MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2019-6110

CVSS 6.8v3.1pub. 2019-01-31upd. 2025-12-18

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
  • Netapp Element Software

    APP
    Netapp
    wszystkie wersje
  • Netapp Ontap Select Deploy

    APP
    Netapp
    wszystkie wersje
  • Netapp Storage Automation Store

    APP
    Netapp
    wszystkie wersje
  • Openbsd OpenSSH

    APP
    Openbsd
    ≤ 7.9
  • Siemens Scalance X204rna

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X204rna Eec

    HW
    Siemens
    wszystkie wersje
  • Siemens Scalance X204rna Eec Firmware

    OS
    Siemens
    < 3.2.7
  • Siemens Scalance X204rna Firmware

    OS
    Siemens
    < 3.2.7
  • Winscp

    APP
    Winscp
    ≤ 5.13
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-38408CRITICAL9.8ten sam produkt

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leadin...

CVE-2023-28531CRITICAL9.8ten sam produkt

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constr...

CVE-2022-32207CRITICAL9.8ten sam produkt

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by final...

CVE-2021-3331CRITICAL9.8ten sam produkt

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a ...

CVE-2020-28864CRITICAL9.8ten sam produkt

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have o...