Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2252)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
OSV
OSV
added 2026/03/24 4:49 p.m.2 views

GHSA-X6W6-2XWP-3JH6 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References5
OSV
OSV
added 2025/08/20 1:15 p.m.7 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.6AI score0.00178EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/08/15 5:37 p.m.6 views

curl: use after free in SSH sha256 fingerprint check

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...

7.5CVSS7.3AI score0.02489EPSS
Exploits1References5
OSV
OSV
added 2023/05/26 9:15 p.m.6 views

AZL-26810 CVE-2023-28319 affecting package rust for versions less than 1.72.0-2

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

7.5CVSS6.8AI score0.02489EPSS
Exploits1References1
OSV
OSV
added 2023/05/17 7:54 a.m.5 views

SUSE-SU-2023:2224-1 Security update for curl

This update for curl adds the following feature: Update to version 8.0.1 jscPED-2580 - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check bsc1211230. - CVE-2023-28320: siglongjmp race condition bsc1211231. - CVE-2023-28321: IDN wildcard matching bsc1211232. - CVE-2023-28322:...

7.5CVSS5.7AI score0.02658EPSS
Exploits4References9
Rows per page
Query Builder