{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","type":"deb","namespace":"debian","name":"golang-go.crypto","version":"1:0.4.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:0.17.0-1","latest_non_vulnerable_version":"1:0.52.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71242?format=json","vulnerability_id":"VCID-1f5g-jvfq-fkf9","summary":"When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39832","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21171","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21061","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21051","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21115","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21158","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39832"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/778642","reference_id":"778642","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:59:53Z/"}],"url":"https://go.dev/cl/778642"},{"reference_url":"https://go.dev/issue/79435","reference_id":"79435","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:59:53Z/"}],"url":"https://go.dev/issue/79435"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:59:53Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5006","reference_id":"GO-2026-5006","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:59:53Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39832"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1f5g-jvfq-fkf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71238?format=json","vulnerability_id":"VCID-2vrr-2e4y-v3ar","summary":"When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39828","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10569","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10491","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10467","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10553","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10591","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39828"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781621","reference_id":"781621","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:43:55Z/"}],"url":"https://go.dev/cl/781621"},{"reference_url":"https://go.dev/issue/79562","reference_id":"79562","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:43:55Z/"}],"url":"https://go.dev/issue/79562"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:43:55Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5014","reference_id":"GO-2026-5014","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:43:55Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5014"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39828"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vrr-2e4y-v3ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46693?format=json","vulnerability_id":"VCID-38u7-pvx6-ayb4","summary":"Improper Validation of Integrity Check Value\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.","references":[{"reference_url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"0.52998","scoring_system":"epss","scoring_elements":"0.98011","published_at":"2026-06-09T12:55:00Z"},{"value":"0.54214","scoring_system":"epss","scoring_elements":"0.98065","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"},{"reference_url":"https://bugs.gentoo.org/920280","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugs.gentoo.org/920280"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-364175.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-364175.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-769027.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-769027.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-915275.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-915275.html"},{"reference_url":"https://crates.io/crates/thrussh/versions","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://crates.io/crates/thrussh/versions"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Mar/21","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Mar/21"},{"reference_url":"https://filezilla-project.org/versions.php","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://filezilla-project.org/versions.php"},{"reference_url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/mina-sshd/issues/445","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/apache/mina-sshd/issues/445"},{"reference_url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"},{"reference_url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"},{"reference_url":"https://github.com/cyd01/KiTTY/issues/520","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/cyd01/KiTTY/issues/520"},{"reference_url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"},{"reference_url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1"},{"reference_url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"},{"reference_url":"https://github.com/hierynomus/sshj/issues/916","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/hierynomus/sshj/issues/916"},{"reference_url":"https://github.com/janmojzis/tinyssh/issues/81","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/janmojzis/tinyssh/issues/81"},{"reference_url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"},{"reference_url":"https://github.com/libssh2/libssh2/pull/1291","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/libssh2/libssh2/pull/1291"},{"reference_url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"},{"reference_url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"},{"reference_url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"},{"reference_url":"https://github.com/mwiede/jsch/issues/457","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/issues/457"},{"reference_url":"https://github.com/mwiede/jsch/pull/461","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/pull/461"},{"reference_url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"},{"reference_url":"https://github.com/NixOS/nixpkgs/pull/275249","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/NixOS/nixpkgs/pull/275249"},{"reference_url":"https://github.com/openssh/openssh-portable/commits/master","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/openssh/openssh-portable/commits/master"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/paramiko/paramiko/issues/2337"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"},{"reference_url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/issues/456","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/issues/456"},{"reference_url":"https://github.com/rapier1/hpn-ssh/releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/rapier1/hpn-ssh/releases"},{"reference_url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"},{"reference_url":"https://github.com/ronf/asyncssh/tags","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/tags"},{"reference_url":"https://github.com/ssh-mitm/ssh-mitm/issues/165","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ssh-mitm/ssh-mitm/issues/165"},{"reference_url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"},{"reference_url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"},{"reference_url":"https://github.com/warp-tech/russh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh"},{"reference_url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951"},{"reference_url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2"},{"reference_url":"https://gitlab.com/libssh/libssh-mirror/-/tags","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://gitlab.com/libssh/libssh-mirror/-/tags"},{"reference_url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"},{"reference_url":"https://go.dev/cl/550715","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/550715"},{"reference_url":"https://go.dev/issue/64784","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/64784"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"},{"reference_url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"},{"reference_url":"https://help.panic.com/releasenotes/transmit5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://help.panic.com/releasenotes/transmit5"},{"reference_url":"https://help.panic.com/releasenotes/transmit5/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://help.panic.com/releasenotes/transmit5/"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://matt.ucc.asn.au/dropbear/CHANGES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://matt.ucc.asn.au/dropbear/CHANGES"},{"reference_url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"},{"reference_url":"https://news.ycombinator.com/item?id=38684904","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38684904"},{"reference_url":"https://news.ycombinator.com/item?id=38685286","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38685286"},{"reference_url":"https://news.ycombinator.com/item?id=38732005","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38732005"},{"reference_url":"https://nova.app/releases/#v11.8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nova.app/releases/#v11.8"},{"reference_url":"https://oryx-embedded.com/download/#changelog","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://oryx-embedded.com/download/#changelog"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"},{"reference_url":"https://roumenpetrov.info/secsh/#news20231220","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://roumenpetrov.info/secsh/#news20231220"},{"reference_url":"https://security.gentoo.org/glsa/202312-16","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-16"},{"reference_url":"https://security.gentoo.org/glsa/202312-17","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/libssh2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/libssh2"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"},{"reference_url":"https://support.apple.com/kb/HT214084","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://support.apple.com/kb/HT214084"},{"reference_url":"https://twitter.com/TrueSkrillor/status/1736774389725565005","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://twitter.com/TrueSkrillor/status/1736774389725565005"},{"reference_url":"https://winscp.net/eng/docs/history#6.2.2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://winscp.net/eng/docs/history#6.2.2"},{"reference_url":"https://www.bitvise.com/ssh-client-version-history#933","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-client-version-history#933"},{"reference_url":"https://www.bitvise.com/ssh-server-version-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-server-version-history"},{"reference_url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"},{"reference_url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"},{"reference_url":"https://www.debian.org/security/2023/dsa-5586","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5586"},{"reference_url":"https://www.debian.org/security/2023/dsa-5588","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5588"},{"reference_url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"},{"reference_url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsarang.com/en/xshell-update-history"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.netsarang.com/en/xshell-update-history/"},{"reference_url":"https://www.openssh.com/openbsd.