Lucene search
K

17 matches found

OSV
OSV
added 2026/03/20 2:24 p.m.4 views

OESA-2026-1656 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 2:24 p.m.3 views

OESA-2026-1655 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 2:24 p.m.5 views

OESA-2026-1652 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/08 12:30 p.m.12 views

EUVD-2026-10234

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

6.9CVSS5.7AI score0.00631EPSS
Exploits0References7
OSV
OSV
added 2026/03/08 11:15 a.m.6 views

AZL-79544 CVE-2026-3731 affecting package libssh 0.10.6-5

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

7.5CVSS5.4AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2026/03/08 11:15 a.m.6 views

AZL-79547 CVE-2026-3731 affecting package libssh 0.10.6-5

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

7.5CVSS5.4AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2026/03/08 11:15 a.m.2 views

DEBIAN-CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

7.5CVSS5.3AI score0.00631EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/08 10:32 a.m.3 views

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

6.9CVSS5.5AI score0.00631EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/08 10:32 a.m.2 views

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

7.5CVSS5.3AI score0.00631EPSS
Exploits0
Snyk
Snyk
added 2026/02/26 3:13 a.m.9 views

Deserialization of Untrusted Data

Overview com.mchange:c3p0 is a mature, highly concurrent JDBC Connection pooling library, with support for caching and reuse of PreparedStatements. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the userOverridesAsString property of...

8.9CVSS6.7AI score0.00534EPSS
Exploits0References2
Amazon
Amazon
added 2026/02/05 12:0 a.m.8 views

Medium: soci-snapshotter

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS7.5AI score0.01945EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54845

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00586EPSS
Exploits1References4
Snyk
Snyk
added 2025/07/26 4:57 a.m.3 views

Insufficient Type Distinction

Overview skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub Affected versions of this package are vulnerable to Insufficient Type Distinction via the MethodNode class in the io/audit.py file, which allows access to attributes of existing objects. An...

8.7CVSS7.8AI score0.00138EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/26 4:57 a.m.4 views

Insufficient Type Distinction

Overview skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub Affected versions of this package are vulnerable to Insufficient Type Distinction via inconsistent validation in the OperatorFuncNode class in the io/audit.py file. An attacker can execute...

8.7CVSS7.9AI score0.00137EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/12 6:30 p.m.5 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.apache.zeppelin:zeppelin-server is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more. Affected versions of this package are vulnerable to Exposure of Sensitive System...

8.7CVSS6.8AI score0.00564EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-40411 · Unknown · Simd-Json-Derive

Name of the Vulnerable Software and Affected Versions: simd-json-derive versions prior to 0.12.0 Description: The issue arises from an invalid use of MaybeUninit::uninit.assume init in the derive macro of simd-json-derive, leading to undefined behavior. This misuse can cause invalid memory access...

8.7CVSS7.4AI score
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/02/08 6:16 p.m.6 views

Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured

Summary A vulnerability in Boundary was identified such that when a Key Management Service KMS was defined in Boundary’s configuration file with the intent of using the KMS to encrypt the credentials stored on disk, new credentials created after an automatic rotation may not have been encrypted v...

7.1CVSS6.9AI score0.00437EPSS
Exploits0Affected Software1
Rows per page
Query Builder