Lucene search
K

4 matches found

Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-54591 AsyncSSH: SCP Path Traversal to Arbitrary File Write

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...

8.1CVSS0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/01/06 6:15 p.m.4 views

CVE-2025-15382

A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...

8.1CVSS0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.5 views

PT-2026-1498

Name of the Vulnerable Software and Affected Versions wolfSSH affected versions not specified Description A heap buffer over-read issue exists in the wolfSSH CleanPath function within wolfSSH. A remote attacker with authentication can trigger this by providing specially crafted SCP path input tha...

5.1CVSS6.9AI score0.00302EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/11/04 1:0 a.m.5 views

libssh: unsanitized location in scp could lead to unwanted command execution

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

9.3CVSS7.4AI score0.0316EPSS
Exploits0References5
Rows per page
Query Builder