Lucene search
+L

601 matches found

Snyk
Snyk
added 2026/01/08 10:45 a.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...

4.7CVSS5.8AI score0.00413EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/08 10:8 a.m.4 views

CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

6.5AI score0.00413EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/08 10:8 a.m.37 views

CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

0.00413EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/01/08 10:8 a.m.9 views

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS5.9AI score0.00413EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/01/07 9:28 a.m.4 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...

6CVSS6.9AI score0.00679EPSS
Exploits3References16
OSV
OSV
added 2026/01/07 9:28 a.m.5 views

SUSE-SU-2026:0051-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override bsc1255732. - CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. - CVE-2025-15224: OpenSSL partial...

5.3CVSS6.1AI score0.00679EPSS
Exploits3References9
SUSE Linux
SUSE Linux
added 2026/01/07 9:28 a.m.6 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypass without agent set bsc1255733. CVE-2025-15224: OpenSSL partial chain...

6CVSS6.9AI score0.00679EPSS
Exploits3References16
OSV
OSV
added 2026/01/07 8:0 a.m.8 views

CURL-CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6.8AI score0.00413EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.9 views

libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS5.8AI score0.00413EPSS
Exploits1References1Affected Software2
Hacker One
Hacker One
added 2025/12/28 9:22 p.m.14 views

curl: CVE-2025-15224: libssh key passphrase bypass without agent set

A vulnerability was discovered in the libcurl libssh backend where the CURLOPTSSHAUTHTYPES option did not properly implement the CURLSSHAUTHAGENT flag. As a result, if the CURLSSHAUTHPUBLICKEY option was set, the implementation would act as if CURLSSHAUTHAGENT was always defined, allowing...

3.1CVSS7.1AI score0.00413EPSS
Exploits1
Veracode
Veracode
added 2025/12/23 12:30 p.m.40 views

Improper Authentication

github.com/edgelesssys/contrast is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated LUKS2 volume metadata and support for null key-encryption algorithms, which allows an attacker to craft a malicious volume that opens with any passphrase and captures all written...

5.6AI score
Exploits0
NVD
NVD
added 2025/10/22 2:15 p.m.11 views

CVE-2023-53715

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...

0.00191EPSS
Exploits0References8
OSV
OSV
added 2025/10/22 2:15 p.m.8 views

DEBIAN-CVE-2023-53715

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...

5.4AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-5453

Malware in sbrugna...

2.1CVSS6.2AI score0.00341EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2003-1382

Malware in sbrugna...

6.6CVSS6.4AI score0.01501EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-1956

Malware in sbrugna...

2.1CVSS6.4AI score0.00353EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-0841

Malware in sbrugna...

6.4CVSS6.1AI score0.00833EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-1251

Malware in sbrugna...

4.6CVSS6.4AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-0530

Malware in sbrugna...

4CVSS6.4AI score0.01228EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-4887

Malware in sbrugna...

7.5CVSS7.6AI score0.01238EPSS
Exploits1References2
Rows per page
Query Builder