Lucene search
K

7 matches found

OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-430 When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file,...

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6.7AI score0.00457EPSS
Exploits1References6
NVD
NVD
added 2026/01/08 10:15 a.m.7 views

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS0.00457EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.8 views

libssh global known_hosts override

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS5.8AI score0.00457EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/01/06 7:0 a.m.6 views

UBUNTU-CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6AI score0.00457EPSS
Exploits1References5
Hacker One
Hacker One
added 2025/12/24 4:45 a.m.12 views

curl: CVE-2025-15079: libssh global knownhost override

A vulnerability was discovered in libssh where the SSHOPTIONSGLOBALKNOWNHOSTS option was used to specify a global knownhosts file. If the host was not found in the file specified by SSHOPTIONSKNOWNHOSTS, the global file was checked, potentially allowing any host identities specified in the defaul...

5.3CVSS6.7AI score0.00457EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/09/29 8:38 p.m.4 views

CVE-2025-34207 Vasion Print (formerly PrinterLogic) Insecure SSH Client Configuration

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 VA and SaaS deployments configure the SSH client within Docker instances with the following options: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. These...

7.9CVSS6.5AI score0.00621EPSS
Exploits0References4
Snyk
Snyk
added 2005/08/23 4:0 a.m.2 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials. SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the knownhosts file, which makes it easier for an attacker that...

2.9CVSS8.1AI score0.01177EPSS
Exploits0References2
Rows per page
Query Builder