8.138.169.107
{
"scan_id": 1752318471,
"ip": "8.138.169.107",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "8.138.0.0/16",
"postal_code": "",
"coordinates": {
"latitude": "23.1181",
"longitude": "113.2539"
},
"geo_point": "23.1181, 113.2539",
"locale_code": "en",
"continent": "Asia",
"country_code": "CN",
"country_name": "China",
"city": "Guangzhou"
},
"location_updated_at": "2025-07-16T12:15:52Z",
"asn": {
"number": "AS37963",
"organization": "Hangzhou Alibaba Advertising Co.,Ltd.",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "",
"organization": "",
"descr": "",
"_encoding": {
"raw": ""
}
},
"whois_updated_at": "0001-01-01T00:00:00Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-07-16T12:15:52Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-07-16T12:27:01Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-07-16T12:15:52Z"
}
],
"services": [
{
"port": 21,
"protocol": "tcp",
"name": "ftp",
"version": "",
"product": "Pure-FTPd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:pureftpd:pure-ftpd",
"part": "a",
"vendor": "pureftpd",
"product": "pure\\-ftpd",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ftp": {
"banner": "220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\r\n220-You are user number 1 of 50 allowed.\r\n220-Local time is now 19:54. Server port: 21.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this server.\r\n220 You will be disconnected after 15 minutes of inactivity.\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "c01c1dc21c2a08c89cdee45f35bb9a216e7dcaaf",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "c01c1dc21c2a08c89cdee45f35bb9a216e7dcaaf"
},
"fingerprint_md5": "E11CFCF6075DB428F4834C2F8D85D63A",
"fingerprint_sha1": "25A7B166C2D4B5AD1A9F63B8262E3DB7C392252E",
"fingerprint_sha256": "60214129A3CBA5D196F8C31013B95261EB5AB3D5E95AF1BA76CB58F78B0F135E",
"issuer": {
"common_name": [
"8.138.169.107"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"Dongguan"
],
"organization": [
"BT-PANEL"
],
"organizational_unit": [
"BT"
],
"province": [
"Guangdong"
]
},
"issuer_dn": "/C=CN/ST=Guangdong/L=Dongguan/O=BT-PANEL/OU=BT/CN=8.138.169.107/[email protected]",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "14237660421196553286",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "MWU1YTdmNzZjZWUxYTU4NDBiZTk1MGQ4M2QxY2IyZjEzZTU5ZjBiMDRhNTA4ZWFlM2RlNzM5YTE0MzA1NDEwMWJhODhlMjVlMzRjMDYyMjE1MDM5ZDk1MjE5ZjczZTExMTlkZTAzYzRhNjQ5Mzg1NjY2MGMxNzY4Mjg0ZWU5MDE4OTM3ZDc3YTM3MjY1YzFiM2YxMDYwNzBlMTgxM2M2NzdiZGUxNjQ1MmIyZDM5NzhkNWM0NmFiNThkOWYzMjBiZDcxMmI2YjFhNzZlZGMyOTcxMDA0NzEwMTMwNjA0OTFjZTVjOGM4ZGJiY2E3MWMzODNlMWQxYjMxNzdhZDk2Zg=="
},
"subject": {
"common_name": [
"8.138.169.107"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"Dongguan"
],
"organization": [
"BT-PANEL"
],
"organizational_unit": [
"BT"
],
"province": [
"Guangdong"
]
},
"subject_alt_name": {
"dns_names": [
"8.138.169.107"
],
"extended_dns_names": []
},
"subject_dn": "/C=CN/ST=Guangdong/L=Dongguan/O=BT-PANEL/OU=BT/CN=8.138.169.107/[email protected]",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "7e534accc4249f3d43988e9d05a67e252dc7aff664e60963ed00770958e94105",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 1024,
