182.92.234.77
{
"scan_id": 1746533890,
"ip": "182.92.234.77",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.92.0.0/16",
"postal_code": "",
"coordinates": {
"latitude": "39.911",
"longitude": "116.395"
},
"geo_point": "39.911, 116.395",
"locale_code": "en",
"continent": "Asia",
"country_code": "CN",
"country_name": "China",
"city": "Beijing"
},
"location_updated_at": "2025-05-08T16:10:46Z",
"asn": {
"number": "AS37963",
"organization": "Hangzhou Alibaba Advertising Co.,Ltd.",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.92.128.0/17",
"organization": "China Internet Network Information Center",
"descr": "China Internet Network Information Center,\nFloor1, Building No.1 C/-Chinese Academy of Sciences,\n4, South 4th Street,\nHaidian District,",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T11:27:07Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-05-08T16:10:46Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-05-08T16:13:28Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-05-08T16:10:46Z"
}
],
"services": [
{
"port": 21,
"protocol": "tcp",
"name": "ftp",
"version": "",
"product": "Pure-FTPd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:pureftpd:pure-ftpd",
"part": "a",
"vendor": "pureftpd",
"product": "pure\\-ftpd",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ftp": {
"banner": "220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\r\n220-You are user number 1 of 50 allowed.\r\n220-Local time is now 00:02. Server port: 21.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this server.\r\n220 You will be disconnected after 15 minutes of inactivity.\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "c1774059752043b4d1b5db24a89bdc0d7281002a",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "c1774059752043b4d1b5db24a89bdc0d7281002a"
},
"fingerprint_md5": "4C2D9B681AA15CEBF39DBF7A85568B78",
"fingerprint_sha1": "D1C7AD1563CC59609D8F5ABCEFF4C83E0A9172A6",
"fingerprint_sha256": "A3942237E7CB0B39B56B84E74268BBED46D518C3E739F5E04EF464CD73300CB6",
"issuer": {
"common_name": [
"182.92.234.77"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"Dongguan"
],
"organization": [
"BT-PANEL"
],
"organizational_unit": [
"BT"
],
"province": [
"Guangdong"
]
},
"issuer_dn": "/C=CN/ST=Guangdong/L=Dongguan/O=BT-PANEL/OU=BT/CN=182.92.234.77/[email protected]",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "15650248483354131655",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "M2MwOThhNmI4NzBkOGE5NWE1NDI1NzY2MzI3M2ZkMmNhZGQyZTU3Y2E3ODU2NTllMWNjNjdmNzQ0MmRmN2QyODZjMWZjMThiYTMzNmY1OGYxMGJhZGI0ZDhjMjUyMTUzMjNlY2NmMmM1ZGU3OTRhOWQxMzQxYjAzMzBiYjgwZmJmMzA2MWU5OWYzZDM4ZDUxMzEyN2JhY2FmZDM1MjY4MTZhOWI3ZjJjNDRkY2NjZDIzOTNiNDE2MzdiYWVjM2FkMjRhMDFjNWIwMzUyMGU1YjEzZGM3MWU2ZjQxMmY1MDE3YTFjNDJlYWMwMTdjZmVlMzQ3ODQ1NWVjZTA0MjYyNzMwMzNiYmMzMTUxMWRlN2FlMjE4NDdlYWFkOGQxOTRlMjFiYjU4ZTIxZDljMjNkYWE2YzMzMmYzODEzMjEyZThiYzVkNTcwMDg1NTg4MmZmNzVhYjEyMTgxNzhkYWQ1OWVkMTlmZGU4NmVkZDBiODI1OGI2NDQxODkzOTljZGM1YmFmNWRiOGI2NzY3MDM4ZmYwMGNiNmQwNzNjYjA2ODdlZDU5NjVlMzQ5NTQwZDUxMWI5OGNjOWM3NTkxOWVhNTM2OWQ1Y2U5OGNiMDc0ZTJhZjRlOWI0ZDNhNWNiMDBlNmZmMDI4NDFkNTIzNmFkOTMwM2YwM2U3OGNiMDVlNGY="
},
"subject": {
"common_name": [
"182.92.234.77"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"Dongguan"
],
"organization": [
"BT-PANEL"
],
"organizational_unit": [
"BT"
],
"province": [
"Guangdong"
]
},
"subject_alt_name": {
"dns_names": [
"182.92.234.77"
],
"extended_dns_names": []
},
"subject_dn": "/C=CN/ST=Guangdong/L=Dongguan/O=BT-PANEL/OU=BT/CN=182.92.234.77/[email protected]",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "c7d2f15a6f476d4f6dfc97b2df95530332e35c28f85604b9267415a87f8f2d89",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhhODY2NGI3OWNiYTkwZDU3MjIyOTU3MTc2Y2I4YWFhMWFkZjg0ZjNjZDYxM2RhMDI1MGJkODQ0ZDFkMDJhN2Q2ZDMzM2UwMDE1YTQ2MDAyNGQ2MjYxNzkxOTk4Y2M5ZGQyZjg4YTE0ZmUzMjk4NGM1Y2NhNjFiYTJmNDdlNDA3ZWFjMmViYjllZGEzNWNkZTM1NDZhMWEyOTk0YjE5ODA5NTk4MGY5MWUwN2I0ZjY4NGJkYzk3ZDFmOWNhYTZiODU2NDkyYzA4MDkxY2Q0OWNkM2IzNzZiNGQyNWEwYzg3NTY0ZGNjM2MzYmNhZTViYjYwYzYzMDEzZGRhZmE0NmI4MmJjMzlkNmNmZWQ1NTZmMWE4NDE5M2JiYWQzNmIyNzc1MTQwOGNmZjA4NzcxNWU3YmRiNmY0ZmM3ZmVmY2NlMTRiYjcyOTBlY2JkY2JlZDZlNmIwODg3ZTdjOGM2NmJjODUwZjhmNGQxZDQxZDY3YmEzZTVhNWQ1MWMyNDczYzNiNGU2M2FjOTBkYzBhMDI1MGM5ZWVlYmE1Y2IzOWQwMzMxZjc5MjRjNTM1NzFiZGM3Zjk5ZDI5OGJjOGRlYWQ1MmM5YjI4M2I1ZmY1ZDM2NWY3MWNkZTcxMDdmYzc0NDJjOTExNjhhYTVlYzI5N2Y1YWIyZDMwODUzMTYxMDNmNw=="
}
},
"tbs_fingerprint": "affe83220f5ea6366b7826d5d0bdba256b6d76e894df7a9b282c44e17168dd48",
"validation_level": "OV",
"validity": {
"length_seconds": 307584000,
"not_after": "2033-08-08T10:49:22",
"not_before": "2023-11-09T10:49:22"
},
"version": 2
},
"fingerprint_sha256": "A3942237E7CB0B39B56B84E74268BBED46D518C3E739F5E04EF464CD73300CB6",
"precert": false,
"raw": "MIID5TCCAs2gAwIBAgIJANkw2hO46zzHMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQHDAhEb25nZ3VhbjERMA8GA1UECgwIQlQtUEFORUwxCzAJBgNVBAsMAkJUMRYwFAYDVQQDDA0xODIuOTIuMjM0Ljc3MRowGAYJKoZIhvcNAQkBFgthZG1pbkBidC5jbjAeFw0yMzExMDkxMDQ5MjJaFw0zMzA4MDgxMDQ5MjJaMIGIMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQHDAhEb25nZ3VhbjERMA8GA1UECgwIQlQtUEFORUwxCzAJBgNVBAsMAkJUMRYwFAYDVQQDDA0xODIuOTIuMjM0Ljc3MRowGAYJKoZIhvcNAQkBFgthZG1pbkBidC5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhmS3nLqQ1XIilXF2y4qqGt+E881hPaAlC9hE0dAqfW0zPgAVpGACTWJheRmYzJ3S+IoU/jKYTFzKYbovR+QH6sLrue2jXN41RqGimUsZgJWYD5Hge09oS9yX0fnKprhWSSwICRzUnNOzdrTSWgyHVk3MPDvK5btgxjAT3a+ka4K8OdbP7VVvGoQZO7rTayd1FAjP8IdxXnvbb0/H/vzOFLtykOy9y+1uawiH58jGa8hQ+PTR1B1nuj5aXVHCRzw7TmOskNwKAlDJ7uulyznQMx95JMU1cb3H+Z0pi8jerVLJsoO1/102X3HN5xB/x0QskRaKpewpf1qy0whTFhA/cCAwEAAaNQME4wHQYDVR0OBBYEFMF3QFl1IEO00bXbJKib3A1ygQAqMB8GA1UdIwQYMBaAFMF3QFl1IEO00bXbJKib3A1ygQAqMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADwJimuHDYqVpUJXZjJz/Syt0uV8p4VlnhzGf3RC330obB/Bi6M29Y8QuttNjCUhUyPszyxd55Sp0TQbAzC7gPvzBh6Z89ONUTEnusr9NSaBapt/LETczNI5O0Fje67DrSSgHFsDUg5bE9xx5vQS9QF6HELqwBfP7jR4RV7OBCYnMDO7wxUR3nriGEfqrY0ZTiG7WOIdnCPapsMy84EyEui8XVcAhViC/3WrEhgXja1Z7Rn96G7dC4JYtkQYk5nNxbr124tnZwOP8Ay20HPLBoftWWXjSVQNURuYzJx1kZ6lNp1c6YywdOKvTptNOlywDm/wKEHVI2rZMD8D54ywXk8=",
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-05-08T16:45:40.139Z"
},
{
"port": 22,
"protocol": "tcp",
"name": "ssh",
"version": "7.4",
"product": "OpenSSH",
"extra_info": "protocol 2.0",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:openbsd:openssh:7.4",
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "7\\.4",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ssh": {
"banner": "SSH-2.0-OpenSSH_7.4",
"client_to_server_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]",
"aes128-cbc",
"aes192-cbc",
"aes256-cbc",
"blowfish-cbc",
"cast128-cbc",
"3des-cbc"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"client_to_server_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"host_key_algorithms": [
"ssh-rsa",
"rsa-sha2-512",
"rsa-sha2-256",
"ecdsa-sha2-nistp256",
"ssh-ed25519"
],
"kex_algorithms": [
"curve25519-sha256",
"[email protected]",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group-exchange-sha1",
"diffie-hellman-group14-sha256",
"diffie-hellman-group14-sha1",
"diffie-hellman-group1-sha1"
],
"key": {
"algorithm": "ecdsa-sha2-nistp256",
"fingerprint_sha256": "16739e7d234411aa9452a08401044d75e0c964258a68a906dd4327fa318d72d6",
"raw": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCKVssiAtqeamEiaC8VfayqQOwnOYRRyL4qrY8jPTQCWIIVfC6J12L+fdymBHT0rJwdDFFDrO+UyxEYUkTSgf0s="
},
