Max CVSS | 6.4 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-6111 | 5.8 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned
|
24-03-2023 - 18:12 | 31-01-2019 - 18:29 | |
CVE-2019-6110 | 4.0 |
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transfe
|
23-02-2023 - 23:29 | 31-01-2019 - 18:29 | |
CVE-2019-6109 | 4.0 |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t
|
23-02-2023 - 23:16 | 31-01-2019 - 18:29 | |
CVE-2018-20685 | 2.6 |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
|
23-02-2023 - 23:15 | 10-01-2019 - 21:29 | |
CVE-2019-7282 | 4.3 |
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is s
|
22-04-2022 - 20:41 | 31-01-2019 - 18:29 | |
CVE-2019-7283 | 5.8 |
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh serv
|
23-11-2021 - 22:14 | 31-01-2019 - 18:29 | |
CVE-2018-20684 | 6.4 |
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
|
15-01-2020 - 20:15 | 10-01-2019 - 21:29 |