|
1311
|
6.5 |
MEDIUM
Network
|
redhat
samba
|
openshift_container_platform
samba
enterprise_linux
|
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to i…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-2340
|
2026-05-29 00:33 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1312
|
9.1 |
CRITICAL
Network
|
golang
|
crypto
|
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forward…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39832
|
2026-05-29 00:11 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1313
|
9.1 |
CRITICAL
Network
|
golang
|
crypto
|
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indicatio…
|
CWE-862
Missing Authorization
|
CVE-2026-39833
|
2026-05-29 00:04 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1314
|
9.1 |
CRITICAL
Network
|
golang
|
crypto
|
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty pack…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-39834
|
2026-05-29 00:03 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1315
|
5.3 |
MEDIUM
Network
|
golang
|
crypto
|
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-39835
|
2026-05-28 23:56 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1316
|
9.1 |
CRITICAL
Network
|
golang
|
crypto
|
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42508
|
2026-05-28 23:47 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1317
|
10.0 |
CRITICAL
Network
|
golang
|
crypto
|
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would…
|
CWE-863
Incorrect Authorization
|
CVE-2026-46595
|
2026-05-28 23:44 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1318
|
7.5 |
HIGH
Network
|
golang
|
crypto
|
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2026-46597
|
2026-05-28 23:44 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1319
|
5.3 |
MEDIUM
Network
|
golang
|
crypto
|
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-46598
|
2026-05-28 23:34 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1320
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t…
|
CWE-401
CWE-404
Missing Release of Memory after Effective Lifetime
Improper Resource Shutdown or Release
|
CVE-2026-9572
|
2026-05-28 23:32 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