"modulus": "MHhkMmJiZTE5ZDQ1MWE3NTVhOTk1MmE0NTM3NzRlOWQ0MzhhOWQ5MzA0OWMzNTkxNjQ1MDc2ZDY4OGNhMzFhY2NlNDE1NzgzYjNiNWU3ZTJiMmRkOTc1NmY5ZWYxMjE5MTBlYzQ5ZWU4NDk4ZTcxOGI4ZmY5ZWFhMDJjMGZiODAzNzk2NmY4N2E1NjdjNDgxZTc2ZDU3Y2U4MDFiOGUyNTUyOTExNDAxMjVlYTNjNzcxZGJjNTMxYjViMGE1MTE1ZGRiNWQ5NTg4MDQzYTdmYjc0M2QyZmE2ZTBmMGQwYjRkNGU4YWQyYzg1ODBmZTY1ODdmZTAzZDJmY2FjZGI0NmEz"
}
},
"tbs_fingerprint": "d7381e9c49e6fd46f1ac8dbd6292a0df2f24db4df83c907fd4275d7e916bc9d7",
"validation_level": "OV",
"validity": {
"length_seconds": 307584000,
"not_after": "2034-08-31T15:04:13",
"not_before": "2024-12-01T15:04:13"
},
"version": 2
},
"fingerprint_sha256": "60214129A3CBA5D196F8C31013B95261EB5AB3D5E95AF1BA76CB58F78B0F135E",
"precert": false,
"raw": "MIIC4DCCAkmgAwIBAgIJAMWWVLf+DxxGMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQHDAhEb25nZ3VhbjERMA8GA1UECgwIQlQtUEFORUwxCzAJBgNVBAsMAkJUMRYwFAYDVQQDDA04LjEzOC4xNjkuMTA3MRowGAYJKoZIhvcNAQkBFgthZG1pbkBidC5jbjAeFw0yNDEyMDExNTA0MTNaFw0zNDA4MzExNTA0MTNaMIGIMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQHDAhEb25nZ3VhbjERMA8GA1UECgwIQlQtUEFORUwxCzAJBgNVBAsMAkJUMRYwFAYDVQQDDA04LjEzOC4xNjkuMTA3MRowGAYJKoZIhvcNAQkBFgthZG1pbkBidC5jbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0rvhnUUadVqZUqRTd06dQ4qdkwScNZFkUHbWiMoxrM5BV4Oztefist2XVvnvEhkQ7EnuhJjnGLj/nqoCwPuAN5Zvh6VnxIHnbVfOgBuOJVKRFAEl6jx3HbxTG1sKURXdtdlYgEOn+3Q9L6bg8NC01OitLIWA/mWH/gPS/KzbRqMCAwEAAaNQME4wHQYDVR0OBBYEFMAcHcIcKgjInN7kXzW7miFufcqvMB8GA1UdIwQYMBaAFMAcHcIcKgjInN7kXzW7miFufcqvMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAHlp/ds7hpYQL6VDYPRyy8T5Z8LBKUI6uPec5oUMFQQG6iOJeNMBiIVA52VIZ9z4RGd4DxKZJOFZmDBdoKE7pAYk313o3JlwbPxBgcOGBPGd73hZFKy05eNXEarWNnzIL1xK2sadu3ClxAEcQEwYEkc5cjI27ynHDg+HRsxd62W8=",
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-16T18:46:01.472Z"
},
{
"port": 22,
"protocol": "tcp",
"name": "ssh",
"version": "7.4",
"product": "OpenSSH",
"extra_info": "protocol 2.0",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:openbsd:openssh:7.4",
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "7\\.4",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ssh": {
"banner": "SSH-2.0-OpenSSH_7.4",
"client_to_server_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]",
"aes128-cbc",
"aes192-cbc",
"aes256-cbc",
"blowfish-cbc",
"cast128-cbc",
"3des-cbc"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"client_to_server_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"host_key_algorithms": [
"ssh-rsa",
"rsa-sha2-512",
"rsa-sha2-256",
"ecdsa-sha2-nistp256",
"ssh-ed25519"
],
"kex_algorithms": [
"curve25519-sha256",
"[email protected]",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group-exchange-sha1",
"diffie-hellman-group14-sha256",
"diffie-hellman-group14-sha1",
"diffie-hellman-group1-sha1"
],
"key": {
"algorithm": "ecdsa-sha2-nistp256",
"fingerprint_sha256": "c4d6bf648c916764c7ff69664d0436714bc72c582bf07d653c9a95e3af4b7b71",
"raw": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIf1nmZ5MU71xrAJk0YsAALSCK1O/djESjU1HpCN66bmx40CP9/joukjXRb+ylIoWv6x9MqP2Z3KfIh8PoCYDQU="
},
"server_to_client_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]",
"aes128-cbc",
"aes192-cbc",
"aes256-cbc",
"blowfish-cbc",
"cast128-cbc",
"3des-cbc"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"server_to_client_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"software": "OpenSSH_7.4",
