6 matches found
CLSA-2026-1771501223 curl: Fix of CVE-2025-15079
CVE-2025-15079: fix accepting hosts not present in the specified knownhosts during SSH-based SCP/SFTP transfers when global knownhosts contained them restrict host verification to the specified knownhosts file...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004931)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004931 advisory. When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in th...
CVE-2025-15079
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...
CVE-2025-15224
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...
CVE-2025-15079
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...
CVE-2025-15079 libssh global known_hosts override
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...