In OpenSSH, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename (CVE-2018-20685).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchopenssh< 7.5p1-2.3openssh-7.5p1-2.3.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	openssh	< 7.5p1-2.3	openssh-7.5p1-2.3.mga6

References

bugs.mageia.org/show_bug.cgi?id=24191

lists.opensuse.org/opensuse-updates/2019-01/msg00094.html

nessus 38

cve 4

openvas 23

veracode 1

osv 5

redhatcve 3

alpinelinux 2

fedora 2

attackerkb 1

debiancve 3

f5 2

ubuntucve 4

prion 4

photon 6

debian 2

ibm 3

gentoo 2

ubuntu 1

redhat 1

oraclelinux 1

amazon 2

cloudfoundry 1

archlinux 1

thn 1

mageia 2

suse 2

symantec 1

aix 1

rosalinux 1

kitploit 1

ics 1

oracle 2

nessus

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1038)

2019-02-15 00:00:00

EulerOS Virtualization for ARM 64 3.0.1.0 : openssh (EulerOS-SA-2019-1399)

2019-05-14 00:00:00

Fedora 29 : openssh (2019-f6ff819834)

2019-01-16 00:00:00

cve

CVE-2018-20685

2019-01-10 21:29:00

CVE-2019-7282

2019-01-31 18:29:00

CVE-2020-36254

2021-02-25 09:15:00

openvas

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2019-1252)

2020-01-23 00:00:00

Mageia: Security Advisory (MGASA-2019-0067)

2022-01-28 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2019-1399)

2020-01-23 00:00:00

veracode

Access Restrictions Bypass

2019-11-06 00:21:13

osv

CVE-2018-20685

2019-01-10 21:29:00

CVE-2020-36254

2021-02-25 09:15:13

openssh - security update

2019-03-25 00:00:00

redhatcve

CVE-2018-20685

2019-01-14 02:49:22

CVE-2020-36254

2022-05-20 23:08:56

CVE-2019-25018

2021-02-10 17:35:41

alpinelinux

CVE-2018-20685

2019-01-10 21:29:00

CVE-2020-36254

2021-02-25 09:15:00

fedora

[SECURITY] Fedora 28 Update: openssh-7.8p1-4.fc28

2019-01-22 01:35:42

[SECURITY] Fedora 29 Update: openssh-7.9p1-3.fc29

2019-01-16 02:21:43

attackerkb

CVE-2018-20685

2019-01-10 00:00:00

debiancve

CVE-2018-20685

2019-01-10 21:29:00

CVE-2020-36254

2021-02-25 09:15:00

CVE-2019-7282

2019-01-31 18:29:00

K11315080 : OpenSSH vulnerability CVE-2018-20685

2019-01-17 00:00:00

K31781390 : January 2019 OpenSSH security vulnerabilities

2019-01-17 00:00:00

ubuntucve

CVE-2018-20685

2019-01-10 00:00:00

CVE-2020-36254

2021-02-25 00:00:00

CVE-2019-7282

2019-01-31 00:00:00

prion

Directory traversal

2019-01-10 21:29:00

Design/Logic Flaw

2019-01-31 18:29:00

Sql injection

2021-02-25 09:15:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0214

2019-03-06 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0139

2019-03-09 00:00:00

Moderate Photon OS Security Update - PHSA-2019-0214

2019-03-06 00:00:00

debian

[SECURITY] [DLA 1728-1] openssh security update

2019-03-25 13:46:48

[SECURITY] [DSA 4387-1] openssh security update

2019-02-09 13:29:00

ibm

Security Bulletin: IBM i is affected by CVE-2018-20685, CVE-2019-6111, and CVE-2019-6109 vulnerabilities in OpenSSH.

2019-12-18 14:26:38

Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111)

2019-07-16 15:45:01

Security Bulletin: Vyatta 5600 vRouter Software Patches - Releases 1801-w and 1801-y

2019-05-01 17:50:02

gentoo

Dropbear: Multiple vulnerabilities

2020-07-28 00:00:00

OpenSSH: Multiple vulnerabilities

2019-03-20 00:00:00

ubuntu

OpenSSH vulnerabilities

2019-02-07 00:00:00

redhat

(RHSA-2019:3702) Moderate: openssh security, bug fix, and enhancement update

2019-11-05 20:52:47

oraclelinux

openssh security, bug fix, and enhancement update

2019-11-14 00:00:00

amazon

Medium: openssh

2019-05-29 19:02:00

Medium: openssh

2019-10-28 17:02:00

cloudfoundry

USN-3885-1: OpenSSH vulnerabilities | Cloud Foundry

2019-02-15 00:00:00

archlinux

[ASA-201904-11] openssh: multiple issues

2019-04-24 00:00:00

thn

36-Year-Old SCP Clients' Implementation Flaws Discovered

2019-01-15 12:32:00

mageia

Updated rsh packages fix security vulnerability

2021-11-25 16:06:13

Updated krb5-appl packages fix security vulnerabilities

2021-04-24 01:53:14

suse

Security update for openssh (important)

2019-01-28 00:00:00

Security update for openssh (important)

2019-01-29 00:00:00

symantec

OpenSSH Vulnerabilities Jan-Oct 2019

2020-04-21 20:41:25

aix

Vulnerabilities in OpenSSH affect AIX.

2019-07-16 09:38:57

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - April 2019

2019-04-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for MGASA-2019-0067