From 1bdf7029b4818f16d43533de309d3517cc203a23 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Tue, 22 Feb 2022 03:41:44 +0100 Subject: [PATCH] add a bunch of openssh CVEs (#126) --- src/ssh_audit/versionvulnerabilitydb.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/ssh_audit/versionvulnerabilitydb.py b/src/ssh_audit/versionvulnerabilitydb.py index 7f02c71..dafb839 100644 --- a/src/ssh_audit/versionvulnerabilitydb.py +++ b/src/ssh_audit/versionvulnerabilitydb.py @@ -66,7 +66,20 @@ class VersionVulnerabilityDB: # pylint: disable=too-few-public-methods ['0.4.7', '0.5.2', 1, 'CVE-2012-4560', 7.5, 'cause DoS or execute arbitrary code (buffer overflow)'], ['0.4.7', '0.5.2', 1, 'CVE-2012-4559', 6.8, 'cause DoS or execute arbitrary code (double free)']], 'OpenSSH': [ - ['1.0', '7.7', 1, 'CVE-2018-15473', 5.3, 'enumerate usernames due to timing discrepencies'], + ['6.2', '8.7', 5, 'CVE-2021-41617', 7.0, 'privilege escalation via supplemental groups'], + ['8.2', '8.4', 2, 'CVE-2021-28041', 7.1, 'double free via ssh-agent'], + ['1.0', '8.3', 5, 'CVE-2020-15778', 7.8, 'command injection via anomalous argument transfers'], + ['5.7', '8.3', 2, 'CVE-2020-14145', 5.9, 'information leak via algorithm negotiation'], + ['8.2', '8.2', 2, 'CVE-2020-12062', 7.5, 'arbitrary files overwrite via scp'], + ['7.7', '8.0', 7, 'CVE-2019-16905', 7.8, 'memory corruption and local code execution via pre-authentication integer overflow'], + ['1.0', '7.9', 2, 'CVE-2019-6111', 5.9, 'arbitrary files overwrite via scp'], + ['1.0', '7.9', 2, 'CVE-2019-6110', 6.8, 'output manipulation'], + ['1.0', '7.9', 2, 'CVE-2019-6109', 6.8, 'output manipulation'], + ['1.0', '7.9', 2, 'CVE-2018-20685', 5.3, 'directory permissions modification via scp'], + ['5.9', '7.8', 0, 'CVE-2018-15919', 5.3, 'username enumeration via GS2'], + ['1.0', '7.7', 1, 'CVE-2018-15473', 5.3, 'enumerate usernames due to timing discrepancies'], + ['1.2', '6.292', 1, 'CVE-2017-15906', 5.3, 'readonly bypass via sftp'], + ['1.0', '8.7', 1, 'CVE-2016-20012', 5.3, 'enumerate usernames via challenge response'], ['7.2', '7.2p2', 1, 'CVE-2016-6515', 7.8, 'cause DoS via long password string (crypt CPU consumption)'], ['1.2.2', '7.2', 1, 'CVE-2016-3115', 5.5, 'bypass command restrictions via crafted X11 forwarding data'], ['5.4', '7.1', 1, 'CVE-2016-1907', 5.0, 'cause DoS via crafted network traffic (out of bounds read)'],