21 matches found
JLSEC-2026-424 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1207)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1219)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...
EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1207)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2026-1109)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004933)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004933 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1044)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1086)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1066)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1023)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1044)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20251203-18
Vulnerability of the cURL server communication software tool is related to errors in the host verification mechanism when using the wolfSSH-based backend. host verification mechanism when using wolfSSH-based backend. Exploitation of the vulnerability could allow an attacker acting remotely to...
EUVD-2025-38240
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
AZL-69766 CVE-2025-10966 affecting package cmake 3.21.4-21
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
CVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
AZL-69748 CVE-2025-10966 affecting package cmake 3.30.3-11
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
Key Exchange without Entity Authentication
Overview Affected versions of this package are vulnerable to Key Exchange without Entity Authentication in the SFTP implementation in the wolfSSH backend. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack. Note: This issue affects only users that bui...
CVE-2025-10966
CVE-2025-10966 affects curl by a flaw in its SSH connection handling when SFTP uses the wolfSSH backend, causing missed host verification and allowing MITM-like issues. The connected Nessus advisories for EulerOS, Unity Linux, Photon OS, and related OS advisories repeatedly reference this CVE as ...
CVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
CVE-2025-10966 missing SFTP host verification with wolfSSH
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...