Lucene search
K

28 matches found

OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

7.4CVSS6AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 11:51 a.m.12 views

CLSA-2026-1771501913 curl: Fix of CVE-2025-15079

CVE-2025-15079: fix accepting hosts not present in the specified knownhosts during SSH-based SCP/SFTP transfers when global knownhosts contained them restrict host verification to the specified knownhosts file...

5.3CVSS6.6AI score0.00457EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 10:15 a.m.4 views

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS5.4AI score0.00457EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/01/08 10:8 a.m.5 views

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6.5AI score0.00457EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.5 views

curl 安全漏洞

curl is an open source tool from cURL for transferring data from or to a server. A security vulnerability exists in curl that stems from libcurl incorrectly accepting connections to SSH hosts that are not listed in the specified knownhosts file...

5.3CVSS6.3AI score0.00457EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-2667

Malware in sbrugna...

1.2CVSS8AI score0.01177EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/04/25 3:11 p.m.12 views

Fleet doesn’t validate a server’s certificate when connecting through SSH

Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the knownhosts file. This could allow the execution of a man-in-the-middle MitM attack against Fleet...

7.1AI score0.00434EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/04/25 3:11 p.m.7 views

GHSA-XGPC-Q899-67P8 Fleet doesn’t validate a server’s certificate when connecting through SSH

Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the knownhosts file. This could allow the execution of a man-in-the-middle MitM attack against Fleet...

6.3CVSS7.1AI score0.00434EPSS
Exploits0References9
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.392 views

libssh security update

0.9.6-14 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol BPP - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...

5.3CVSS8AI score0.9378EPSS
Exploits18
OpenVAS
OpenVAS
added 2023/02/03 12:0 a.m.27 views

OpenBSD OpenSSH < 9.2 Unspecified Vulnerability

OpenBSD OpenSSH is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

7.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2019:14031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.6AI score0.06275EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/04/29 12:0 a.m.33 views

SUSE SLES11 Security Update : libssh2_org (SUSE-SU-2019:14031-1)

This update for libssh2org fixes the following issues : Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 Store but don't use keys of unsupported types in the knownhosts file bsc1091236 Note that Tenable Network Security has extracted the preceding...

9.1CVSS7.3AI score0.06275EPSS
Exploits0References6
OSV
OSV
added 2019/04/27 7:31 a.m.6 views

SUSE-SU-2019:14031-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication bsc1133528, bsc1130103 - Store but don't use keys of unsupported types in the knownhosts file bsc1091236...

9.1CVSS8.6AI score0.06275EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/03/29 12:0 a.m.47 views

openSUSE Security Update : libssh2_org (openSUSE-2019-1075)

This update for libssh2org fixes the following issues : Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets bsc1128490. - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet bsc1128492. -...

9.3CVSS7.4AI score0.09219EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2019/03/25 4:16 p.m.32 views

Improper Certificate Validation in chloride

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knownhosts file without confirmation. In version 0.3.0 this is updated so that the user's knownhosts file is not updated by chloride...

7.5CVSS2.5AI score0.00893EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/03/21 4:0 p.m.11 views

CVE-2018-6517

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knownhosts file without confirmation. In version 0.3.0 this is updated so that the user's knownhosts file is not updated by chloride...

7.5CVSS6.8AI score0.00893EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/03/21 12:0 a.m.33 views

SUSE SLED12 / SLES12 Security Update : libssh2_org (SUSE-SU-2019:0655-1)

This update for libssh2org fixes the following issues : Security issues fixed : CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets bsc1128490. CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet bsc1128492...

9.3CVSS7.5AI score0.09219EPSS
Exploits0References29
Cvelist
Cvelist
added 2019/03/17 7:14 p.m.19 views

CVE-2018-6517

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knownhosts file without confirmation. In version 0.3.0 this is updated so that the user's knownhosts file is not updated by chloride...

7.5AI score0.00893EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/10 12:0 a.m.67 views

SUSE SLED12 Security Update : openssh (SUSE-SU-2017:0607-2)

This update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...

7.8CVSS6.7AI score0.37431EPSS
Exploits5References12
Rows per page
Query Builder