||7 Openbsd, Netapp, Winscp and 4 more
||11 Openssh, Cloud Backup, Element Software and 8 more
|In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
||5 Openbsd, Debian, Netapp and 2 more
||16 Openssh, Debian Linux, Aff Baseboard Management Controller and 13 more
|OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and...
||4 Openssl, Netapp, Redhat and 1 more
||25 Openssl, Clustered Data Ontap Antivirus Connector, Data Ontap and 22 more
|A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL...
||7 Openssl, Canonical, Debian and 4 more
||18 Openssl, Ubuntu Linux, Debian Linux and 15 more
|If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with...
||5 Openbsd, Winscp, Netapp and 2 more
||7 Openssh, Winscp, Element Software and 4 more
|An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control...
||3 Openbsd, Winscp, Netapp
||5 Openssh, Winscp, Element Software and 2 more
|In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
||2 Openbsd, Netapp
||6 Openssh, Cloud Backup, Data Ontap Edge and 3 more
|Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do...