57 matches found
CLSA-2026-1774528369 openssh: Fix of 3 CVEs
CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...
MiracleLinux 7 : openssh-7.4p1-23.0.3.0.3.el7.AXS7 (AXSA:2025-10789:04)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10789:04 advisory. CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory...
EUVD-2020-23797
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-20685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact ...
Photon OS 3.0: Openssh PHSA-2019-3.0-0003
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0003. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: scp allows command...
Siemens SCALANCE X-200RNA Switch Devices Incorrect Authorization (CVE-2018-20685)
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. - In OpenSSH 7.9, scp.c in the scp client allows remote SSH...
F5 Networks BIG-IP : OpenSSH vulnerability (K11315080)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K11315080 advisory. In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via...
OpenSSH < 8.0
According to its banner, the version of OpenSSH running on the remote host is prior to 8.0. It is, therefore, affected by the following vulnerabilities: - A permission bypass vulnerability due to improper directory name validation. An unauthenticated, remote attacker can exploit this, with a...
Mageia: Security Advisory (MGASA-2019-0067)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated rsh packages fix security vulnerability
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. CVE-2019-7282 An issu...
OpenBSD OpenSSH <= 7.9 Multiple Vulnerabilities
OpenBSD OpenSSH is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2019:13931-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0132-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0125-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.21 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Multiple Vulnerabilities
The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.0.21 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.7. It is, therefore, affected by multiple vulnerabilities. - OpenSSH software included with PAN-OS has been upgraded to resolve...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
ALPINE-CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
Sql injection
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
CVE-2020-36254 : In Dropbear, the SCP client (scp.c) before version 2020.79 mishandles the filename of “.” or an empty filename, related to CVE-2018-20685. Affected: Dropbear releases prior to 2020.79. Impact and exploit details are not provided beyond the filename handling issue in scp. Remediat...