CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

796 matches found

Veracode•added 2023/01/25 8:21 p.m.•22 views

Improper Input Validation

libgit2 is vulnerable to Improper Input Validation. When using an SSH remote with the optional libssh2 backend, it does not perform certificate checking by default subjecting to a man-in-the-middle attack...

5.9CVSS6AI score0.00128EPSS

Exploits0References8Affected Software1

NCSC•added 2023/01/23 12:0 a.m.•1 views

Vulnerability fixed in libgit2

A vulnerability has been fixed in libgit2. libgit2 is a library for providing git functionality to Python and Go applications. An unauthenticated malicious person can exploit the exploit the vulnerability to perform a man-in-the-middle attack because libgit2 does not verify SSH certificates by...

5.9CVSS6.9AI score0.00128EPSS

Exploits0

OSV•added 2023/01/20 11:15 p.m.•1 views

DEBIAN-CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.6AI score0.00128EPSS

Exploits0References1

NVD•added 2023/01/20 11:15 p.m.•13 views

CVE-2023-22742

5.9CVSS5.7AI score0.00128EPSS

Exploits0References7

Prion•added 2023/01/20 11:15 p.m.•20 views

Design/Logic Flaw

2.6CVSS5.8AI score0.00128EPSS

Exploits0References6Affected Software1

UbuntuCve•added 2023/01/20 11:15 p.m.•26 views

CVE-2023-22742

5.9CVSS6.1AI score0.00128EPSS

Exploits0References6

OSV•added 2023/01/20 11:15 p.m.•0 views

UBUNTU-CVE-2023-22742

5.9CVSS5.8AI score0.00128EPSS

Exploits0References7

CVE•added 2023/01/20 10:49 p.m.•441 views

CVE-2023-22742

CVE-2023-22742 affects libgit2 when using SSH with the optional libssh2 backend. The issue is that certificate checking is not performed by default unless a certificate_check callback is explicitly configured in git_remote_callbacks, enabling potential MITM if server SSH keys are not validated. T...

5.9CVSS5.6AI score0.00128EPSS

Exploits0References7Affected Software1

Cvelist•added 2023/01/20 10:49 p.m.•18 views

CVE-2023-22742 libgit2 fails to verify SSH keys by default

5.3CVSS6.1AI score0.00128EPSS

Exploits0References7

Positive Technologies•added 2023/01/20 12:0 a.m.•2 views

PT-2023-1296 · Libssh2 +6 · Libssh2 +6

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.4.5 libgit2 versions prior to 1.5.1 Description: The issue is related to the lack of certificate checking by default when using an SSH remote with the optional libssh2 backend in libgit2. This means that clients wi...

10CVSS9.4AI score0.06011EPSS

Exploits0References72

Tenable Nessus•added 2022/09/01 12:0 a.m.•63 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1)

The version of AOS installed on the remote host is prior to 5.19.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

10CVSS7.5AI score0.93618EPSS

Exploits115References124

OpenVAS•added 2022/04/21 12:0 a.m.•23 views

Slackware: Security Advisory (SSA:2019-077-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.1AI score0.16241EPSS

Exploits0References2

CBLMariner•added 2022/04/09 6:51 a.m.•12 views

CVE-2019-17498 affecting package libssh2 for versions less than 1.9.0-1

CVE-2019-17498 affecting package libssh2 for versions less than 1.9.0-1. A patched version of the package is available...

8.1CVSS8AI score0.0142EPSS

Exploits1

OSV•added 2022/03/07 11:47 p.m.•0 views

USN-5308-1 libssh2 vulnerabilities

It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could possibly execute arbitrary code on the client system. CVE-2019-3855 It was discovered that libssh2 incorrectly handled prompt...

9.3CVSS7.4AI score0.424EPSS

Exploits2References12

Ubuntu•added 2022/03/07 11:47 p.m.•58 views

USN-5308-1: libssh2 vulnerabilities

9.3CVSS8.1AI score0.424EPSS

Exploits2

OpenVAS•added 2022/01/28 12:0 a.m.•19 views

Mageia: Security Advisory (MGASA-2019-0343)

8.1CVSS8.3AI score0.0142EPSS

Exploits1References7

OpenVAS•added 2022/01/28 12:0 a.m.•22 views

Mageia: Security Advisory (MGASA-2015-0107)

6.8CVSS6.6AI score0.04133EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•26 views

Mageia: Security Advisory (MGASA-2019-0139)

9.3CVSS7.8AI score0.16241EPSS

Exploits0References5

OpenVAS•added 2021/12/20 12:0 a.m.•25 views

Debian: Security Advisory (DLA-2848-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.2AI score0.424EPSS

Exploits2References4

Tenable Nessus•added 2021/12/18 12:0 a.m.•41 views

Debian DLA-2848-1 : libssh2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2848 advisory. Two issues have been discovered in libssh2, a client-side C library implementing the SSH2 protocol: CVE-2019-13115:...

8.1CVSS7.1AI score0.424EPSS

Exploits2References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by