MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ [No types assigned]

MITRE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/

AND
     OR
          *cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp2361
     OR
          cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp3070
     OR
          cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp2361
     OR
          cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp3070
     OR
          cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp2361
     OR
          cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp3070
     OR
          cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp2361
     OR
          cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp3070
     OR
          cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp2361
     OR
          cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp3070
     OR
          cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp2361
     OR
          cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) xcp3070
     OR
          cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.2.7
     OR
          cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.2.7
     OR
          cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:8.

NIST AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

NIST AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html Broken Link

https://access.redhat.com/errata/RHSA-2019:3702 No Types Assigned

https://access.redhat.com/errata/RHSA-2019:3702 Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf No Types Assigned

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf Patch, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ No Types Assigned

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ Mailing List, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html No Types Assigned

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch, Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf [No Types Assigned]

CWE-284

CWE-116

https://access.redhat.com/errata/RHSA-2019:3702 [No Types Assigned]

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html [No Types Assigned]

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html [No Types Assigned]

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ [No Types Assigned]

OR
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html No Types Assigned

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html Third Party Advisory

https://security.gentoo.org/glsa/201903-16 No Types Assigned

https://security.gentoo.org/glsa/201903-16 Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html [No Types Assigned]

https://security.gentoo.org/glsa/201903-16 [No Types Assigned]

OR
     *cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

https://security.netapp.com/advisory/ntap-20190213-0001/ No Types Assigned

https://security.netapp.com/advisory/ntap-20190213-0001/ Third Party Advisory

https://usn.ubuntu.com/3885-1/ No Types Assigned

https://usn.ubuntu.com/3885-1/ Third Party Advisory

https://www.debian.org/security/2019/dsa-4387 No Types Assigned

https://www.debian.org/security/2019/dsa-4387 Third Party Advisory

https://security.netapp.com/advisory/ntap-20190213-0001/ [No Types Assigned]

https://www.debian.org/security/2019/dsa-4387 [No Types Assigned]

https://usn.ubuntu.com/3885-1/ [No Types Assigned]

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (including) 7.9
     *cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:* versions up to (including) 5.1.3

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (including) 7.9
     *cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:* versions up to (including) 5.13

https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c Release Notes

https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c Release Notes, Vendor Advisory

https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c Release Notes

https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c Release Notes, Vendor Advisory

OR
     *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (including) 7.9
     *cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:* versions up to (including) 5.1.3

(AV:N/AC:H/Au:N/C:P/I:P/A:N)

Victim must voluntarily interact with attack mechanism

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-284

https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c No Types Assigned

https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c Release Notes

https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c No Types Assigned

https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c Release Notes

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt No Types Assigned

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Third Party Advisory