CVSS: 9.8EPSS: 84%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2019-14889 – libssh: unsanitized location in scp could lead to unwanted command execution
https://notcve.org/view.php?id=CVE-2019-14889
10 Dec 2019 — A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. Se detectó un fallo con la función ssh_scp_new() de la AP... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •