Lucene search
K

122 matches found

OSV
OSV
added 2026/04/29 6:52 a.m.10 views

CLSA-2026-1777445542 libssh2: Fix of 2 CVEs

CVE-2019-3858: fix zero-byte allocation in sftppacketread - CVE-2019-3859: fix out-of-bounds reads in libssh2packetrequire...

9.1CVSS6.8AI score0.06448EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 9:16 p.m.12 views

UBUNTU-CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 8:58 p.m.6 views

GHSA-R854-JRXH-36QX phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

3.7CVSS5.9AI score0.00334EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1)

The version of AHV installed on the remote host is prior to AHV-11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the...

8.6CVSS5.8AI score0.02394EPSS
Exploits15References18
OSV
OSV
added 2026/03/24 5:53 p.m.5 views

MGASA-2026-0066 Updated trilead-ssh2 packages fix security vulnerabilities

CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...

5.9CVSS5.8AI score0.93305EPSS
Exploits4References2
OSV
OSV
added 2026/03/15 5:53 a.m.6 views

OESA-2026-1563 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

8.2CVSS5.9AI score0.00582EPSS
Exploits0References4
OSV
OSV
added 2026/03/15 5:53 a.m.5 views

OESA-2026-1561 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

8.2CVSS5.9AI score0.00582EPSS
Exploits0References6
OSV
OSV
added 2026/03/15 5:53 a.m.11 views

OESA-2026-1560 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

8.2CVSS5.6AI score0.00631EPSS
Exploits0References7
OSV
OSV
added 2026/03/15 5:53 a.m.5 views

OESA-2026-1559 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

8.2CVSS6.1AI score0.00582EPSS
Exploits0References6
OSV
OSV
added 2026/03/10 2:33 p.m.9 views

CLSA-2026-1773153207 curl: Fix of 2 CVEs

CVE-2025-15079: libssh global knownhosts file override - CVE-2025-14524: bearer token leak on cross-protocol redirect...

5.3CVSS6.6AI score0.00611EPSS
Exploits2References1
OSV
OSV
added 2026/03/08 11:15 a.m.6 views

AZL-79547 CVE-2026-3731 affecting package libssh 0.10.6-5

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

7.5CVSS5.4AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 12:41 p.m.5 views

OESA-2026-1492 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

6.3CVSS5.8AI score0.00408EPSS
Exploits0References3
Fedora
Fedora
added 2026/02/18 12:56 a.m.9 views

[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

8.2CVSS5.6AI score0.00582EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/30 1:58 p.m.10 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.56 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

8.1CVSS6.3AI score0.0144EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.6 views

EulerOS Virtualization 2.13.1 : libssh (EulerOS-SA-2025-2624)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX...

4.7CVSS5.9AI score0.00375EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.5 views

EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2025-2584)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to...

8.8CVSS6.2AI score0.02394EPSS
Exploits0References5
OSV
OSV
added 2025/11/28 9:3 a.m.6 views

RLSA-2025:18286 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.4CVSS6.8AI score0.02394EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3855)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. This plugin...

9.3CVSS7.2AI score0.09219EPSS
Exploits0References4
OSV
OSV
added 2025/11/12 9:5 a.m.7 views

RLSA-2025:20943 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.4CVSS7.5AI score0.02394EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2025/11/10 6:22 a.m.8 views

Advisory ROSA-SA-2025-3075

Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 unaffected versions = libssh-0.9.6-15.rv3 affected versions libssh-0.9.6-15.rv3 CVE-ID: CVE-2025-5318 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer...

8.1CVSS7.3AI score0.02394EPSS
Exploits0
Rows per page
Query Builder