"server_to_client_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]",
"aes128-cbc",
"aes192-cbc",
"aes256-cbc",
"blowfish-cbc",
"cast128-cbc",
"3des-cbc"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"server_to_client_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"software": "OpenSSH_7.4",
"version": "2.0"
}
},
"cve": [
{
"id": "CVE-2007-2768",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2008-3844",
"score": 9.3,
"severity": "high"
},
{
"id": "CVE-2016-20012",
"score": 5.3,
"severity": "medium"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-05-08T19:51:54.375Z"
},
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "nginx",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:igor_sysoev:nginx",
"part": "a",
"vendor": "igor_sysoev",
"product": "nginx",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<html>\n<head><title>404 Not Found</title></head>\n<body>\n<center><h1>404 Not Found</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>",
"body_murmur": -85749389,
"body_sha256": "301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f",
"component": [
"Nginx"
],
"content_length": 138,
"headers": {
"accept_ranges": [
"bytes"
],
"connection": [
"keep-alive"
],
"content_length": [
"138"
],
"content_type": [
"text/html"
],
"date": [
"Wed, 07 May 2025 11:35:52 GMT"
],
"etag": [
"\"65581b09-8a\""
],
"last_modified": [
"Sat, 18 Nov 2023 02:01:45 GMT"
],
"server": [
"nginx"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.92.234.77",
"path": "",
"scheme": "http"
}
},
"status_code": 200,
"title": "404 Not Found"
}
},
"url": "http://182.92.234.77/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-05-07T11:35:56.654Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "nginx",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:igor_sysoev:nginx",
"part": "a",
"vendor": "igor_sysoev",
"product": "nginx",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html>\n<html>\n\n <head>\n\n <meta charset=\"utf-8\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <meta name=\"description\" content=\"\">\n <meta name=\"author\" content=\"\">\n\n <title>山东欧德程序控制台</title>\n <link rel=\"shortcut icon\" href=\"/assets/img/favicon.ico\" />\n <!-- Bootstrap Core CSS -->\n <link href=\"/assets/libs/bootstrap/dist/css/bootstrap.min.css\" rel=\"stylesheet\">\n <link href=\"/assets/css/index.css\" rel=\"stylesheet\">\n\n <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->\n <!--[if lt IE 9]>\n <script src=\"https://cdn.staticfile.org/html5shiv/3.7.3/html5shiv.min.js\"></script>\n <script src=\"https://cdn.staticfile.org/respond.js/1.4.2/respond.min.js\"></script>\n <![endif]-->\n </head>\n\n <body id=\"page-top\">\n\n <nav id=\"mainNav\" class=\"navbar navbar-default navbar-fixed-top\">\n <div class=\"container\">\n <div class=\"navbar-header\">\n <button type=\"button\" class=\"navbar-toggle collapsed\" data-toggle=\"collapse\" data-target=\"#navbar-collapse-menu\">\n <span class=\"sr-only\">Toggle navigation</span>\n <span class=\"icon-bar\"></span>\n <span class=\"icon-bar\"></span>\n <span class=\"icon-bar\"></span>\n </button>\n <a class=\"navbar-brand page-scroll\" href=\"#page-top\">山东欧德程序控制台</a>\n </div>\n\n <div class=\"collapse navbar-collapse\" id=\"navbar-collapse-menu\">\n <ul class=\"nav navbar-nav navbar-right\">\n <li><a href=\"/\">首页</a></li>\n <!-- <li><a href=\"/index/user/index.html\">会员中心</a></li> -->\n </ul>\n </div>\n <!-- /.navbar-collapse -->\n </div>\n <!-- /.container-fluid -->\n </nav>\n\n <main id=\"mainbody\">\n <div class=\"container\">\n <div class=\"row\">\n <div class=\"col-sm-5\">\n <div class=\"index-text\">\n <div>\n <h1>山东欧德程序控制台</h1>\n </div>\n </div>\n </div>\n <div class=\"col-sm-7\">\n <div class=\"index-gallery\">\n <div>\n <svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" id=\"gallery-svg\" data-name=\"Gallery\" width=\"100%\" viewBox=\"0 0 1130.08 738.14\"><defs><linearGradient id=\"a340ed46-1652-4aba-8925-cf57be9109ca-84\" x1=\"421.41\" y1=\"548.67\" x2=\"423.73\" y2=\"548.67\" gradientUnits=\"userSpaceOnUse\"><stop offset=\"0\" stop-color=\"gray\" stop-opacity=\"0.25\"></stop><stop offset=\"0.54\" stop-color=\"gray\" stop-opacity=\"0.12\"></stop><stop offset=\"1\" stop-color=\"gray\" stop-opacity=\"0.1\"></stop></linearGradient></defs><title>pair programming</title><path d=\"M619.44,213.68c-71.37,12.06-142.64,6.89-211.2-.63s-136.95-17.34-208.35-14.38c-45.93,1.9-97.08,11-129.15,37.45C39.87,261.56,35.06,295.89,35,326.88c-.08,23.31,1.94,47.43,18.46,66,11.48,12.88,29.15,22.11,42.46,34,46.31,41.3,32.23,106.33,1.84,161.62-14.26,25.94-31.7,51.45-41.41,78s-11,55,6.38,76.65c17.22,21.47,50.53,33.57,85.26,39.84,70.54,12.74,149.13,4.83,225.17-5.89C541.45,753.29,708,716.17,874.19,679.14c61.49-13.71,123.25-27.48,182.49-47.24,32.9-11,66.4-24.69,87.65-46,27-27,27.68-63.93,1.66-86-43.66-37-142.48-28.79-176.25-71.09-18.58-23.29-10.49-54.92,4.3-82.86,31.71-59.92,93-119.12,85.06-178.86-5.48-41-47.29-74.93-103.33-83.77-58.74-9.26-134.18,8.3-168,49.56C753,175.39,682.46,203,619.44,213.68Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\" opacity=\"0.1\"></path><rect x=\"360\" y=\"359.24\" width=\"283.43\" height=\"65.63\" fill=\"#565661\"></rect><rect x=\"360\" y=\"359.24\" width=\"283.43\" height=\"65.63\" opacity=\"0.1\"></rect><polygon points=\"393.91 427.03 395.9 602.24 368.64 671.06 366.53 427.03 393.91 427.03\" fill=\"#bcbec9\"></polygon><polygon points=\"362.99 371.84 638.94 373.5 638.94 422.38 362.99 422.38 362.99 371.84\" fill=\"#565661\"></polygon><polygon points=\"615.33 427.03 638.94 430.36 638.94 668.4 615.33 595.59 615.33 427.03\" fill=\"#bcbec9\"></polygon><rect x=\"647.91\" y=\"361.87\" width=\"132.99\" height=\"282.6\" fill=\"#efeff0\"></rect><rect x=\"658.55\" y=\"369.72\" width=\"111.71\" height=\"217.23\" fill=\"#565661\"></rect><rect x=\"658.55\" y=\"369.72\" width=\"111.71\" height=\"217.23\" opacity=\"0.1\"></rect><rect x=\"658.55\" y=\"374.17\" width=\"111.71\" height=\"48.21\" fill=\"#565661\"></rect><rect x=\"658.55\" y=\"427.03\" width=\"111.71\" height=\"102.4\" fill=\"#565661\"></rect><rect x=\"658.55\" y=\"535.75\" width=\"111.71\" height=\"102.4\" fill=\"#565661\"></rect><rect x=\"658.55\" y=\"535.75\" width=\"111.71\" height=\"102.4\" opacity=\"0.1\"></rect><ellipse cx=\"663.21\" cy=\"653.67\" rx=\"7.2\" ry=\"9.2\" fill=\"#565661\"></ellipse><ellipse cx=\"763.06\" cy=\"654.11\" rx=\"7.2\" ry=\"9.2\" fill=\"#565661\"></ellipse><polygon points=\"359 671.06 368.64 671.06 365.99 364.32 351.35 364.32 359 671.06\" fill=\"#efeff0\"></polygon><polygon points=\"638.94 361.87 638.94 668.4 647.91 668.4 647.91 364.32 638.94 361.87\" fill=\"#efeff0\"></polygon><polygon points=\"366.46 419.38 366.46 430.36 638.94 430.36 638.94 422.38 366.46 419.38\" fill=\"#efeff0\"></polygon><polygon points=\"384.93 341.26 730.37 341.26 780.57 357.88 780.57 367.52 349.69 364.2 349.69 354.39 384.93 341.26\" fill=\"#fff\"></polygon><polygon points=\"349.69 354.39 780.57 357.88 780.57 367.52 349.69 364.2 349.69 354.39\" fill=\"#bcbec9\"></polygon><path d=\"M423.68,549.64l-2-.3c0-.09,0-.17,0-.25-.06-.47-.13-.93-.2-1.4.82.65,1.6,1.3,2.32,1.95Z\" transform=\"translate(-34.96 -80.93)\" fill=\"url(#a340ed46-1652-4aba-8925-cf57be9109ca-84)\"></path><path