"version": "2.0"
}
},
"cve": [
{
"id": "CVE-2007-2768",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2008-3844",
"score": 9.3,
"severity": "high"
},
{
"id": "CVE-2016-20012",
"score": 5.3,
"severity": "medium"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-16T16:19:11.706Z"
},
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "nginx",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:igor_sysoev:nginx",
"part": "a",
"vendor": "igor_sysoev",
"product": "nginx",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!doctype html>\n<html onmouseover=\"resetHtmlFontSize()\">\n <head>\n <title>惩罚,在此降临!</title>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <link rel=\"stylesheet\" href=\"style/pc.css\">\n </head>\n <body onclick=\"play_music()\">\n <audio class=\"music\" src=\"audio/INTO_MY_SOUL.mp3\" autoplay loop>\n </audio>\n <div class=\"father\">\n <div class=\"header\">\n <img id=\"fan\" src=\"image/11.png\">\n <img id=\"luna_icon\" src=\"image/05.gif\">\n <h66>露娜天下第一!</h66>\n </div>\n <div class=\"nav\">\n <a class=\"pilot1\" href=\"https://wiki.biligame.com/zspms/%E9%9C%B2%E5%A8%9C%C2%B7%E7%BB%88%E7%84%89\"><p>wiki:露娜·终焉</p></a>\n <a class=\"pilot2\" href=\"https://wiki.biligame.com/zspms/%E9%9C%B2%E5%A8%9C%C2%B7%E9%93%B6%E5%86%95\"><p>wiki:露娜·银冕</p></a>\n <a class=\"pilot3\" href=\"https://space.bilibili.com/382651856?spm_id_from=333.337.0.0\"><p>战双b站官推</p></a>\n </div>\n <div class=\"main\"> \n <div class=\"lside\">\n <div class=\"upper\">\n <div class=\"lside_title\">\n <img src=\"image/07.png\">\n </div>\n <div class=\"lside_box1\">\n <video class=\"video\" poster=\"image/03.jpg\" controls>\n <source src=\"video/luna_apple.mp4\">\n </video>\n <button class=\"video_button\" id=\"one\" type=\"button\" onclick=\"change_video('video/luna_apple.mp4','image/03.jpg')\">1</button>\n <button class=\"video_button\" id=\"two\" type=\"button\" onclick=\"change_video('video/luna_pool.mp4','image/10.jpg')\">2</button>\n <button class=\"video_button\" id=\"three\" type=\"button\" onclick=\"change_video('video/luna_wedding.mp4','image/09.png')\">3</button>\n </div>\n </div>\n <div class=\"tab\">\n <div class=\"item\">露娜个人资料</div> \n <div class=\"item\">作者发癫</div>\n <ul class=\"spry\">\n <li>\n <div class=\"data1\" style=\"float: left;\">\n <p style=\"font-size: 10rem; font-family: serif; font-weight: 600; margin-top: 30rem; margin-left: 30rem;\">\n 姓名<br><br>启动日<br><br>身高<br><br>体重<br><br>循环液类型<br><br>心理年龄\n </p>\n </div>\n <div class=\"data2\" style=\"float: right;\">\n <p style=\"font-size: 10rem; font-family: serif; font-weight: 600; margin-top: 30rem; margin-right: 30rem;\">\n 露娜<br><br>10月26日<br><br>159cm<br><br>41kg<br><br>AB型<br><br>16岁\n </p>\n </div>\n <img id=\"luna_shocked\" src=\"image/08.png\"></li>\n <li>\n <div style=\"font-size: 20rem;\" class=\"gundong\">\n <h1>啊~露娜小姐,您身为代行者的力量真是无比强大;化身为魅魔的您实在是令人魂牵梦萦;失去记忆,在海岸旁成为一个普通少女的您就如同那夜空中的月亮般美丽、皎洁;穿上婚纱的您是如此的洁白、纯洁~啊露娜,你就是这世界一切美好的集合体。我爱你,我的月亮!</h1>\n </div>\n <img id=\"luna_gratified\" src=\"image/IMG_5692.png\">\n </li>\n </ul>\n </div>\n </div>\n <div class=\"rside\">\n <div class=\"rside_title\">\n <img src=\"image/弥月寒调.png\"><p>弥月寒调</p>\n </div>\n <div class=\"rside_text\">\n <!