5 matches found
CVE-2026-38974
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2026-1160)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification...
PT-2023-6507 · Warpgate · Warpgate
Name of the Vulnerable Software and Affected Versions: Warpgate versions prior to 0.8.1 Description: The issue is related to errors in cryptographic signature verification, allowing a remote attacker to bypass the authentication process under certain conditions. Specifically, the SSH key...
SUSE CVE-2023-28319
A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...