d=\"M380.22,704.05c1.3-.3,2.62-.55,3.94-.73a47.42,47.42,0,0,1,26.62,3.92c-.84,6.18-1.67,12.57.11,18.54,1.24,4.2,3.73,8,4.26,12.38a7.3,7.3,0,0,1,5.75,5.08,11.05,11.05,0,0,1,.57,3.56,19,19,0,0,1-.56,4.44,4.48,4.48,0,0,1-4.8,4c-7.74.88-15.33-2.17-22.53-5.16l-14-5.82c-1.64-.68-3.29-1.37-4.86-2.21a26.63,26.63,0,0,1-7.79-6.37A3.55,3.55,0,0,1,366,734c-.26-1.76,1.8-2.81,3.11-4a6.23,6.23,0,0,0,1-1.22c1.55-2.34,1.7-5.57,2.63-8.33,2.2-6.55,9-10.77,11.4-17.16.13-.35.25-.7.35-1.06\" transform=\"translate(-34.96 -80.93)\" fill=\"#a26565\"></path><path d=\"M421.47,746.8a19,19,0,0,1-.56,4.44,4.48,4.48,0,0,1-4.8,4c-7.74.88-15.33-2.17-22.53-5.16l-14-5.82c-1.64-.68-3.29-1.37-4.86-2.21a26.63,26.63,0,0,1-7.79-6.37A3.55,3.55,0,0,1,366,734c-.26-1.76,1.8-2.81,3.11-4a6.23,6.23,0,0,0,1-1.22c3.86.83,8.65,3.26,11.6,4.2a35.22,35.22,0,0,1,8.44,3.53c3.68,2.36,6.33,6,9.45,9s7.15,5.73,11.5,5.36a19,19,0,0,0,6.54-2.26Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M405.08,604.69a4.63,4.63,0,0,1-1.7,5c-1.31.81-3,.7-4.3,1.58-1.61,1.13-1.84,3.37-2.12,5.31-1,6.67-4.31,12.72-7.14,18.85s-5.22,12.82-4.18,19.48c.71,4.52,2.93,9.34.85,13.41-.51,1-1.27,1.89-1.85,2.86-2.85,4.76-1.23,10.79-1.34,16.33a3.23,3.23,0,0,1-.39,1.77,4.89,4.89,0,0,1-1.58,1.22,8.38,8.38,0,0,0-3.41,6.43,24.57,24.57,0,0,0,.9,7.46,4.44,4.44,0,0,0,1.23,2.6,4.6,4.6,0,0,0,2.69.76A59.84,59.84,0,0,1,401,712.19c3.79,1.58,7.47,3.56,11.5,4.32a3,3,0,0,0,2.36-.25,3.25,3.25,0,0,0,1-1.73c1.55-5.1,3.12-10.36,2.59-15.66-.23-2.28-.84-4.51-1-6.79-.7-9,5.39-17.12,7.32-26,.87-4,.87-8.14,1.49-12.18,1.68-11.07,7.78-21,10.13-31.95a34.73,34.73,0,0,1,1.52-6c1.75-4.24,5.8-7.68,5.89-12.27a4.78,4.78,0,0,0-.76-2.86,6.48,6.48,0,0,0-3.57-2,121.87,121.87,0,0,0-16.55-3.34,31.35,31.35,0,0,0-7.78-.54,22.9,22.9,0,0,0-9.52,3.36C401.76,600.68,404.24,601.25,405.08,604.69Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#454b69\"></path><path d=\"M405.08,604.69a4.63,4.63,0,0,1-1.7,5c-1.31.81-3,.7-4.3,1.58-1.61,1.13-1.84,3.37-2.12,5.31-1,6.67-4.31,12.72-7.14,18.85s-5.22,12.82-4.18,19.48c.71,4.52,2.93,9.34.85,13.41-.51,1-1.27,1.89-1.85,2.86-2.85,4.76-1.23,10.79-1.34,16.33a3.23,3.23,0,0,1-.39,1.77,4.89,4.89,0,0,1-1.58,1.22,8.38,8.38,0,0,0-3.41,6.43,24.57,24.57,0,0,0,.9,7.46,4.44,4.44,0,0,0,1.23,2.6,4.6,4.6,0,0,0,2.69.76A59.84,59.84,0,0,1,401,712.19c3.79,1.58,7.47,3.56,11.5,4.32a3,3,0,0,0,2.36-.25,3.25,3.25,0,0,0,1-1.73c1.55-5.1,3.12-10.36,2.59-15.66-.23-2.28-.84-4.51-1-6.79-.7-9,5.39-17.12,7.32-26,.87-4,.87-8.14,1.49-12.18,1.68-11.07,7.78-21,10.13-31.95a34.73,34.73,0,0,1,1.52-6c1.75-4.24,5.8-7.68,5.89-12.27a4.78,4.78,0,0,0-.76-2.86,6.48,6.48,0,0,0-3.57-2,121.87,121.87,0,0,0-16.55-3.34,31.35,31.35,0,0,0-7.78-.54,22.9,22.9,0,0,0-9.52,3.36C401.76,600.68,404.24,601.25,405.08,604.69Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.05\"></path><polygon points=\"350.55 674.47 342.02 674.47 336.44 559.83 336.05 553.31 343.3 550.76 343.79 557.69 350.55 674.47\" fill=\"#565661\"></polygon><polygon points=\"343.79 557.69 336.44 559.83 336.05 553.31 343.3 550.76 343.79 557.69\" opacity=\"0.1\"></polygon><polygon points=\"457.58 698.72 443.51 700.42 378.69 553.31 361.21 552.03 330.51 560.99 324.54 736.14 310.47 736.14 316.01 554.59 282.32 555.45 222.2 705.11 209.41 705.11 272.64 530.2 275.08 523.46 369.31 520.23 392.8 533.4 393.1 534.16 457.58 698.72\" fill=\"#565661\"></polygon><path d=\"M428.06,615.09c-20.25,6.1-41.27,12.76-41.27,12.76s-19.17,6.69-27.29,0a12.27,12.27,0,0,0-3.39-1.87,16.7,16.7,0,0,0,3.39,1.87l-51.9-16.73,2.43-6.73,94.24-3.23,23.49,13.17Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M332.21,586.06l38.37-8.53s91.68,17.06,98.5,23.88c0,0-73.34,14.92-81.44,20S331.35,632.11,332.21,586.06Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#fff\"></path><path d=\"M315.71,490.17c-3,9.51-11.19,18.08-21.16,18.49a3.69,3.69,0,0,1-2.11-.38c-1.25-.78-1.28-2.61-.77-4s1.4-2.64,1.54-4.1a2.68,2.68,0,0,0-.06-.89c-.26-1.19-1.23-2.25-2.37-2a4,4,0,0,0,.85-5.31,12,12,0,0,1-1.22-1.64c-.83-1.7.46-3.61,1-5.43,1.11-4-1.71-8-1.94-12.17-.2-3.73,1.69-7.24,2.16-10.94.75-6-2.23-11.75-2.58-17.74-.24-4.18.79-8.32,1.94-12.35,1-3.6,2.13-7.24,2.2-11,0-2.73-.47-5.43-.6-8.15a14.19,14.19,0,0,1,1.31-7.24,5.79,5.79,0,0,1,3.29-2.81c3.28-1.1,5.43.61,5.91,3.72.8,5.29.34,10.69,1.39,16a75,75,0,0,0,4.39,14.49c1.77,4.22,3.92,8.3,5.28,12.67a69.8,69.8,0,0,1,2.19,11C317.69,470.38,318.74,480.66,315.71,490.17Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M543.47,732.21a15.51,15.51,0,0,1-10.93,6.44c-4.34.54-8.85-.55-13.06.64a4,4,0,0,0-3,2.31,24.54,24.54,0,0,0-.19,2.45c-.49,2.67-4,3.27-6.73,3.25l-11.26-.07c-2.34,0-4.93-.13-6.61-1.75a4.92,4.92,0,0,1-.1-6.48,4.07,4.07,0,0,1,1.26-1,4,4,0,0,1-2.7-3.21,11.94,11.94,0,0,1,.21-4.41c0-4.18,1-11.18,3.94-14.45,3.61-4.07,9.87-9.33,15.32-10.42A12,12,0,0,1,520,708.46c2.58,2.4,4.46,6.16,8,6.58,1.93.24,3.79-.67,5.7-1a10.61,10.61,0,0,1,10.81,5.71,11.26,11.26,0,0,1,1,3.13A13,13,0,0,1,543.47,732.21Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a26565\"></path><path d=\"M543.47,732.21a15.51,15.51,0,0,1-10.93,6.44c-4.34.54-8.85-.55-13.06.64a4,4,0,0,0-3,2.31,24.54,24.54,0,0,0-.19,2.45c-.49,2.67-4,3.27-6.73,3.25l-11.26-.07c-2.34,0-4.93-.13-6.61-1.75a4.92,4.92,0,0,1-.1-6.48c6.5-.27,12.89,0,19.37-1.34,2.63-.53,5.22-1.23,7.88-1.6,5.76-.82,11.89-.12,17.18-2.56,4.41-2,7.57-6.07,9.44-10.61A13,13,0,0,1,543.47,732.21Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M513.76,716.4c-4,3.1-8.69,5.52-13.73,5.78s-10.39-2-12.86-6.38c-3.61-6.43-.41-15.37-4.83-21.27-1.38-1.85-3.37-3.16-4.83-4.95s-2.3-4.48-1-6.38c-1.57.6-3.23-.92-3.69-2.54s-.17-3.36-.45-5c-.73-4.35-5-7.14-7.05-11s-1.77-8.87-2-13.44a51,51,0,0,0-11.8-30.35c-1.36-1.62-3.1-3.27-5.22-3.19.37-3.66-2.07-7.16-5.23-9s-6.92-2.46-10.58-2.82c-36.93-3.64-75.41,10.09-110.67-1.46-9.81-3.21-19.27-8.58-25.27-17a29.72,29.72,0,0,1-5.29-22.48l0-.14c1.39-7.1,5.14-8.85,11.35-12.09A136.24,136.24,0,0,1,323,543.3c15-4.69,31.15-6.38,46.63-2.94,7.23,1.62,14.2,4.3,21.44,5.87,2.85.62,5.72,1.06,8.61,1.43,4.49.56,9,.93,13.52,1.45a204.53,204.53,0,0,1,42.46,9.55c5.13,1.74,10.26,3.73,14.67,6.88A32.5,32.5,0,0,1,483.37,587c.42,2.94.43,6,1.07,8.85a45,45,0,0,0,2.4,7,465.63,465.63,0,0,1,20.89,65,15.79,15.79,0,0,0,1.67,4.7c1.28,2.07,3.48,3.46,4.77,5.53,3,4.88.11,11.69,2.77,16.77.92,1.76,2.45,3.15,3.37,4.91C523.31,705.53,518.88,712.43,513.76,716.4Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#454b69\"></path><path d=\"M462.66,601.5a16.5,16.5,0,0,0,3.63-4,7.46,7.46,0,0,0,1.1-5.17,14.79,14.79,0,0,1-3.89,12.72c-2.51,2.57-7.22,5.09-10.89,4.21C453.13,606.32,460.33,603.48,462.66,601.5Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M400.18,551.66a6.71,6.71,0,0,1-4.44,4.58,18.5,18.5,0,0,1-6.59.77l-2,0c-26.24-.58-52.76-6.4-78.39-.85a56.76,56.76,0,0,0-9.06,2.67,40.9,40.9,0,0,0-10.41,6l0-.14c1.39-7.1,5.14-8.85,11.35-12.09A136.24,136.24,0,0,1,323,543.3c15-4.69,31.15-6.38,46.63-2.94,7.23,1.62,14.2,4.3,21.44,5.87,2.85.62,5.72,1.06,8.61,1.43A6.91,6.91,0,0,1,400.18,551.66Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M400.18,550.23a6.7,6.7,0,0,1-4.44,4.59,18.27,18.27,0,0,1-6.59.76l-2,0c-26.24-.58-52.76-6.4-78.39-.85a57.78,57.78,0,0,0-9.06,2.66,41.2,41.2,0,0,0-10.85,6.4q-1.15-3.16-2.29-6.33c-.92-2.52,2-3.08,2.56-5.34.37-1.53-.26-3.27-.58-4.9a8.55,8.55,0,0,1-.16-1.21c-.18-3.61,1.11-5.69,4.07-7.64,8.78-5.8,19.49-9.78,29.51-12.77a73,73,0,0,1,16.4-3.18c7.88-.46,15.75,1,23.42,2.85,9.43,2.33,18.76,5.41,27.12,10.34C393,538,397,541,399.21,545.26A7.6,7.6,0,0,1,400.18,550.23Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a26565\"></path><path