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/openbsd.html"},{"reference_url":"https://www.openssh.com/txt/release-9.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/txt/release-9.6"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"https://www.paramiko.org/changelog.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.paramiko.org/changelog.html"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"},{"reference_url":"https://www.terrapin-attack.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.terrapin-attack.com"},{"reference_url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh"},{"reference_url":"https://www.vandyke.com/products/securecrt/history.txt","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.vandyke.com/products/securecrt/history.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/18/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/18/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/06/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/06/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/17/8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/17/8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001","reference_id":"1059001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002","reference_id":"1059002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003","reference_id":"1059003","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004","reference_id":"1059004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005","reference_id":"1059005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006","reference_id":"1059006","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007","reference_id":"1059007","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058","reference_id":"1059058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144","reference_id":"1059144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290","reference_id":"1059290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294","reference_id":"1059294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/","reference_id":"33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/","reference_id":"3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/","reference_id":"3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/","reference_id":"6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/","reference_id":"BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/","reference_id":"C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/","reference_id":"CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"},{"reference_url":"https://access.redhat.com/security/cve/cve-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://access.redhat.com/security/cve/cve-2023-48795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-48795"},{"reference_url":"https://ubuntu.com/security/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://ubuntu.com/security/CVE-2023-48795"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway","reference_id":"CVE-2023-48795-AND-SFTP-GATEWAY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/","reference_id":"CVE-2023-48795-AND-SFTP-GATEWAY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit","reference_id":"CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability","reference_id":"CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://security.gentoo.org/glsa/202407-11","reference_id":"GLSA-202407-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-11"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202509-06","reference_id":"GLSA-202509-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-06"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/","reference_id":"HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/","reference_id":"I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/","reference_id":"KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/","reference_id":"L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/","reference_id":"LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004/","reference_id":"ntap-20240105-0004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7197","reference_id":"RHSA-2023:7197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7198","reference_id":"RHSA-2023:7198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7201","reference_id":"RHSA-2023:7201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0040","reference_id":"RHSA-2024:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0429","reference_id":"RHSA-2024:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0455","reference_id":"RHSA-2024:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0499","reference_id":"RHSA-2024:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0538","reference_id":"RHSA-2024:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0594","reference_id":"RHSA-2024:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0606","reference_id":"RHSA-2024:0606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0625","reference_id":"RHSA-2024:0625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0628","reference_id":"RHSA-2024:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0766","reference_id":"RHSA-2024:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0789","reference_id":"RHSA-2024:0789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0843","reference_id":"RHSA-2024:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0880","reference_id":"RHSA-2024:0880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0954","reference_id":"RHSA-2024:0954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1130","reference_id":"RHSA-2024:1130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1150","reference_id":"RHSA-2024:1150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1192","reference_id":"RHSA-2024:1192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1193","reference_id":"RHSA-2024:1193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1196","reference_id":"RHSA-2024:1196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1197","reference_id":"RHSA-2024:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1210","reference_id":"RHSA-2024:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1557","reference_id":"RHSA-2024:1557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1859","reference_id":"RHSA-2024:1859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2728","reference_id":"RHSA-2024:2728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2735","reference_id":"RHSA-2024:2735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2768","reference_id":"RHSA-2024:2768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3479","reference_id":"RHSA-2024:3479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3634","reference_id":"RHSA-2024:3634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3635","reference_id":"RHSA-2024:3635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3636","reference_id":"RHSA-2024:3636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3918","reference_id":"RHSA-2024:3918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4010","reference_id":"RHSA-2024:4010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4151","reference_id":"RHSA-2024:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4329","reference_id":"RHSA-2024:4329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4479","reference_id":"RHSA-2024:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4484","reference_id":"RHSA-2024:4484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4597","reference_id":"RHSA-2024:4597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4662","reference_id":"RHSA-2024:4662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4955","reference_id":"RHSA-2024:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4959","reference_id":"RHSA-2024:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5200","reference_id":"RHSA-2024:5200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5432","reference_id":"RHSA-2024:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5433","reference_id":"RHSA-2024:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5438","reference_id":"RHSA-2024:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8235","reference_id":"RHSA-2024:8235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4664","reference_id":"RHSA-2025:4664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4664"},{"reference_url":"https://usn.ubuntu.com/6560-1/","reference_id":"USN-6560-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-1/"},{"reference_url":"https://usn.ubuntu.com/6560-2/","reference_id":"USN-6560-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-2/"},{"reference_url":"https://usn.ubuntu.com/6561-1/","reference_id":"USN-6561-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6561-1/"},{"reference_url":"https://usn.ubuntu.com/6585-1/","reference_id":"USN-6585-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6585-1/"},{"reference_url":"https://usn.ubuntu.com/6589-1/","reference_id":"USN-6589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6589-1/"},{"reference_url":"https://usn.ubuntu.com/6598-1/","reference_id":"USN-6598-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6598-1/"},{"reference_url":"https://usn.ubuntu.com/6738-1/","reference_id":"USN-6738-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6738-1/"},{"reference_url":"https://usn.ubuntu.com/7051-1/","reference_id":"USN-7051-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7051-1/"},{"reference_url":"https://usn.ubuntu.com/7292-1/","reference_id":"USN-7292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7292-1/"},{"reference_url":"https://usn.ubuntu.com/7297-1/","reference_id":"USN-7297-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7297-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97555?