In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NNetapp Element Software
APPNetappwszystkie wersjeNetapp Ontap Select Deploy
APPNetappwszystkie wersjeNetapp Storage Automation Store
APPNetappwszystkie wersjeOpenbsd OpenSSH
APPOpenbsd≤ 7.9Siemens Scalance X204rna
HWSiemenswszystkie wersjeSiemens Scalance X204rna Eec
HWSiemenswszystkie wersjeSiemens Scalance X204rna Eec Firmware
OSSiemens< 3.2.7Siemens Scalance X204rna Firmware
OSSiemens< 3.2.7Winscp
APPWinscp≤ 5.13
Powiązane podatności
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leadin...
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constr...
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by final...
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a ...
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have o...