d=\"M315.71,490.17c-3,9.51-11.19,18.08-21.16,18.49a3.69,3.69,0,0,1-2.11-.38c-1.25-.78-1.28-2.61-.77-4s1.4-2.64,1.54-4.1a2.68,2.68,0,0,0-.06-.89c5.29-7.46,10.42-15,12.45-23.83a12.74,12.74,0,0,0,.37-4.67c-.27-1.8-1.18-3.43-1.68-5.17-.88-3.08-.47-6.34-.22-9.53A88,88,0,0,0,297.23,415c-1.35-3.12-2.89-6.28-3.36-9.61a5.79,5.79,0,0,1,3.29-2.81c3.28-1.1,5.43.61,5.91,3.72.8,5.29.34,10.69,1.39,16a75,75,0,0,0,4.39,14.49c1.77,4.22,3.92,8.3,5.28,12.67a69.8,69.8,0,0,1,2.19,11C317.69,470.38,318.74,480.66,315.71,490.17Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M400.18,550.23a6.7,6.7,0,0,1-4.44,4.59,18.27,18.27,0,0,1-6.59.76l-2,0a43.57,43.57,0,0,0-29-7c-3.26.39-6.52,1.15-9.78.85-6.59-.6-11.93-5.34-17.8-8.37a37.38,37.38,0,0,0-41.43,5.62l-.57.5a8.55,8.55,0,0,1-.16-1.21c-.18-3.61,1.11-5.69,4.07-7.64,8.78-5.8,19.49-9.78,29.51-12.77a73,73,0,0,1,16.4-3.18c7.88-.46,15.75,1,23.42,2.85,9.43,2.33,18.76,5.41,27.12,10.34C393,538,397,541,399.21,545.26A7.6,7.6,0,0,1,400.18,550.23Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M422.61,440.69l-.14.36c-2.24,5.81-6.36,10.72-9,16.38-3.33,7.17-4.15,15.21-4.89,23.09-.64,6.75-1.27,13.54-.76,20.31,1.28,16.68,9.43,32.5,11.61,48.86a54.31,54.31,0,0,1,.41,11.41c-.18,2.41-.62,5-2.22,6.78s-4.71,2.48-6.43.77c.77-1.47,1.55-2.93,2.33-4.4-4.57-3.55-11.45-1-16.79-3.22-2.35-1-4.23-2.8-6.2-4.41a43.48,43.48,0,0,0-32.39-9.46c-3.26.4-6.52,1.16-9.78.86-6.59-.61-11.93-5.34-17.8-8.37a37.4,37.4,0,0,0-41.43,5.61c-1.4,1.3-3.28,2.82-5,2a4.16,4.16,0,0,1-1.55-1.69c-6.55-11.19-1.73-25.62,5.27-36.52S304.12,488.1,307,475.47a12.53,12.53,0,0,0,.37-4.67c-.27-1.8-1.18-3.43-1.68-5.17-.88-3.08-.47-6.34-.22-9.53A88,88,0,0,0,298.65,415c-1.6-3.73-3.5-7.51-3.5-11.56,0-6.38,4.57-11.67,8.35-16.8,4.35-5.9,8-12.43,13.51-17.28,5.22-4.61,12.78-7.43,19.24-5.09A119.94,119.94,0,0,1,369.81,361c3.9.18,7.93.59,11.35,2.48,3.66,2,6.29,5.56,9.89,7.69,2.63,1.57,5.66,2.31,8.52,3.41A35.21,35.21,0,0,1,417.93,391c4,7.75,5,16.66,5.88,25.34C424.65,424.51,425.45,433,422.61,440.69Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M407.82,500.83c1.28,16.68,9.43,32.5,11.61,48.86C415.07,546,409,542.29,408.19,538c-.9-4.64-3.78-10.72-4.26-15.41s2.81-10.42-.64-13.64c-1.68-1.57,2.79-1.13,1.15-2.74-3.69-3.59-4.6-9.12-4.83-14.25-.39-9.08.76-18.26-.91-27.19-1-5.51-3.09-10.76-4.76-16.11-1.94-6.23-3.34-12.61-4.74-19a133.12,133.12,0,0,1-3-17.26c-.43-5-.23-10.3,2-14.86s6.74-8.26,11.8-8.19c16.92.22,14,23.16,17.72,33.76,1.49,4.22,3.5,8.3,4.31,12.7a33.66,33.66,0,0,1,.48,5.22c-2.24,5.81-6.36,10.72-9,16.38-3.33,7.17-4.15,15.21-4.89,23.09C407.94,487.27,407.31,494.06,407.82,500.83Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M418.82,422.85c1.49,4.22,3.5,8.3,4.31,12.7,1.35,7.37-.74,15.2,1.53,22.34a38.92,38.92,0,0,1,1.48,4.67c.39,2.27-.06,4.59-.06,6.9,0,3.72,1.17,7.32,2.21,10.89a194.63,194.63,0,0,1,6.95,37.16,46.59,46.59,0,0,0,1.59,10,33.21,33.21,0,0,1,1.08,3.38,17.48,17.48,0,0,1,.19,4.63c-.27,4.9-.82,9.82-.27,14.7s2.33,9.83,6,13.1c-3.28.71-6.75,1.42-9.95.37-4.5-1.47-7.2-6-9.49-10.12-2.9-5.26-13.92-10-15.06-15.91-.89-4.63-3.77-10.71-4.25-15.41s2.8-10.41-.65-13.63c-1.67-1.57,2.8-1.14,1.15-2.74-3.68-3.59-4.59-9.12-4.82-14.26-.39-9.07.75-18.25-.91-27.18-1-5.51-3.09-10.76-4.76-16.12-1.94-6.22-3.34-12.6-4.74-19a131.73,131.73,0,0,1-3-17.26c-.43-5-.24-10.31,2-14.87s6.75-8.25,11.8-8.19C418,389.3,415.1,412.25,418.82,422.85Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M370.6,426.76c1.58,1.85,3.61,3.88,6,3.52a1.3,1.3,0,0,1-1.77.42,3.8,3.8,0,0,1-1.33-1.53l-3.42-5.77c-.45-.75-3.55-5.12-4.31-2.6C365.47,421.87,369.83,425.86,370.6,426.76Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M368.76,441.15a7.62,7.62,0,0,0-2.23-5,12.5,12.5,0,0,0-4.13-2.49c-3.75-1.54-8.19-2.78-12.26-2.58,1.48,2.16,6.23,3.45,8.61,4.67Q363.81,438.36,368.76,441.15Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M379.41,482.11c-.69,5.12-4.88,9-9.12,12s-9,5.58-11.77,9.92c-1.92,3-2.78,6.48-4.41,9.61-1.8,3.45-4.49,6.35-6.64,9.59s-3.83,7.11-3.17,10.95a1.29,1.29,0,0,0,.46.92,1.31,1.31,0,0,0,1.27-.14c4.36-2.28,6.08-7.49,7.91-12a138.65,138.65,0,0,1,6.48-13.32c1.08-2,2.27-4.18,4.28-5.29a37.55,37.55,0,0,1,4.22-1.47,14.19,14.19,0,0,0,5.21-4.09,34.34,34.34,0,0,0,8-23.31c-.06-1.79-.16-10.41-2.85-7.75S379.87,478.63,379.41,482.11Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M386,285.74c8.6,3.75,16,12,15.73,21.35-.23,9.82-8.45,19.07-5.62,28.48,1.64,5.46,6.58,9.12,10.49,13.27,14.89,15.76,14.86,43.27-.08,59-5.72,6-13.07,10.27-19.12,16-21.33,20.1-22.24,54.87-10.82,81.86a133.14,133.14,0,0,1-26.62,3c-4.19,0-9.32-.71-10.84-4.62-1.4-3.61,1-8.49-1.76-11.16-1.3-1.25-3.25-1.42-5-1.71-11.26-1.82-20.5-10.81-24.72-21.4s-4-22.51-1.58-33.65c1.72-8.05,4.41-16.91.42-24.11-5-9.06-19.38-12.88-19.16-23.24.18-8.49,10.19-12.62,15.87-18.93,10.48-11.62,5.49-29.65,5.47-45.31,0-13.78,4.82-28,15.08-37.18C339,273.62,368.39,278.09,386,285.74Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a26565\"></path><g opacity=\"0.1\"><path d=\"M308.12,401.78c-4.39-7.92-15.92-11.84-18.6-19.63a11.09,11.09,0,0,0-2.16,6.26c-.22,10.36,14.14,14.18,19.16,23.25a18.89,18.89,0,0,1,2,10.42C310.1,415.12,311.49,407.86,308.12,401.78Z\" transform=\"translate(-34.96 -80.93)\"></path><path d=\"M397.26,322.75c1.8-5.25,4.41-10.55,4.54-16a15,15,0,0,0-.05-1.77C399.74,311,396.66,316.84,397.26,322.75Z\" transform=\"translate(-34.96 -80.93)\"></path><path d=\"M309.84,350.72c3.44-10.87.47-24.35.46-36.41,0-1.46.06-2.93.17-4.39a57.74,57.74,0,0,0-1.78,14.26C308.71,332.79,310.22,342.13,309.84,350.72Z\" transform=\"translate(-34.96 -80.93)\"></path><path d=\"M408.19,397.61c-5.72,6-13.07,10.27-19.12,16-10.8,10.17-16.35,24.1-17.74,38.87,2.58-11,7.79-21.13,16.14-29,6-5.7,13.4-9.95,19.12-16a42.49,42.49,0,0,0,11.15-27.06A40.61,40.61,0,0,1,408.19,397.61Z\" transform=\"translate(-34.96 -80.93)\"></path><path d=\"M351.63,498.44c-4.19,0-9.32-.72-10.84-4.63-1.4-3.6,1-8.48-1.76-11.16-1.3-1.25-3.26-1.42-5-1.71-11.25-1.81-20.49-10.81-24.71-21.39-3.11-7.82-3.78-16.35-3-24.77-.08.33-.15.66-.22,1-2.38,11.14-2.63,23.07,1.58,33.66s13.46,19.58,24.71,21.39c1.78.29,3.74.47,5,1.71,2.79,2.68.36,7.56,1.76,11.16,1.52,3.91,6.65,4.68,10.84,4.63a133.23,133.23,0,0,0,26.62-3,89.38,89.38,0,0,1-3.23-8.93A132.74,132.74,0,0,1,351.63,498.44Z\" transform=\"translate(-34.96 -80.93)\"></path></g><path d=\"M384.38,454.83c2.47,1.86,5.15-5.23,3.62-7C387.59,448.29,384,454.57,384.38,454.83Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M394.91,583.17c2.91-1,6-2,7.9-4.4,1.57-1.93,2.86-9.59-.46-5.92C399.53,576,398.2,580.15,394.91,583.17Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M424.54,575.14c-.35,2.36-1,4.81-2.67,6.51-.31.32-1,.52-1.09.09a25.29,25.29,0,0,0,5.16-3.64c3.38-3.35,3.84-11.6-1.31-13.79C424.58,567.93,425.09,571.46,424.54,575.14Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M460.11,560.27s-28.38-11.15-38.64-10,11.62,17.32,11.62,17.32l13.08,8.82s8-3,8.53-3.23S460.11,560.27,460.11,560.27Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#454b69\"></path><path d=\"M264.84,440.65s21.32-12.36,49.46,3,32.83,105.75,32.83,105.75S335.62,641.49,380,621c0,0,81-25.15,89.11-19.61,0,0,7.68,0-7.67,3.41S386.79,627,386.79,627s-19.17,6.7-27.29,0-31.13.86-34.12-45.2a801,801,0,0,0-10.66-86.56l-7.91-23.45Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#565661\"></path><path d=\"M262.28,583.07s9.38-93.38-6-127.07c-13.38-29.36,38.36-15.63,51.86-11.63a9.83,9.83,0,0,1,5.18,3.7c8,11.25,36.7,56.34,28.24,116.67,0,0-3.41,53.73,17.91,62.25l-65.69-21.16c-5.33-1.72-10.74-3.15-16.2-4.39C270.62,599.86,259.28,595.37,262.28,583.07Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#fff\"></path><polygon points=\"694.53 676.47 703.06 676.47 708.65 561.83 709.03 555.31 701.78 552.76 701.3 559.69 694.53 676.47\" fill=\"#565661\"></polygon><polygon points=\"701.3 559.69 708.65 561.83 709.03 555.31 701.78 552.76 701.3 559.69\" opacity=\"0.1\"></polygon><path d=\"M658.27,713.13a19.23,19.23,0,0,1-1.2,4.58,8.09,8.09,0,0,1-3.65,4.56,9.64,9.64,0,0,1-3.69.73c-4.71.28-9.69.21-13.74-2.19a25,25,0,0,1-4.71-3.93,214.9,214.9,0,0,1-24.72-29.4c-1.23-1.77-2.5-3.86-1.95-6a93.21,93.21,0,0,0,26.77-12.25,12.92,12.92,0,0,1,3.76-2,20.43,20.43,0,0,1,7.06-.26c2.27.37,2.37.44,3.24,3,1.44,4.33,1.2,9,2.82,13.33a41.3,41.3,0,0,0,3.74,6.84C656.18,697.13,659.39,705.38,658.27,713.13Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a26565\"></path><path d=\"M658.27,713.13a19.23,19.23,0,0,1-1.2,4.58,8.09,8.09,0,0,1-3.65,4.56,9.64,9.64,0,0,1-3.69.73c-4.71.28-9.69.21-13.74-2.19a25,25,0,0,1-4.71-3.93,214.9,214.9,0,0,1-24.72-29.4c-1.23-1.77-2.5-3.86-1.95-6a92.81,92.81,0,0,0,9.16-3.06l.15.11c3.07,2.19,5.3,5.33,7.47,8.41l7,9.85a29,29,0,0,0,4.39,5.3,29.38,29.38,0,0,0,6.79,4.08c3.29,1.59,6.58,3.18,10,4.46C651.78,711.52,655.52,711.87,658.27,713.13Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M664.73,606.34a30.1,30.1,0,0,1-2.5,4.77A204.16,204.16,0,0,0,640.91,661c-1.38-.31-2.16,1.57-2.15,3s0,3.23-1.32,3.75c-.39.15-.83.15-1.21.32-.84.38-1.08,1.45-1.2,2.37l-1.18,8.66c-.41,3-.77,6.25.7,8.9a14.23,14.23,0,0,0,3.87,4l19.52,15.4c.8.63,1.79,1.3,2.75.95,2.19-.8.25-4.72,2-6.31,1.16-1.09,3-.27,4.61-.4,2.1-.16,3.69-2.09,4.22-4.12a19.59,19.59,0,0,0,.11-6.26,5.68,5.68,0,0,1,.32-2.81,6.82,6.82,0,0,1,2.39-2.29,25.66,25.66,0,0,0,10.51-21.64,12,12,0,0,1,.14-3.83,10.09,10.09,0,0,1,1.81-3.16c7.09-9.59,13-20,18.87-30.39,3.38-6,6.82-12.09,8-18.85a1.75,1.75,0,0,0-1.44-2.4,68,68,0,0,0-8.94-2.14c-9.19-1.86-18.06-4.73-27-7.49S667.42,599.12,664.73,606.34Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#454b69\"></path><polygon points=\"587.5 700.72 601.58 702.42 666.39 555.31 683.87 554.03 714.58 562.99 720.54 738.14 734.61 738.14 729.07 556.59 762.76 557.45 822.88 707.11 835.67 707.11 772.44 532.2 770.01 525.46 675.77 522.23 652.28 535.4 651.98 536.16 587.5 700.72\" fill=\"#565661\"></polygon><path d=\"M686.94,617.09c20.25,6.1,41.27,12.76,41.27,12.76s19.17,6.69,27.29,0a12.27,12.27,0,0,1,3.39-1.87,16.7,16.7,0,0,1-3.39,1.87l51.9-16.73L805,606.39l-94.24-3.23-23.49,13.17Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M782.79,588.06l-38.37-8.53s-91.68,17.06-98.5,23.88c0,0,73.34,14.92,81.44,20S783.65,634.11,782.79,588.06Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#fff\"></path><path d=\"M640.41,725.14c-2.31,4.4-8,5.64-13,5.71a54.89,54.89,0,0,1-20.32-3.63c-3.7-1.42-7.25-3.25-11.07-4.29-5.69-1.56-12-1.43-17-4.56a20,20,0,0,1-6.39-6.93c-.29-.49-.57-1-.83-1.52-2.39-4.65-3.5-10.06-2.17-15.08s6.16-10.55,11.76-10.47c6.65.1,14.58,3.25,21,4.88,8,2,16,4.31,23.07,8.54,5.92,3.56,11.15,8.67,13.94,14.91a25.27,25.27,0,0,1,1.32,3.72C641.59,719.3,641.79,722.51,640.41,725.14Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a26565\"></path><path d=\"M640.41,725.14c-2.31,4.4-8,5.64-13,5.71a54.89,54.89,0,0,1-20.32-3.63c-3.7-1.42-7.25-3.25-11.07-4.29-5.69-1.56-12-1.43-17-4.56a20,20,0,0,1-6.39-6.93c-.29-.49-.57-1-.83-1.52,1,.08,1.92.18,2.42.23,6.14.59,12,2.83,17.86,4.52a100.32,100.32,0,0,0,25,3.9c6,.17,12.26-.27,17.5-3.2a45.91,45.91,0,0,1,4.86-2.67,25.27,25.27,0,0,1,1.32,3.72C641.59,719.3,641.79,722.51,640.41,725.14Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M683.38,535c-13-2.13-26.24-2.65-39.42-3.17l-16.12-.64a7.31,7.31,0,0,0-3.39.41,22.09,22.09,0,0,0-2.65,2c-1.62,1.1-3.69,1.22-5.64,1.33A280.77,280.77,0,0,0,575,540.27c-7,1.43-14.27,3.3-19.53,8.13-5.56,5.11-8,12.9-8.19,20.44s1.79,14.95,3.88,22.19a101.09,101.09,0,0,1,4.37,26.86,50.25,50.25,0,0,0,.29,7.57,36.22,36.22,0,0,0,2.11,7l7.36,19.65c.65,1.72,1.29,3.43,2,5.11s1.39,3,2,4.58c.9,2.16,1.61,4.4,2.32,6.63l4.9,15.39.64,2c1.77,5.54,3.58,11.18,6.92,15.94s8.51,8.6,14.32,8.89a43.86,43.86,0,0,1,5.62.15,22.72,22.72,0,0,1,4.61,1.67,35.17,35.17,0,0,0,13.77,2.69c4.35,0,9.18-1.21,11.54-4.87,1.3-2,1.64-4.46,2-6.82.63-4.74,1.24-9.69-.37-14.19-1-2.69-2.68-5-3.84-7.65-1.62-3.61-2.15-7.6-3.2-11.41a43.58,43.58,0,0,0-13.3-21.16,208.58,208.58,0,0,1-5-27.38,24.09,24.09,0,0,0-1.21-6c-1.17-3-3.54-5.43-4.53-8.49-.93-2.84-.65-6.12-2.34-8.57,14.07,3.87,28,3,42.61,2.77a116.42,116.42,0,0,0,14-.8,44,44,0,0,1,6.56-.7c4.52,0,8.76,2,12.91,3.76,11.73,5,24.09,8.93,36.83,9.47,13.15.55,26.15-2.54,39-5.6,5.65-1.35,11.52-2.81,16-6.52s7-10.4,4.24-15.49c-2.1-3.83-6.45-5.71-10.51-7.31-11.24-4.44-22.54-8.77-33.37-14.14C713.87,556,701.5,538,683.38,535Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#454b69\"></path><path d=\"M660.2,489.76c-1.57,3.4-4.21,6.18-6.16,9.38a23.77,23.77,0,0,0-3,17.65,20.08,20.08,0,0,0,11.25,13.69,28.23,28.23,0,0,0,7.8,1.88c3.52.43,7.27.52,10.38-1.18A15.16,15.16,0,0,0,686,525.4c2.69-4.5,4.22-9.57,5.62-14.62,2.59-9.32,4.8-18.88,4.48-28.55-.11-3.33-.77-7.08-3.53-9a11.87,11.87,0,0,0-4.64-1.52l-13.19-2.36c-2.55-.46-7-2.33-9.21-.49s-2.38,7.28-2.76,9.83C662.17,482.46,661.8,486.29,660.2,489.76Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a1616a\"></path><path d=\"M820.53,451.08,817.08,480a133,133,0,0,0-1.23,15.56c0,2.9.09,6.12-1.83,8.29a7.56,7.56,0,0,1-3.44,2.07c-4.19,1.3-8.76.14-12.76-1.65-2.34-1-4.73-2.45-5.79-4.78a11.88,11.88,0,0,1-.75-5.07c0-17.25,1.63-35.24,10.64-49.94a10.89,10.89,0,0,1,3.17-3.66c2.5-1.6,5.77-1.15,8.6-.28,1.74.53,6.44,1.12,7.55,2.67S820.77,449.09,820.53,451.08Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a1616a\"></path><circle cx=\"694.04\" cy=\"229.57\" r=\"36\" fill=\"#a1616a\"></circle><path d=\"M719.37,364.15a18.57,18.57,0,0,1-2.23,8q27.57-4.2,55-9.36a25.83,25.83,0,0,1-12.76-15,42.36,42.36,0,0,1-1.62-10.69,123.57,123.57,0,0,1,.33-17.21c-6.4.67-12.46,3.07-18.56,5.13a183,183,0,0,1-18.69,5.23c-3.05.68-6.12,1.26-9.2,1.8-3.6.64-5.33.63-2.83,3.79C715.52,344.28,720.31,352.86,719.37,364.15Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#a1616a\"></path><path d=\"M730.43,359.34c-4.75.71-9.73,1.51-13.52,4.45a51,51,0,0,0-4.11,3.95c-7.53,7.31-18.16,10.25-27.3,15.41a12,12,0,0,0-3.88,3.05c-1,1.39-1.51,3.16-2.56,4.54-1.22,1.6-3.15,2.6-4.1,4.37s-.74,3.65-.84,5.53c-.23,4.13-1.79,8.05-3,12-5.55,18.91-2.51,40-10.91,57.86a8.13,8.13,0,0,0,4.42,4.62,25.1,25.1,0,0,0,6.56,1.41l18.61,2.31c2.66.33,5.48.64,7.91-.47a92.94,92.94,0,0,0-4.69,18.93,94.28,94.28,0,0,1-2.1,11.72c-2.56,8.8-9,16.13-16.63,21.14a6.15,6.15,0,0,0-2.35,2.17c-1,2,.48,4.24,1.53,6.2,3.05,5.68,2.63,12.5,2.59,18.94s.61,13.51,5.11,18.13c2.66,2.73,6.3,4.21,9.84,5.62l29.11,11.63a101.45,101.45,0,0,0,14.82,5c7.67,1.75,15.64,1.68,23.51,1.34q7.8-.33,15.58-1a12.12,12.12,0,0,0,5.89-1.55,11,11,0,0,0,3.45-4.68c4.05-8.81,5.41-19.09,11.69-26.47,4.31-5.07,11-9.12,11.49-15.75.23-3.3-1.24-6.51-1.26-9.82,0-4.07,2.13-7.94,2-12-.27-6.61-6.5-11.65-7.49-18.19-2.52-16.58,5.9-33.14,11.07-49.09.93-2.85,2.13-6,4.87-7.22s6.6-.58,7.58-3.28c2.47-6.78,3.06-14.73,2.74-21.94-.18-4.17-1.66-8.25-1.49-12.43.12-2.94,1.06-5.8,1.31-8.73.38-4.43-.79-8.83-2-13.11a20.54,20.54,0,0,0-1.56-4.42,21,21,0,0,0-2.6-3.57l-4.87-5.79c-2.28-2.71-4.69-5.52-8-6.89-1.07-2.65-4.49-4.48-6.94-5.94a71.12,71.12,0,0,0-7.64-3.75l-27.54-12.16a11.28,11.28,0,0,0-3.27-1.06,10.59,10.59,0,0,0-4.86,1C748.2,354.68,739.43,358,730.43,359.34Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M701.26,316.76c-1.06-3.73-3.77-6.95-4.18-10.81-.37-3.43,1.14-6.75,2-10.09s.83-7.42-1.82-9.64c-.44-.38-1-.72-1.16-1.28-.32-1,.69-1.91,1-2.92.57-2-1.9-4.21-1-6.13.51-1.05,1.79-1.42,2.91-1.75,4.28-1.27,8.62-4.09,9.55-8.46,3.35,1.4,6.92-1.23,9.49-3.78s5.73-5.46,9.27-4.69l-.79,1.61a25.6,25.6,0,0,1,16.93-.19l-1.68,0a23.22,23.22,0,0,1,13.39,4.53c-.43,0-.47.64-.3,1,1.4,3.27,5,5,8.47,5.81,2.09.5,4.36.86,5.89,2.36s1.56,4.63-.46,5.35a52.6,52.6,0,0,1,11.61,6.3c1,.73,2.13,1.72,2,3a9.76,9.76,0,0,1-.62,1.87,6.47,6.47,0,0,0,.21,3.2l1.11,4.58c1.22,5.09,2.18,11.22-1.53,14.91a13.69,13.69,0,0,1-2.41,16.16,6.66,6.66,0,0,1-5,8.61c1.23,1.92.1,4.66-1.84,5.86s-4.38,1.21-6.64,1-4.55-.72-6.81-.38c-3.29.51-6.51,2.75-9.68,1.75a21.73,21.73,0,0,1-3.39-1.82c-2.22-1.19-4.8-1.46-7.26-2a33.54,33.54,0,0,1-11.73-5,13.75,13.75,0,0,1-5.39-6c-2.2-5.56,1.5-12.85-2.39-17.38-2.28-2.64-6.8-2.68-9.35-.42-1.27,1.13-1.44,3.51-2.76,4.36A17.45,17.45,0,0,1,701.26,316.76Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#464353\"></path><path