0.00373EPSS
Exploits0References18
NVD
NVD
added 2026/05/22 4:16 a.m.21 views

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS0.00373EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.59 views

CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

0.00373EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.6 views

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

5.8AI score0.00373EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

5.8AI score0.00373EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:31 a.m.96 views

CVE-2026-39831

CVE-2026-39831 involves the Verify() method for FIDO/U2F security key types ([email protected], [email protected]) where the User Presence flag was not checked. This allowed signatures generated without physical user interaction to be accepted, enabling unattended use of...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.8 views

GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the Verify method does not check the presence flag of the user. This allows signatures generate...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42710

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Verify method for FIDO/U2F security key types [email protected] and [email protected] failed to check the User Presence flag. This...

9.8CVSS5.8AI score0.00373EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.5 views

CVE-2022-33172

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC...

5.5CVSS6.9AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder