Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/07 1:17 p.m.31 views

CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

9.6CVSS0.00393EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/18 12:0 a.m.33 views

Wish has SCP Path Traversal that allows arbitrary file read/write

The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...

9.6CVSS5.9AI score0.00393EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/15 10:21 a.m.6 views

SUSE-SU-2026:1344-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. - CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. - CVE-2026-0965: possible denial of service when parsing unexpected...

8.2CVSS6.5AI score0.00631EPSS
Exploits0References13
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Medium: libssh

Issue Overview: libssh: SCP Protocol Path Traversal in sshscppullrequest CVE-2026-0964 libssh: Specially crafted patterns could cause DoS CVE-2026-0967 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.10.20260325 or dnf update --advisory ALAS2023-2026-1472...

5.5CVSS6.4AI score0.00408EPSS
Exploits0
EUVD
EUVD
added 2026/03/26 9:31 p.m.7 views

EUVD-2026-16326

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

5.9CVSS5.9AI score0.58204EPSS
Exploits9References3
Rows per page
Query Builder