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.17.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.17.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2023-48795","GHSA-45x7-px36-x8w8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38u7-pvx6-ayb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71243?format=json","vulnerability_id":"VCID-6b1a-3j19-akf6","summary":"The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39833","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1309","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12998","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12967","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13055","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13094","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39833"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/778640","reference_id":"778640","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:57:41Z/"}],"url":"https://go.dev/cl/778640"},{"reference_url":"https://go.dev/cl/778641","reference_id":"778641","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:57:41Z/"}],"url":"https://go.dev/cl/778641"},{"reference_url":"https://go.dev/issue/79436","reference_id":"79436","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:57:41Z/"}],"url":"https://go.dev/issue/79436"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:57:41Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5005","reference_id":"GO-2026-5005","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:57:41Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39833"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b1a-3j19-akf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71247?format=json","vulnerability_id":"VCID-87u8-ckhc-xkbe","summary":"Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46595","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16519","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1641","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16394","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16475","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16516","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46595"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781642","reference_id":"781642","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:21:12Z/"}],"url":"https://go.dev/cl/781642"},{"reference_url":"https://go.dev/issue/79570","reference_id":"79570","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:21:12Z/"}],"url":"https://go.dev/issue/79570"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:21:12Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5023","reference_id":"GO-2026-5023","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:21:12Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46595"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87u8-ckhc-xkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71235?format=json","vulnerability_id":"VCID-dpcn-e5wh-f3dy","summary":"SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47914","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02631","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0273","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02735","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02681","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02665","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/721960","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://go.dev/cl/721960"},{"reference_url":"https://go.dev/issue/76364","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://go.dev/issue/76364"},{"reference_url":"https://go.googlesource.com/crypto","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto"},{"reference_url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47914","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47914"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4135","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4135"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091","reference_id":"1121091","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416000","reference_id":"2416000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15979","reference_id":"RHSA-2026:15979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6503","reference_id":"RHSA-2026:6503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7291","reference_id":"RHSA-2026:7291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7385","reference_id":"RHSA-2026:7385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97559?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.45.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.45.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-47914","GHSA-f6x5-jh6r-wrfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpcn-e5wh-f3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71239?format=json","vulnerability_id":"VCID-fdtb-76h9-3fhr","summary":"The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39829","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10927","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10822","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10802","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10882","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10916","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781641","reference_id":"781641","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:52:38Z/"}],"url":"https://go.dev/cl/781641"},{"reference_url":"https://go.dev/cl/781661","reference_id":"781661","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:52:38Z/"}],"url":"https://go.dev/cl/781661"},{"reference_url":"https://go.dev/issue/79565","reference_id":"79565","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:52:38Z/"}],"url":"https://go.dev/issue/79565"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:52:38Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5018","reference_id":"GO-2026-5018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:52:38Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39829"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdtb-76h9-3fhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71244?format=json","vulnerability_id":"VCID-h2zv-pdv7-qqf8","summary":"When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39834","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17056","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17038","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17118","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17152","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39834"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781663","reference_id":"781663","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:50:30Z/"}],"url":"https://go.dev/cl/781663"},{"reference_url":"https://go.dev/issue/79567","reference_id":"79567","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:50:30Z/"}],"url":"https://go.dev/issue/79567"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:50:30Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5020","reference_id":"GO-2026-5020","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:50:30Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5020"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39834"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2zv-pdv7-qqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71249?format=json","vulnerability_id":"VCID-mg7t-ytdk-1uf9","summary":"For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46598","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16138","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1602","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15998","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16084","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16128","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46598"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781360","reference_id":"781360","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:12:30Z/"}],"url":"https://go.dev/cl/781360"},{"reference_url":"https://go.dev/issue/79596","reference_id":"79596","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:12:30Z/"}],"url":"https://go.dev/issue/79596"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:12:30Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5033","reference_id":"GO-2026-5033","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:12:30Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5033"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46598"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mg7t-ytdk-1uf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71246?format=json","vulnerability_id":"VCID-mwry-sy2z-g7fx","summary":"Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42508","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11809","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11699","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11687","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11769","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11803","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42508"