Lucene search
K

32 matches found

Mageia
Mageia
added 2026/06/10 5:7 a.m.13 views

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

8.8CVSS6.2AI score0.02394EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/06/08 3:11 a.m.943 views

curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal

Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...

7.7CVSS7.5AI score0.02596EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.8 views

libssh: Use of uninitialized variable in privatekey_from_file()

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

3.6CVSS6.6AI score0.00181EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 8:2 p.m.31 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.00357EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.6 views

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. The Tenda AC10 16.03.10.10multiTDE01 version has a security vulnerability. This vulnerability stems from the hardcoded encryption key present in the file/webroot-ro/pem/privkeySrv.pem of the RSA 2048-bit Private Key Handle...

7.5CVSS6.1AI score0.00395EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.7 views

CVE-2020-37136 ZOC Terminal v7.25.5 - 'Private key file' Denial of Service

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...

7.5CVSS5.4AI score0.00361EPSS
Exploits0References3
Debian
Debian
added 2025/12/16 12:25 a.m.7 views

[SECURITY] [DLA 4409-1] paramiko security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4409-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 16, 2025 https://wiki.debian.org/LTS -...

5.9CVSS6.7AI score0.0208EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.5 views

Debian dla-4409 : paramiko-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4409 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4409-1 [email protected] https://www.debian.org/lts/security/...

5.9CVSS6.5AI score0.0208EPSS
Exploits1References4
Redos
Redos
added 2025/09/24 12:0 a.m.7 views

ROS-20250924-09

The sftpdecodechanneldatatopacket function of the libssh library has a vulnerability related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service Vulnerability in libssh library's sshgetfingerprinthash function is...

8.8CVSS8.1AI score0.0144EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/08/14 9:26 a.m.5 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...

7.6CVSS7.5AI score0.02394EPSS
Exploits0References24
SUSE Linux
SUSE Linux
added 2025/08/12 7:35 a.m.5 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

5.4CVSS6.8AI score0.02394EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-4878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be...

3.6CVSS6.6AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/24 12:0 a.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the privatekeyfromfile function. An attacker can potentially access sensitive information or modify data, under certain circumstances such as the specified filename not existing. Note: The vulnerable function has been...

3.6CVSS6.8AI score0.00181EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:10 p.m.34 views

K16323: OpenSSL vulnerability CVE-2015-0209

Security Advisory Description Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application...

6.8CVSS7.6AI score0.1633EPSS
Exploits0Affected Software20
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-24302

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

6.2CVSS8.1AI score0.0208EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/05/26 5:27 p.m.5 views

python-paramiko: Race condition in the write_private_key_file function

A race condition was found in Paramiko. This flaw allows unauthorized information disclosure from an attacker with access to the writeprivatekeyfile...

5.9CVSS7.1AI score0.0208EPSS
Exploits1References5
OSV
OSV
added 2022/03/19 12:1 a.m.3 views

GHSA-F8Q4-JWWW-X3WV Race Condition in Paramiko

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

8.2CVSS7.2AI score0.0208EPSS
Exploits1References16
PyPA
PyPA
added 2022/03/17 10:15 p.m.6 views

PYSEC-2022-166

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

5.9CVSS6.6AI score0.0208EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/03/17 10:15 p.m.4 views

UBUNTU-CVE-2022-24302

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

5.9CVSS6.6AI score0.0208EPSS
Exploits1References5
OSV
OSV
added 2022/03/17 10:15 p.m.5 views

PYSEC-2022-166

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

5.9CVSS7.1AI score0.0208EPSS
Exploits1References3
Rows per page
Query Builder