d=\"M652.34,603.5a16.5,16.5,0,0,1-3.63-4,7.46,7.46,0,0,1-1.1-5.17,14.79,14.79,0,0,0,3.89,12.72c2.51,2.57,7.22,5.09,10.89,4.21C661.87,608.32,654.67,605.48,652.34,603.5Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M850.16,442.65s-21.32-12.36-49.46,3-32.83,105.75-32.83,105.75S779.38,643.49,735,623c0,0-81-25.15-89.11-19.61,0,0-7.68,0,7.67,3.41S728.21,629,728.21,629s19.17,6.7,27.29,0,31.13.86,34.12-45.2a801,801,0,0,1,10.66-86.56l7.91-23.45Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#565661\"></path><path d=\"M852.72,585.07s-9.38-93.38,6-127.07c13.38-29.36-38.36-15.63-51.86-11.63a9.83,9.83,0,0,0-5.18,3.7c-8,11.25-36.7,56.34-28.24,116.67,0,0,3.41,53.73-17.91,62.25l65.69-21.16c5.33-1.72,10.74-3.15,16.2-4.39C844.38,601.86,855.72,597.37,852.72,585.07Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#fff\"></path><ellipse cx=\"989.97\" cy=\"670.07\" rx=\"97.44\" ry=\"15.65\" fill=\"#94acef\" opacity=\"0.1\"></ellipse><rect x=\"986.83\" y=\"370.26\" width=\"6.27\" height=\"141.17\" fill=\"#535461\"></rect><path d=\"M1067.47,591.93l-.39,6.36-.56,9-.23,3.74-.55,9-.24,3.74-.56,9-6.32,102.07A17.3,17.3,0,0,1,1041.36,751h-32.87a17.28,17.28,0,0,1-17.24-16.22L984.91,632.7l-.55-9-.23-3.74-.57-9-.23-3.74-.55-9-.4-6.36a9,9,0,0,1,8.94-9.51h67.22A9,9,0,0,1,1067.47,591.93Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#565661\"></path><polygon points=\"1032.12 517.36 1031.56 526.33 948.38 526.33 947.82 517.36 1032.12 517.36\" fill=\"#9d9cb5\"></polygon><polygon points=\"1031.33 530.08 1030.78 539.06 949.17 539.06 948.61 530.08 1031.33 530.08\" fill=\"#9d9cb5\"></polygon><polygon points=\"1030.54 542.8 1029.98 551.77 949.96 551.77 949.4 542.8 1030.54 542.8\" fill=\"#9d9cb5\"></polygon><path d=\"M973.2,504.1c36.52,26.42,51.73,67.74,51.73,67.74s-44-1.51-80.53-27.93-51.72-67.73-51.72-67.73S936.69,477.69,973.2,504.1Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M892.68,476.18s45.67,25.35,60.33,46.34,71.92,49.32,71.92,49.32\" transform=\"translate(-34.96 -80.93)\" fill=\"none\" stroke=\"#535461\" stroke-miterlimit=\"10\" stroke-width=\"2\"></path><path d=\"M996.77,450.88c19.88,14.37,28.16,36.87,28.16,36.87s-24-.83-43.83-15.2S953,435.68,953,435.68,976.9,436.5,996.77,450.88Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M953,435.68s24.86,13.8,32.83,25.22,39.15,26.85,39.15,26.85\" transform=\"translate(-34.96 -80.93)\" fill=\"none\" stroke=\"#535461\" stroke-miterlimit=\"10\" stroke-width=\"2\"></path><path d=\"M1053.81,486.6c-22.83,25.09-27.66,57.88-27.66,57.88s32.19-7.9,55-33,27.66-57.88,27.66-57.88S1076.64,461.51,1053.81,486.6Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#94acef\"></path><path d=\"M1108.83,453.61s-29.74,25.72-37.3,43.44-45.38,47.43-45.38,47.43\" transform=\"translate(-34.96 -80.93)\" fill=\"none\" stroke=\"#535461\" stroke-miterlimit=\"10\" stroke-width=\"2\"></path><path d=\"M591.94,426.2v2.28H524.33v-1.85a22.72,22.72,0,0,0,5.22-2.78,22.21,22.21,0,0,0,9.28-18.06,21.92,21.92,0,0,0-.69-5.47,22.23,22.23,0,0,0-12.28-14.73h65.62a22.23,22.23,0,0,0-12.28,14.73,21.92,21.92,0,0,0-.68,5.47,22.2,22.2,0,0,0,9.27,18.06A22.87,22.87,0,0,0,591.94,426.2Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#dfe6f5\"></path><path d=\"M591.48,385.59a22.23,22.23,0,0,0-12.28,14.73H538.14a22.23,22.23,0,0,0-12.28-14.73Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><path d=\"M446.92,373.94v12.84c0,7.08,5.18,12.83,11.58,12.83H657.41c6.4,0,11.59-5.75,11.59-12.83V373.94Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#dfe6f5\"></path><path d=\"M591.94,426.2v2.28H524.33v-1.85a22.72,22.72,0,0,0,5.22-2.78h58.24A22.87,22.87,0,0,0,591.94,426.2Z\" transform=\"translate(-34.96 -80.93)\" opacity=\"0.1\"></path><rect x=\"467.03\" y=\"343.63\" width=\"112.29\" height=\"6.77\" rx=\"3.39\" fill=\"#dfe6f5\"></rect><path d=\"M669,233.31a11.58,11.58,0,0,0-11.59-11.58H458.5a11.57,11.57,0,0,0-11.58,11.58V376.44H669Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#474157\"></path><path d=\"M662.94,238.48v123a5.7,5.7,0,0,1-5.7,5.71H458.68a5.7,5.7,0,0,1-5.7-5.71v-123a5.62,5.62,0,0,1,.76-2.85,5.7,5.7,0,0,1,4.94-2.85H657.24A5.7,5.7,0,0,1,662.94,238.48Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#4c4c78\"></path><circle cx=\"523\" cy=\"146.32\" r=\"2.67\" fill=\"#fff\"></circle><circle cx=\"523\" cy=\"306.38\" r=\"6.59\" fill=\"#fff\"></circle><path d=\"M662.94,238.48H453a5.7,5.7,0,0,1,5.7-5.7H657.24A5.7,5.7,0,0,1,662.94,238.48Z\" transform=\"translate(-34.96 -80.93)\" fill=\"#c8cad7\"></path><circle cx=\"423.72\" cy=\"154.7\" r=\"1.43\" fill=\"#ededf4\"></circle><circle cx=\"428\" cy=\"154.7\" r=\"1.43\" fill=\"#ededf4\"></circle><circle cx=\"432.28\" cy=\"154.7\" r=\"1.43\" fill=\"#ededf4\"></circle></svg>\n </div>\n </div>\n </div>\n </div>\n </div>\n </main>\n <footer>\n <div class=\"container\">\n <p>Copyright @ 2017~2025 版权所有 <a href=\"https://beian.miit.gov.cn\" target=\"_blank\"></a></p>\n </div>\n </footer>\n\n <script src=\"/assets/libs/jquery/dist/jquery.min.js\"></script>\n\n <script src=\"/assets/libs/bootstrap/dist/js/bootstrap.min.js\"></script>\n </body>\n\n</html>\n",
"body_murmur": -1543955406,
"body_sha256": "10773efbede095c0722f77965dd3248a53deb46cf5a30802fe8be7bd635956d6",
"component": [
"Nginx",
"Bootstrap"
],
"content_length": -1,
"favicon": {
"md5_hash": "11ba9ce6f096cfe5e5b5277122dccee2",
"murmur_hash": -1036943727,
"path": "https://182.92.234.77:443/assets/img/favicon.ico",
"size": 5686
},
"headers": {
"connection": [
"keep-alive"
],
"content_type": [
"text/html; charset=utf-8"
],
"date": [
"Tue, 06 May 2025 21:41:46 GMT"
],
"server": [
"nginx"
],
"strict_transport_security": [
"max-age=31536000"
],
"vary": [
"Accept-Encoding"
]
},
"protocol": "HTTP/1.1",
"redirects": [
{
"body": "<html>\r\n<head><title>302 Found</title></head>\r\n<body>\r\n<center><h1>302 Found</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
"body_murmur": -23674247,
"body_sha256": "753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0",
"content_length": 138,
"headers": {
"content_length": [
"138"
],
"content_type": [
"text/html"
],
"date": [
"Tue, 06 May 2025 21:41:45 GMT"
],
"location": [
"https://182.92.234.77/"
],
"server": [
"nginx"
],
"strict_transport_security": [
"max-age=31536000"
]
},
"location": "https://182.92.234.77/",
"protocol": "HTTP/1.1",
"status_code": 302,
"status_line": "302 Moved Temporarily"
}
],
"request": {
"headers": {
"accept": [
"*/*"
],
"referer": [
"http://182.92.234.77:443"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.92.234.77",
"path": "/",
"scheme": "https"
}
},
"status_code": 200,
"title": "山东欧德程序控制台",
