6 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004931)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004931 advisory. When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in th...
CVE-2025-15079 libssh global known_hosts override
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...
CVE-2025-15079
CVE-2025-15079 affects curl/libcurl when using SSH-based transfers (SCP/SFTP) with a libssh backend. The vulnerability arises in known_hosts handling: even if a per-file known_hosts is used, connections could be accepted for hosts not present in that file if they are recognized in the libssh glob...
libssh global known_hosts override
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...
UBUNTU-CVE-2025-15079
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...
curl: CVE-2025-15079: libssh global knownhost override
A vulnerability was discovered in libssh where the SSHOPTIONSGLOBALKNOWNHOSTS option was used to specify a global knownhosts file. If the host was not found in the file specified by SSHOPTIONSKNOWNHOSTS, the global file was checked, potentially allowing any host identities specified in the defaul...