Lucene search
+L

451 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-38974

A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...

8.8CVSS6.3AI score0.00145EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-44852

Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...

5.3CVSS6.1AI score0.00145EPSS
Exploits0References3
OSV
OSV
added yesterday4 views

UBUNTU-CVE-2026-38974

Dulwich through 1.1.0 was found to be missing SSH host key verificatio...

5.3CVSS6AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-60333

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.1.0 Description Dulwich fails to perform SSH host key verification within the contrib/paramiko vendor.py file. This lack of verification allows for potential man-in-the-middle attacks during SSH connections...

6.1AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-38974

Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...

0.00145EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-38974

CVE-2026-38974 affects Dulwich up to 1.1.0, where the SSH host key verification is missing in contrib/paramiko_vendor.py. The flaw enables a remote attacker to impersonate a legitimate Git server during SSH connections, potentially exposing sensitive data or enabling code execution on the client....

5.3CVSS6.1AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS0.00461EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43499

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References2
CVE
CVE
added 4 days ago21 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago3 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/07/10 3:20 a.m.5 views

SUSE CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6.1AI score0.00508EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.4CVSS6.2AI score0.00574EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.10 views

OpenSSH < 10.4 Multiple Vulnerabilities

The version of OpenSSH installed on the remote host is prior to 10.4. It is, therefore, affected by multiple vulnerabilities, including: - ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6.2AI score0.00407EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.3 views

openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side

A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability...

9.4CVSS6.1AI score0.00263EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/07/09 8:1 a.m.6 views

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

...

9.4CVSS6.1AI score0.00263EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/07/09 2:52 a.m.4 views

SUSE CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6.1AI score0.00263EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 5:45 a.m.6 views

CVE-2026-60002

A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability. Mitigation To mitigate this...

9.4CVSS6AI score0.00263EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 1:16 a.m.5 views

DEBIAN-CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 1:16 a.m.8 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS0.00263EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 12:17 a.m.223 views

CVE-2026-60002

Summary (CVE-2026-60002): OpenSSH

9.4CVSS6AI score0.00263EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder