CVSS: 5.9EPSS: 0%CPEs: 55EXPL: 3CVE-2019-6111 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). • https://www.exploit-db.com/exploits/46516 https://www.exploit-db.com/exploits/46193 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html http://www.openwall.com/lists/oss-security/2019/04/18/1 http://www.openwall.com/lists/oss-security/2022/08/02/1 http://www.securityfocus.com/bid/106741 https://access.redhat.com/errata/RHSA-2019:3702 https://bugzilla.redhat.com/show_bug.cgi?id=1677794 https://cert-portal.siemens.com/productcert/pdf/ssa-412672&# • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. • http://www.securityfocus.com/bid/106531 https://access.redhat.com/errata/RHSA-2019:3702 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html https://security.gentoo.org/glsa/201903-16 https://security.gentoo.org/glsa/202007- • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-2767 – mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
https://notcve.org/view.php?id=CVE-2018-2767
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/103954 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://usn.ubuntu.com/3725-2 https://www.debian.org/security/2018/dsa& • CWE-325: Missing Cryptographic Step •
CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-2952 – OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
https://notcve.org/view.php?id=CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104765 http://www.securitytracker.com/id/1041302 https://access.redhat.com/errata/RHSA-2018:2241 https://access.redhat.com/errata/RHSA-2018:2242 https://access.redhat.com/errata/RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2256 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2018-14354 – mutt: Remote code injection vulnerability to an IMAP mailbox
https://notcve.org/view.php?id=CVE-2018-14354
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto esto está relacionado con el comando mailboxes asociado con una suscripción o una baja manuales. • http://www.mutt.org/news.html http://www.securityfocus.com/bid/104925 https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-2 h • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •