32 matches found
Updated libssh packages fix security vulnerabilities
CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...
curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal
Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...
libssh: Use of uninitialized variable in privatekey_from_file()
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...
Tenda AC10 安全漏洞
The Tenda AC10 is a wireless router produced by the Chinese company Tenda. The Tenda AC10 16.03.10.10multiTDE01 version has a security vulnerability. This vulnerability stems from the hardcoded encryption key present in the file/webroot-ro/pem/privkeySrv.pem of the RSA 2048-bit Private Key Handle...
CVE-2020-37136 ZOC Terminal v7.25.5 - 'Private key file' Denial of Service
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...
[SECURITY] [DLA 4409-1] paramiko security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4409-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 16, 2025 https://wiki.debian.org/LTS -...
Debian dla-4409 : paramiko-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4409 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4409-1 [email protected] https://www.debian.org/lts/security/...
ROS-20250924-09
The sftpdecodechanneldatatopacket function of the libssh library has a vulnerability related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service Vulnerability in libssh library's sshgetfingerprinthash function is...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...
Linux Distros Unpatched Vulnerability : CVE-2025-4878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the privatekeyfromfile function. An attacker can potentially access sensitive information or modify data, under certain circumstances such as the specified filename not existing. Note: The vulnerable function has been...
K16323: OpenSSL vulnerability CVE-2015-0209
Security Advisory Description Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application...
SUSE CVE-2022-24302
In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...
python-paramiko: Race condition in the write_private_key_file function
A race condition was found in Paramiko. This flaw allows unauthorized information disclosure from an attacker with access to the writeprivatekeyfile...
GHSA-F8Q4-JWWW-X3WV Race Condition in Paramiko
In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...
PYSEC-2022-166
In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...
UBUNTU-CVE-2022-24302
In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...
PYSEC-2022-166
In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...