"transfer_encoding": [
"chunked"
]
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://repository.certum.pl/itrusdv2.cer"
],
"ocsp_urls": [
"http://itrusdv2.ocsp"
]
},
"authority_key_id": "4a5fc3b35515ae2c4d5cafd598c9bc9d861326e2",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
},
{
"cps": [
"https://www.certum.pl/CPS"
],
"id": "1.2.616.1.113527.2.5.1.9.55.3"
}
],
"crl_distribution_points": [
"http://itrusdv2.crl.certum.pl/itrusdv2.crl"
],
"ct_precert_scts": "Signed Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:\n D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7\n Timestamp : Jun 22 02:54:44.489 2024 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:46:02:21:00:82:CA:58:93:26:8E:DB:F7:5D:5A:E3:\n C2:01:20:96:C0:D4:62:79:B3:23:70:3B:20:A7:56:84:\n 97:E3:29:C1:24:02:21:00:C4:93:F4:03:8C:DD:8F:AC:\n 4E:D3:9B:15:A3:CD:EC:FF:55:D1:BA:3D:DF:CB:9B:85:\n 4D:9A:40:38:DA:D3:54:4B\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:\n 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8\n Timestamp : Jun 22 02:54:44.687 2024 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:57:C3:F7:63:48:48:D8:5D:4A:A6:D4:FE:\n C6:52:98:E8:DD:7E:5A:BD:AB:B8:82:D4:1E:66:6C:98:\n A5:98:68:A0:02:21:00:CB:43:58:4C:BD:17:85:1C:00:\n 74:35:93:01:E9:FA:37:1B:0A:DF:FE:F9:EB:77:8E:39:\n DB:31:81:05:DA:56:99\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:\n 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF\n Timestamp : Jun 22 02:54:44.766 2024 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:44:02:20:55:FC:7A:BE:D4:D7:6C:2A:2F:98:5A:16:\n 63:A9:CA:65:2A:10:7F:42:A7:7E:CF:80:BA:30:B6:FD:\n BE:43:35:D5:02:20:4B:B9:E9:4B:F0:5D:F6:E7:8C:C1:\n 54:29:E8:A0:35:20:AB:D7:C4:BA:F0:6A:09:01:F4:14:\n C0:52:A7:E1:66:46",
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"sdodfj.com",
"www.sdodfj.com"
]
},
"subject_key_id": "fd8ffd0c7b6e40419005c757c1b8f229d3025145"
},
"fingerprint_md5": "9204B229B9A8F664174470BD6D0F5347",
"fingerprint_sha1": "A2830999AF3722735A9509389EAEE43D9C96BAD3",
"fingerprint_sha256": "5DC6B994878C51DB061B61498051EE42C1AA7E0632EE875BA14388E2F2F9D7DC",
"issuer": {
"common_name": [
"vTrus DV SSL CA G2"
],
"country": [
"CN"
],
"organization": [
"iTrusChina Co., Ltd."
]
},
"issuer_dn": "/C=CN/O=iTrusChina Co., Ltd./CN=vTrus DV SSL CA G2",
"jarm": "3fd3fd0003fd3fd21c42d42d000000bdfc58c9a46434368cf60aa440385763",
"redacted": false,
"revocation": {
"crl": {
"next_update": "2025-05-13T14:17:40",
"reason": "UNKNOWN",
"revoked": false
},
"ocsp": {
"next_update": "2025-05-13T21:42:28",
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "28884268269495783214048232110039842732",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "MTkxNDIzNDhlOWFlNWM0ODdlOGFmMjYwNTAyOWI1YWM1MjhmY2Q0YTg2MThiNmE3NjRkYWZhODM1ZjgzYmQ3OTE4MTM5MjEyMTE2NjQ5NjQwYWU4OWJmNWZkOGMwOGMxNzRhNzM1ZmY3YjRmOWU4YWJjMDZmNTAxYmY5YTUzYzFjMmY5NTRlZTUwMmQ5MjU0ZDI1NDYzMTMyZWRjYzAyNmJmM2YwOTIwMzg2MjJlMmFlYzdhNTA1NzZlMDZmMTYzNmRlZGEzYmYxNzcxODM3NjQ0MGU0OGI3Y2UxZjY2YjcxMDk4MmJkZWVkOTI2Y2RkYjU1ZjlkZThmMTdiOWFjZTY4OTMyZjI5ZjQ4MTUwMmUzMjM4MWM1YjU1MzJkMjBiNzIwZDRlYTcyNzk4MWE1YzE5NTY3NDcyZGEyMWMzNjc5OGQ1MjMzODcxNTMyNmNjOGNkMWZkNTMwYmNjY2UxNzI5Y2UxZmFjMzY0MWZlYmVlNGQ3MjVhYThiMTNhYzMwZDY0ZDU1NmM4Y2IyZGQ3MDkxMjNiNTRhMDkzODNkY2Y2ZmY5MjYwMjRiZWY5OTUyNGE2YTIxOGI3NWZlZTYzM2QwZjllMmVjZDE1MDcwNjQ3ZjQxNzYxMGJlYzNkODA1MjJjM2FhNjNkMTFhZjczNTUzNGE3OTMwODIzMWM5YzE="
},
"signed_certificate_timestamps": [
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e7",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "304602210082ca5893268edbf75d5ae3c2012096c0d46279b323703b20a7568497e329c124022100c493f4038cdd8fac4ed39b15a3cdecff55d1ba3ddfcb9b854d9a4038dad3544b"
},
"timestamp": "2024-06-22T02:54:44.489000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "7d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b8",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3045022057c3f7634848d85d4aa6d4fec65298e8dd7e5abdabb882d41e666c98a59868a0022100cb43584cbd17851c0074359301e9fa371b0adffef9eb778e39db318105da5699"
},
"timestamp": "2024-06-22T02:54:44.687000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3044022055fc7abed4d76c2a2f985a1663a9ca652a107f42a77ecf80ba30b6fdbe4335d502204bb9e94bf05df6e78cc15429e8a03520abd7c4baf06a0901f414c052a7e16646"
},
"timestamp": "2024-06-22T02:54:44.766000",
"version": "v1"
}
],
"signed_certificate_timestamps_oid": "1.3.6.1.4.1.11129.2.4.2",
"subject": {
"common_name": [
"sdodfj.com"
]
},
"subject_alt_name": {
"dns_names": [
"sdodfj.com",
"www.sdodfj.com"
],
"extended_dns_names": [
{
"domain": "sdodfj",
"fld": "sdodfj.com",
"tld": "com"
},
{
"domain": "sdodfj",
"fld": "sdodfj.com",
"subdomain": "www",
"tld": "com"
}
]
},
"subject_dn": "/CN=sdodfj.com",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "6fe9404687db3121c55be4025a506fdaae4092055cacf2d188a8c2fa174276d7",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhiMzEwYTI4YjdjNGNkYjU5M2I5MmQxNDNjY2E3MDQwZWVhOWNkZTRiMDc4Y2VmZGUxNmM1NzFjMDY3MDUwZjgzYjM3M2JhMjQ3MzAzOWQ2OGU5YTdkMTFkOGIzMzRjM2QyNmRjODE1YWMwOWFlMWYyZDBlNzVhZDNiNDQwZGZhZmQ1NDY4MWU5YzAwYTZmOGVhNDFjNmVmYzAzN2MzNDU3MTY1YjkwYmIyZTBjZTQyNGZjYWU2MzU4MTk2ODcyMmQ5OWM3ZjhlNGZmZGNhZTcxMWE4YmU3NmQ0OTQ5M2EwMDBlN2Y1MTUyMjA0NDlhODA1N2VlNGI1YTQwOWQ1Nzk3NWQwMzMxOGEzMGZjZWIyYTY0Y2Q0YTI4YThjM2RiMzM2YzI1ZTA5YTU0ODUwODQxZDgyNTBhNWQwMTczNDcxZjVjMDVmMTE1ZDMzOTAyZDcwOGU0NTA5Y2U4MzdlNDYyNTQzZTM5M2U0Yzc1NTFhZTQwNzQ2YWIwOTVhOGEwNTc2MjRiZGViNjM5YzJiYmE3ODIzOWZmYjQ3MjBjNjgzNWM2YWRhMGQ0NWFhMDQ3ZjA4NTVjYjEzM2ZlNWE3OWU1Nzc5ZDI0OTI1Y2FkMTY1OGM1OGJjZGFmMjBhYmEyYzI0Mzc4ODQ3NWRhYjYxMDZiZTRhOWUxMTY2MDE4NjMyYg=="
}
},
"tbs_fingerprint": "080942d4ef8c03d68aebe21a7060b65ce55437ce9ee7ef7ae9ddb43ec526fbd4",
"tbs_noct_fingerprint": "d1c5f4a67cda210918143ca7478ce38e09199cadfe031c81553378eb21a2e11e",
"validation_level": "DV",
"validity": {
"length_seconds": 31536000,
"not_after": "2025-06-22T02:54:41",
"not_before": "2024-06-22T02:54:42"
},
"version": 2
},
"fingerprint_sha256": "5DC6B994878C51DB061B61498051EE42C1AA7E0632EE875BA14388E2F2F9D7DC",
"precert": false,
"raw": "MIIGEzCCBPugAwIBAgIQFbroYDgzgKsrsGo4Kak/rDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJDTjEdMBsGA1UECgwUaVRydXNDaGluYSBDby4sIEx0ZC4xGzAZBgNVBAMMEnZUcnVzIERWIFNTTCBDQSBHMjAeFw0yNDA2MjIwMjU0NDJaFw0yNTA2MjIwMjU0NDFaMBUxEzARBgNVBAMMCnNkb2Rmai5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzEKKLfEzbWTuS0UPMpwQO6pzeSweM794WxXHAZwUPg7NzuiRzA51o6afRHYszTD0m3IFawJrh8tDnWtO0QN+v1UaB6cAKb46kHG78A3w0VxZbkLsuDOQk/K5jWBloci2Zx/jk/9yucRqL521JSToADn9RUiBEmoBX7ktaQJ1Xl10DMYow/OsqZM1KKKjD2zNsJeCaVIUIQdglCl0Bc0cfXAXxFdM5AtcI5FCc6DfkYlQ+OT5MdVGuQHRqsJWooFdiS962OcK7p4I5/7RyDGg1xq2g1FqgR/CFXLEz/lp55XedJJJcrRZYxYvNryCrosJDeIR12rYQa+Sp4RZgGGMrAgMBAAGjggMpMIIDJTAMBgNVHRMBAf8EAjAAMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9pdHJ1c2R2Mi5jcmwuY2VydHVtLnBsL2l0cnVzZHYyLmNybDBxBggrBgEFBQcBAQRlMGMwKwYIKwYBBQUHMAGGH2h0dHA6Ly9pdHJ1c2R2Mi5vY3NwLWNlcnR1bS5jb20wNAYIKwYBBQUHMAKGKGh0dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9pdHJ1c2R2Mi5jZXIwHwYDVR0jBBgwFoAUSl/Ds1UVrixNXK/VmMm8nYYTJuIwHQYDVR0OBBYEFP2P/Qx7bkBBkAXHV8G48inTAlFFME0GA1UdIARGMEQwCAYGZ4EMAQIBMDgGDSqEaAGG9ncCBQEJNwMwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly93d3cuY2VydHVtLnBsL0NQUzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMCUGA1UdEQQeMByCCnNkb2Rmai5jb22CDnd3dy5zZG9kZmouY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAZA93hsJAAAEAwBIMEYCIQCCyliTJo7b911a48IBIJbA1GJ5syNwOyCnVoSX4ynBJAIhAMST9AOM3Y+sTtObFaPN7P9V0bo938ubhU2aQDja01RLAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGQPd4bzwAABAMARzBFAiBXw/djSEjYXUqm1P7GUpjo3X5avau4gtQeZmyYpZhooAIhAMtDWEy9F4UcAHQ1kwHp+jcbCt/++et3jjnbMYEF2laZAHUATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGQPd4cHgAABAMARjBEAiBV/Hq+1NdsKi+YWhZjqcplKhB/Qqd+z4C6MLb9vkM11QIgS7npS/Bd9ueMwVQp6KA1IKvXxLrwagkB9BTAUqfhZkYwDQYJKoZIhvcNAQELBQADggEBABkUI0jprlxIforyYFAptaxSj81Khhi2p2Ta+oNfg715GBOSEhFmSWQK6Jv1/YwIwXSnNf97T56KvAb1Ab+aU8HC+VTuUC2SVNJUYxMu3MAmvz8JIDhiLirselBXbgbxY23to78XcYN2RA5It84fZrcQmCve7ZJs3bVfnejxe5rOaJMvKfSBUC4yOBxbVTLSC3INTqcnmBpcGVZ0ctohw2eY1SM4cVMmzIzR/VMLzM4XKc4frDZB/r7k1yWqixOsMNZNVWyMst1wkSO1Sgk4Pc9v+SYCS++ZUkpqIYt1/uYz0Pni7NFQcGR/QXYQvsPYBSLDqmPRGvc1U0p5MIIxycE=",
