cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-6004,https://securityvulnerability.io/vulnerability/CVE-2023-6004,Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname,"A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.",Red Hat,"Libssh,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Fedora",4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-01-03T17:15:00.000Z,0
CVE-2023-3603,https://securityvulnerability.io/vulnerability/CVE-2023-3603,Processing sftp server read may cause null dereference,"A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.

Given this code is not in any released versions, no security releases have been issued.",Red Hat,"Libssh,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Extra Packages For Enterprise Linux 7,Fedora",3.1,LOW,0.000699999975040555,false,,false,false,false,,,false,false,,2023-07-21T20:15:00.000Z,0
CVE-2020-1730,https://securityvulnerability.io/vulnerability/CVE-2020-1730,Flaw in libssh AES-CTR Ciphers Affects System Availability,"A flaw exists in libssh where AES-CTR or DES ciphers mishandling can lead to a server or client crash if a connection isn't fully initialized. This occurs during the cipher cleanup process upon connection closure. This vulnerability primarily threatens system availability, which could disrupt services relying on stable connectivity.",Red Hat,Libssh,5.3,MEDIUM,0.002839999971911311,false,,false,false,false,,,false,false,,2020-04-13T00:00:00.000Z,0
CVE-2019-14889,https://securityvulnerability.io/vulnerability/CVE-2019-14889,Remote Command Injection in libssh Versions Prior to 0.9.3 and 0.8.8,"A security flaw exists in the libssh API function ssh_scp_new(), which is found in versions before 0.9.3 and 0.8.8. When the libssh SCP client connects to a server, the scp command executed on the server can include a user-defined path. If implemented in a manner that allows user influence over the function's third parameter, an attacker may gain the ability to inject arbitrary commands. This vulnerability poses a risk of compromising the remote target, resulting in unauthorized access and potential data breaches.",Red Hat,Libssh,7.1,HIGH,0.010329999960958958,false,,false,false,false,,,false,false,,2019-12-10T00:00:00.000Z,0