CVSS: 9.3EPSS: 3%CPEs: 11EXPL: 0CVE-2019-3462
https://notcve.org/view.php?id=CVE-2019-3462
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. El saneamiento incorrecto de un campo de redirección 302 en el método HTTP "transport" en apt, en versiones 1.4.8 y anteriores, puede conducir a la inyección de contenido por parte de un atacante MITM, lo que puede conducir a la ejecución remota de código en el equipo objetivo. • http://www.securityfocus.com/bid/106690 https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html https://security.netapp.com/advisory/ntap-20190125-0002 https://usn.ubuntu.com/3863-1 https://usn.ubuntu.com/3863-2 https://www.debian.org/security/2019/dsa-4371 •
CVSS: 6.8EPSS: 0%CPEs: 51EXPL: 0CVE-2019-6109 – openssh: Missing character encoding in progress display allows for spoofing of scp client output
https://notcve.org/view.php?id=CVE-2019-6109
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the-Middle) puede emplear nombres de objeto manipulados para manipular la salida del cliente, por ejemplo, empleando códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html https://access.redhat.com/errata/RHSA-2019:3702 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G https:// • CWE-116: Improper Encoding or Escaping of Output CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 2CVE-2019-6110 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. En OpenSSH 7.9, debido a la aceptación y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo. SCP clients have an issue where additional files can be copied over without your knowledge. • https://www.exploit-db.com/exploits/46516 https://www.exploit-db.com/exploits/46193 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c https://security.gentoo.org/glsa/201903-16 https://security.netapp.com/advisory/ntap-20190213-0001 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2018-16888 – systemd: kills privileged process if unprivileged PIDFile was tampered
https://notcve.org/view.php?id=CVE-2018-16888
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. Se ha descubierto que systemd no comprueba correctamente el contenido de archivos PIDFile antes de emplearlo para terminar procesos. • https://access.redhat.com/errata/RHSA-2019:2091 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888 https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E https://security.netapp.com/advisory/ntap-20190307-0007 https://usn.ubuntu.com/4269-1 https://access.redhat.com/security/cve/CVE-2018-16888 https://bugzilla.redhat.com/show_bug.cgi?id=1662867 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. • http://www.securityfocus.com/bid/106531 https://access.redhat.com/errata/RHSA-2019:3702 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html https://security.gentoo.org/glsa/201903-16 https://security.gentoo.org/glsa/202007- • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •