CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Wolfi•added 2026/01/07 1:51 a.m.•3 views

CVE-2024-41254 vulnerabilities

Vulnerabilities for packages: litestream...

5.3CVSS7AI score0.00193EPSS

Exploits0

Wolfi•added 2026/01/07 1:51 a.m.•2 views

GHSA-QPGW-J75C-J585 vulnerabilities

Vulnerabilities for packages: litestream...

7AI score

Exploits0

Chainguard•added 2026/01/07 1:30 a.m.•2 views

GHSA-QPGW-J75C-J585 vulnerabilities

Vulnerabilities for packages: litestream...

7AI score

Exploits0

Chainguard•added 2026/01/07 1:30 a.m.•6 views

CVE-2024-41254 vulnerabilities

Vulnerabilities for packages: litestream...

5.3CVSS7AI score0.00193EPSS

Exploits0

RedhatCVE•added 2025/05/23 9:11 a.m.•4 views

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

5.3CVSS5.9AI score0.00193EPSS

Exploits0References1

Wolfi•added 2025/02/25 3:16 p.m.•15 views

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: nri-rabbitmq, prometheus-operator, rancher-loglevel, secrets-store-csi-driver-provider-azure, memcached-exporter, external-dns, tempo, bank-vaults, helm, grafana-operator, chartmuseum, kuberlr, gcsfuse, node-problem-detector, vertical-pod-autoscaler, http-echo,...

5.8AI score

Exploits0

Chainguard•added 2024/12/18 6:23 p.m.•7 views

GHSA-32GQ-X56H-299C vulnerabilities

Vulnerabilities for packages: age, chezmoi, flux-kustomize-controller-fips, age-fips, grafana-fips, litestream, flux-kustomize-controller, sops, grafana, sops-fips, ksops...

5.8AI score

Exploits0

Veracode•added 2024/08/02 8:24 a.m.•13 views

Man-in-the-middle Attack

github.com/benbjohnson/litestream is vulnerable to a Man-in-the-middle Attack. The vulnerability is due to unsafe usage of ssh.InsecureIgnoreHostKey, which disables host key verification and potentially allows attackers to obtain sensitive information through a Man-in-the-middle Attack...

5.3CVSS6.3AI score0.00193EPSS

Exploits0References2Affected Software1

NVD•added 2024/07/31 9:15 p.m.•17 views

CVE-2024-41254

5.3CVSS0.00193EPSS

Exploits0References1

OSV•added 2024/07/31 9:15 p.m.•7 views

CVE-2024-41254

5.3CVSS6.2AI score

Exploits0References1

CNNVD•added 2024/07/31 12:0 a.m.•4 views

Litestream 安全漏洞

Litestream is a standalone disaster recovery tool for SQLite from the individual developer Ben Johnson. A security vulnerability exists in Litestream version v0.3.13, which stems from the use of ssh.InsecureIgnoreHostKey that disables host key authentication. An attacker could obtain sensitive...

5.3CVSS6.4AI score0.00193EPSS

Exploits0References2

Cvelist•added 2024/07/31 12:0 a.m.•26 views

CVE-2024-41254

0.00193EPSS

Exploits0References1

Positive Technologies•added 2024/07/31 12:0 a.m.•3 views

PT-2024-29332 · Unknown · Litestream

Name of the Vulnerable Software and Affected Versions: litestream version 0.3.13 Description: An issue was discovered where the usage of the ssh.InsecureIgnoreHostKey function disables host key verification. This could possibly allow attackers to obtain sensitive information via a man-in-the-midd...

5.3CVSS6.7AI score0.00193EPSS

Exploits0References5

Vulnrichment•added 2024/07/31 12:0 a.m.•14 views

CVE-2024-41254

6.3AI score0.00193EPSS

Exploits0References1

CVE•added 2024/07/31 12:0 a.m.•56 views

CVE-2024-41254

CVE-2024-41254 affects litestream v0.3.13. The root cause is the use of ssh.InsecureIgnoreHostKey(), which disables host key verification and can enable a man‑in‑the‑middle attack to exfiltrate sensitive information. Multiple connected sources (NVD, Veracode, CNNVD, OSV, CGA, Chainguard, Wolfi, C...

5.3CVSS6.4AI score0.00193EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by