"tags": [
"dv",
"trusted"
]
}
},
"url": "https://182.92.234.77/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-05-06T21:42:34.849Z"
},
{
"port": 3306,
"protocol": "tcp",
"name": "mysql",
"version": "5.6.50-log",
"product": "MySQL",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:mysql:mysql:5.6.50-log",
"part": "a",
"vendor": "mysql",
"product": "mysql",
"version": "5\\.6\\.50\\-log",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"mysql": {
"capability_flags": {
"CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS": true,
"CLIENT_COMPRESS": true,
"CLIENT_CONNECT_ATTRS": true,
"CLIENT_CONNECT_WITH_DB": true,
"CLIENT_FOUND_ROWS": true,
"CLIENT_IGNORE_SIGPIPE": true,
"CLIENT_IGNORE_SPACE": true,
"CLIENT_INTERACTIVE": true,
"CLIENT_LOCAL_FILES": true,
"CLIENT_LONG_FLAG": true,
"CLIENT_LONG_PASSWORD": true,
"CLIENT_MULTI_RESULTS": true,
"CLIENT_MULTI_STATEMENTS": true,
"CLIENT_NO_SCHEMA": true,
"CLIENT_ODBC": true,
"CLIENT_PLUGIN_AUTH": true,
"CLIENT_PLUGIN_AUTH_LEN_ENC_CLIENT_DATA": true,
"CLIENT_PROTOCOL_41": true,
"CLIENT_PS_MULTI_RESULTS": true,
"CLIENT_RESERVED": true,
"CLIENT_SECURE_CONNECTION": true,
"CLIENT_TRANSACTIONS": true
},
"protocol_version": 10,
"version": "5.6.50-log"
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-05-07T08:01:41.375Z"
}
],
"services_hash": "8897268247ef44182a21c78138232fcb2cc41c3a10d90616f7190c8cf1771a6a",
"last_updated_at": "2025-05-08T19:51:54.375Z",
"banner": [
"ftp",
"tls",
"ssh",
"http",
"mysql"
],
"is_vuln": true,
"cveDetails": {
"CVE-2007-2768": {
"id": "CVE-2007-2768",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/",
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/"
],
"score": 4.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2008-3844": {
"id": "CVE-2008-3844",
"references": [
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747",
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
],
"score": 9.3,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.",
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "CWE-20"
},
"CVE-2016-20012": {
"id": "CVE-2016-20012",
"references": [
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1",
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2017-15906": {
"id": "CVE-2017-15906",
"references": [
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-732"
},
"CVE-2018-15473": {
"id": "CVE-2018-15473",
"references": [
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-362"
},
"CVE-2018-15919": {
"id": "CVE-2018-15919",
"references": [
"http://seclists.org/oss-sec/2018/q3/180",
"http://www.securityfocus.com/bid/105163",
"https://security.netapp.com/advisory/ntap-20181221-0001/",
"http://seclists.org/oss-sec/2018/q3/180",
"http://www.securityfocus.com/bid/105163",
"https://security.netapp.com/advisory/ntap-20181221-0001/"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2018-20685": {
"id": "CVE-2018-20685",
"references": [
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"weakness": "CWE-863"
},
"CVE-2019-6109": {
"id": "CVE-2019-6109",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-116"
},
"CVE-2019-6110": {
"id": "CVE-2019-6110",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-838"
},
"CVE-2019-6111": {
"id": "CVE-2019-6111",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-22"
},
"CVE-2020-14145": {
"id": "CVE-2020-14145",
"references": [
"http://www.openwall.com/lists/oss-security/2020/12/02/1",
"https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"https://docs.ssh-mitm.at/CVE-2020-14145.html",
"https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"https://security.gentoo.org/glsa/202105-35",
"https://security.netapp.com/advisory/ntap-20200709-0004/",
"https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
"http://www.openwall.com/lists/oss-security/2020/12/02/1",
"https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"https://docs.ssh-mitm.at/CVE-2020-14145.html",
"https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"https://security.gentoo.org/glsa/202105-35",
"https://security.netapp.com/advisory/ntap-20200709-0004/",
"https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-203"
},
"CVE-2020-15778": {
"id": "CVE-2020-15778",
"references": [
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html",
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"weakness": "CWE-78"
},
"CVE-2021-36368": {
"id": "CVE-2021-36368",
"references": [
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html",
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html"
],
"score": 3.7,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is \"this is not an authentication bypass, since nothing is being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-287"
},
"CVE-2021-41617": {
"id": "CVE-2021-41617",
"references": [
"https://bugzilla.suse.com/show_bug.cgi?id=1190975",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/",
"https://security.netapp.com/advisory/ntap-20211014-0004/",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-8.8",
"https://www.openwall.com/lists/oss-security/2021/09/26/1",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.starwindsoftware.com/security/sw-20220805-0001/",
"https://www.tenable.com/plugins/nessus/154174",
"https://bugzilla.suse.com/show_bug.cgi?id=1190975",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/",
"https://security.netapp.com/advisory/ntap-20211014-0004/",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-8.8",
"https://www.openwall.com/lists/oss-security/2021/09/26/1",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.starwindsoftware.com/security/sw-20220805-0001/",
"https://www.tenable.com/plugins/nessus/154174"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
},
"CVE-2023-38408": {
"id": "CVE-2023-38408",
"references": [
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408",
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"
],
"score": 9.8,
"services": [
"22/ssh"
],
"severity": "critical",
"summary": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-428"
},
"CVE-2023-48795": {
"id": "CVE-2023-48795",
"references": [
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt",
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-354"
},
"CVE-2023-51384": {
"id": "CVE-2023-51384",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 5.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2023-51385": {
"id": "CVE-2023-51385",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 6.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"weakness": "CWE-78"
},
"CVE-2023-51767": {
"id": "CVE-2023-51767",
"references": [
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767",
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
}
}
}