-- <img src=\"image/800px-涂装大_露娜_终焉_弥月寒调.png\"> -->\n <p id=\"vistitle\">圣誓系列——露娜·终焉</p>\n <img id=\"show1\" src=\"image/800px-涂装大_露娜_终焉_弥月寒调.png\">\n <p style=\"margin-top: 10rem;\">\n ——终月坠落,银砂澄空。她凛空踏冰,身披素纱,再次降临于大地。时间匆匆奔向来日,但即使终焉尽途,少女仍然停下了她的身影,于黑暗中转身握住你的手。万籁俱寂,夜空下相携的背影,收尽一切雪白荒芜。\n <br><br>——少女端坐王座,月华像磷光般,围绕在她的身边烁烁。高悬的星辉映衬出一双皎白身影,时过境迁,月旁已伴群星。\n </p>\n <a href=\"https://www.bilibili.com/video/BV1NZ421r7vV/?spm_id_from=333.337.search-card.all.click\"><br><br><br><br>【战双】露娜·终焉 全好感剧情</a>\n <!-- <a href=\"#\" id=\"href\"><br><br> 【实验5—设计作业】</a> -->\n </div>\n </div>\n <div class=\"content\">\n <div class=\"content_box1\">\n <div class=\"content_title1\">\n <img src=\"image/罪妄月华.png\"><h5>罪妄月华</h5>\n </div>\n <div class=\"content_text1\">\n <img id=\"show2\" src=\"image/涂装露娜_终焉_罪妄月华.png\" width=\"250px\">\n <h1 id=\"vistitle\">放逐乐园系列——露娜·终焉</h1>\n <p>创世伊始,诞生了璀璨绚烂的星芒,也繁育出了禁忌的阴翳。当树荫下女孩悄悄睁开眼,眸中闪烁着的,不只有宝石般的星河,还有那颗摄人心魄的幼果。\n 亿万斯年,她是遭人鄙惧的恶华,也是彷徨迷途的羔羊。此时此刻,终于有人走入了她的画本,与她一同呼吸傍晚的芬芳,俯瞰黎明原野的金黄。不再按捺心底的悸动,女孩仰望着喜悦,鼓起勇气,牵起了那只垂在身侧的手。\n </p>\n <p>★获取方式★\n 11月14日10:00-12月12日9:59,活动期间通过涂装研发活动,可获得露娜·终焉-特效涂装「罪妄月华」、武器涂装「失乐裁断」。\n 活动期间,购买【离诗遗城-主界面场景】礼包即可获得同款主界面场景。\n </p>\n <a href=\"https://www.bilibili.com/video/BV1bQmZYgE7z/?spm_id_from=333.337.search-card.all.click&vd_source=29fc74a0db07c72fc3ef2891fda2e776\">[战双帕弥什]活动剧情【焚朽魇月】</a>\n </div>\n </div>\n <div class=\"content_box2\">\n <div class=\"content_title2\">\n <img src=\"image/璃蓝眸转.png\" height=\"50px\">\n <h5>璃蓝眸转</h5>\n </div>\n <div class=\"content_text2\">\n <img id=\"show3\" src=\"image/800px-涂装大_露娜_终焉_璃蓝眸转.png\" width=\"200px\">\n <h1 id=\"vistitle\">阔海秘闻系列——露娜·终焉</h1>\n <p>瞳中若深海,细碎闪光都是迷惘的心在寻觅的证明。浪花卷起泡沫般的自由,而自由是海风的颜色。细丝密缕的凉意抚过掌心,不忍让那个身影融化在暮色里。琉璃之海尽头,是她的谜语,是她的憧憬,是她只愿停泊在此刻的记忆。</p>\n <p>涂装获取方式:2023年7月11日18:00 - 2023年8月9日17:59,活动期间购买【璃蓝眸转涂装组合包】即可获得。</p>\n <a href=\"https://www.bilibili.com/video/BV1VK85ecEDT/?spm_id_from=333.337.search-card.all.click&vd_source=29fc74a0db07c72fc3ef2891fda2e776\"><br><br>【战双帕弥什】夏令逸闻活动剧情——露娜—璃蓝眸转</a>\n </div>\n </div>\n </div>\n </div>\n <div class=\"footer\">\n <p>该网页由广州大学智造243梁家玮制作</p>\n </div>\n </div>\n <script>\n var eitems = document.getElementsByClassName('item');\n var elis = document.getElementsByTagName('li');\n eitems[0].style.background = 'rgba(247, 145, 3, 0.819)';\n elis[0].style.display = 'block';\n for (let i = 0; i < eitems.length; i++) {\n eitems[i].onclick = function(){\n for (let j = 0; j < eitems.length; j++) {\n eitems[j].style.background = 'rgba(87, 92, 97, 0.8)';\n elis[j].style.display = 'none';\n \n }\n eitems[i].style.background = 'rgba(247, 145, 3, 0.819)';\n elis[i].style.display = 'block';\n\n }\n\n \n }\n let music = document.getElementsByClassName('music')[0];\n let video = document.getElementsByClassName('video')[0];\n video.addEventListener('play',function(){\n music.pause();\n })\n video.addEventListener('pause',function(){\n music.play();\n })\n \n function play_music() {\n music.play();\n }\n\n function change_video(video_src,poster_src){\n let videoElement = document.getElementsByClassName('video')[0];\n let sourceElement = document.getElementsByTagName('source')[0];\n sourceElement.src = video_src;\n videoElement.poster = poster_src;\n videoElement.load();\n }\n\n function resetHtmlFontSize(){\n let width = document.body.clientWidth;\n let fontsize = width / 1000\n document.documentElement.style.fontSize = fontsize + \"px\";\n }\n\n window.onresize = resetHtmlFontSize();\n </script>\n </body>\n</html>",