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781220","reference_id":"781220","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:43:40Z/"}],"url":"https://go.dev/cl/781220"},{"reference_url":"https://go.dev/issue/79568","reference_id":"79568","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:43:40Z/"}],"url":"https://go.dev/issue/79568"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:43:40Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5021","reference_id":"GO-2026-5021","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:43:40Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-42508"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwry-sy2z-g7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71237?format=json","vulnerability_id":"VCID-ng11-j5v2-sfbf","summary":"An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39827","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06664","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06617","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06616","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06657","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0667","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39827"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/issue/35127","reference_id":"35127","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:35:34Z/"}],"url":"https://go.dev/issue/35127"},{"reference_url":"https://go.dev/cl/781320","reference_id":"781320","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:35:34Z/"}],"url":"https://go.dev/cl/781320"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:35:34Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5016","reference_id":"GO-2026-5016","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:35:34Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39827"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ng11-j5v2-sfbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71236?format=json","vulnerability_id":"VCID-qc9d-17gg-abbj","summary":"SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58181","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14402","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14496","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14461","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1438","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/721961","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://go.dev/cl/721961"},{"reference_url":"https://go.dev/issue/76363","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://go.dev/issue/76363"},{"reference_url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58181","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58181"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4134","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4134"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092","reference_id":"1121092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2415997","reference_id":"2415997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2415997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15979","reference_id":"RHSA-2026:15979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6503","reference_id":"RHSA-2026:6503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7291","reference_id":"RHSA-2026:7291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7385","reference_id":"RHSA-2026:7385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7385"},{"reference_url":"https://usn.ubuntu.com/7956-1/","reference_id":"USN-7956-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7956-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97559?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.45.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.45.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-58181","GHSA-j5w8-q4qc-rx2x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9d-17gg-abbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71232?format=json","vulnerability_id":"VCID-rdtt-rk7t-5yby","summary":"Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45337","reference_id":"","reference_type":"","scores":[{"value":"0.32338","scoring_system":"epss","scoring_elements":"0.96941","published_at":"2026-06-06T12:55:00Z"},{"value":"0.32338","scoring_system":"epss","scoring_elements":"0.96938","published_at":"2026-06-05T12:55:00Z"},{"value":"0.32338","scoring_system":"epss","scoring_elements":"0.96942","published_at":"2026-06-08T12:55:00Z"},{"value":"0.3863","scoring_system":"epss","scoring_elements":"0.97338","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"},{"reference_url":"https://go.dev/cl/635315","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://go.dev/cl/635315"},{"reference_url":"https://go.dev/issue/70779","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://go.dev/issue/70779"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45337","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45337"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-3321","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://pkg.go.dev/vuln/GO-2024-3321"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250131-0007","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250131-0007"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/11/2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/11/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754","reference_id":"1089754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331720","reference_id":"2331720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11037","reference_id":"RHSA-2024:11037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11038","reference_id":"RHSA-2024:11038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6121","reference_id":"RHSA-2024:6121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0370","reference_id":"RHSA-2025:0370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0385","reference_id":"RHSA-2025:0385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0386","reference_id":"RHSA-2025:0386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0390","reference_id":"RHSA-2025:0390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0444","reference_id":"RHSA-2025:0444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0445","reference_id":"RHSA-2025:0445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0485","reference_id":"RHSA-2025:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0522","reference_id":"RHSA-2025:0522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0535","reference_id":"RHSA-2025:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0536","reference_id":"RHSA-2025:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0552","reference_id":"RHSA-2025:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0560","reference_id":"RHSA-2025:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0576","reference_id":"RHSA-2025:0576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0577","reference_id":"RHSA-2025:0577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0645","reference_id":"RHSA-2025:0645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0649","reference_id":"RHSA-2025:0649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0653","reference_id":"RHSA-2025:0653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0676","reference_id":"RHSA-2025:0676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0679","reference_id":"RHSA-2025:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0723","reference_id":"RHSA-2025:0723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0778","reference_id":"RHSA-2025:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0785","reference_id":"RHSA-2025:0785","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0839","reference_id":"RHSA-2025:0839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0851","reference_id":"RHSA-2025:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0892","reference_id":"RHSA-2025:0892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10771","reference_id":"RHSA-2025:10771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1285","reference_id":"RHSA-2025:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1287","reference_id":"RHSA-2025:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1289","reference_id":"RHSA-2025:1289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1322","reference_id":"RHSA-2025:1322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1324","reference_id":"RHSA-2025:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1325","reference_id":"RHSA-2025:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1326","reference_id":"RHSA-2025:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1327","reference_id":"RHSA-2025:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1331","reference_id":"RHSA-2025:1331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1332","reference_id":"RHSA-2025:1332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1333","reference_id":"RHSA-2025:1333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1448","reference_id":"RHSA-2025:1448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1451","reference_id":"RHSA-2025:1451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15680","reference_id":"RHSA-2025:15680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16160","reference_id":"RHSA-2025:16160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16165","reference_id":"RHSA-2025:16165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1710","reference_id":"RHSA-2025:1710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17232","reference_id":"RHSA-2025:17232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17657","reference_id":"RHSA-2025:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17690","reference_id":"RHSA-2025:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1824","reference_id":"RHSA-2025:1824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1829","reference_id":"RHSA-2025:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1841","reference_id":"RHSA-2025:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