CVE-2019-6109
- EPSS 8.06%
- Published 31.01.2019 18:29:00
- Last modified 21.11.2024 04:45:57
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t...
CVE-2019-6110
- EPSS 45.17%
- Published 31.01.2019 18:29:00
- Last modified 21.11.2024 04:45:57
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transfe...
CVE-2019-6111
- EPSS 57.89%
- Published 31.01.2019 18:29:00
- Last modified 21.11.2024 04:45:57
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned...
CVE-2018-20685
- EPSS 3.74%
- Published 10.01.2019 21:29:00
- Last modified 21.11.2024 04:01:59
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.