"body_murmur": -2022697724,
"body_sha256": "2725ecb50fd626c46667219a7a7f256f68b21d1e03d59ae82c7f26f7c634bc61",
"component": [
"Nginx"
],
"content_length": -1,
"headers": {
"connection": [
"keep-alive"
],
"content_type": [
"text/html"
],
"date": [
"Fri, 04 Jul 2025 12:36:06 GMT"
],
"etag": [
"W/\"674dc59c-22b2\""
],
"last_modified": [
"Mon, 02 Dec 2024 14:35:08 GMT"
],
"server": [
"nginx"
],
"vary": [
"Accept-Encoding"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "8.138.169.107",
"path": "",
"scheme": "http"
}
},
"status_code": 200,
"title": "惩罚,在此降临!",
"transfer_encoding": [
"chunked"
]
}
},
"url": "http://8.138.169.107/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-09T10:46:41.228Z"
}
],
"services_hash": "e7da0f8577899acb133006d1c1b1dad00e39d29c21892478aad56560b0a758ab",
"last_updated_at": "2025-07-16T18:46:01.472Z",
"banner": [
"ftp",
"tls",
"ssh",
"http"
],
"is_vuln": true,
"cveDetails": {
"CVE-2007-2768": {
"id": "CVE-2007-2768",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/",
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/"
],
"score": 4.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2008-3844": {
"id": "CVE-2008-3844",
"references": [
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747",
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
],
"score": 9.3,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.",
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "CWE-20"
},
"CVE-2016-20012": {
"id": "CVE-2016-20012",
"references": [
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1",
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2017-15906": {
"id": "CVE-2017-15906",
"references": [
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-732"
},
"CVE-2018-15473": {
"id": "CVE-2018-15473",
"references": [
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-362"
},
"CVE-2018-15919": {
"id": "CVE-2018-15919",
"references": [
"http://seclists.org/oss-sec/2018/q3/180",
"http://www.securityfocus.com/bid/105163",
"https://security.netapp.com/advisory/ntap-20181221-0001/",
"http://seclists.org/oss-sec/2018/q3/180",
"http://www.securityfocus.com/bid/105163",
"https://security.netapp.com/advisory/ntap-20181221-0001/"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2018-20685": {
"id": "CVE-2018-20685",
"references": [
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"weakness": "CWE-863"
},
"CVE-2019-6109": {
"id": "CVE-2019-6109",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-116"
},
"CVE-2019-6110": {
"id": "CVE-2019-6110",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-838"
},
"CVE-2019-6111": {
"id": "CVE-2019-6111",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-22"
},
"CVE-2020-14145": {
"id": "CVE-2020-14145",
"references": [
"http://www.openwall.com/lists/oss-security/2020/12/02/1",
"https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"https://docs.ssh-mitm.at/CVE-2020-14145.html",
"https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"https://security.gentoo.org/glsa/202105-35",
