| CVE-2017-3204 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey … |
| CVE-2025-47913 |
high |
— |
8.0 |
|
|
|
5mo ago |
RHSA-2026:0753: container-tools:rhel8 security update (Important) |
| CVE-2025-22869 |
high |
— |
8.0 |
|
|
|
1y ago |
RHSA-2025:3210: container-tools:rhel8 security update (Important) |
| CVE-2026-46597 |
high |
7.5 |
7.5 |
|
|
|
14d ago |
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. |
| CVE-2026-39829 |
high |
7.5 |
7.5 |
|
|
|
14d ago |
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumptio… |
| CVE-2026-39827 |
medium |
6.5 |
6.5 |
|
|
|
14d ago |
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.… |
| CVE-2026-39828 |
medium |
6.3 |
6.3 |
|
|
|
14d ago |
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc… |
| CVE-2023-48795 |
medium |
5.9 |
5.9 |
|
|
|
3y ago |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from… |
| CVE-2019-11840 |
medium |
5.9 |
5.9 |
|
|
|
7y ago |
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… |
| CVE-2022-27191 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2020-29652 |
medium |
— |
5.5 |
|
|
|
4y ago |
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. |
| CVE-2026-46598 |
medium |
5.3 |
5.3 |
|
|
|
14d ago |
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. |
| CVE-2026-39835 |
medium |
5.3 |
5.3 |
|
|
|
14d ago |
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an… |
