Lucene search
K

298 matches found

OSV
OSV
added 2020/04/30 9:15 p.m.3 views

CVE-2020-5873

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands...

7.2CVSS7AI score0.01386EPSS
Exploits0References1
Prion
Prion
added 2020/04/30 9:15 p.m.19 views

Cross site request forgery (csrf)

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands...

6.5CVSS7.3AI score0.01386EPSS
Exploits0References1Affected Software12
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.5 views

The vulnerability of the File Store Service, a component of the Service Fabric application, allows a perpetrator to escalate their privileges.

The vulnerability of the File Store Service of the Service Fabric application is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to enhance their privileges by modifying the configuration file and connecting to SMB or SCP ports...

10CVSS7.8AI score0.02926EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.26 views

F5 Networks BIG-IP : SCP vulnerability (K54336216)

The system does not properly enforce the access controls for the scp.whitelist and scp.blacklist files whenpaths are symbolic links symlinks. This allows authenticated users with Secure Copy SCP protocol access to overwrite certain configuration files that would otherwise be restricted...

3.6CVSS5AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2019/12/23 6:15 p.m.5 views

CVE-2019-6679

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users wi...

3.3CVSS5.8AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2019/12/10 11:15 p.m.1 views

ALPINE-CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

8.8CVSS6.7AI score0.0316EPSS
Exploits0References1
OSV
OSV
added 2019/12/10 5:49 p.m.3 views

USN-4219-1 libssh vulnerability

It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server...

9.3CVSS7AI score0.0316EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/12/10 3:0 p.m.31 views

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

9.3CVSS6.8AI score0.0316EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/11/05 10:29 p.m.6 views

openssh: Missing character encoding in progress display allows for spoofing of scp client output

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS7.3AI score0.03807EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/11/05 10:29 p.m.8 views

openssh: Improper validation of object names allows malicious server to overwrite files via scp client

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS7.4AI score0.58204EPSS
Exploits9References5
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.3 views

The vulnerability of the Secure Copy function in Cisco Adaptive Security Appliance (ASA) microprogramming software allows a perpetrator to trigger a service failure.

The vulnerability of the Secure Copy function in Cisco Adaptive Security Appliance ASA microprogramming software is related to type determination errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

6.8CVSS5.5AI score0.01488EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.2 views

The vulnerability of the OpenSSH cryptographic protection is caused by errors in checking the name of the scp.c directory on the client scp, which allows a hacker to alter the access rights to the target directory.

The vulnerability of the OpenSSH cryptographic protection arises due to errors in checking the name of the scp.c directory on the scp client. Exploiting this vulnerability allows a malicious actor to alter the access rights to the target directory by using the file name “.” or an empty file name...

5.9CVSS5.5AI score0.58204EPSS
Exploits9References15Affected Software17
Tenable Nessus
Tenable Nessus
added 2019/10/21 12:0 a.m.34 views

Cisco Adaptive Security Appliance Software Secure Copy DoS (cisco-sa-20191002-asa-scp-dos)

According to its self-reported version, Cisco Adaptive Security Appliance ASA Software is affected by a denial of service DoS vulnerability. This vulnerability exists in the Secure Copy SCP feature due to the use of an incorrect data type for a length variable. An authenticated, remote attacker c...

6.8CVSS6.2AI score0.01488EPSS
Exploits0References3
OSV
OSV
added 2019/10/02 7:15 p.m.3 views

CVE-2019-12693

A vulnerability in the Secure Copy SCP feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit...

4.9CVSS6.5AI score0.01488EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/02 4:0 p.m.233 views

Cisco Adaptive Security Appliance Software Secure Copy Denial of Service Vulnerability

A vulnerability in the Secure Copy SCP feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit...

6.8CVSS5.9AI score0.01488EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/02 12:0 a.m.5 views

PT-2019-3616 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Copy SCP feature could allow an authenticated, remote attacker to cause a denial of service DoS condition. The issue is...

6.8CVSS5.7AI score0.01488EPSS
Exploits0References5
CISA
CISA
added 2019/08/22 12:0 a.m.23 views

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller IMC Supervisor, Unified Computing System UCS Director, and UCS Director Express for Big Data. A remote attacker could exploit these vulnerabilities to take control of an affected system. The...

7AI score
Exploits0References4
CNVD
CNVD
added 2019/06/12 12:0 a.m.3 views

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24247)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain pathnames on the host operating system via the SCP...

7.5CVSS6.8AI score0.04735EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/12 12:0 a.m.4 views

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24249)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain WSFTP usernames and filenames via the SCP protocol...

5.3CVSS6.8AI score0.01991EPSS
Exploits0References1
OSV
OSV
added 2019/06/11 9:29 p.m.2 views

CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

9.1CVSS7.3AI score0.03968EPSS
Exploits0References1
Rows per page
Query Builder