"https://security.netapp.com/advisory/ntap-20200709-0004/",
"https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
"http://www.openwall.com/lists/oss-security/2020/12/02/1",
"https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"https://docs.ssh-mitm.at/CVE-2020-14145.html",
"https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"https://security.gentoo.org/glsa/202105-35",
"https://security.netapp.com/advisory/ntap-20200709-0004/",
"https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-203"
},
"CVE-2020-15778": {
"id": "CVE-2020-15778",
"references": [
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html",
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"weakness": "CWE-78"
},
"CVE-2021-36368": {
"id": "CVE-2021-36368",
"references": [
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html",
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html"
],
"score": 3.7,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is \"this is not an authentication bypass, since nothing is being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-287"
},
"CVE-2021-41617": {
"id": "CVE-2021-41617",
"references": [
"https://bugzilla.suse.com/show_bug.cgi?id=1190975",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/",
"https://security.netapp.com/advisory/ntap-20211014-0004/",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-8.8",
"https://www.openwall.com/lists/oss-security/2021/09/26/1",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.starwindsoftware.com/security/sw-20220805-0001/",
"https://www.tenable.com/plugins/nessus/154174",
"https://bugzilla.suse.com/show_bug.cgi?id=1190975",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/",
"https://security.netapp.com/advisory/ntap-20211014-0004/",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-8.8",
"https://www.openwall.com/lists/oss-security/2021/09/26/1",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.starwindsoftware.com/security/sw-20220805-0001/",
"https://www.tenable.com/plugins/nessus/154174"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
},
"CVE-2023-38408": {
"id": "CVE-2023-38408",
"references": [
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408",
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"
],
"score": 9.8,
"services": [
"22/ssh"
],
"severity": "critical",
"summary": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-428"
},
"CVE-2023-48795": {
"id": "CVE-2023-48795",
"references": [
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt",
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt",
"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit",
"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-354"
},
"CVE-2023-51384": {
"id": "CVE-2023-51384",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 5.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2023-51385": {
"id": "CVE-2023-51385",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 6.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"weakness": "CWE-78"
},
"CVE-2023-51767": {
"id": "CVE-2023-51767",
"references": [
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767",
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
}
}
}