Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Broadcom
Broadcomadded 2024/04/16 12:0 a.m.35 views

Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.9AI score0.09738EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2023/02/23 12:0 a.m.85 views

Siemens SCALANCE X-200RNA Switch Devices Inappropriate Encoding For Output Context (CVE-2019-6110)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in- The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. - In OpenSSH 7.9, due to accepting and...

6.8CVSS7.1AI score0.57569EPSS
Exploits8References9
Tenable Nessus
Tenable Nessusadded 2023/02/23 12:0 a.m.43 views

Siemens SCALANCE X-200RNA Switch Devices Improper Encoding or Escaping of Output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The- Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.8AI score0.09738EPSS
Exploits0References13
SUSE CVE
SUSE CVEadded 2023/02/15 4:16 a.m.1 views

SUSE CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...

4.6CVSS8.3AI score0.57569EPSS
Exploits8References16
Tenable Nessus
Tenable Nessusadded 2022/11/08 12:0 a.m.43 views

F5 Networks BIG-IP : OpenSSH vulnerability (K42531048)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K42531048 advisory. In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server ...

6.8CVSS7.2AI score0.57569EPSS
Exploits8References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2019-2483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.7AI score0.03377EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2019/10/31 12:0 a.m.94 views

Amazon Linux AMI : openssh (ALAS-2019-1313)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS7.2AI score0.54213EPSS
Exploits9References4
Amazon
Amazonadded 2019/10/28 12:0 a.m.221 views

Medium: openssh

Issue Overview: An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being...

6.8CVSS7.6AI score0.54213EPSS
Exploits9
Symantec
Symantecadded 2019/10/09 12:0 a.m.806 views

OpenSSH CVE-2019-16905 Integer Overflow Vulnerability

Description OpenSSH is prone to an integer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. OpenSSH versions 7.7 through 7.9 and 8.x prior to...

4.4CVSS2.6AI score0.00271EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2019/08/12 12:0 a.m.32 views

NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2019-0157)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a vulnerability: - In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact i...

5.3CVSS7AI score0.03377EPSS
Exploits0References2
NVD
NVDadded 2019/01/31 6:29 p.m.36 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS6.3AI score0.54213EPSS
Exploits9References23
UbuntuCve
UbuntuCveadded 2019/01/31 6:29 p.m.132 views

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...

6.8CVSS7AI score0.57569EPSS
Exploits8References3
OSV
OSVadded 2019/01/31 6:29 p.m.49 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS1.7AI score
Exploits0References23
OSV
OSVadded 2019/01/31 6:29 p.m.39 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS1.8AI score
Exploits0References13
NVD
NVDadded 2019/01/31 6:29 p.m.20 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.7AI score0.09738EPSS
Exploits0References13
Prion
Prionadded 2019/01/31 6:29 p.m.278 views

Design/Logic Flaw

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

4CVSS6.4AI score0.09738EPSS
Exploits0References13Affected Software17
ATTACKERKB
ATTACKERKBadded 2019/01/31 12:0 a.m.457 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

7.4CVSS1.8AI score0.54213EPSS
In wildExploits10References34
AlpineLinux
AlpineLinuxadded 2019/01/31 12:0 a.m.43 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS6.7AI score0.54213EPSS
Exploits9
ATTACKERKB
ATTACKERKBadded 2019/01/31 12:0 a.m.377 views

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Recent assessments: Assessed Attacker Value...

6.8CVSS1.7AI score0.57569EPSS
In wildExploits8References10
Cvelist
Cvelistadded 2019/01/31 12:0 a.m.61 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

6.5AI score0.54213EPSS
Exploits9References23
Rows per page
Query Builder