451 matches found
CVE-2026-38974
A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...
EUVD-2026-44852
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...
UBUNTU-CVE-2026-38974
Dulwich through 1.1.0 was found to be missing SSH host key verificatio...
CVE-2026-38974
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...
PT-2026-60333
Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.1.0 Description Dulwich fails to perform SSH host key verification within the contrib/paramiko vendor.py file. This lack of verification allows for potential man-in-the-middle attacks during SSH connections...
CVE-2026-38974
CVE-2026-38974 affects Dulwich up to 1.1.0, where the SSH host key verification is missing in contrib/paramiko_vendor.py. The flaw enables a remote attacker to impersonate a legitimate Git server during SSH connections, potentially exposing sensitive data or enabling code execution on the client....
CVE-2026-58065
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
EUVD-2026-43499
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
CVE-2026-58065
The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...
CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
SUSE CVE-2026-9547
When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...
SUSE CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
OpenSSH < 10.4 Multiple Vulnerabilities
The version of OpenSSH installed on the remote host is prior to 10.4. It is, therefore, affected by multiple vulnerabilities, including: - ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...
openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side
A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability...
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
...
SUSE CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...
CVE-2026-60002
A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability. Mitigation To mitigate this...
DEBIAN-CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...
CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...
CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...