Lucene search
+L

25 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in OpenSSH

In OpenSSH 8.2, the scp client incorrectly sends duplicate responses to the server when a utimes system call fails. This allows a malicious, unprivileged user on the remote server to overwrite arbitrary files in the client’s download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.2AI score0.02267EPSS
Exploits0References2
f5
f5
added 2026/04/21 10:19 p.m.15 views

K000160938: OpenSSH vulnerabilities CVE-2019-16905 and CVE-2020-12062

Security Advisory Description CVE-2019-16905 OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution...

7.8CVSS7.7AI score0.02267EPSS
Exploits2
hackerone
hackerone
added 2026/03/24 11:12 p.m.9 views

Node.js: Permission Model bypass via FileHandle.utimes() in the promises API

Vulnerability description not provided...

3.3CVSS5.8AI score0.00154EPSS
Exploits0
susecve
susecve
added 2025/12/17 12:24 a.m.5 views

SUSE CVE-2025-68242

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

5.5CVSS6.5AI score0.00161EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/12/16 12:0 a.m.8 views

PT-2025-51655

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's NFS implementation related to delegated timestamps. Specifically, the nfs setattr function does not properly verify the inode's User ID UID against th...

7.8AI score0.00519EPSS
Exploits4References391
susecve
susecve
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS8.2AI score0.02267EPSS
Exploits0References4
openvas
openvas
added 2021/07/07 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-2153)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2021/07/06 12:0 a.m.47 views

EulerOS Virtualization 3.0.2.2 : openssh (EulerOS-SA-2021-2153)

According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References2
openvas
openvas
added 2020/11/05 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-2451)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2020/11/03 12:0 a.m.44 views

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2020-2376)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2020/09/28 12:0 a.m.50 views

EulerOS 2.0 SP3 : openssh (EulerOS-SA-2020-2112)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2020/09/08 12:0 a.m.57 views

EulerOS Virtualization for ARM 64 3.0.2.0 : openssh (EulerOS-SA-2020-1978)

According to the version of the openssh packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2020/09/02 12:0 a.m.38 views

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2020-1928)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2020/07/30 12:0 a.m.45 views

EulerOS 2.0 SP8 : openssh (EulerOS-SA-2020-1818)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

7.5CVSS7.8AI score0.02267EPSS
Exploits0References2
openvas
openvas
added 2020/06/26 12:0 a.m.66 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1690)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02267EPSS
Exploits0References2
nessus
nessus
added 2020/06/25 12:0 a.m.44 views

EulerOS Virtualization for ARM 64 3.0.6.0 : openssh (EulerOS-SA-2020-1690)

According to the version of the openssh packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References2
osv
osv
added 2020/06/01 4:15 p.m.18 views

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS9.4AI score
Exploits0References4
osv
osv
added 2020/06/01 4:15 p.m.2 views

DEBIAN-CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.9AI score0.02267EPSS
Exploits0References1
prion
prion
added 2020/06/01 4:15 p.m.1018 views

Design/Logic Flaw

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

5CVSS6.3AI score0.02267EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2020/06/01 4:15 p.m.1 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite...

7.5CVSS7.1AI score0.02267EPSS
Exploits0References2
Rows per page
Query Builder