Lucene search
+L

66 matches found

nvd
nvd
added 2026/07/08 1:16 a.m.8 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS0.00241EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/07/06 7:19 p.m.5 views

CVE-2026-9547

A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...

7.4CVSS5.8AI score0.00508EPSS
Exploits1References6
euvd
euvd
added 2026/07/03 6:18 a.m.8 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00508EPSS
Exploits1References3
osv
osv
added 2026/06/24 2:0 p.m.7 views

UBUNTU-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References4
osv
osv
added 2026/06/24 8:0 a.m.10 views

CURL-CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1
curl
curl
added 2026/06/24 8:0 a.m.17 views

SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS5.9AI score0.00508EPSS
Exploits1References1Affected Software2
osv
osv
added 2026/06/17 6:35 p.m.6 views

GHSA-QF38-JQ28-3CCQ Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.4AI score0.00626EPSS
Exploits0References6
euvd
euvd
added 2026/06/17 6:35 p.m.14 views

EUVD-2026-37520

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.4AI score0.00626EPSS
Exploits0References4
pypa
pypa
added 2026/06/17 1:20 p.m.8 views

PYSEC-2026-218

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.3AI score0.00626EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/12 12:0 p.m.26 views

RUSTSEC-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

6.9CVSS5.4AI score
Exploits0References3
rustsec
rustsec
added 2026/06/12 12:0 p.m.14 views

Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

5.3AI score
Exploits0Affected Software1
redhat
redhat
added 2026/06/10 10:0 p.m.10 views

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS6.7AI score0.00378EPSS
Exploits0References5
redhat
redhat
added 2026/06/04 3:55 p.m.10 views

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS5.8AI score0.00378EPSS
Exploits0References5
github
github
added 2026/05/20 3:35 p.m.15 views

OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

7.5CVSS6.4AI score0.00781EPSS
Exploits0References5Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed the off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not ...

7.1CVSS6.2AI score0.00126EPSS
Exploits0References1
osv
osv
added 2026/05/05 8:9 p.m.5 views

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
susecve
susecve
added 2026/04/25 1:37 a.m.6 views

SUSE CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

7.1CVSS5.4AI score0.00126EPSS
Exploits0References18
redhatcve
redhatcve
added 2026/04/24 8:32 p.m.6 views

CVE-2026-31614

A flaw was found in the Linux kernel's Server Message Block SMB client. An untrusted server can exploit an out-of-bounds read vulnerability within the checkwsleas function. This flaw allows the server to read up to 8 bytes beyond the intended memory boundary, leading to information disclosure. Th...

7.1CVSS5.2AI score0.00126EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/24 8:16 p.m.5 views

CVE-2026-31613

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS5.1AI score0.00378EPSS
Exploits0References4
euvd
euvd
added 2026/04/24 2:42 p.m.5 views

EUVD-2026-25507

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

5.4AI score0.00126EPSS
Exploits0References4
Rows per page
Query Builder