1845","reference_id":"RHSA-2025:1845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1847","reference_id":"RHSA-2025:1847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1848","reference_id":"RHSA-2025:1848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1849","reference_id":"RHSA-2025:1849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19306","reference_id":"RHSA-2025:19306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22182","reference_id":"RHSA-2025:22182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22287","reference_id":"RHSA-2025:22287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23061","reference_id":"RHSA-2025:23061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23064","reference_id":"RHSA-2025:23064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23203","reference_id":"RHSA-2025:23203","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23206","reference_id":"RHSA-2025:23206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23207","reference_id":"RHSA-2025:23207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2588","reference_id":"RHSA-2025:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2652","reference_id":"RHSA-2025:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2903","reference_id":"RHSA-2025:2903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2933","reference_id":"RHSA-2025:2933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3069","reference_id":"RHSA-2025:3069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3542","reference_id":"RHSA-2025:3542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3560","reference_id":"RHSA-2025:3560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8244","reference_id":"RHSA-2025:8244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2681","reference_id":"RHSA-2026:2681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://usn.ubuntu.com/7839-1/","reference_id":"USN-7839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7839-1/"},{"reference_url":"https://usn.ubuntu.com/7839-2/","reference_id":"USN-7839-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7839-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97557?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.42.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.42.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2024-45337","GHSA-v778-237x-gjrc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtt-rk7t-5yby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71241?format=json","vulnerability_id":"VCID-rgs3-sw5j-37hg","summary":"The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39831","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0997","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09937","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10023","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10051","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39831"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781662","reference_id":"781662","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:51:41Z/"}],"url":"https://go.dev/cl/781662"},{"reference_url":"https://go.dev/issue/79566","reference_id":"79566","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:51:41Z/"}],"url":"https://go.dev/issue/79566"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:51:41Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5019","reference_id":"GO-2026-5019","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-22T18:51:41Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5019"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39831"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgs3-sw5j-37hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71233?format=json","vulnerability_id":"VCID-rhj2-uxrv-fbbj","summary":"SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22869","reference_id":"","reference_type":"","scores":[{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69608","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69629","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.6962","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70114","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22"},{"reference_url":"https://go.dev/cl/652135","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/"}],"url":"https://go.dev/cl/652135"},{"reference_url":"https://go.dev/issue/71931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/"}],"url":"https://go.dev/issue/71931"},{"reference_url":"https://go-review.googlesource.com/c/crypto/+/652135","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go-review.googlesource.com/c/crypto/+/652135"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22869","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22869"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-3487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-3487"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250411-0010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250411-0010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968","reference_id":"1098968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348367","reference_id":"2348367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11037","reference_id":"RHSA-2024:11037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11038","reference_id":"RHSA-2024:11038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13848","reference_id":"RHSA-2025:13848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14048","reference_id":"RHSA-2025:14048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14060","reference_id":"RHSA-2025:14060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14820","reference_id":"RHSA-2025:14820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14859","reference_id":"RHSA-2025:14859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16160","reference_id":"RHSA-2025:16160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16165","reference_id":"RHSA-2025:16165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21704","reference_id":"RHSA-2025:21704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3051","reference_id":"RHSA-2025:3051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3052","reference_id":"RHSA-2025:3052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3053","reference_id":"RHSA-2025:3053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3165","reference_id":"RHSA-2025:3165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3172","reference_id":"RHSA-2025:3172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3175","reference_id":"RHSA-2025:3175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3184","reference_id":"RHSA-2025:3184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3185","reference_id":"RHSA-2025:3185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3186","reference_id":"RHSA-2025:3186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3210","reference_id":"RHSA-2025:3210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3266","reference_id":"RHSA-2025:3266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3268","reference_id":"RHSA-2025:3268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3336","reference_id":"RHSA-2025:3336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3437","reference_id":"RHSA-2025:3437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3438","reference_id":"RHSA-2025:3438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3439","reference_id":"RHSA-2025:3439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3498","reference_id":"RHSA-2025:3498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3685","reference_id":"RHSA-2025:3685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3763","reference_id":"RHSA-2025:3763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3813","reference_id":"RHSA-2025:3813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3814","reference_id":"RHSA-2025:3814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3833","reference_id":"RHSA-2025:3833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3863","reference_id":"RHSA-2025:3863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3932","reference_id":"RHSA-2025:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3959","reference_id":"RHSA-2025:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4002","reference_id":"RHSA-2025:4002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4012","reference_id":"RHSA-2025:4012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4171","reference_id":"RHSA-2025:4171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4188","reference_id":"RHSA-2025:4188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4502","reference_id":"RHSA-2025:4502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4666","reference_id":"RHSA-2025:4666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4731","reference_id":"RHSA-2025:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7391","reference_id":"RHSA-2025:7391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7416","reference_id":"RHSA-2025:7416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7462","reference_id":"RHSA-2025:7462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7484","reference_id":"RHSA-2025:7484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7698","reference_id":"RHSA-2025:7698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7702","reference_id":"RHSA-2025:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7753","reference_id":"RHSA-2025:7753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8224","reference_id":"RHSA-2025:8224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8244","reference_id":"RHSA-2025:8244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8274","reference_id":"RHSA-2025:8274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8704","reference_id":"RHSA-2025:8704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9136","reference_id":"RHSA-2025:9136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9562","reference_id":"RHSA-2025:9562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3718","reference_id":"RHSA-2026:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97557?