Lucene search
K

34 matches found

Snyk
Snyk
added 2026/07/03 8:18 a.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CURLOPTSSHKEYFUNCTION process. An attacker can intercept or manipulate data by presenting a server host key type that does not match the recorded key type in the knownhosts file, which is improperl...

8.3CVSS6AI score0.00508EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS0.00508EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:18 a.m.8 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00508EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.17 views

SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51756

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description Applications using libcurl for transfers via SCP:// or SFTP:// that utilize the CURLOPT SSH KEYFUNCTION callback may silently accept an untrusted server. This occurs when a server presents a...

7.5CVSS5.8AI score0.00543EPSS
Exploits3References48
Snyk
Snyk
added 2026/06/09 6:32 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in kekunwrapkey in the CMS component. An attacker supplying malicious CMS data can select a stream-mode KEK cipher via the OID in the PWRI keyEncryptionAlgorithm, defeating the block-length minimum-length guard so tha...

8.2CVSS7.3AI score0.00297EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 8:1 p.m.38 views

CVE-2026-2100 P11-kit: null dereference via c_derivekey with specific null parameters

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

5.3CVSS0.0116EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Siemens S7-1500 Use After Free (CVE-2025-7425)

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2026/02/09 12:0 a.m.4 views

UBUNTU-CVE-2026-2100

NULL dereference via CDeriveKey with specific NULL parameters...

7.5CVSS5.8AI score0.0116EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

TencentOS Server 3: libxml2 (TSSA-2025:0696)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0696 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-7425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as...

7.8CVSS6.7AI score0.00339EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/08/07 4:6 p.m.8 views

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/08/07 5:26 a.m.11 views

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/08/07 5:24 a.m.3 views

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/31 4:31 p.m.14 views

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References5
OSV
OSV
added 2025/07/10 2:15 p.m.5 views

AZL-65409 CVE-2025-7425 affecting package libxslt 1.1.43-3

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.6AI score0.00339EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/07/10 1:53 p.m.6 views

CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References33
SUSE CVE
SUSE CVE
added 2024/11/10 3:48 a.m.3 views

SUSE CVE-2024-50262

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in triegetnextkey triegetnextkey allocates a node stack with size trie-maxprefixlen, while it writes trie-maxprefixlen + 1 nodes to the stack when it has full paths from the root to leaves. For exampl...

6.6CVSS7.9AI score0.00267EPSS
Exploits0References19
OSV
OSV
added 2024/11/09 11:15 a.m.17 views

UBUNTU-CVE-2024-50262

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in triegetnextkey triegetnextkey allocates a node stack with size trie-maxprefixlen, while it writes trie-maxprefixlen + 1 nodes to the stack when it has full paths from the root to leaves. For exampl...

7.8CVSS6.4AI score0.00267EPSS
Exploits0References48
Rows per page
Query Builder