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.42.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.42.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-22869","GHSA-hcg3-q754-cr77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhj2-uxrv-fbbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71234?format=json","vulnerability_id":"VCID-vz85-9b59-jbez","summary":"SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47913","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05027","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04967","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05005","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05012","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05977","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414943","reference_id":"2414943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414943"},{"reference_url":"https://go.dev/cl/700295","reference_id":"700295","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://go.dev/cl/700295"},{"reference_url":"https://go.dev/issue/75178","reference_id":"75178","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://go.dev/issue/75178"},{"reference_url":"https://github.com/advisories/GHSA-56w8-48fp-6mgv","reference_id":"GHSA-56w8-48fp-6mgv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://github.com/advisories/GHSA-56w8-48fp-6mgv"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4116","reference_id":"GO-2025-4116","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22743","reference_id":"RHSA-2025:22743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22955","reference_id":"RHSA-2025:22955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23028","reference_id":"RHSA-2025:23028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23059","reference_id":"RHSA-2025:23059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23060","reference_id":"RHSA-2025:23060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23061","reference_id":"RHSA-2025:23061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23064","reference_id":"RHSA-2025:23064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23176","reference_id":"RHSA-2025:23176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23546","reference_id":"RHSA-2025:23546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0436","reference_id":"RHSA-2026:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0437","reference_id":"RHSA-2026:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0470","reference_id":"RHSA-2026:0470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0527","reference_id":"RHSA-2026:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0545","reference_id":"RHSA-2026:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0753","reference_id":"RHSA-2026:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1017","reference_id":"RHSA-2026:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1018","reference_id":"RHSA-2026:1018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10703","reference_id":"RHSA-2026:10703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1084","reference_id":"RHSA-2026:1084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11749","reference_id":"RHSA-2026:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12030","reference_id":"RHSA-2026:12030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13431","reference_id":"RHSA-2026:13431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13450","reference_id":"RHSA-2026:13450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13630","reference_id":"RHSA-2026:13630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14868","reference_id":"RHSA-2026:14868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16102","reference_id":"RHSA-2026:16102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16701","reference_id":"RHSA-2026:16701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16702","reference_id":"RHSA-2026:16702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19634","reference_id":"RHSA-2026:19634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20880","reference_id":"RHSA-2026:20880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2136","reference_id":"RHSA-2026:2136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2454","reference_id":"RHSA-2026:2454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2922","reference_id":"RHSA-2026:2922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3122","reference_id":"RHSA-2026:3122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3827","reference_id":"RHSA-2026:3827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4532","reference_id":"RHSA-2026:4532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4693","reference_id":"RHSA-2026:4693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5167","reference_id":"RHSA-2026:5167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5222","reference_id":"RHSA-2026:5222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6503","reference_id":"RHSA-2026:6503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8325","reference_id":"RHSA-2026:8325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8325"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97558?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.43.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-47913"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vz85-9b59-jbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71245?format=json","vulnerability_id":"VCID-x5b6-usjc-dbgg","summary":"SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39835","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08902","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08878","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08853","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08899","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08918","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39835"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781660","reference_id":"781660","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:44:50Z/"}],"url":"https://go.dev/cl/781660"},{"reference_url":"https://go.dev/issue/79563","reference_id":"79563","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:44:50Z/"}],"url":"https://go.dev/issue/79563"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:44:50Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5015","reference_id":"GO-2026-5015","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T17:44:50Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39835"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5b6-usjc-dbgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71248?format=json","vulnerability_id":"VCID-xr6j-y5ud-4kc1","summary":"An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46597","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17056","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17038","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17118","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17152","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46597"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781620","reference_id":"781620","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T14:08:24Z/"}],"url":"https://go.dev/cl/781620"},{"reference_url":"https://go.dev/issue/79561","reference_id":"79561","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T14:08:24Z/"}],"url":"https://go.dev/issue/79561"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T14:08:24Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5013","reference_id":"GO-2026-5013","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T14:08:24Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46597"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xr6j-y5ud-4kc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71240?format=json","vulnerability_id":"VCID-yuwg-vgdy-9uht","summary":"A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39830","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17171","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1707","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17052","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17132","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17167","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516","reference_id":"1137516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137516"},{"reference_url":"https://go.dev/cl/781640","reference_id":"781640","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:54:26Z/"}],"url":"https://go.dev/cl/781640"},{"reference_url":"https://go.dev/cl/781664","reference_id":"781664","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:54:26Z/"}],"url":"https://go.dev/cl/781664"},{"reference_url":"https://go.dev/issue/79564","reference_id":"79564","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:54:26Z/"}],"url":"https://go.dev/issue/79564"},{"reference_url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","reference_id":"a082jnz-LvI","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:54:26Z/"}],"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-5017","reference_id":"GO-2026-5017","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-22T18:54:26Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-5017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-39830"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwg-vgdy-9uht"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71227?format=json","vulnerability_id":"VCID-1tgg-4nyq-cqhf","summary":"A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29652","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09232","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0922","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09282","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09261","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09201","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652"},{"reference_url":"https://go.dev/cl/278852","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/278852"},{"reference_url":"https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8"},{"reference_url":"https://go-review.googlesource.com/c/crypto/+/278852","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go-review.googlesource.com/c/crypto/+/278852"},{"reference_url":"https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"},{"reference_url":"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29652","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29652"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0227","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0227"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908883","reference_id":"1908883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5633","reference_id":"RHSA-2020:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1796","reference_id":"RHSA-2021:1796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2920","reference_id":"RHSA-2021:2920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97547?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-gq3p-6grm-4khq"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vqmu-2sqh-2qex"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-w5s4-t37q-bybc"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-29652","GHSA-3vm4-22fp-5rfm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tgg-4nyq-cqhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71224?format=json","vulnerability_id":"VCID-45we-eb91-z3bb","summary":"The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3204","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64149","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64099","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64129","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6414","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64151","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.64143","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3204"},{"reference_url":"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3204"},{"reference_url":"https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991"},{"reference_url":"https://github.com/golang/go/issues/19767","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go/issues/19767"},{"reference_url":"https://go.dev/cl/340830","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/340830"},{"reference_url":"https://go.dev/cl/38701","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/38701"},{"reference_url":"https://go.dev/issue/19767","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/19767"},{"reference_url":"https://godoc.org/golang.org/x/crypto/ssh","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://godoc.org/golang.org/x/crypto/ssh"},{"reference_url":"https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3204","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3204"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0013"},{"reference_url":"https://web.archive.org/web/20170423080311/https://www.securityfocus.com/bid/97481","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170423080311/https://www.securityfocus.com/bid/97481"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3204","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3204"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439748","reference_id":"1439748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655","reference_id":"859655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97546?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%2BREALLY.0.0~git20161012.0.5f31782-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%252BREALLY.0.0~git20161012.0.5f31782-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97547?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-gq3p-6grm-4khq"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vqmu-2sqh-2qex"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-w5s4-t37q-bybc"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2017-3204","GHSA-xhjq-w7xm-p8qj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45we-eb91-z3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71226?format=json","vulnerability_id":"VCID-6fja-bnwd-n7a3","summary":"A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional \"Hash\" Armor Headers. The \"Hash\" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.","references":[{"reference_url":"http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11841","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60895","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60912","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60917","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60867","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60911","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841"},{"reference_url":"https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442"},{"reference_url":"https://github.com/golang/crypto/tree/master/openpgp/clearsign","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/tree/master/openpgp/clearsign"},{"reference_url":"https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442"},{"reference_url":"https://go-review.git.corp.google.com/c/crypto/+/173778","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go-review.git.corp.google.com/c/crypto/+/173778"},{"reference_url":"https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11841","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11841"},{"reference_url":"https://pkg.go.dev/vuln/GO-2023-1992","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2023-1992"},{"reference_url":"https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97550?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97547?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-gq3p-6grm-4khq"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vqmu-2sqh-2qex"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-w5s4-t37q-bybc"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11841","GHSA-x3jr-pf6g-c48f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fja-bnwd-n7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71225?format=json","vulnerability_id":"VCID-8xh2-b47n-7yg2","summary":"An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11840","reference_id":"","reference_type":"","scores":[{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84343","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02143","scoring_system":"epss","scoring_elements":"0.84561","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02143","scoring_system":"epss","scoring_elements":"0.84565","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02143","scoring_system":"epss","scoring_elements":"0.84537","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840"},{"reference_url":"https://github.com/golang/go","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go"},{"reference_url":"https://github.com/golang/go/issues/30965","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go/issues/30965"},{"reference_url":"https://go.dev/cl/168406","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/168406"},{"reference_url":"https://go.dev/issue/30965","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/30965"},{"reference_url":"https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d"},{"reference_url":"https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ"},{"reference_url":"https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11840","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11840"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0209","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691529","reference_id":"1691529","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0079","reference_id":"RHSA-2021:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0079"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97550?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97547?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-gq3p-6grm-4khq"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vqmu-2sqh-2qex"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-w5s4-t37q-bybc"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11840","GHSA-r5c5-pr8j-pfp7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xh2-b47n-7yg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71229?format=json","vulnerability_id":"VCID-gq3p-6grm-4khq","summary":"The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43565","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07673","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07686","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07717","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0773","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0766","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/368814","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/368814"},{"reference_url":"https://go.dev/issues/49932","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issues/49932"},{"reference_url":"https://groups.google.com/forum/#!forum/golang-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/golang-announce"},{"reference_url":"https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43565","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43565"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0968","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030787","reference_id":"2030787","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1276","reference_id":"RHSA-2022:1276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1361","reference_id":"RHSA-2022:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1372","reference_id":"RHSA-2022:1372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5068","reference_id":"RHSA-2022:5068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5069","reference_id":"RHSA-2022:5069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5188","reference_id":"RHSA-2022:5188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5673","reference_id":"RHSA-2022:5673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8938","reference_id":"RHSA-2022:8938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2944","reference_id":"RHSA-2024:2944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2944"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97552?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20211202.5770296-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20211202.5770296-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2021-43565","GHSA-gwc9-m7rh-j2ww"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gq3p-6grm-4khq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71228?format=json","vulnerability_id":"VCID-rxtv-c89a-n7be","summary":"golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.","references":[{"reference_url":"http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9283","reference_id":"","reference_type":"","scores":[{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95412","published_at":"2026-06-08T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.9541","published_at":"2026-06-06T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95407","published_at":"2026-06-05T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95399","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95416","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236"},{"reference_url":"https://go.dev/cl/220357","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/220357"},{"reference_url":"https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236"},{"reference_url":"https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"},{"reference_url":"https://groups.google.com/g/golang-announce/c/3L45YRc91SY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/3L45YRc91SY"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9283"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0012","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0012"},{"reference_url":"https://www.exploit-db.com/exploits/48121","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/48121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804533","reference_id":"1804533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462","reference_id":"952462","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py","reference_id":"CVE-2020-9283","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2412","reference_id":"RHSA-2020:2412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2413","reference_id":"RHSA-2020:2413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2789","reference_id":"RHSA-2020:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2790","reference_id":"RHSA-2020:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2793","reference_id":"RHSA-2020:2793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2878","reference_id":"RHSA-2020:2878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3078","reference_id":"RHSA-2020:3078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3369","reference_id":"RHSA-2020:3369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3370","reference_id":"RHSA-2020:3370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3372","reference_id":"RHSA-2020:3372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3414","reference_id":"RHSA-2020:3414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3809","reference_id":"RHSA-2020:3809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1129","reference_id":"RHSA-2021:1129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97550?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97547?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-gq3p-6grm-4khq"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vqmu-2sqh-2qex"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-w5s4-t37q-bybc"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-9283","GHSA-ffhg-7mh4-33c4"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxtv-c89a-n7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71231?format=json","vulnerability_id":"VCID-vqmu-2sqh-2qex","summary":"httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\\..\\asd becomes ..\\..\\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30636","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40547","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40627","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40631","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40604","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40574","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40588","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30636"},{"reference_url":"https://go.dev/cl/408694","reference_id":"408694","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/"}],"url":"https://go.dev/cl/408694"},{"reference_url":"https://go.dev/issue/53082","reference_id":"53082","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/"}],"url":"https://go.dev/issue/53082"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2961","reference_id":"GO-2024-2961","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/"}],"url":"https://pkg.go.dev/vuln/GO-2024-2961"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97554?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20220829.c86fa9a-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20220829.c86fa9a-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2022-30636"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqmu-2sqh-2qex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71230?format=json","vulnerability_id":"VCID-w5s4-t37q-bybc","summary":"The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27191.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27191","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25421","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25308","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25299","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25324","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25358","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25406","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27191"},{"reference_url":"https://cs.opensource.google/go/x/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cs.opensource.google/go/x/crypto"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/392355","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/392355"},{"reference_url":"https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d"},{"reference_url":"https://groups.google.com/g/golang-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27191","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27191"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0356","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0356"},{"reference_url":"https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220429-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220429-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064702","reference_id":"2064702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5068","reference_id":"RHSA-2022:5068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5069","reference_id":"RHSA-2022:5069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6527","reference_id":"RHSA-2022:6527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7401","reference_id":"RHSA-2022:7401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7457","reference_id":"RHSA-2022:7457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7469","reference_id":"RHSA-2022:7469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7954","reference_id":"RHSA-2022:7954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8008","reference_id":"RHSA-2022:8008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8634","reference_id":"RHSA-2022:8634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8893","reference_id":"RHSA-2022:8893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8932","reference_id":"RHSA-2022:8932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8938","reference_id":"RHSA-2022:8938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9096","reference_id":"RHSA-2022:9096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9107","reference_id":"RHSA-2022:9107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1325","reference_id":"RHSA-2023:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1326","reference_id":"RHSA-2023:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3366","reference_id":"RHSA-2023:3366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3943","reference_id":"RHSA-2023:3943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4488","reference_id":"RHSA-2023:4488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97553?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20220315.3147a52-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20220315.3147a52-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97545?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-38u7-pvx6-ayb4"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97549?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1f5g-jvfq-fkf9"},{"vulnerability":"VCID-2vrr-2e4y-v3ar"},{"vulnerability":"VCID-6b1a-3j19-akf6"},{"vulnerability":"VCID-87u8-ckhc-xkbe"},{"vulnerability":"VCID-dpcn-e5wh-f3dy"},{"vulnerability":"VCID-fdtb-76h9-3fhr"},{"vulnerability":"VCID-h2zv-pdv7-qqf8"},{"vulnerability":"VCID-mg7t-ytdk-1uf9"},{"vulnerability":"VCID-mwry-sy2z-g7fx"},{"vulnerability":"VCID-ng11-j5v2-sfbf"},{"vulnerability":"VCID-qc9d-17gg-abbj"},{"vulnerability":"VCID-rdtt-rk7t-5yby"},{"vulnerability":"VCID-rgs3-sw5j-37hg"},{"vulnerability":"VCID-rhj2-uxrv-fbbj"},{"vulnerability":"VCID-vz85-9b59-jbez"},{"vulnerability":"VCID-x5b6-usjc-dbgg"},{"vulnerability":"VCID-xr6j-y5ud-4kc1"},{"vulnerability":"VCID-yuwg-vgdy-9uht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97548?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.52.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.52.0-1%3Fdistro=trixie"}],"aliases":["CVE-2022-27191","GHSA-8c26-wmh5-6g9v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5s4-t37q-bybc"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"}